Spring Boot + Spring Security + Spring OAuth2 + Google登录 [英] Spring Boot + Spring Security + Spring OAuth2 + Google Sign in
问题描述
我已经使用Spring Boot(1.5.2),Spring Security和Spring Security OAuth2设置了一个小项目来实现使用Google+ API进行OAuth2登录。
您可以找到源代码: https://github.com/ccoloradoc/OAuth2Sample
我可以使用Google进行身份验证并提取用户信息。但是,在我注销后,我尝试连接 https://accounts.google.com/o/oauth2/auth 与我的RestTemplate调用google api。
请参阅Filter attemptAuthentication方法
这是我的安全配置类
@Configuration
@EnableGlobalAuthentication
@ EnableOAuth2Client
@EnableGlobalMethodSecurity(securedEnabled = true,prePostEnabled = true)
@PropertySource(value = {classpath:oauth.properties})
公共类SecurityConfiguration扩展WebSecurityConfigurerAdapter {
@Autowired
私人UserDetailsService userDetailsService;
@Resource
@Qualifier(accessTokenRequest)
private AccessTokenRequest accessTokenRequest;
@Autowired
私人OAuth2ClientContextFilter oAuth2ClientContextFilter;
@Override
protected void configure(HttpSecurity http)抛出Exception {
// @formatter:off
http。
authorizeRequests()
.antMatchers(HttpMethod.GET,/ login,/ public / **,/ resources / **,/ resources / public / **)。 permitAll()
.antMatchers(/ google_oauth2_login)。anonymous()
.anyRequest()。authenticated()
.and()
.formLogin()
.loginPage(/ login)
.loginProcessingUrl(/ login)
.defaultSuccessUrl(/)
.and()
.csrf()。disable ()
.logout()
.logoutSuccessUrl(/)
.logoutUrl(/ logout)
.deleteCookies(记住我)
.and()
.rememberMe()
.and()
.addFilterAfter(oAuth2ClientContextFilter,ExceptionTranslationFilter.class)
.addFilterAfter(googleOAuth2Filter(),OAuth2ClientContextFilter.class )
.userDetailsService(userDetailsService);
// @formatter:在
}
@Bean
@ConfigurationProperties(google.client)
public OAuth2ProtectedResourceDetails auth2ProtectedResourceDetails(){
返回新的AuthorizationCodeResourceDetails();
$ b @Bean
public OAuth2RestTemplate oauth2RestTemplate(){
返回新的OAuth2RestTemplate(auth2ProtectedResourceDetails(),
new DefaultOAuth2ClientContext(accessTokenRequest));
$ b @Bean
public GoogleOAuth2Filter googleOAuth2Filter(){
return new GoogleOAuth2Filter(/ google_oauth2_login);
$ b $ * b $ b *构建我们的自定义Google提供程序
* * /
@Bean
public GoogleOauth2AuthProvider googleOauth2AuthProvider(){
返回新的GoogleOauth2AuthProvider();
$ b $ * b $ b *使用autowired将它分配给授权管理器
* * /
@Autowired
public void configureGlobal AuthenticationManagerBuilder auth){
auth.authenticationProvider(googleOauth2AuthProvider());
$Be
public SpringSecurityDialect springSecurityDialect(){
return new SpringSecurityDialect();
$ b @Bean
public TokenStore tokenStore(){
return new InMemoryTokenStore();
}
}
以下是我的身份验证提供程序:
public class GoogleOauth2AuthProvider实现了AuthenticationProvider {
private static final Logger logger = LoggerFactory.getLogger(GoogleOauth2AuthProvider.class );
@Autowired(required = true)
私人UserDetailsService userDetailsService;
@Override
public Authentication authenticate(Authentication authentication)throws AuthenticationException {
logger.info(Provider Manager Executed);
CustomOAuth2AuthenticationToken令牌=(CustomOAuth2AuthenticationToken)身份验证;
UserDetailsImpl registeredUser =(UserDetailsImpl)token.getPrincipal();
try {
registeredUser =(UserDetailsImpl)userDetailsService
.loadUserByUsername(registeredUser.getEmail());
} catch(UsernameNotFoundException usernameNotFoundException){
logger.info(用户尝试谷歌/登录不是注册用户,注册他!!);
}
返回令牌;
}
@Override
public boolean supports(Class<> authentication){
return CustomOAuth2AuthenticationToken.class
.isAssignableFrom(authentication);
$ UserDetailService是Spring安全核心的一个实现,从数据库中读取数据并将其转换为实现Spring安全核心UserDetails的UserDetails POJO。
以下是我的过滤器实现:
< pre $ public class GoogleOAuth2Filter extends AbstractAuthenticationProcessingFilter {
$ b / **
* Logger
* /
private static final Logger log = LoggerFactory.getLogger(GoogleOAuth2Filter.class);
private static final认证dummyAuthentication;
static {
dummyAuthentication = new UsernamePasswordAuthenticationToken(
dummyUserName23452346789,dummyPassword54245,
CustomUserDetails.DEFAULT_ROLES);
}
private static final String NAME =name;
private static final String EMAIL =email;
private static final String PICTURE =picture;
private static final Logger logger = LoggerFactory
.getLogger(GoogleOAuth2Filter.class);
@ Value(value =$ {google.authorization.url})
private String googleAuhorizationUrl;
public GoogleOAuth2Filter(String defaultFilterProcessesUrl){
super(defaultFilterProcessesUrl);
}
@Autowired
private UserService userService;
@Autowired
私人OAuth2RestTemplate oauth2RestTemplate;
@Autowired
@Override
public void setAuthenticationManager(AuthenticationManager authenticationManager){
super.setAuthenticationManager(authenticationManager);
$ b @Override
public Authentication attemptAuthentication(HttpServletRequest请求,
HttpServletResponse响应)throws AuthenticationException,
IOException,ServletException {
logger。 info(Google Oauth Filter已触发!);
URI authURI;
尝试{
authURI = new URI(googleAuhorizationUrl);
} catch(URISyntaxException e){
log.error(\\\
\\\
\\\
\\\
ERROR WHILE CREATING GOOGLE AUTH URL,e);
返回null;
}
SecurityContext context = SecurityContextHolder.getContext();
// auth null或未经过身份验证。
String code = request.getParameter(code);
Map< String,String []> parameterMap = request.getParameterMap();
logger.debug(parameterMap.toString());
if(StringUtils.isEmpty(code)){
// Google身份验证正在进行中。将返回null。
logger.debug(将在上下文中设置虚拟用户);
context.setAuthentication(dummyAuthentication);
//触发google oauth2。
//第二次登录时出现错误ATTEMPT
oauth2RestTemplate.postForEntity(authURI,null,Object.class);
返回null;
} else {
logger.debug(Google Recieved !!的回复);
ResponseEntity< Object> forEntity = oauth2RestTemplate.getForEntity(
https://www.googleapis.com/plus/v1/people/me/openIdConnect,
Object.class);
@SuppressWarnings(unchecked)
Map< String,String> profile =(Map< String,String>)forEntity.getBody();
CustomOAuth2AuthenticationToken authenticationToken = getOAuth2Token(
profile.get(EMAIL),profile.get(NAME),profile.get(PICTURE));
authenticationToken.setAuthenticated(false);
返回getAuthenticationManager()。authenticate(authenticationToken);
private CustomOAuth2AuthenticationToken getOAuth2Token(
字符串电子邮件,字符串名称,字符串图片){
User user = userService.findByEmail (电子邮件);
//注册用户
if(user == null){
user = new User(name,email,picture);
userService.saveOrUpdate(user);
}
UserDetailsImpl registeredUser = new UserDetailsImpl(name,email,picture);
CustomOAuth2AuthenticationToken authenticationToken =
新CustomOAuth2AuthenticationToken(registeredUser);
返回authenticationToken;
}
}
如果您使用 EnableOAuth2Sso
方法(尽管它隐藏了您的许多流程),事情变得更加容易。 OAuth2上的Spring Boot教程对此非常详尽,并且有其他我在网上分享的例子(例如 https://github.com/SoatGroup/ spring-boot-google-auth / 和 http://dreamix.eu/blog/java/configuring-google-as-oauth2-authorization-provider-in-spring-boot ),这有所帮助。最终,这是帮助我最多的资源 - 覆盖整个流程和集成的客户端应用程序。
如果您想在较低级别执行此操作,则会详细了解整个过程以及它在Spring中的工作原理在 Pivotal博文上。
I have setup a small project to implement OAuth2 Login with Google+ API, using Spring Boot (1.5.2), Spring Security and Spring Security OAuth2.
