有没有一种方法可以使用 spring 安全性来实现 google 使用 jwt 令牌登录和自定义登录?
Is there a way to implement google sign in with and custom login with jwt token using spring security?
由于我是 springboot 的新手,我遇到了一个 senario,请帮助我。
我有自定义登录页面,它需要用户名和密码并对其进行验证。如果用户
现在,在我的数据库中生成了 jwt 令牌,我已经实现了这个,这个案例是
在职的。现在我的问题是
I am trying to integrate the google sign-in. But while integrating the google sign-in, I am
getting authorized as anonymous user and I couldn't able proceed further. This is not the
case I dont want.
when ever user logged with google sign in option user must be able to sign in and could able to
generate the jwt token. How can I solve my problem. I am using technology springboot and reactjs.
我的安全配置代码。
public class Springsec extends WebSecurityConfigurerAdapter {
@Override
public void configure(HttpSecurity http) throws Exception{
http
.csrf()
.disable()
.antMatcher("/**")
.authorizeRequests()
.antMatchers("/", "/index.html","/error/**")
.permitAll()
.anyRequest().authenticated().and().formLogin();
/* http
.exceptionHandling()
.authenticationEntryPoint(auth)
.and()
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
http.addFilterBefore(securityFilter, UsernamePasswordAuthenticationFilter.class);
}
}
下面是解决我问题的唯一方法还是有什么办法可以解决问题
google sign in must me authorized by reactjs then we have to send access token to the server
and generate the jwt token.
If there is any other way pls help out. If possible send me sample code.
If My guess is the only way to solve the problem, Then simply say yes.
谢谢。
请帮帮我。
我已经写过这个 here。您的配置方法可能类似于:
@Override
protected void configure(HttpSecurity http) throws Exception {
http.antMatcher("/**")
.authorizeRequests(t -> t.anyRequest().authenticated())
.formLogin(t -> t.loginPage("/login").permitAll())
.logout(t -> t.logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
.logoutSuccessUrl("/").permitAll());
try {
ClientRegistrationRepository repository =
getApplicationContext().getBean(ClientRegistrationRepository.class);
if (repository != null) {
http.oauth2Login(t -> t.clientRegistrationRepository(repository)
.userInfoEndpoint(u -> u.oidcUserService(oidcUserService))
.loginPage("/login").permitAll());
}
} catch (Exception exception) {
}
http.sessionManagement(t -> t.maximumSessions(-1).sessionRegistry(sessionRegistry()));
}
和 OAuth2 配置(在 application.yaml 中):
---
spring:
security:
oauth2:
client:
registration:
google:
client-id: XXXXXXXXXXXXXXXXXXXX
client-secret: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
provider:
google:
user-name-attribute: email
由于我是 springboot 的新手,我遇到了一个 senario,请帮助我。 我有自定义登录页面,它需要用户名和密码并对其进行验证。如果用户 现在,在我的数据库中生成了 jwt 令牌,我已经实现了这个,这个案例是 在职的。现在我的问题是
I am trying to integrate the google sign-in. But while integrating the google sign-in, I am
getting authorized as anonymous user and I couldn't able proceed further. This is not the
case I dont want.
when ever user logged with google sign in option user must be able to sign in and could able to
generate the jwt token. How can I solve my problem. I am using technology springboot and reactjs.
我的安全配置代码。
public class Springsec extends WebSecurityConfigurerAdapter {
@Override
public void configure(HttpSecurity http) throws Exception{
http
.csrf()
.disable()
.antMatcher("/**")
.authorizeRequests()
.antMatchers("/", "/index.html","/error/**")
.permitAll()
.anyRequest().authenticated().and().formLogin();
/* http
.exceptionHandling()
.authenticationEntryPoint(auth)
.and()
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
http.addFilterBefore(securityFilter, UsernamePasswordAuthenticationFilter.class);
}
}
下面是解决我问题的唯一方法还是有什么办法可以解决问题
google sign in must me authorized by reactjs then we have to send access token to the server
and generate the jwt token.
If there is any other way pls help out. If possible send me sample code.
If My guess is the only way to solve the problem, Then simply say yes.
谢谢。 请帮帮我。
我已经写过这个 here。您的配置方法可能类似于:
@Override
protected void configure(HttpSecurity http) throws Exception {
http.antMatcher("/**")
.authorizeRequests(t -> t.anyRequest().authenticated())
.formLogin(t -> t.loginPage("/login").permitAll())
.logout(t -> t.logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
.logoutSuccessUrl("/").permitAll());
try {
ClientRegistrationRepository repository =
getApplicationContext().getBean(ClientRegistrationRepository.class);
if (repository != null) {
http.oauth2Login(t -> t.clientRegistrationRepository(repository)
.userInfoEndpoint(u -> u.oidcUserService(oidcUserService))
.loginPage("/login").permitAll());
}
} catch (Exception exception) {
}
http.sessionManagement(t -> t.maximumSessions(-1).sessionRegistry(sessionRegistry()));
}
和 OAuth2 配置(在 application.yaml 中):
---
spring:
security:
oauth2:
client:
registration:
google:
client-id: XXXXXXXXXXXXXXXXXXXX
client-secret: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
provider:
google:
user-name-attribute: email