[英]Spring security with oauth2 adding additional parameters to authorization URL?
[英]Spring Security OAuth2 dance and get parameters
在我的Java Spring應用程序中,我通過外部OAuth2提供程序實現了OAuth2用戶授權。
在我的localhost上,為了通過這個外部OAuth2提供程序對用戶進行身份驗證,我需要訪問以下網址: https ://127.0.0.1:8443 / login /,並且在OAuth2舞蹈之后我可以通過此身份驗證。 到目前為止一切都很好。
但是當我在登錄URL中有一些請求參數時,例如uid和level:
https://127.0.0.1:8443/login/ok?uid=45134132&level=3
在OAuth2舞蹈之后,我被重定向到https://127.0.0.1:8443/並丟失這些參數。
在我的Chrome網絡面板中,我可以看到以下一組通話:
所以我在第3步之后失去了這些參數。
是否可以將Spring Security + OAuth2配置為將這些參數傳遞給步驟#4?
這是我的配置(這是一個基於這個答案的解決方案Spring Security - 重定向到登錄時保留URL參數 )但它不起作用(不調用AuthenticationProcessingFilterEntryPoint .commence method
):
@Override
public void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.headers().frameOptions().disable()
.and().logout()
.and().antMatcher("/**").authorizeRequests()
.antMatchers("/", "/login**", "/index.html", "/home.html").permitAll()
.anyRequest().authenticated()
.and().exceptionHandling().authenticationEntryPoint(new AuthenticationProcessingFilterEntryPoint("/"))
.and().logout().logoutSuccessUrl("/").permitAll()
.and().csrf().csrfTokenRepository(csrfTokenRepository())
.and().addFilterAfter(csrfHeaderFilter(), CsrfFilter.class)
.addFilterBefore(ssoFilter(), BasicAuthenticationFilter.class);
// @formatter:on
}
public class AuthenticationProcessingFilterEntryPoint extends LoginUrlAuthenticationEntryPoint {
public AuthenticationProcessingFilterEntryPoint(String loginFormUrl) {
super(loginFormUrl);
}
@Override
public void commence(HttpServletRequest request, HttpServletResponse response,
AuthenticationException authException) throws IOException, ServletException {
RedirectStrategy redirectStrategy = new DefaultRedirectStrategy();
redirectStrategy.sendRedirect(request, response, getLoginFormUrl() + "?" + request.getQueryString());
}
}
有什么不對?
我已通過以下方式實現此目的:
private Filter ssoFilter(ClientResources client, String path) {
OAuth2ClientAuthenticationProcessingFilter clientFilter = new OAuth2ClientAuthenticationProcessingFilter(path);
.......
clientFilter.setAuthenticationSuccessHandler(new UrlParameterAuthenticationHandler());
return clientFilter;
}
public class UrlParameterAuthenticationHandler extends SimpleUrlAuthenticationSuccessHandler {
@Override
protected void handle(HttpServletRequest request, HttpServletResponse response, Authentication authentication)
throws IOException, ServletException {
String targetUrl = determineTargetUrl(request, response);
if (response.isCommitted()) {
logger.debug("Response has already been committed. Unable to redirect to " + targetUrl);
return;
}
String queryString = HttpUtils.removeParams(request.getQueryString(), "state", "code");
targetUrl = !StringUtils.isEmpty(queryString) ? targetUrl + "?" + queryString : targetUrl;
getRedirectStrategy().sendRedirect(request, response, targetUrl);
}
}
如果有更好的方法,請糾正我
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.