无法向 Spring OAuth2UserRequest 添加参数
Unable to add parameters to Spring OAuth2UserRequest
我希望能够将附加参数从客户端传递到 OAuth2 用户服务。在这个 Spring 引用 https://docs.spring.io/spring-security/site/docs/5.1.1.RELEASE/reference/htmlsingle/#oauth2Client-authorization-request-resolver 之后,我能够将附加参数添加到 OAuth2AuthorizationRequest。当我尝试在我的自定义 DefaultOAuth2UserService 中检索参数时,它不再是 OAuth2UserRequest 的一部分。
我认为这个问题与两次调用OAuth2AuthorizationRequest 的resolve 方法有关,第二次authorizationRequest 为null。请参阅下面的调试日志
关于如何解决/修复此问题的任何建议?
客户请求
http://localhost:8080/oauth2/authorize/github?redirect_uri=http://localhost:3000/oauth2/redirect&action=signup
详细日志
CustomAuthorizationRequestResolver : in CustomAuthorizationRequestResolver.resolve() authorizationRequest is [Initialized]
CustomAuthorizationRequestResolver: action parameter from HttpServletRequest is [signup]
CustomAuthorizationRequestResolver: number of additional parameters added to OAuth2AuthorizationRequest is [1]
CustomAuthorizationRequestResolver: in CustomAuthorizationRequestResolver.resolve() authorizationRequest is [null]
CustomOAuth2UserService: in CustomOAuth2UserService.loadUser() size of additional parameters [0]
CustomAuthorizationRequestResolver
public class CustomAuthorizationRequestResolver implements OAuth2AuthorizationRequestResolver {
private final static Logger logger = LoggerFactory.getLogger(CustomAuthorizationRequestResolver.class);
private final OAuth2AuthorizationRequestResolver defaultAuthorizationRequestResolver;
public CustomAuthorizationRequestResolver(ClientRegistrationRepository clientRegistrationRepository) {
this.defaultAuthorizationRequestResolver = new DefaultOAuth2AuthorizationRequestResolver(clientRegistrationRepository,
"/oauth2/authorize");
}
@Override
public OAuth2AuthorizationRequest resolve(HttpServletRequest request) {
OAuth2AuthorizationRequest authorizationRequest = this.defaultAuthorizationRequestResolver.resolve(request);
logger.debug("in CustomAuthorizationRequestResolver.resolve() authorizationRequest is [{}]",
authorizationRequest == null ? "null" : "Initialized");
return authorizationRequest != null ? customAuthorizationRequest(request, authorizationRequest) : null;
}
@Override
public OAuth2AuthorizationRequest resolve(HttpServletRequest request, String clientRegistrationId) {
OAuth2AuthorizationRequest authorizationRequest = this.defaultAuthorizationRequestResolver.resolve(
request, clientRegistrationId);
return authorizationRequest != null ? customAuthorizationRequest(request, authorizationRequest) : null;
}
private OAuth2AuthorizationRequest customAuthorizationRequest(HttpServletRequest request,
OAuth2AuthorizationRequest authorizationRequest) {
String action = request.getParameter("action");
logger.debug("action parameter from HttpServletRequest is [{}]", action);
Map<String, Object> additionalParameters = new LinkedHashMap<>(authorizationRequest.getAdditionalParameters());
additionalParameters.put("action", action);
OAuth2AuthorizationRequest rtn = OAuth2AuthorizationRequest.from(authorizationRequest).additionalParameters(
additionalParameters).build();
logger.debug("number of additional parameters added to OAuth2AuthorizationRequest is [{}]", rtn.getAdditionalParameters()
.size());
return rtn;
}
}
CustomOAuth2UserService
public class CustomOAuth2UserService extends DefaultOAuth2UserService {
private final Logger logger = LoggerFactory.getLogger(CustomOAuth2UserService.class);
@Autowired
private UserRepository userRepository;
@Override
public OAuth2User loadUser(OAuth2UserRequest oAuth2UserRequest) throws OAuth2AuthenticationException {
OAuth2User oAuth2User = super.loadUser(oAuth2UserRequest);
logger.debug("in CustomOAuth2UserService.loadUser() size of additional parameters [{}]", oAuth2UserRequest
.getAdditionalParameters().size());
// other processing
}
// other methods
}
OAuth2AuthorizationRequest 和 OAuth2UserRequest 是对不同端点的不同请求。
OAuth2AuthorizationRequest 代表对 http://localhost:8080/oauth2/authorize/github?redirect_uri=http://localhost:3000/oauth2/redirect&action=signup 的请求,而 OAuth2UserRequest 代表对 http://localhost:3000/userinfo.
