社交登录,spring-security-oauth2 和 spring-security-jwt?
Posted
技术标签:
【中文标题】社交登录,spring-security-oauth2 和 spring-security-jwt?【英文标题】:Social login, spring-security-oauth2 and spring-security-jwt? 【发布时间】:2016-09-22 04:14:44 【问题描述】:我正在开发一项休息服务,该服务将通过以下方式在浏览器中提供 浏览器单页应用程序和移动应用程序。目前我的服务正在运行 完全没有春天。 oauth2 客户端是在过滤器内部实现的,可以说是“手动”。
我正在尝试将其迁移到 Spring Boot。 阅读了很多手册,搜索了很多信息,我试图了解是否 对于客户来说,以下实际上是可能的:
在所有帮助下使用 facebook oauth2 服务进行授权(并获取 access_token) 来自 spring-security-oauth2。
创建一个 JWT 并将其传递给客户端,以便所有进一步的请求 由 JWT 支持。
因为在我看来,spring boot 就是关于配置和声明的 我想了解 spring-security-oauth2 和 弹簧安全jwt?
我不是在寻求解决方案,而只是从知识持有者那里获得是/否,因为我深陷其中 弹簧手册和答案变得更进一步......
【问题讨论】:
鉴于这个用例现在相当普遍,我很惊讶地看到还没有答案(即使大约 4 个月后)。 @Grigory,你自己找到什么了吗? 【参考方案1】:简短的回答:是的,你可以做到!
您必须将安全依赖项添加到您的 build.gradle 或 pom.xml 文件中:
compile "org.springframework.boot:spring-boot-starter-security"
compile "org.springframework.security:spring-security-config"
compile "org.springframework.security:spring-security-data"
compile "org.springframework.security:spring-security-web"
compile "org.springframework.social:spring-social-security"
compile "org.springframework.social:spring-social-google"
compile "org.springframework.social:spring-social-facebook"
compile "org.springframework.social:spring-social-twitter"
那么您必须将社交配置与您的安全配置一起添加到您的项目中:
@Configuration
@EnableSocial
public class SocialConfiguration implements SocialConfigurer
private final Logger log = LoggerFactory.getLogger(SocialConfiguration.class);
private final SocialUserConnectionRepository socialUserConnectionRepository;
private final Environment environment;
public SocialConfiguration(SocialUserConnectionRepository socialUserConnectionRepository,
Environment environment)
this.socialUserConnectionRepository = socialUserConnectionRepository;
this.environment = environment;
@Bean
public ConnectController connectController(ConnectionFactoryLocator connectionFactoryLocator,
ConnectionRepository connectionRepository)
ConnectController controller = new ConnectController(connectionFactoryLocator, connectionRepository);
controller.setApplicationUrl(environment.getProperty("spring.application.url"));
return controller;
@Override
public void addConnectionFactories(ConnectionFactoryConfigurer connectionFactoryConfigurer, Environment environment)
// Google configuration
String googleClientId = environment.getProperty("spring.social.google.client-id");
String googleClientSecret = environment.getProperty("spring.social.google.client-secret");
if (googleClientId != null && googleClientSecret != null)
log.debug("Configuring GoogleConnectionFactory");
connectionFactoryConfigurer.addConnectionFactory(
new GoogleConnectionFactory(
googleClientId,
googleClientSecret
)
);
else
log.error("Cannot configure GoogleConnectionFactory id or secret null");
// Facebook configuration
String facebookClientId = environment.getProperty("spring.social.facebook.client-id");
String facebookClientSecret = environment.getProperty("spring.social.facebook.client-secret");
if (facebookClientId != null && facebookClientSecret != null)
log.debug("Configuring FacebookConnectionFactory");
connectionFactoryConfigurer.addConnectionFactory(
new FacebookConnectionFactory(
facebookClientId,
facebookClientSecret
)
);
else
log.error("Cannot configure FacebookConnectionFactory id or secret null");
// Twitter configuration
String twitterClientId = environment.getProperty("spring.social.twitter.client-id");
String twitterClientSecret = environment.getProperty("spring.social.twitter.client-secret");
if (twitterClientId != null && twitterClientSecret != null)
log.debug("Configuring TwitterConnectionFactory");
connectionFactoryConfigurer.addConnectionFactory(
new TwitterConnectionFactory(
twitterClientId,
twitterClientSecret
)
);
else
log.error("Cannot configure TwitterConnectionFactory id or secret null");
// jhipster-needle-add-social-connection-factory
@Override
public UserIdSource getUserIdSource()
return new AuthenticationNameUserIdSource();
@Override
public UsersConnectionRepository getUsersConnectionRepository(ConnectionFactoryLocator connectionFactoryLocator)
return new CustomSocialUsersConnectionRepository(socialUserConnectionRepository, connectionFactoryLocator);
@Bean
public SignInAdapter signInAdapter(UserDetailsService userDetailsService, JHipsterProperties jHipsterProperties,
TokenProvider tokenProvider)
return new CustomSignInAdapter(userDetailsService, jHipsterProperties,
tokenProvider);
@Bean
public ProviderSignInController providerSignInController(ConnectionFactoryLocator connectionFactoryLocator, UsersConnectionRepository usersConnectionRepository, SignInAdapter signInAdapter)
ProviderSignInController providerSignInController = new ProviderSignInController(connectionFactoryLocator, usersConnectionRepository, signInAdapter);
providerSignInController.setSignUpUrl("/social/signup");
providerSignInController.setApplicationUrl(environment.getProperty("spring.application.url"));
return providerSignInController;
@Bean
public ProviderSignInUtils getProviderSignInUtils(ConnectionFactoryLocator connectionFactoryLocator, UsersConnectionRepository usersConnectionRepository)
return new ProviderSignInUtils(connectionFactoryLocator, usersConnectionRepository);
那么你必须为你的社交登录编写适配器:
public class CustomSignInAdapter implements SignInAdapter
@SuppressWarnings("unused")
private final Logger log = LoggerFactory.getLogger(CustomSignInAdapter.class);
private final UserDetailsService userDetailsService;
private final JHipsterProperties jHipsterProperties;
private final TokenProvider tokenProvider;
public CustomSignInAdapter(UserDetailsService userDetailsService, JHipsterProperties jHipsterProperties,
TokenProvider tokenProvider)
this.userDetailsService = userDetailsService;
this.jHipsterProperties = jHipsterProperties;
this.tokenProvider = tokenProvider;
@Override
public String signIn(String userId, Connection<?> connection, NativeWebRequest request)
try
UserDetails user = userDetailsService.loadUserByUsername(userId);
UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken(
user,
null,
user.getAuthorities());
SecurityContextHolder.getContext().setAuthentication(authenticationToken);
String jwt = tokenProvider.createToken(authenticationToken, false);
ServletWebRequest servletWebRequest = (ServletWebRequest) request;
servletWebRequest.getResponse().addCookie(getSocialAuthenticationCookie(jwt));
catch (AuthenticationException ae)
log.error("Social authentication error");
log.trace("Authentication exception trace: ", ae);
return jHipsterProperties.getSocial().getRedirectAfterSignIn();
private Cookie getSocialAuthenticationCookie(String token)
Cookie socialAuthCookie = new Cookie("social-authentication", token);
socialAuthCookie.setPath("/");
socialAuthCookie.setMaxAge(10);
return socialAuthCookie;
您可以在我的 github 中找到示例项目: https://github.com/ksadjad/oauth-test
【讨论】:
嘿@ksadjad,按照你的指导,下面这行``` return jHipsterProperties.getSocial().getRedirectAfterSignIn();``` 使cookie因为302结果代码而消失,你呢知道如何让 cookie 留在浏览器上吗?以上是关于社交登录,spring-security-oauth2 和 spring-security-jwt?的主要内容,如果未能解决你的问题,请参考以下文章