Spring 引导、安全、OAuth2:是否可以使用自定义 AuthorizationCodeResourceDetails?身份验证服务器需要重定向中的特定参数 url
Spring boot, Security, OAuth2: Is possible to use custom AuthorizationCodeResourceDetails? Auth server requires specific params in redirect url
我正在使用 SpringBoot 开发 OAuth2 客户端。第三方身份验证服务器需要重定向中的特定参数 urls.
我的app.yml
acme:
client:
clientId: acme
clientSecret: acmepassword
accessTokenUri: http://localhost:8080/sso/oauth/token
userAuthorizationUri: http://localhost:8080/sso/oauth/authorize
specificParam1: specific1
specificParam2: specific2
resource:
userInfoUri: http://localhost:8080/sso/api/me
我通过 AuthorizationCodeResourceDetails.
的扩展创建了我的 CustomClientResourceDetails
public class CustomClientResourceDetails extends AuthorizationCodeResourceDetails {
private String specificParam1;
private String specificParam2;
...
}
并在我的 SecurityConfig 中@Autowire。我还创建了一个自定义过滤器
@Configuration
@EnableOAuth2Client
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Autowired
OAuth2ClientContext oauth2ClientContext;
@Override
protected void configure(HttpSecurity http) throws Exception {
...
.addFilterBefore(ssoFilter(), BasicAuthenticationFilter.class);
}
@Bean
public FilterRegistrationBean<OAuth2ClientContextFilter> oauth2ClientFilterRegistration(OAuth2ClientContextFilter filter) {
FilterRegistrationBean<OAuth2ClientContextFilter> registration = new FilterRegistrationBean<OAuth2ClientContextFilter>();
registration.setFilter(filter);
registration.setOrder(-100);
return registration;
}
private Filter ssoFilter() {
OAuth2ClientAuthenticationProcessingFilter customFilter = new OAuth2ClientAuthenticationProcessingFilter(LOGIN);
OAuth2RestTemplate customTemplate = new OAuth2RestTemplate(custom(), oauth2ClientContext);
customFilter.setRestTemplate(customTemplate);
UserInfoTokenServices tokenServices = new UserInfoTokenServices(customResource().getUserInfoUri(),
custom().getClientId());
tokenServices.setRestTemplate(customTemplate);
customFilter.setTokenServices(
new UserInfoTokenServices(customResource().getUserInfoUri(), custom().getClientId()));
return customFilter;
}
@Bean
@ConfigurationProperties("acme.client")
@Primary
public AuthorizationCodeResourceDetails custom() {
return new CustomClientResourceDetails();
}
@Bean
@ConfigurationProperties("acme.resource")
public ResourceServerProperties customResource() {
return new ResourceServerProperties();
}
}
但是特定参数不包含在重定向 url 中,因为 OAuth2ClientAuthenticationProcessingFilter 和与之关联的 类 通过 OAuth2RestOperations 或 'OAuth2ProtectedResourceDetails' 工作,只有默认参数。
是否可以包含额外的参数来重定向 url?又如何?
感谢您的帮助!
我假设您在被重定向到 IDP 的授权页面时需要发送一些动态参数。在这种情况下,您可以扩展 AuthorizationCodeAccessTokenProvider 并覆盖方法 getRedirectForAuthorization。您可以像这样添加自定义参数:
// add all your custom parameter to 'requestParameters'
requestParameters.put("myCustomParameter","myCustomParameterValue");
UserRedirectRequiredException redirectException = new UserRedirectRequiredException(
resource.getUserAuthorizationUri(), requestParameters);
我正在使用 SpringBoot 开发 OAuth2 客户端。第三方身份验证服务器需要重定向中的特定参数 urls.
我的app.yml
acme:
client:
clientId: acme
clientSecret: acmepassword
accessTokenUri: http://localhost:8080/sso/oauth/token
userAuthorizationUri: http://localhost:8080/sso/oauth/authorize
specificParam1: specific1
specificParam2: specific2
resource:
userInfoUri: http://localhost:8080/sso/api/me
我通过 AuthorizationCodeResourceDetails.
CustomClientResourceDetails
public class CustomClientResourceDetails extends AuthorizationCodeResourceDetails {
private String specificParam1;
private String specificParam2;
...
}
并在我的 SecurityConfig 中@Autowire。我还创建了一个自定义过滤器
@Configuration
@EnableOAuth2Client
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Autowired
OAuth2ClientContext oauth2ClientContext;
@Override
protected void configure(HttpSecurity http) throws Exception {
...
.addFilterBefore(ssoFilter(), BasicAuthenticationFilter.class);
}
@Bean
public FilterRegistrationBean<OAuth2ClientContextFilter> oauth2ClientFilterRegistration(OAuth2ClientContextFilter filter) {
FilterRegistrationBean<OAuth2ClientContextFilter> registration = new FilterRegistrationBean<OAuth2ClientContextFilter>();
registration.setFilter(filter);
registration.setOrder(-100);
return registration;
}
private Filter ssoFilter() {
OAuth2ClientAuthenticationProcessingFilter customFilter = new OAuth2ClientAuthenticationProcessingFilter(LOGIN);
OAuth2RestTemplate customTemplate = new OAuth2RestTemplate(custom(), oauth2ClientContext);
customFilter.setRestTemplate(customTemplate);
UserInfoTokenServices tokenServices = new UserInfoTokenServices(customResource().getUserInfoUri(),
custom().getClientId());
tokenServices.setRestTemplate(customTemplate);
customFilter.setTokenServices(
new UserInfoTokenServices(customResource().getUserInfoUri(), custom().getClientId()));
return customFilter;
}
@Bean
@ConfigurationProperties("acme.client")
@Primary
public AuthorizationCodeResourceDetails custom() {
return new CustomClientResourceDetails();
}
@Bean
@ConfigurationProperties("acme.resource")
public ResourceServerProperties customResource() {
return new ResourceServerProperties();
}
}
但是特定参数不包含在重定向 url 中,因为 OAuth2ClientAuthenticationProcessingFilter 和与之关联的 类 通过 OAuth2RestOperations 或 'OAuth2ProtectedResourceDetails' 工作,只有默认参数。
是否可以包含额外的参数来重定向 url?又如何?
感谢您的帮助!
我假设您在被重定向到 IDP 的授权页面时需要发送一些动态参数。在这种情况下,您可以扩展 AuthorizationCodeAccessTokenProvider 并覆盖方法 getRedirectForAuthorization。您可以像这样添加自定义参数:
// add all your custom parameter to 'requestParameters'
requestParameters.put("myCustomParameter","myCustomParameterValue");
UserRedirectRequiredException redirectException = new UserRedirectRequiredException(
resource.getUserAuthorizationUri(), requestParameters);