stackoom
  简体   繁体   中英

Why is my oauth2 config not using my custom UserService?

 原文  2018-04-08 08:06:28       java/ spring-boot/ oauth-2.0/ spring-security-oauth2

Question

I'm trying to use authentication by google. I am using springboot2, so most of the configuration is automatic. The authentication itself works good, but afterwards I would like to populate Principal with my own data (roles, username, and stuff).

I've created MyUserService that exteds DefaultOauth2UserService, and I am trying to use it as follows: 

@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {
    @Autowired
    MyUserService myUserService;

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
            .authorizeRequests()
                .anyRequest().authenticated()
                .and()
            .oauth2Login()
                .userInfoEndpoint()
                    .userService(myUserService);
    }
}

I've checked with debuger, that application never actually uses loadUser methods. And here is implementation of MyUserService: 

@Component
public class MyUserService extends DefaultOAuth2UserService {
    @Autowired
    UserRepository userRepository;

    public MyUserService(){
        LoggerFactory.getLogger(MyUserService.class).info("initializing user service");
    }

    @Override
    public OAuth2User loadUser(OAuth2UserRequest userRequest) throws OAuth2AuthenticationException {
        OAuth2User oAuth2User = super.loadUser(userRequest);
        Map<String, Object> attributes = oAuth2User.getAttributes();

        String emailFromGoogle = (String) attributes.get("email");
        User user = userRepository.findByEmail(emailFromGoogle);
        attributes.put("given_name", user.getFirstName());
        attributes.put("family_name", user.getLastName());

        Set<GrantedAuthority> authoritySet = new HashSet<>(oAuth2User.getAuthorities());

        return new DefaultOAuth2User(authoritySet, attributes, "sub");
    }
}

2 answers

solution1
 1  2018-04-12 21:34:31

I think you're missing the @EnableOAuth2Client annotation at the top of your SecurityConfig class.

Regardless, I made an examplewith a Custom user service for oauth2 here https://github.com/TwinProduction/spring-security-oauth2-client-example/ if it helps

solution2
 1 ACCPTED  2018-04-13 20:25:33

Actually the solution was just to add another property for google authentication: 

spring.security.oauth2.client.registration.google.scope=profile email

Not sure, what is the default scope, and why entrance to the service is dependent on scope, but without this line the code never reached my custom service.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Using my custom External Login with spring boot oauth2 (authorization grant type)? Why my Spring OAuth2 Server not working using SSL self-sign ssl? Why does my OAuth2 won't working with Spring Boot? AppEngine: creating my own UserService? Unable to add custom config for spring security with oauth2 Spring Security oauth2, why does my auth/token authenticates CLIENT but returns 404? Spring-Security OAuth2 StackOverflowError using Java config Oauth2 Java Config JDBC How do I enable OAuth2 for only certain classes in my Spring Boot Security OAuth2 app? Is it possible to secure my Java REST API with OAuth2 without Spring?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM