我应该同时使用SocialAuthenticationFilter和ProviderSignInController吗？ [英] Should I use both SocialAuthenticationFilter and ProviderSignInController together

问题描述

简而言之

使用ProviderSigninController时不会触发身份验证事件。
如何使用完整的弹簧安全集成？

Authentication events are not fired when using ProviderSigninController. How can I use the full spring security integration?

长版本

据我所知，我有一个功能性的Spring-social设置如下：

To the best of my understanding I have a functional Spring-social setup working as follows:

ProviderSignInController被设置为创建社交连接并自动设置用户帐户出现新用户。我使用SignInAdapter，如记录所示示例，

ProviderSignInController is setup to create social connections and automatically provision user accounts when a new user appears. I use a SignInAdapter, as shown by the documented example,

我还使用UserDetailsS​​ervice定期进行基于spring-security的身份验证服务。

I also have a regular spring-security-based authentication service using a UserDetailsService.

但是，我看到的一个区别是社交身份验证登录不会引发任何* AuthenticationEvents。这些事件 是针对常规帐户的过滤器引发的。

However, one difference that I have seen is that the social authentication sign-in does not raise any *AuthenticationEvents. These events are raised by the filter for regular accounts.

我想知道 - 我是否错过了此集成的某些部分？。$
看起来有点脆弱不通过SocialAuthenticationFilter，只需手动设置auth上下文。

I wonder - Am I missing some part of this integration?.
It seems a little vulnerable NOT going through the SocialAuthenticationFilter, and just manually setting the auth context.

我想要一个中心位置记录认证事件。

I want a central place for logging authentication events.

推荐答案

我有类似的情况，我想使用SocialAuthenticationFilter进行身份验证和使用Spring Security进行隐式注册，而不是ProviderSignInController（我同意使用控制器感觉有点脏）。

I had a similar situation where I wanted to use the SocialAuthenticationFilter for auth and implicit signup with Spring Security, rather than the ProviderSignInController (I agree it feels a little dirty using the controller).

我把它连接起来&它大部分都有效，但是我丢失了正常登录给我的onAuthenticationSuccess事件。

I hooked it up & it mostly worked, but I lost my onAuthenticationSuccess events that the normal log-in gave me.

我最终为了让我的过滤器正常工作而做了什么，就是添加它的ObjectPostProcessor。这允许我在SpringSocialConfigurer深度初始化过滤器后手动设置我的AuthenticationSuccessHandler（没有句柄）。

What I finally did to get my filter working as I needed, was to add an ObjectPostProcessor to it. This allowed me to manually set my AuthenticationSuccessHandler after the filter had been initialised deep within the SpringSocialConfigurer (without a handle on it).

这是一个片段。

            // Spring Social configurer integrates with Spring Security for us
            .and().apply(new SpringSocialConfigurer()
                    .postLoginUrl("/")
                    // other setup
                    .addObjectPostProcessor(new ObjectPostProcessor<SocialAuthenticationFilter>() {
                        @Override
                        public <O extends SocialAuthenticationFilter> O postProcess(O filter) {
                            filter.setAuthenticationSuccessHandler(loginSuccessHandler);
                            return filter;    
                        }
                    });

loginSuccessHandler ，是我在普通过滤器配置中设置的同一个bean，通过 .formLogin（）。successHandler（loginSuccessHandler）。

loginSuccessHandler, is just the same bean I set in my normal filter configuration via, .formLogin().successHandler(loginSuccessHandler).

你也可以设置你的失败ndler在这里。

You could also set your failureHandler here.

这符合我的目的。该解决方案现在使用我的SocialUserDetailsS​​ervice进行身份验证，使用ConnectionSignUp进行隐式注册（在UsersConnectionRepository上注册时）。

This served my purposes ok. The solution now uses my SocialUserDetailsService for auth and ConnectionSignUp for implicit signup (when registered on the UsersConnectionRepository).

希望这会有所帮助。

这篇关于我应该同时使用SocialAuthenticationFilter和ProviderSignInController吗？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！