stackoom
  简体   繁体   中英

Spring Boot OAuth2 login not doing anything

 原文  2020-10-26 22:32:12       java/ spring/ spring-boot/ spring-security/ oauth-2.0

Question

I'm trying to get the user session managed with a OAuth2 provider and I made a custom login that made the calls, set the cookies etc... But then I realized that Spring Boot Security has OAuth2 integration and I decided to start from scratch and do it the right way.

The problem is that, for any secured path I access, I get redirected to the service, I log in in there, and then I get redirected back to my callback url, with the code as param and I get the template as usual, going through the controller, not getting authorized on my application at any point .

在此处输入图像描述

Before I used this code to access the API but as I understand now Spring should be managing it .

So, I autenticate, I get redirected again into my page (my callback url is permited for all users) and then I am at the same place, not authenticated in any way. I can't access any secured path.

What I did

application.yml:

security:
    oauth2:
      client:
        registration:
          wca:
            client-id: 0YekXxbT20En0V000000Tk9pGam2K9HvIA0fTPP0
            client-secret: cm0001232132132132hGNICxzAwNKqFMg
            authorization-grant-type: authorization_code
            redirect-uri: '{baseUrl}/loginWCA'
        provider:
           wca:
             authorization-uri: https://www.worldcubeassociation.org/oauth/authorize
             token-uri: https://www.worldcubeassociation.org/api/v0/me

SecurityConfig:

@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter{


    @Override
    protected void configure(HttpSecurity http) throws Exception {
            http.authorizeRequests().antMatchers("/loginWCA").permitAll().anyRequest().authenticated().and().oauth2Login();
    }

Disclaimer: I know that I'm securing everything, my goal is to go to the root path -> get redirected to the provider -> log in -> get back to my web -> have a valid session to access root path as an authenticated user.

1 answers

solution1
 0  2020-10-27 02:01:36

You should get token after login passing. please ref your oauth2 provider. then add it with Bearer in request HEADER 'Authentication'. So other pages need not be authenticated.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Facebook Spring Boot login with OAuth2 Google Oauth2 login with spring boot using OAuth2ClientAuthenticationProcessingFilter Spring Boot combine OAuth2 and HttpBasic Login with Custom Form Spring boot oAuth2 “Bad Credentials” after successfull login How to restrict to a specific domain to login with Spring-Boot and OAuth2 Access user data after login with Spring Boot OAuth2 Client Spring Boot OAuth2 Authorization Server with 2 step login Spring boot oauth2 token Spring Boot and OAuth2 CORS Spring Boot and OAuth2 server
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM