如何确保在默认情况下调用我的自定义 OidcUserService?
How to ensure make my custom OidcUserService called over the default?
tl;dr: 为什么我的 OidcUserService 尽管已注册?
我正在尝试使用我自己的 OAuth2UserService by registering it as documented in the Spring Security documentation。
但是,当我在 OidcUserService.loadUser(OidcUserRequest)](https://docs.spring.io/spring-security/site/docs/current/api/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserService.html#loadUser-org.springframework.security.oauth2.client.oidc.userinfo.OidcUserRequest-) 方法上放置断点时,它会一直命中 com.okta.spring.boot.oauth.OktaOidcUserService!我 是 使用 com.okta.spring:okta-spring-boot-parent:1.2.2-SNAPSHOT 这可能是问题所在?
我注册我的 OidcUserService like documented:
@SpringBootApplication
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
public class RedirectCodeFlowApplication {
public static void main(String[] args) {
SpringApplication.run(RedirectCodeFlowApplication.class, args);
}
@Configuration
static class WebConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
final OidcUserService delegate = new OidcUserService();
http.authorizeRequests().anyRequest().authenticated()
.and()
.oauth2Login()
.userInfoEndpoint()
.oidcUserService( (userRequest) -> {
System.out.println( "!!xXx!! never gets here" );
OidcUser oidcUser = delegate.loadUser(userRequest);
OAuth2AccessToken accessToken = userRequest.getAccessToken();
Set<GrantedAuthority> mappedAuthorities = new HashSet<>();
oidcUser = new DefaultOidcUser(mappedAuthorities, oidcUser.getIdToken(), oidcUser.getUserInfo());
return oidcUser;
})
;
}
我调用的方法很简单:
@RestController
public class WelcomeController {
@GetMapping("/")
public Welcome getMessageOfTheDay(Principal principal) {
return "The message of the day is boring.";
}
}
这是一个已知问题:https://github.com/okta/okta-spring-boot/issues/136
这是一个解决方法,用于处理 HttpSecurity 和 HttpConfigurer 的加载方式。
我不是 100% 确定我们可以解决这个问题,但是,很容易公开一种添加自定义 GrantedAuthority 的方法。
我将再次研究前者,但作为最后的手段,您能否确认您正在尝试设置自定义 GrantedAuthority?
简单的解决方案是将自定义服务定义为名称为 'oidcUserService'.
的 bean
@Bean(name = "oidcUserService")
OAuth2UserService<OidcUserRequest, OidcUser> getOidcUserService() {
return new CustomOidcUserService();
}
有了这个http配置就可以简单如下:
http.authorizeRequests().anyRequest().authenticated()
.and()
.oauth2Login();
tl;dr: 为什么我的 OidcUserService 尽管已注册?
我正在尝试使用我自己的 OAuth2UserService by registering it as documented in the Spring Security documentation。
但是,当我在 OidcUserService.loadUser(OidcUserRequest)](https://docs.spring.io/spring-security/site/docs/current/api/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserService.html#loadUser-org.springframework.security.oauth2.client.oidc.userinfo.OidcUserRequest-) 方法上放置断点时,它会一直命中 com.okta.spring.boot.oauth.OktaOidcUserService!我 是 使用 com.okta.spring:okta-spring-boot-parent:1.2.2-SNAPSHOT 这可能是问题所在?
我注册我的 OidcUserService like documented:
@SpringBootApplication
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
public class RedirectCodeFlowApplication {
public static void main(String[] args) {
SpringApplication.run(RedirectCodeFlowApplication.class, args);
}
@Configuration
static class WebConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
final OidcUserService delegate = new OidcUserService();
http.authorizeRequests().anyRequest().authenticated()
.and()
.oauth2Login()
.userInfoEndpoint()
.oidcUserService( (userRequest) -> {
System.out.println( "!!xXx!! never gets here" );
OidcUser oidcUser = delegate.loadUser(userRequest);
OAuth2AccessToken accessToken = userRequest.getAccessToken();
Set<GrantedAuthority> mappedAuthorities = new HashSet<>();
oidcUser = new DefaultOidcUser(mappedAuthorities, oidcUser.getIdToken(), oidcUser.getUserInfo());
return oidcUser;
})
;
}
我调用的方法很简单:
@RestController
public class WelcomeController {
@GetMapping("/")
public Welcome getMessageOfTheDay(Principal principal) {
return "The message of the day is boring.";
}
}
这是一个已知问题:https://github.com/okta/okta-spring-boot/issues/136
这是一个解决方法,用于处理 HttpSecurity 和 HttpConfigurer 的加载方式。
我不是 100% 确定我们可以解决这个问题,但是,很容易公开一种添加自定义 GrantedAuthority 的方法。
我将再次研究前者,但作为最后的手段,您能否确认您正在尝试设置自定义 GrantedAuthority?
简单的解决方案是将自定义服务定义为名称为 'oidcUserService'.
的 bean @Bean(name = "oidcUserService")
OAuth2UserService<OidcUserRequest, OidcUser> getOidcUserService() {
return new CustomOidcUserService();
}
有了这个http配置就可以简单如下:
http.authorizeRequests().anyRequest().authenticated()
.and()
.oauth2Login();