spring-security:如何在 sso 登录期间获取 OAuth2 userInfo? [英] spring-security : How to get OAuth2 userInfo during sso logged in?
问题描述
我通过在 spring-boot:1.3.0.M1 上使用 @EnableOAuth2Sso
实现 oauth2 sso
I implement oauth2 sso by using @EnableOAuth2Sso
on spring-boot:1.3.0.M1
我想使用我的资源服务器 (http://oauth2_resource_server/me) 中的 userInfo.
I want to use my userInfo from my resource server (http://oauth2_resource_server/me).
所以我尝试实现我自己的 ResourceServerTokenServices 参考UserInfoTokenServices
So I try to implement my own ResourceServerTokenServices refering to UserInfoTokenServices
@Configuration @EnableWebSecurity @EnableOAuth2Sso public class OAuth2Config {
@Autowired ResourceServerProperties sso;
@Bean public ResourceServerTokenServices userInfoTokenServices() {
return new MyTokenService(sso.getUserInfoUri(), sso.getClientId());
}
}
public class MyTokenService implements ResourceServerTokenServices {
@Override public OAuth2Authentication loadAuthentication(String accessToken)
throws AuthenticationException, InvalidTokenException {
try {
MyUser user = getFromNetworkAndSaveDB(accessToken);
return extractAuthentication(user);
} catch (Exception e) {
throw new InvalidTokenException(e.getMessage(), e);
}
}
/**
* @param user retrieved and serialize from http://oauth2_resource_server/me
*/
private OAuth2Authentication extractAuthentication(MyUser user) {
List<GrantedAuthority> authorities =
AuthorityUtils.commaSeparatedStringToAuthorityList("ROLE_USER");
OAuth2Request request =
new OAuth2Request(null, this.clientId, null, true, null, null, null, null, null);
UsernamePasswordAuthenticationToken token =
new UsernamePasswordAuthenticationToken(user.getId(), "N/A", authorities);
token.setDetails(user);
return new OAuth2Authentication(request, token);
}
}
上面的代码正在创建 OAuth2Authentication
对象并且它可以工作.
above code is creating OAuth2Authentication
object and it works.
我想在登录时使用 MyUser
对象,但我该怎么做?(我不知道什么是通用方式)
I want to use MyUser
object while logged in,
but How can I do this ? (I don't know what is generic way)
推荐答案
OAuth2 SSO 登录后,我终于可以在下面获得我的用户信息了.
Finally I can get my user info below, after OAuth2 SSO Logged in.
MyUser findFromContext() {
OAuth2Authentication oAuth2Authentication =
(OAuth2Authentication) SecurityContextHolder.getContext().getAuthentication();
Authentication userAuthentication = oAuth2Authentication.getUserAuthentication();
return (MyUser) userAuthentication.getDetails();
}
这篇关于spring-security:如何在 sso 登录期间获取 OAuth2 userInfo?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!