的请求
附加参数从来不是 OAuth2UserRequest 的一部分。
我希望能够将附加参数从客户端传递到 OAuth2 用户服务。在这个 Spring 引用 https://docs.spring.io/spring-security/site/docs/5.1.1.RELEASE/reference/htmlsingle/#oauth2Client-authorization-request-resolver 之后,我能够将附加参数添加到 OAuth2AuthorizationRequest。当我尝试在我的自定义 DefaultOAuth2UserService 中检索参数时,它不再是 OAuth2UserRequest 的一部分。
我认为这个问题与两次调用OAuth2AuthorizationRequest 的resolve 方法有关,第二次authorizationRequest 为null。请参阅下面的调试日志
关于如何解决/修复此问题的任何建议?
客户请求
http://localhost:8080/oauth2/authorize/github?redirect_uri=http://localhost:3000/oauth2/redirect&action=signup
详细日志
CustomAuthorizationRequestResolver : in CustomAuthorizationRequestResolver.resolve() authorizationRequest is [Initialized]
CustomAuthorizationRequestResolver: action parameter from HttpServletRequest is [signup]
CustomAuthorizationRequestResolver: number of additional parameters added to OAuth2AuthorizationRequest is [1]
CustomAuthorizationRequestResolver: in CustomAuthorizationRequestResolver.resolve() authorizationRequest is [null]
CustomOAuth2UserService: in CustomOAuth2UserService.loadUser() size of additional parameters [0]
CustomAuthorizationRequestResolver
public class CustomAuthorizationRequestResolver implements OAuth2AuthorizationRequestResolver {
private final static Logger logger = LoggerFactory.getLogger(CustomAuthorizationRequestResolver.class);
private final OAuth2AuthorizationRequestResolver defaultAuthorizationRequestResolver;
public CustomAuthorizationRequestResolver(ClientRegistrationRepository clientRegistrationRepository) {
this.defaultAuthorizationRequestResolver = new DefaultOAuth2AuthorizationRequestResolver(clientRegistrationRepository,
"/oauth2/authorize");
}
@Override
public OAuth2AuthorizationRequest resolve(HttpServletRequest request) {
OAuth2AuthorizationRequest authorizationRequest = this.defaultAuthorizationRequestResolver.resolve(request);
logger.debug("in CustomAuthorizationRequestResolver.resolve() authorizationRequest is [{}]",
authorizationRequest == null ? "null" : "Initialized");
return authorizationRequest != null ? customAuthorizationRequest(request, authorizationRequest) : null;
}
@Override
public OAuth2AuthorizationRequest resolve(HttpServletRequest request, String clientRegistrationId) {
OAuth2AuthorizationRequest authorizationRequest = this.defaultAuthorizationRequestResolver.resolve(
request, clientRegistrationId);
return authorizationRequest != null ? customAuthorizationRequest(request, authorizationRequest) : null;
}
private OAuth2AuthorizationRequest customAuthorizationRequest(HttpServletRequest request,
OAuth2AuthorizationRequest authorizationRequest) {
String action = request.getParameter("action");
logger.debug("action parameter from HttpServletRequest is [{}]", action);
Map<String, Object> additionalParameters = new LinkedHashMap<>(authorizationRequest.getAdditionalParameters());
additionalParameters.put("action", action);
OAuth2AuthorizationRequest rtn = OAuth2AuthorizationRequest.from(authorizationRequest).additionalParameters(
additionalParameters).build();
logger.debug("number of additional parameters added to OAuth2AuthorizationRequest is [{}]", rtn.getAdditionalParameters()
.size());
return rtn;
}
}
CustomOAuth2UserService
public class CustomOAuth2UserService extends DefaultOAuth2UserService {
private final Logger logger = LoggerFactory.getLogger(CustomOAuth2UserService.class);
@Autowired
private UserRepository userRepository;
@Override
public OAuth2User loadUser(OAuth2UserRequest oAuth2UserRequest) throws OAuth2AuthenticationException {
OAuth2User oAuth2User = super.loadUser(oAuth2UserRequest);
logger.debug("in CustomOAuth2UserService.loadUser() size of additional parameters [{}]", oAuth2UserRequest
.getAdditionalParameters().size());
// other processing
}
// other methods
}
OAuth2AuthorizationRequest 和 OAuth2UserRequest 是对不同端点的不同请求。
OAuth2AuthorizationRequest 代表对 http://localhost:8080/oauth2/authorize/github?redirect_uri=http://localhost:3000/oauth2/redirect&action=signup 的请求,而 OAuth2UserRequest 代表对 http://localhost:3000/userinfo.
附加参数从来不是 OAuth2UserRequest 的一部分。