使用Spring Boot 1.3.2(没有spring-cloud-security)和@ EnableOAuth2Sso配置AuthenticationSuccessHandler

Question

我们有一个Spring Boot 1.3.2/Webflow网络应用程序,我们正在转换为使用SSO.我按照"从Spring Boot 1.2到1.3迁移OAuth2应用程序"博客中的步骤,让应用程序切换到我们的Auth服务器进行身份验证,并使用令牌正确填充其安全上下文的Web应用程序.

唯一不起作用的是自定义身份验证成功处理程序,它们在用户会话继续登录页面之前配置几个位.

目前在我们的安全配置中配置如下,它扩展了WebSecurityConfigurerAdapter

@Override
protected void configure(HttpSecurity http) throws Exception {
    // These are all the unprotected endpoints.
    http.authorizeRequests()
            .antMatchers(new String[] { "/", "/login", "/error",
                    "/loginFailed", "/static/**" })
            .permitAll();

    // Protect all the other endpoints with a login page.
    http.authorizeRequests().anyRequest()
            .hasAnyAuthority("USER", "ADMIN").and().formLogin().loginPage("/login").failureUrl("/loginFailed")
            .successHandler(customAuthenticationSuccessHandler()).and().logout()
            .logoutRequestMatcher(new AntPathRequestMatcher("/logout"));
    http.exceptionHandling().accessDeniedHandler(new AccessDeniedHandler() {

        @Override
        public void handle(HttpServletRequest request, HttpServletResponse response,
                AccessDeniedException accessDeniedException) throws IOException, ServletException {
            if (accessDeniedException instanceof CsrfException) {
                response.sendRedirect(request.getContextPath() + "/logout");
            }
        }
    });
}

我可以看到在启动期间配置了处理程序,但是一旦用户成功登录就不会调用它.我在主题上找到的所有问题都是指使用OAuth2SsoConfigurerAdapter,但是因为我们不再使用spring- cloud-security这个类不可用.

更新:我发现使用BeanPostProcessor可以实现这一点:

public static class DefaultRolesPrefixPostProcessor implements BeanPostProcessor, PriorityOrdered {

        @Override
        public Object postProcessAfterInitialization(Object bean, String beanName) throws BeansException {
            if (bean instanceof FilterChainProxy) {

                FilterChainProxy chains = (FilterChainProxy) bean;

                for (SecurityFilterChain chain : chains.getFilterChains()) {
                    for (Filter filter : chain.getFilters()) {
                        if (filter instanceof OAuth2ClientAuthenticationProcessingFilter) {
                            OAuth2ClientAuthenticationProcessingFilter oAuth2ClientAuthenticationProcessingFilter = (OAuth2ClientAuthenticationProcessingFilter) filter;
                            oAuth2ClientAuthenticationProcessingFilter
                                    .setAuthenticationSuccessHandler(customAuthenticationSuccessHandler());
                        }
                    }
                }
            }
            return bean;
        }
    }

有没有更好的方法来配置这个？

Answer 1

如果你按照Dave Syers出色的Spring boot oauth2教程,你将得到一个返回你的ssoFilter的方法

我在这个过滤器中添加了一个setAuthenticationSuccessHandler

@Autowired
private CustomAuthenticationSuccessHandler customAuthenticationSuccessHandler;


private Filter ssoFilter() {
    OAuth2ClientAuthenticationProcessingFilter facebookFilter = new OAuth2ClientAuthenticationProcessingFilter("/login/facebook");
    OAuth2RestTemplate facebookTemplate = new OAuth2RestTemplate(facebook(), oauth2ClientContext);
    facebookFilter.setRestTemplate(facebookTemplate);
    facebookFilter.setTokenServices(new UserInfoTokenServices(facebookResource().getUserInfoUri(), facebook().getClientId()));
    facebookFilter.setAuthenticationSuccessHandler(customAuthenticationSuccessHandler);
    return facebookFilter;
} 

我的CustomAuthenticationSuccessHandler只是一个扩展AuthenticationSuccessHandler的组件

@Component
public class CustomAuthenticationSuccessHandler implements AuthenticationSuccessHandler {

@Override
public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response,
                                    Authentication authentication) throws IOException, ServletException {
    //implementation
}

}