带有表单登录的 Spring Security OAuth 2 [英] Spring Security OAuth 2 with form login

问题描述

我正在尝试将 Spring Boot 应用程序配置为使用表单登录，并使用 OAuth 2 授权服务器验证凭据(将凭据从表单登录发送到用户授权 URL.

I'm trying to configure my Spring boot application to use a form login, and to verify the credentials using an OAuth 2 authorization server (sending the credentials from the form login to the user authorization URL.

但是，当我使用以下 SecurityConfig 并访问资源时，而不是使用表单登录，它会重定向到授权服务器，询问我的凭据(使用基本身份验证)和然后重定向回应用程序本身.

However, when I'm using the following SecurityConfig and I go to a resource, rather than using a form login it redirects to the authorization server, asking for my credentials (using basic authentication) and then redirects back to the application itself.

我正在使用以下 SecurityConfig:

@Configuration
@EnableOAuth2Sso
public class SecurityConfig extends OAuth2SsoConfigurerAdapter {

    @Override
    public void configure(HttpSecurity http) throws Exception {
        http
            .logout()
            .and()
            .antMatcher("/**")
                .authorizeRequests()
                    .anyRequest().authenticated()
                    .and()
                        .csrf()
                        .csrfTokenRepository(csrfTokenRepository()).and()
                        .addFilterAfter(csrfHeaderFilter(), CsrfFilter.class)
            .formLogin();
    }

    // CSRF repository + filter
}

我正在为 configure() 方法提供 formLogin()，但这似乎不起作用.

I am providing the formLogin() to the configure() method, but this doesn't seem to work.

以下配置在我的application.yml文件中:

The following configuration is in my application.yml file:

spring:
  oauth2:
    client:
      clientId: test
      clientSecret: secret
      accessTokenUri: http://localhost:8081/uaa/oauth/token
      userAuthorizationUri: http://localhost:8081/uaa/oauth/authorize
      clientAuthenticationScheme: header
    resource:
      userInfoUri: http://localhost:8081/uaa/user

这个配置确实有效，因为在重定向后我获得了授权，但它不是我希望它工作的方式(使用表单登录而不是重定向到 OAuth2 授权服务器).

This configuration does work, because after the redirect I am getting authorized, but it's not in the way I would like it to work (with a form login in stead of a redirect to the OAuth2 Authorization server).

推荐答案

使用 SSO 的重点是用户通过身份验证服务器(在您的情况下为 localhost:8081)进行身份验证.如果您想要表单登录，则需要在此处实现它，而不是在客户端应用中.

With SSO the whole point is that the user authenticates with the auth server (localhost:8081 in your case). If you want a form login, that's where you need to implement it, not in the client app.

这篇关于带有表单登录的 Spring Security OAuth 2的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！