Spring Security-Oauth2将请求参数传递给AuthenticationProvider

Question

我创建了一个自定义身份验证提供程序，我需要将请求中的参数传递给该提供程序。

重点是

/ oauth / token？grant_type = password＆username = xxx＆password = xxx＆client_id = xxx＆client_secret = xxx＆country = my

从上述请求中，我需要捕获country参数并将其传递给自定义身份验证提供程序，然后该提供程序将根据用户名，密码和国家/地区对用户进行身份验证。

上面的请求通过了ClientCredentialsTokenEndpointFilter过滤器，但是我无法将请求中的国家/地区值设置到身份验证对象上。

<http pattern="/oauth/token" create-session="never"
    authentication-manager-ref="clientAuthenticationManager" 
    xmlns="http://www.springframework.org/schema/security">
    <intercept-url pattern="/oauth/token" access="fullyAuthenticated" />
    <anonymous enabled="false" />
    <http-basic entry-point-ref="clientAuthenticationEntryPoint" />     
    <custom-filter ref="clientCredentialsTokenEndpointFilter"
        after="BASIC_AUTH_FILTER" />
    <access-denied-handler ref="oauthAccessDeniedHandler" />
</http>

请让我知道是否可以通过扩展任何安全功能来实现此目的。

我正在使用Spring 4.1和Spring Security 4.0.3RELEASE

谢谢安华

Answer 1

您需要创建一个UsernamePasswordCountryAuthenticationToken 。

public class UsernamePasswordCountryAuthenticationToken extends UsernamePasswordAuthenticationToken {

    private String country;

    public UsernamePasswordCountryAuthenticationToken(Object principal, Object credentials, String country, Collection<? extends GrantedAuthority> authorities)    {
        super(principal, credentials, country, authorities);
    }

    public UsernamePasswordCountryAuthenticationToken(Object principal, Object credentials, String country)    {
        super(principal, credentials, country);
    }

    public String getCountry() {
        return country;
    }
}

并覆盖ResourceOwnerPasswordTokenGranter

public class CustomResourceOwnerPasswordTokenGranter extends AbstractTokenGranter {

    private static final String GRANT_TYPE = "password";

    private final AuthenticationManager authenticationManager;

    public CustomResourceOwnerPasswordTokenGranter(AuthenticationManager authenticationManager,
        AuthorizationServerTokenServices tokenServices, ClientDetailsService clientDetailsService) {
        super(tokenServices, clientDetailsService, GRANT_TYPE);
        this.authenticationManager = authenticationManager;
    }


    protected OAuth2Authentication getOAuth2Authentication(AuthorizationRequest clientToken) {
        Map<String, String> parameters = clientToken.getAuthorizationParameters();
        String username = parameters.get("username");
        String password = parameters.get("password");
        String country = parameters.get("country");

        Authentication userAuth = new UsernamePasswordCountryAuthenticationToken(username, password, country);
        try {
             userAuth = authenticationManager.authenticate(userAuth);
        } catch (AccountStatusException ase) {
            //covers expired, locked, disabled cases (mentioned in section 5.2, draft 31)
            throw new InvalidGrantException(ase.getMessage());
        } catch (BadCredentialsException e) {
            // If the username/password are wrong the spec says we should send 400/bad grant
            throw new InvalidGrantException(e.getMessage());
        }

        if (userAuth == null || !userAuth.isAuthenticated()) {
            throw new InvalidGrantException("Could not authenticate user: " + username);
        }

        return new OAuth2Authentication(clientToken, userAuth);
    }
}

最后在您的Spring Security OAuth配置文件中

<bean id="customResourceOwnerPasswordTokenGranter" class="CustomResourceOwnerPasswordTokenGranter">
    <constructor-arg index="0" ref="authenticationManager"/>
    <constructor-arg index="1" ref="tokenServices"/>
    <constructor-arg index="2" ref="clientDetailsService"/>
</bean>

<oauth:authorization-server ...>
    <oauth:custom-grant token-granter-ref="customResourceOwnerPasswordTokenGranter" />
</oauth:authorization-server>

现在，如果您已正确配置AuthenticationManager使其具有自定义AuthenticationProvider ，则将收到UsernamePasswordCountryAuthenticationToken实例到AuthenticationProvider.authenticate method(Authentication auth) ，可以在其中将auth为UsernamePasswordCountryAuthenticationToken并使用。