在 Spring OAuth2 客户端中从 SSO 更改经过身份验证的用户的权限/角色 [英] Change Authorities/Roles of Authenticated User from SSO in Spring OAuth2 Client

问题描述

我正在尝试对来自 facebook 的用户进行身份验证并存储其用户名，并向将成为我的应用程序管理员的用户子集提供自定义权限.我的问题是，如何向经过身份验证的人提供管理员"等自定义角色并在 Oauth2Client 中对其进行授权.

I am trying to authenticate a user from facebook and store it's username and provide custom permission to subset of users who will be admin for my application. My question is, How do I provide custom roles like "Admin" to the authenticated and authorize it in Oauth2Client.

@Configuration
class WebSecurityConfiguration extends GlobalAuthenticationConfigurerAdapter {

@Autowired
UserRepository userRepository;

@Override
public void init(AuthenticationManagerBuilder auth) throws Exception {
    auth.userDetailsService(userDetailsService());

}

@Bean
UserDetailsService userDetailsService() {
    return new UserDetailsService() {
        @Override
        public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
            User account = userRepository.findOne(username);
            if (account != null) {
                List<String> rolesList = userRepository.getRoles(username);
                String[] roles = new String[rolesList.size()];


                 // userRepository.findRoles List<String> roles =
                 //account.getUserroles().;
                 User user = new User(account.getUserssoid(), account.getSecretKey(), true, true, true, true,
                        AuthorityUtils.createAuthorityList(rolesList.toArray(roles)));

                return user;
            } else {
                throw new UsernameNotFoundException("could not find the user '" + username + "'");
            }
        }
    };
}
}

我想使用 OAuth2 客户端做类似的事情.

I want to do similar thing using OAuth2 Client.

谢谢

推荐答案

当您不想提供自己的 UserInfoTokenServices 时，您可以做得更简单.只需在您的安全配置中提供一个 AuthoritiesExtractor bean.

You can do it even simpler when you don't want to provide your own UserInfoTokenServices. Just provide an AuthoritiesExtractor bean in your security config.

@Bean
public AuthoritiesExtractor customAuthoritiesExtractor() {
    return new CustomAuthoritiesExtractor();
}

public class CustomAuthoritiesExtractor implements AuthoritiesExtractor {

    @Override
    public List<GrantedAuthority> extractAuthorities(Map<String, Object> map) {

        // map contains information from your OAuth profile provider

        boolean userExist = true; // TODO
        if (!userExist) {
            throw new BadCredentialsException("User does not exists");
        }

        String authorities = "ROLE_ADMIN"; // TODO your own roles
        return AuthorityUtils.commaSeparatedStringToAuthorityList(authorities);
    }
}

更多详情请参考本教程:https://spring.io/guides/tutorials/spring-boot-oauth2/#_social_login_logout

For more details refer to this tutorial: https://spring.io/guides/tutorials/spring-boot-oauth2/#_social_login_logout

这篇关于在 Spring OAuth2 客户端中从 SSO 更改经过身份验证的用户的权限/角色的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！