在Spring OAuth2中禁用确认页面 [英] disable confirmation page in Spring OAuth2
问题描述
我正在通过分解此GitHub链接上的三个相互关联的示例应用程序.这些应用程序可以在我的devbox上按预期方式工作,但是authserver应用程序会生成一个不需要的确认页面,该页面要求用户确认是否已授权localhost:8080/login上的客户端接收其受保护的信息.确认页面的屏幕截图如下:
I am studying Spring OAuth2 by decomposing the set of three interconnected sample apps at this GitHub link. The apps work as intended on my devbox, but the authserver app produces an unwanted confirmation page that asks the user to confirm that they authorize the client at localhost:8080/login to receive their protected information. A screen shot of the confirmation page is as follows:
要删除确认步骤,需要对authserver应用的代码进行哪些具体更改?
What specific changes need to be made to the authserver app's code to remove the confirmation step?
我了解到确认页面在某些用例中可能会很有用.但是确认页面不适用于我想到的用例,那么如何禁用此步骤?
I understand that the confirmation page could be useful in certain use cases. But the confirmation page is not appropriate for the use case that I have in mind, so how can I disable this step?
第一次尝试:
我已经在 Spring OAuth2开发人员指南.指南中提到要创建一个单独的@RequestMappig("/oauth/authorize"),但是似乎不清楚如何禁用此确认步骤.
I have located the view code for the authorization page in authorize.ftl, which you can read by clicking on this link. But when I do Ctrl-H in an eclipse workspace and search for "authorize.ftl", no results show up. Similarly, I reviewed the Spring OAuth2 Developer Guide. Some mention in the guide is made of creating a separate @RequestMappig("/oauth/authorize"), but it did not seem clear how to disable this confirmation step.
The code for the template login view is in login.ftl, which you can read at this link.
是否可以将login.ftl代码简单地移动到新的login.html文件中,然后使用@RequestMappig("/oauth/authorize")管理该视图?
Is the solution to simply move the login.ftl code into a new login.html file, and then manage that view with @RequestMappig("/oauth/authorize")?
如果我从上面的开发人员指南链接正确地解释了工作原理,似乎是在说
If I interpret the working from the Developer Guide link above correctly, it seems to say that
1.)链接到GET的@RequestMappig("/oauth/authorize")方法将提供登录视图,然后提供另一个@RequestMappig("/oauth/authorize")
1.) an @RequestMappig("/oauth/authorize") method linked to GET would serve up the login view, then another @RequestMappig("/oauth/authorize"),
2.),然后链接到POST的另一个@RequestMappig("/oauth/authorize")方法将从视图中获取信息并绕过确认步骤.
2.) then another @RequestMappig("/oauth/authorize") method linked to POST would take the information from the view and bypass the confirmation step.
但是在代码中会是什么样子?如果我正确理解的话,这是一个起点:
But what would this look like in code? Here is a starting point, if I understand correctly:
`@RequestMappig("/oauth/authorize", method = RequestMethod.GET)`
public @ResponseBody SomeType method1Name(){
SomeType st = new SomeType();
//do some stuff to st
return st;
}
`@RequestMappig("/oauth/authorize", method = RequestMethod.POST)`
public @ResponseBody SomeType method2Name(){
SomeType st = new SomeType();
//do other stuff to st
return st;
}
我应该在方法中添加什么?然后我放视图代码了吗?
What do I put in the methods? And then were do I put the view code?
The Developer Guide says to start with WhiteLabelApprovalEndpoint,java, which you can read on GitHub at this link.
推荐答案
令牌授予的用户确认是可选的.如果要跳过该步骤,则需要将客户端注册为autoapprove ="*".我很确定这在用户指南中.
User confirmation of the token grant is optional. You need to register the client as autoapprove="*" if you want to skip that step. I'm pretty sure that's in the user guide.
这篇关于在Spring OAuth2中禁用确认页面的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
