我应该同时使用SocialAuthenticationFilter和ProviderSignInController吗? [英] Should I use both SocialAuthenticationFilter and ProviderSignInController together
问题描述
简而言之
使用ProviderSigninController时不会触发身份验证事件。
如何使用完整的弹簧安全集成?
Authentication events are not fired when using ProviderSigninController. How can I use the full spring security integration?
长版本
据我所知,我有一个功能性的Spring-social设置如下:
To the best of my understanding I have a functional Spring-social setup working as follows:
ProviderSignInController被设置为创建社交连接并自动设置用户帐户出现新用户。我使用SignInAdapter,如记录所示示例,
ProviderSignInController is setup to create social connections and automatically provision user accounts when a new user appears. I use a SignInAdapter, as shown by the documented example,
我还使用UserDetailsService定期进行基于spring-security的身份验证服务。
I also have a regular spring-security-based authentication service using a UserDetailsService.
但是,我看到的一个区别是社交身份验证登录不会引发任何* AuthenticationEvents。这些事件 是针对常规帐户的过滤器引发的。
However, one difference that I have seen is that the social authentication sign-in does not raise any *AuthenticationEvents. These events are raised by the filter for regular accounts.
我想知道 - 我是否错过了此集成的某些部分?。$
看起来有点脆弱不通过SocialAuthenticationFilter,只需手动设置auth上下文。
I wonder - Am I missing some part of this integration?.
It seems a little vulnerable NOT going through the SocialAuthenticationFilter, and just manually setting the auth context.
我想要一个中心位置记录认证事件。
I want a central place for logging authentication events.
推荐答案
我有类似的情况,我想使用SocialAuthenticationFilter进行身份验证和使用Spring Security进行隐式注册,而不是ProviderSignInController(我同意使用控制器感觉有点脏)。
I had a similar situation where I wanted to use the SocialAuthenticationFilter for auth and implicit signup with Spring Security, rather than the ProviderSignInController (I agree it feels a little dirty using the controller).
我把它连接起来&它大部分都有效,但是我丢失了正常登录给我的onAuthenticationSuccess事件。
I hooked it up & it mostly worked, but I lost my onAuthenticationSuccess events that the normal log-in gave me.
我最终为了让我的过滤器正常工作而做了什么,就是添加它的ObjectPostProcessor。这允许我在SpringSocialConfigurer深度初始化过滤器后手动设置我的AuthenticationSuccessHandler(没有句柄)。
What I finally did to get my filter working as I needed, was to add an ObjectPostProcessor to it. This allowed me to manually set my AuthenticationSuccessHandler after the filter had been initialised deep within the SpringSocialConfigurer (without a handle on it).
这是一个片段。
// Spring Social configurer integrates with Spring Security for us
.and().apply(new SpringSocialConfigurer()
.postLoginUrl("/")
// other setup
.addObjectPostProcessor(new ObjectPostProcessor<SocialAuthenticationFilter>() {
@Override
public <O extends SocialAuthenticationFilter> O postProcess(O filter) {
filter.setAuthenticationSuccessHandler(loginSuccessHandler);
return filter;
}
});
loginSuccessHandler
,是我在普通过滤器配置中设置的同一个bean,通过 .formLogin()。successHandler(loginSuccessHandler)
。
loginSuccessHandler
, is just the same bean I set in my normal filter configuration via, .formLogin().successHandler(loginSuccessHandler)
.
你也可以设置你的失败ndler在这里。
You could also set your failureHandler here.
这符合我的目的。该解决方案现在使用我的SocialUserDetailsService进行身份验证,使用ConnectionSignUp进行隐式注册(在UsersConnectionRepository上注册时)。
This served my purposes ok. The solution now uses my SocialUserDetailsService for auth and ConnectionSignUp for implicit signup (when registered on the UsersConnectionRepository).
希望这会有所帮助。
这篇关于我应该同时使用SocialAuthenticationFilter和ProviderSignInController吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!