Spring Security OAuth2 dance 和获取参数
Spring Security OAuth2 dance and get parameters
在我的 Java Spring 应用程序中,我通过外部 OAuth2 提供程序实现了 OAuth2 用户授权。
在我的本地主机上,为了通过这个外部 OAuth2 提供程序对用户进行身份验证,我需要通过以下 url: https://127.0.0.1:8443/login/ok 并且在 OAuth2 dance 之后我可以让这个用户通过身份验证。目前一切正常
但是当我在我的登录 url 中有一些请求参数时,例如 uid 和 level:
https://127.0.0.1:8443/login/ok?uid=45134132&level=3
在 OAuth2 舞蹈之后我被重定向到 https://127.0.0.1:8443/ 并丢失了那些参数。
在我的 Chrome 网络面板中,我可以看到以下调用集:
- https://127.0.0.1:8443/login/ok?uid=45134132&level=3
- https://connect.ok.ru/oauth/authorize?redirect_uri=https://127.0.0.1:8443/login/ok?uid%3D45134132%26level%3D3&response_type=code&state=AKakq.....
- https://127.0.0.1:8443/login/ok?uid=45134132&level=3&code=.....
- https://127.0.0.1:8443/
所以我在第 3 步后丢失了这些参数。
是否可以配置 Spring Security + OAuth2 以将这些参数也传递给步骤 #4?
这是我的配置(这是基于此答案的解决方案 Spring Security - Retaining URL parameters on redirect to login)但它不起作用(未调用 AuthenticationProcessingFilterEntryPoint .commence method):
@Override
public void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.headers().frameOptions().disable()
.and().logout()
.and().antMatcher("/**").authorizeRequests()
.antMatchers("/", "/login**", "/index.html", "/home.html").permitAll()
.anyRequest().authenticated()
.and().exceptionHandling().authenticationEntryPoint(new AuthenticationProcessingFilterEntryPoint("/"))
.and().logout().logoutSuccessUrl("/").permitAll()
.and().csrf().csrfTokenRepository(csrfTokenRepository())
.and().addFilterAfter(csrfHeaderFilter(), CsrfFilter.class)
.addFilterBefore(ssoFilter(), BasicAuthenticationFilter.class);
// @formatter:on
}
public class AuthenticationProcessingFilterEntryPoint extends LoginUrlAuthenticationEntryPoint {
public AuthenticationProcessingFilterEntryPoint(String loginFormUrl) {
super(loginFormUrl);
}
@Override
public void commence(HttpServletRequest request, HttpServletResponse response,
AuthenticationException authException) throws IOException, ServletException {
RedirectStrategy redirectStrategy = new DefaultRedirectStrategy();
redirectStrategy.sendRedirect(request, response, getLoginFormUrl() + "?" + request.getQueryString());
}
}
有什么问题吗?
我是通过以下方式实现的:
private Filter ssoFilter(ClientResources client, String path) {
OAuth2ClientAuthenticationProcessingFilter clientFilter = new OAuth2ClientAuthenticationProcessingFilter(path);
.......
clientFilter.setAuthenticationSuccessHandler(new UrlParameterAuthenticationHandler());
return clientFilter;
}
public class UrlParameterAuthenticationHandler extends SimpleUrlAuthenticationSuccessHandler {
@Override
protected void handle(HttpServletRequest request, HttpServletResponse response, Authentication authentication)
throws IOException, ServletException {
String targetUrl = determineTargetUrl(request, response);
if (response.isCommitted()) {
logger.debug("Response has already been committed. Unable to redirect to " + targetUrl);
return;
}
String queryString = HttpUtils.removeParams(request.getQueryString(), "state", "code");
targetUrl = !StringUtils.isEmpty(queryString) ? targetUrl + "?" + queryString : targetUrl;
getRedirectStrategy().sendRedirect(request, response, targetUrl);
}
}
如果有更好的方法请指正
在我的 Java Spring 应用程序中,我通过外部 OAuth2 提供程序实现了 OAuth2 用户授权。
在我的本地主机上,为了通过这个外部 OAuth2 提供程序对用户进行身份验证,我需要通过以下 url: https://127.0.0.1:8443/login/ok 并且在 OAuth2 dance 之后我可以让这个用户通过身份验证。目前一切正常
但是当我在我的登录 url 中有一些请求参数时,例如 uid 和 level:
https://127.0.0.1:8443/login/ok?uid=45134132&level=3
在 OAuth2 舞蹈之后我被重定向到 https://127.0.0.1:8443/ 并丢失了那些参数。
在我的 Chrome 网络面板中,我可以看到以下调用集:
- https://127.0.0.1:8443/login/ok?uid=45134132&level=3
- https://connect.ok.ru/oauth/authorize?redirect_uri=https://127.0.0.1:8443/login/ok?uid%3D45134132%26level%3D3&response_type=code&state=AKakq.....
- https://127.0.0.1:8443/login/ok?uid=45134132&level=3&code=.....
- https://127.0.0.1:8443/
所以我在第 3 步后丢失了这些参数。
是否可以配置 Spring Security + OAuth2 以将这些参数也传递给步骤 #4?
这是我的配置(这是基于此答案的解决方案 Spring Security - Retaining URL parameters on redirect to login)但它不起作用(未调用 AuthenticationProcessingFilterEntryPoint .commence method):
@Override
public void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.headers().frameOptions().disable()
.and().logout()
.and().antMatcher("/**").authorizeRequests()
.antMatchers("/", "/login**", "/index.html", "/home.html").permitAll()
.anyRequest().authenticated()
.and().exceptionHandling().authenticationEntryPoint(new AuthenticationProcessingFilterEntryPoint("/"))
.and().logout().logoutSuccessUrl("/").permitAll()
.and().csrf().csrfTokenRepository(csrfTokenRepository())
.and().addFilterAfter(csrfHeaderFilter(), CsrfFilter.class)
.addFilterBefore(ssoFilter(), BasicAuthenticationFilter.class);
// @formatter:on
}
public class AuthenticationProcessingFilterEntryPoint extends LoginUrlAuthenticationEntryPoint {
public AuthenticationProcessingFilterEntryPoint(String loginFormUrl) {
super(loginFormUrl);
}
@Override
public void commence(HttpServletRequest request, HttpServletResponse response,
AuthenticationException authException) throws IOException, ServletException {
RedirectStrategy redirectStrategy = new DefaultRedirectStrategy();
redirectStrategy.sendRedirect(request, response, getLoginFormUrl() + "?" + request.getQueryString());
}
}
有什么问题吗?
我是通过以下方式实现的:
private Filter ssoFilter(ClientResources client, String path) {
OAuth2ClientAuthenticationProcessingFilter clientFilter = new OAuth2ClientAuthenticationProcessingFilter(path);
.......
clientFilter.setAuthenticationSuccessHandler(new UrlParameterAuthenticationHandler());
return clientFilter;
}
public class UrlParameterAuthenticationHandler extends SimpleUrlAuthenticationSuccessHandler {
@Override
protected void handle(HttpServletRequest request, HttpServletResponse response, Authentication authentication)
throws IOException, ServletException {
String targetUrl = determineTargetUrl(request, response);
if (response.isCommitted()) {
logger.debug("Response has already been committed. Unable to redirect to " + targetUrl);
return;
}
String queryString = HttpUtils.removeParams(request.getQueryString(), "state", "code");
targetUrl = !StringUtils.isEmpty(queryString) ? targetUrl + "?" + queryString : targetUrl;
getRedirectStrategy().sendRedirect(request, response, targetUrl);
}
}
如果有更好的方法请指正