如何在 jhipster 中通过 OAuth2 成功登录时执行操作
How to perform actions on successful login via OAuth2 in jhipster
我想问一下如何通过OAuth2成功登录后执行操作以及如何根据某些先决条件否决登录。我尝试搜索 Google 并找到了一些链接,但我不确定如何在此框架上执行此操作。可能有一些过滤器等我可以添加,但想知道正确的位置。
注意:AuditEvent 对我不起作用,因为每次 API 调用都会调用成功的审计。
参考:http://blog.jdriven.com/2015/01/stateless-spring-security-part-3-jwt-social-authentication/
我需要做的是:
登录成功后,在table中记录一些细节,并向队列发送通知。除了成功登录之外,我还想对成功注销执行一些操作,我知道我可以在这里执行这些操作:AjaxLogoutSuccessHandler。但是我找不到类似的成功登录的地方。
在通过 OAuth2 登录之前,如果不满足特定条件,那么我可以抛出异常并不允许该用户。例如,如果用户来自特定 IP 范围。我在哪里可以添加这个?
请指导我正确的方向。
谢谢
创建 TokenEndpointAuthenticationFilter 实现
CustomTokenEndpointAuthenticationFilter.java
public class CustomTokenEndpointAuthenticationFilter extends TokenEndpointAuthenticationFilter {
public CustomTokenEndpointAuthenticationFilter(AuthenticationManager authenticationManager, OAuth2RequestFactory oAuth2RequestFactory) {
super(authenticationManager, oAuth2RequestFactory);
}
@Override
protected void onSuccessfulAuthentication(HttpServletRequest request, HttpServletResponse response, Authentication authResult) throws IOException {
/* on successful authentication do stuff here */
}
@Override
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
/* before authentication check for condition if true then process to authenticate */
if (!condition) {
throw new AuthenticationServiceException("condition not satisfied");
}
super.doFilter(req, res, chain);
}
}
在 AuthorizationServerConfiguration 中进行这些更改
@Configuration
@EnableAuthorizationServer
protected static class AuthorizationServerConfiguration extends AuthorizationServerConfigurerAdapter {
@Inject
private DataSource dataSource;
@Inject
private JHipsterProperties jHipsterProperties;
@Bean
public TokenStore tokenStore() {
return new JdbcTokenStore(dataSource);
}
/* create OAuth2RequestFactory instance */
private OAuth2RequestFactory oAuth2RequestFactory;
@Inject
@Qualifier("authenticationManagerBean")
private AuthenticationManager authenticationManager;
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints)
throws Exception {
/* assign value in OAuth2RequestFactory instance */
oAuth2RequestFactory = endpoints.getOAuth2RequestFactory();
endpoints
.tokenStore(tokenStore())
.authenticationManager(authenticationManager);
}
@Override
public void configure(AuthorizationServerSecurityConfigurer oauthServer) throws Exception {
/* register TokenEndpointAuthenticationFilter with oauthServer */
oauthServer
.allowFormAuthenticationForClients()
.addTokenEndpointAuthenticationFilter(new CustomTokenEndpointAuthenticationFilter(authenticationManager, oAuth2RequestFactory));
}
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients
.inMemory()
.withClient(jHipsterProperties.getSecurity().getAuthentication().getOauth().getClientid())
.scopes("read", "write")
.authorities(AuthoritiesConstants.ADMIN, AuthoritiesConstants.USER)
.authorizedGrantTypes("password", "refresh_token", "authorization_code", "implicit")
.secret(jHipsterProperties.getSecurity().getAuthentication().getOauth().getSecret())
.accessTokenValiditySeconds(jHipsterProperties.getSecurity().getAuthentication().getOauth().getTokenValidityInSeconds());
}
}
我想问一下如何通过OAuth2成功登录后执行操作以及如何根据某些先决条件否决登录。我尝试搜索 Google 并找到了一些链接,但我不确定如何在此框架上执行此操作。可能有一些过滤器等我可以添加,但想知道正确的位置。
注意:AuditEvent 对我不起作用,因为每次 API 调用都会调用成功的审计。
参考:http://blog.jdriven.com/2015/01/stateless-spring-security-part-3-jwt-social-authentication/
我需要做的是:
登录成功后,在table中记录一些细节,并向队列发送通知。除了成功登录之外,我还想对成功注销执行一些操作,我知道我可以在这里执行这些操作:AjaxLogoutSuccessHandler。但是我找不到类似的成功登录的地方。
在通过 OAuth2 登录之前,如果不满足特定条件,那么我可以抛出异常并不允许该用户。例如,如果用户来自特定 IP 范围。我在哪里可以添加这个?
请指导我正确的方向。
谢谢
创建 TokenEndpointAuthenticationFilter 实现
CustomTokenEndpointAuthenticationFilter.java
public class CustomTokenEndpointAuthenticationFilter extends TokenEndpointAuthenticationFilter {
public CustomTokenEndpointAuthenticationFilter(AuthenticationManager authenticationManager, OAuth2RequestFactory oAuth2RequestFactory) {
super(authenticationManager, oAuth2RequestFactory);
}
@Override
protected void onSuccessfulAuthentication(HttpServletRequest request, HttpServletResponse response, Authentication authResult) throws IOException {
/* on successful authentication do stuff here */
}
@Override
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
/* before authentication check for condition if true then process to authenticate */
if (!condition) {
throw new AuthenticationServiceException("condition not satisfied");
}
super.doFilter(req, res, chain);
}
}
在 AuthorizationServerConfiguration 中进行这些更改
@Configuration
@EnableAuthorizationServer
protected static class AuthorizationServerConfiguration extends AuthorizationServerConfigurerAdapter {
@Inject
private DataSource dataSource;
@Inject
private JHipsterProperties jHipsterProperties;
@Bean
public TokenStore tokenStore() {
return new JdbcTokenStore(dataSource);
}
/* create OAuth2RequestFactory instance */
private OAuth2RequestFactory oAuth2RequestFactory;
@Inject
@Qualifier("authenticationManagerBean")
private AuthenticationManager authenticationManager;
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints)
throws Exception {
/* assign value in OAuth2RequestFactory instance */
oAuth2RequestFactory = endpoints.getOAuth2RequestFactory();
endpoints
.tokenStore(tokenStore())
.authenticationManager(authenticationManager);
}
@Override
public void configure(AuthorizationServerSecurityConfigurer oauthServer) throws Exception {
/* register TokenEndpointAuthenticationFilter with oauthServer */
oauthServer
.allowFormAuthenticationForClients()
.addTokenEndpointAuthenticationFilter(new CustomTokenEndpointAuthenticationFilter(authenticationManager, oAuth2RequestFactory));
}
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients
.inMemory()
.withClient(jHipsterProperties.getSecurity().getAuthentication().getOauth().getClientid())
.scopes("read", "write")
.authorities(AuthoritiesConstants.ADMIN, AuthoritiesConstants.USER)
.authorizedGrantTypes("password", "refresh_token", "authorization_code", "implicit")
.secret(jHipsterProperties.getSecurity().getAuthentication().getOauth().getSecret())
.accessTokenValiditySeconds(jHipsterProperties.getSecurity().getAuthentication().getOauth().getTokenValidityInSeconds());
}
}