You can find source in: https://github.com/ccoloradoc/OAuth2Sample
I am able to authenticate with google and pull out user information. However, after I logout I cannot login again since I got a "400 Bad Request", after I attempt to connect "https://accounts.google.com/o/oauth2/auth" with my RestTemplate to invoke google api.
See Filter attemptAuthentication method for further reference.
Here is my Security configuration class
@Configuration
@EnableGlobalAuthentication
@EnableOAuth2Client
@EnableGlobalMethodSecurity(securedEnabled = true, prePostEnabled = true)
@PropertySource(value = {"classpath:oauth.properties"})
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Autowired
private UserDetailsService userDetailsService;
@Resource
@Qualifier("accessTokenRequest")
private AccessTokenRequest accessTokenRequest;
@Autowired
private OAuth2ClientContextFilter oAuth2ClientContextFilter;
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http.
authorizeRequests()
.antMatchers(HttpMethod.GET, "/login","/public/**", "/resources/**","/resources/public/**").permitAll()
.antMatchers("/google_oauth2_login").anonymous()
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/login")
.loginProcessingUrl("/login")
.defaultSuccessUrl("/")
.and()
.csrf().disable()
.logout()
.logoutSuccessUrl("/")
.logoutUrl("/logout")
.deleteCookies("remember-me")
.and()
.rememberMe()
.and()
.addFilterAfter(oAuth2ClientContextFilter,ExceptionTranslationFilter.class)
.addFilterAfter(googleOAuth2Filter(),OAuth2ClientContextFilter.class)
.userDetailsService(userDetailsService);
// @formatter:on
}
@Bean
@ConfigurationProperties("google.client")
public OAuth2ProtectedResourceDetails auth2ProtectedResourceDetails() {
return new AuthorizationCodeResourceDetails();
}
@Bean
public OAuth2RestTemplate oauth2RestTemplate() {
return new OAuth2RestTemplate(auth2ProtectedResourceDetails(),
new DefaultOAuth2ClientContext(accessTokenRequest));
}
@Bean
public GoogleOAuth2Filter googleOAuth2Filter() {
return new GoogleOAuth2Filter("/google_oauth2_login");
}
/*
* Building our custom Google Provider
* */
@Bean
public GoogleOauth2AuthProvider googleOauth2AuthProvider() {
return new GoogleOauth2AuthProvider();
}
/*
* Using autowired to assign it to the auth manager
* */
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) {
auth.authenticationProvider(googleOauth2AuthProvider());
}
@Bean
public SpringSecurityDialect springSecurityDialect() {
return new SpringSecurityDialect();
}
@Bean
public TokenStore tokenStore() {
return new InMemoryTokenStore();
}
}
Here is my authentication provider:
public class GoogleOauth2AuthProvider implements AuthenticationProvider {
private static final Logger logger = LoggerFactory.getLogger(GoogleOauth2AuthProvider.class);
@Autowired(required = true)
private UserDetailsService userDetailsService;
@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
logger.info("Provider Manager Executed");
CustomOAuth2AuthenticationToken token = (CustomOAuth2AuthenticationToken) authentication;
UserDetailsImpl registeredUser = (UserDetailsImpl) token.getPrincipal();
try {
registeredUser = (UserDetailsImpl) userDetailsService
.loadUserByUsername(registeredUser.getEmail());
} catch (UsernameNotFoundException usernameNotFoundException) {
logger.info("User trying google/login not already a registered user. Register Him !!");
}
return token;
}
@Override
public boolean supports(Class<?> authentication) {
return CustomOAuth2AuthenticationToken.class
.isAssignableFrom(authentication);
}
}
UserDetailService is an implementation from spring security core that reads user from database and translate it to a UserDetails POJO that implements spring security core UserDetails.
