在我的
Java Spring应用程序中,我通过外部OAuth2提供程序实现了OAuth2用户授权.
在我的本地主机上,为了通过这个外部OAuth2提供程序对用户进行身份验证,我需要通过以下网址:https://127.0.0.1:8443/login/ok,在OAuth2舞蹈之后,我可以通过以下用户进行身份验证.到目前为止一切都很好.
但是当我在登录URL中有一些请求参数时,例如uid和level:
在OAuth2舞蹈之后,我被重定向到https://127.0.0.1:8443/并丢失了这些参数.
在我的Chrome网络面板中,我可以看到以下一组通话:
所以我在第3步之后失去了这些参数.
是否可以配置Spring Security OAuth2以将这些参数传递到步骤#4?
这是我的配置(这是基于此答案Spring Security – Retaining URL parameters on redirect to login的解决方案)但它不起作用(不调用AuthenticationProcessingFilterEntryPoint .commence方法):
@Override
public void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.headers().frameOptions().disable()
.and().logout()
.and().antMatcher("/**").authorizeRequests()
.antMatchers("/", "/login**", "/index.html", "/home.html").permitAll()
.anyRequest().authenticated()
.and().exceptionHandling().authenticationEntryPoint(new AuthenticationProcessingFilterEntryPoint("/"))
.and().logout().logoutSuccessUrl("/").permitAll()
.and().csrf().csrfTokenRepository(csrfTokenRepository())
.and().addFilterAfter(csrfHeaderFilter(), CsrfFilter.class)
.addFilterBefore(ssoFilter(), BasicAuthenticationFilter.class);
// @formatter:on
}
public class AuthenticationProcessingFilterEntryPoint extends LoginUrlAuthenticationEntryPoint {
public AuthenticationProcessingFilterEntryPoint(String loginFormUrl) {
super(loginFormUrl);
}
@Override
public void commence(HttpServletRequest request, HttpServletResponse response,
AuthenticationException authException) throws IOException, ServletException {
RedirectStrategy redirectStrategy = new DefaultRedirectStrategy();
redirectStrategy.sendRedirect(request, response, getLoginFormUrl() + "?" + request.getQueryString());
}
}
有什么不对?
最佳答案 我已通过以下方式实现此目的:
private Filter ssoFilter(ClientResources client, String path) {
OAuth2ClientAuthenticationProcessingFilter clientFilter = new OAuth2ClientAuthenticationProcessingFilter(path);
.......
clientFilter.setAuthenticationSuccessHandler(new UrlParameterAuthenticationHandler());
return clientFilter;
}
public class UrlParameterAuthenticationHandler extends SimpleUrlAuthenticationSuccessHandler {
@Override
protected void handle(HttpServletRequest request, HttpServletResponse response, Authentication authentication)
throws IOException, ServletException {
String targetUrl = determineTargetUrl(request, response);
if (response.isCommitted()) {
logger.debug("Response has already been committed. Unable to redirect to " + targetUrl);
return;
}
String queryString = HttpUtils.removeParams(request.getQueryString(), "state", "code");
targetUrl = !StringUtils.isEmpty(queryString) ? targetUrl + "?" + queryString : targetUrl;
getRedirectStrategy().sendRedirect(request, response, targetUrl);
}
}
如果有更好的方法,请纠正我
转播
