如何通过jhipster中的OAuth2成功登录后执行操作 [英] How to perform actions on successful login via OAuth2 in jhipster
问题描述
我想问一问,通过OAuth2成功登录后如何执行操作,以及如何基于某些前提条件否决登录.我尝试在Google上搜索并找到了一些链接,但是我不确定如何在此框架上执行此操作.可能会有一些过滤器等我可以添加,但想知道执行此操作的正确位置.
I want to ask how to perform an action after a successful login via OAuth2 and how to veto a login based on some preconditions. I tried to search on Google and found some links but I'm not sure how to do that on this framework. There might be some filter etc I can add but wanted to know the right place to do this.
注意:由于每次API调用都会调用成功的审核,因此AuditEvent对我不起作用.
引用: http://blog.jdriven.com/2015/01/stateless-spring-security-part-3-jwt-social-authentication/
我需要做的是:
-
成功登录后,在表中记录一些详细信息并将通知发送到队列.除了成功登录之外,我还想对成功注销执行一些操作,我知道我可以在这里执行以下操作:AjaxLogoutSuccessHandler.但是我找不到成功登录的类似位置.
After successful login, record a few details in a table and send a notification to a queue. In addition to successful login, I also want to perform some action on successful logout which I know I can do here: AjaxLogoutSuccessHandler. However I'm not able to find a similar place for successful login.
在通过OAuth2登录之前,如果不满足某些条件,那么我可以抛出异常并不允许该用户.例如,如果用户来自特定的IP范围.我可以在哪里添加?
Before login via OAuth2 if a certain condition is not met, then I can throw an exception and not allow that user. For example, if the user is coming from a particular IP range. Where can I add this?
请指引我正确的方向.
谢谢
推荐答案
创建TokenEndpointAuthenticationFilter实现
Create TokenEndpointAuthenticationFilter implementation
CustomTokenEndpointAuthenticationFilter.java
public class CustomTokenEndpointAuthenticationFilter extends TokenEndpointAuthenticationFilter {
public CustomTokenEndpointAuthenticationFilter(AuthenticationManager authenticationManager, OAuth2RequestFactory oAuth2RequestFactory) {
super(authenticationManager, oAuth2RequestFactory);
}
@Override
protected void onSuccessfulAuthentication(HttpServletRequest request, HttpServletResponse response, Authentication authResult) throws IOException {
/* on successful authentication do stuff here */
}
@Override
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
/* before authentication check for condition if true then process to authenticate */
if (!condition) {
throw new AuthenticationServiceException("condition not satisfied");
}
super.doFilter(req, res, chain);
}
}
在 AuthorizationServerConfiguration 内部进行这些更改
@Configuration
@EnableAuthorizationServer
protected static class AuthorizationServerConfiguration extends AuthorizationServerConfigurerAdapter {
@Inject
private DataSource dataSource;
@Inject
private JHipsterProperties jHipsterProperties;
@Bean
public TokenStore tokenStore() {
return new JdbcTokenStore(dataSource);
}
/* create OAuth2RequestFactory instance */
private OAuth2RequestFactory oAuth2RequestFactory;
@Inject
@Qualifier("authenticationManagerBean")
private AuthenticationManager authenticationManager;
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints)
throws Exception {
/* assign value in OAuth2RequestFactory instance */
oAuth2RequestFactory = endpoints.getOAuth2RequestFactory();
endpoints
.tokenStore(tokenStore())
.authenticationManager(authenticationManager);
}
@Override
public void configure(AuthorizationServerSecurityConfigurer oauthServer) throws Exception {
/* register TokenEndpointAuthenticationFilter with oauthServer */
oauthServer
.allowFormAuthenticationForClients()
.addTokenEndpointAuthenticationFilter(new CustomTokenEndpointAuthenticationFilter(authenticationManager, oAuth2RequestFactory));
}
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients
.inMemory()
.withClient(jHipsterProperties.getSecurity().getAuthentication().getOauth().getClientid())
.scopes("read", "write")
.authorities(AuthoritiesConstants.ADMIN, AuthoritiesConstants.USER)
.authorizedGrantTypes("password", "refresh_token", "authorization_code", "implicit")
.secret(jHipsterProperties.getSecurity().getAuthentication().getOauth().getSecret())
.accessTokenValiditySeconds(jHipsterProperties.getSecurity().getAuthentication().getOauth().getTokenValidityInSeconds());
}
}
这篇关于如何通过jhipster中的OAuth2成功登录后执行操作的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!