用户注册和登录|使用Spring Security OAuth 2.0的SSO [英] User Registration & Login | SSO using Spring Security OAuth 2.0

问题描述

我正在尝试实施用户注册和登录流程|使用Spring Security Oauth 2.0和Google作为身份验证提供程序的SSO.

I am trying to implement user registration and log in flow | SSO using Spring Security Oauth 2.0 and Google as the authentication provider.

• 如何启动注册和登录流程?需要使用什么过滤器?

• 在注册流程中，我将需要用户信息(姓名，电子邮件)作为成功授权响应的一部分，并将其保存在本地数据库中.我该如何处理?

• How should I initiate registration and login flow? What filter needs to be applied?

• In registration flow, I will needs user's details (name, email) that are part of successful authorization response, to be persisted in my local database. How do I handle that?

oauth2:client id ="oauth2ClientFilter"的目的是什么?

What's the purpose of oauth2:client id="oauth2ClientFilter" ?

这是我的应用程序上下文文件的外观:-

This is how my application context file looks like:-

<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/mvc"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"   xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:jdbc="http://www.springframework.org/schema/jdbc" xmlns:c="http://www.springframework.org/schema/c"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:oauth2="http://www.springframework.org/schema/security/oauth2"
xsi:schemaLocation="http://www.springframework.org/schema/jdbc  http://www.springframework.org/schema/jdbc/spring-jdbc-3.0.xsd
    http://www.springframework.org/schema/security/oauth2 http://www.springframework.org/schema/security/spring-security-oauth2.xsd
    http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc.xsd
    http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.2.xsd
    http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
    http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd">

<!-- DispatcherServlet Context: defines this servlet's request-processing 
    infrastructure -->

<!-- Enables the Spring MVC @Controller programming model -->
<annotation-driven />

<!-- Handles HTTP GET requests for /resources/** by efficiently serving 
    up static resources in the ${webappRoot}/resources directory -->
<resources mapping="/resources/**" location="/resources/" />

<!-- Resolves views selected for rendering by @Controllers to .jsp resources 
    in the /WEB-INF/views directory -->
<beans:bean
    class="org.springframework.web.servlet.view.InternalResourceViewResolver">
    <beans:property name="prefix" value="/WEB-INF/views/" />
    <beans:property name="suffix" value=".jsp" />
</beans:bean>

<context:component-scan base-package="com.samsoft.spring" />

<!-- ================================================== SECURITY START ================================================== -->

<security:http security="none" pattern="/" />
<security:http security="none" pattern="/resources/**" />
<security:global-method-security
    secured-annotations="enabled" />

<security:http auto-config="true">
    <security:intercept-url pattern="/**"
        requires-channel="https" access="IS_AUTHENTICATED_FULLY" />
    <security:custom-filter ref="oauth2ClientFilter"
        after="EXCEPTION_TRANSLATION_FILTER" />
</security:http>
<oauth2:client id="oauth2ClientFilter" />

<oauth2:resource id="googleOauth2Resource" type="authorization_code"
    client-id="530420474177-clientid.apps.googleusercontent.com"
    client-secret="client-secret-here" access-token-uri="https://accounts.google.com/o/oauth2/token"
    user-authorization-uri="https://accounts.google.com/o/oauth2/auth"
    scope="https://www.googleapis.com/auth/calendar"
    client-authentication-scheme="form"
    pre-established-redirect-uri="https://ohad.sealdoc.com/oauth2-client/hello" />

<oauth2:rest-template id="googleOauthRestTemplate"
    resource="googleOauth2Resource" />

<security:authentication-manager>
    <security:authentication-provider>
        <security:user-service>
            <security:user name="test" authorities="ROLE_USER" password="test"/>
        </security:user-service>
    </security:authentication-provider>
</security:authentication-manager>



<!-- ================================================== SECURITY END ================================================== -->

编辑

我确实通过以下方式使用Spring Security OpenID实现了相同的用例:-

I did implemented same use case using Spring Security OpenID by:-

1. 声明已配置交换属性的openid:form标记
2. 按照此处中所述扩展UserDetailsS​​ervice.
.

1. Declaring openid:form tag with exchange attributed configured
2. Extend the UserDetailsService as described here.

我正在寻找Oauth 2.0的等效配置.

I am looking for equivalent configuration for Oauth 2.0.

推荐答案

您是否已在Google中注册了客户端应用程序?这就是oAuth2的工作方式...客户端应在提供程序中注册，并获取客户端ID和客户端密码.在您的XML中，似乎您没有注册:

did you register your client-app in Google? this is how oAuth2 works... the client should be registered in the provider, and get a client ID and client secret. in your XML, it seems like you did not register:

client-secret="client-secret-here"

请阅读 Google oAuth2文档

更新

关于您的更新问题，我认为您看到的行为是由于您的应用程序应该允许您在security.xml文件中应允许访问"/oauth2/google" 这一事实.

As for your updated question, I think that the behavior that you see is due to the fact that your application should allow access to "/oauth2/google", in your security.xml file.

这篇关于用户注册和登录|使用Spring Security OAuth 2.0的SSO的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！