Spring Boot - 设置默认 HTTP Oauth2Login() 注册/提供程序 [英] Spring Boot - set default HTTP Oauth2Login() registration/provider

问题描述

Spring Boot 新手，我正在开发一个应用程序，该应用程序已经完成了一些 Oauth2 身份验证以使用 azure 登录.我的任务是为另一个 API 设置一些身份验证，现在我的 application-local.properties 中有两个注册(客户端 id/secret/grant-type).

New to spring boot and I'm working on an application that already had some Oauth2 authentication done for signing in with azure. I was tasked with setting up some auth for another API and now I have two registrations(client id/secret/grant-type) in my application-local.properties.

spring.security.oauth2.resource.jwk.key-set-uri=xxxxxxxx
spring.security.oauth2.client.registration.azure.client-secret=xxxx
spring.security.auth2.client.registration.azure.client-id=xxxxx
spring.security.oauth2.client.registration.azure.authorization-grant-type=authorization_code
spring.security.oauth2.client.registration.azure.client-name=azure
spring.security.oauth2.client.registration.azure.provider=azure
spring.security.oauth2.client.registration.azure.scope=openid,profile,email,offline_access

spring.security.oauth2.client.provider.test.token-uri=xxxxx
spring.security.oauth2.client.registration.test.client-id=xxxxx
spring.security.oauth2.client.registration.test.client-secret=xxxxx
spring.security.oauth2.client.registration.test.authorization-grant-type=client_credentials

登录提示示例

这有效.现在的问题是第一次访问应用程序时，系统会提示您选择要登录的服务，天蓝色或测试.我希望能够为此设置默认值并使用 azure 登录到应用程序，以便不会提示用户.

This works. The problem now is when visiting the application for the first time, you are prompted to choose which service you would like to login with, either azure or test. I would like to be able to set a default for this and use azure for logging into the application so the user isn't prompted.

        http.authorizeRequests()
                .antMatchers("/impersonate/**").hasAnyRole(roleAdmin)
                .antMatchers("/login", "/health").permitAll()
                .anyRequest().authenticated()
                .antMatchers("/logout").hasRole(prevRoleAdmin)
                .anyRequest().fullyAuthenticated()
                .and()
                .csrf().disable()
                .logout()
                .logoutSuccessUrl("/admin")
                .and()

                .oauth2Login() // Is there a way to pass which registration it should use after this?

                .userInfoEndpoint()
                .oidcUserService(this.oidcUserService())
        ;

有没有办法设置它来寻找和使用天蓝色的信用?

Is there any way to set this to seek out and use the creds for azure?

推荐答案

默认情况下，Spring Security 显示选择器页面，但您可以将登录页面设置为特定客户端:

By default, Spring Security shows the chooser page, but you can set the login page to a specific client:

@Configuration
public class RedirectToAzureConfig extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) {
        http
            // ... 
            .oauth2Login(oauth2 -> oauth2
                .loginPage("/oauth2/authorization/azure")
            );
    }

}

对于你的application.properties中列出的每一个客户端，Spring Security都会响应/oauth2/authorization/{registrationId}请求并与相应的授权服务器协商得到用户登录.

For every client listed in your application.properties, Spring Security will respond to /oauth2/authorization/{registrationId} requests and negotiate with the corresponding authorization server to get the user logged in.

如果您需要以编程方式决定重定向到什么，您可以注册一个 AuthenticationEntryPoint 而不是设置 loginPage().

If you need to programmatically decide what to redirect to, you can register an AuthenticationEntryPoint instead of setting the loginPage().

这篇关于Spring Boot - 设置默认 HTTP Oauth2Login() 注册/提供程序的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！