Here is my filter implementation:
public class GoogleOAuth2Filter extends AbstractAuthenticationProcessingFilter {
/**
* Logger
*/
private static final Logger log = LoggerFactory.getLogger(GoogleOAuth2Filter.class);
private static final Authentication dummyAuthentication;
static {
dummyAuthentication = new UsernamePasswordAuthenticationToken(
"dummyUserName23452346789", "dummyPassword54245",
CustomUserDetails.DEFAULT_ROLES);
}
private static final String NAME = "name";
private static final String EMAIL = "email";
private static final String PICTURE = "picture";
private static final Logger logger = LoggerFactory
.getLogger(GoogleOAuth2Filter.class);
@Value(value = "${google.authorization.url}")
private String googleAuhorizationUrl;
public GoogleOAuth2Filter(String defaultFilterProcessesUrl) {
super(defaultFilterProcessesUrl);
}
@Autowired
private UserService userService;
@Autowired
private OAuth2RestTemplate oauth2RestTemplate;
@Autowired
@Override
public void setAuthenticationManager(AuthenticationManager authenticationManager) {
super.setAuthenticationManager(authenticationManager);
}
@Override
public Authentication attemptAuthentication(HttpServletRequest request,
HttpServletResponse response) throws AuthenticationException,
IOException, ServletException {
logger.info("Google Oauth Filter Triggered!!");
URI authURI;
try {
authURI = new URI(googleAuhorizationUrl);
} catch (URISyntaxException e) {
log.error("\n\n\n\nERROR WHILE CREATING GOOGLE AUTH URL", e);
return null;
}
SecurityContext context = SecurityContextHolder.getContext();
// auth null or not authenticated.
String code = request.getParameter("code");
Map<String, String[]> parameterMap = request.getParameterMap();
logger.debug(parameterMap.toString());
if (StringUtils.isEmpty(code)) {
// Google authentication in progress. will return null.
logger.debug("Will set dummy user in context ");
context.setAuthentication(dummyAuthentication);
// trigger google oauth2.
// ERROR ON SECOND LOGIN ATTEMPT
oauth2RestTemplate.postForEntity(authURI, null, Object.class);
return null;
} else {
logger.debug("Response from Google Recieved !!");
ResponseEntity<Object> forEntity = oauth2RestTemplate.getForEntity(
"https://www.googleapis.com/plus/v1/people/me/openIdConnect",
Object.class);
@SuppressWarnings("unchecked")
Map<String, String> profile = (Map<String, String>) forEntity.getBody();
CustomOAuth2AuthenticationToken authenticationToken = getOAuth2Token(
profile.get(EMAIL), profile.get(NAME), profile.get(PICTURE));
authenticationToken.setAuthenticated(false);
return getAuthenticationManager().authenticate(authenticationToken);
}
}
private CustomOAuth2AuthenticationToken getOAuth2Token(
String email, String name, String picture) {
User user = userService.findByEmail(email);
//Register user
if(user == null) {
user = new User(name, email, picture);
userService.saveOrUpdate(user);
}
UserDetailsImpl registeredUser = new UserDetailsImpl(name, email, picture);
CustomOAuth2AuthenticationToken authenticationToken =
new CustomOAuth2AuthenticationToken(registeredUser);
return authenticationToken;
}
}
Things get a lot easier if you use the EnableOAuth2Sso
method (though it hides a lot of the process from you). The Spring Boot tutorial on OAuth2 is quite thorough for this, and there are other examples online that I cribbed from (eg https://github.com/SoatGroup/spring-boot-google-auth/ and http://dreamix.eu/blog/java/configuring-google-as-oauth2-authorization-provider-in-spring-boot) that helped a little. Ultimately, this was the resource that helped me the most - covering the whole process and integration client side apps.
If you want to do this at a lower level, there is a lot of detail about the whole process and how it works in Spring on a Pivotal blog post.
这篇关于Spring Boot + Spring Security + Spring OAuth2 + Google登录的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!