Spring-Security with OAuth2Login & CustomAuthenticationProvider

Question 1

在我的情况下，我有一个CustomAuthenticationProvider的OAuth2登录。

现在我有CustomAuthenticationProvider没有被调用的问题，我不知道为什么。

登录到目前为止没有问题

我为客户端注册设置的属性:

# CLIENT FOR AUTHORIZATION CODE GRANT #
spring.security.oauth2.client.registration.login-client.client-id=client-id
spring.security.oauth2.client.registration.login-client.client-secret=secret
spring.security.oauth2.client.registration.login-client.client-authentication-method=client_secret_basic
spring.security.oauth2.client.registration.login-client.scope=openid, profile, roles
spring.security.oauth2.client.registration.login-client.authorization-grant-type=authorization_code
spring.security.oauth2.client.registration.login-client.redirect-uri=redirect-uri
spring.security.oauth2.client.provider.login-client.issuer-uri=issuer-uri

我SecurityConfig

:

@EnableWebSecurity
@EnableGlobalMethodSecurity(securedEnabled = true, prePostEnabled = true)
public class SecurityConfiguration extends WebSecurityConfigurerAdapter
{
    @Value("${keycloak.logout.uri}")
    private String logoutUri;

    @Autowired
    private KeycloakAuthenticationProvider authProvider;

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception
    {
        auth.authenticationProvider(authProvider);
    }

    @Override
    protected void configure(final HttpSecurity http) throws Exception
    {
        // Required for zkoss-uploads
        http.headers()
                .frameOptions()
                .disable();

        // Required for zkoss-logins
        http.csrf().disable();

        // Authorization on request
        http.authorizeRequests()
                .antMatchers("/actuator/**")
                .permitAll()
                .anyRequest()
                .authenticated();

        // OAuth2 Client
        http.oauth2Client();

        // OAuth2 Login
        http.oauth2Login();

        // Logout handling
        http.logout().logoutSuccessUrl(logoutUri);
    }
}

和我的CustomAuthenticationProvider:

@Component
public class KeycloakAuthenticationProvider implements AuthenticationProvider
{
    @Override
    public Authentication authenticate(Authentication authentication) throws AuthenticationException
    {
        System.out.println("authenticate");
        return authentication;
    }

    @Override
    public boolean supports(Class<?> authentication)
    {
        System.out.println("support");
        return true;
    }
}

注意:我的CustomAuthenticationProvider还没有逻辑，因为我想看看它是否首先被调用

编辑:

我的依赖关系:

<!-- Security -->
<dependency>
  <groupId>org.springframework.security</groupId>
  <artifactId>spring-security-oauth2-client</artifactId>
  <version>5.6.1</version>
</dependency>
<dependency>
  <groupId>org.springframework.security</groupId>
  <artifactId>spring-security-oauth2-jose</artifactId>
  <version>5.6.1</version>
</dependency>

Question 2

现在我自己解决了我的问题。

问题是，

@Autowired
private KeycloakAuthenticationSuccessHandler successHandler;

http.oauth2Login().successHandler(successHandler);

的配置提供了它自己的

@Component
public class KeycloakAuthenticationSuccessHandler implements AuthenticationSuccessHandler
{
    @Value("${logging.groupId}")
    private String location;

    private RequestCache requestCache = new HttpSessionRequestCache();

    private RedirectStrategy redirectStrategy = new DefaultRedirectStrategy();

    @Override
    public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication)
            throws IOException, ServletException
    {
        var persistedAuth = (OAuth2AuthenticationToken) authentication;
        var user = new DefaultOAuth2User(persistedAuth.getAuthorities(), persistedAuth.getPrincipal().getAttributes(), "name");

        /*
         * Sets new OAuth2AuthenticationToken with mapped authorities
         */
        SecurityContextHolder.getContext()
                .setAuthentication(new OAuth2AuthenticationToken(user, mapAuthorities(persistedAuth.getPrincipal().getAttributes()), persistedAuth
                        .getAuthorizedClientRegistrationId()));

        /*
         * Redirecting to the index page of website
         */
        var redirectUri = requestCache.getRequest(request, response).getRedirectUrl();
        redirectStrategy.sendRedirect(request, response, redirectUri);
    }

    @SuppressWarnings("unchecked")
    private Collectionextends GrantedAuthority> mapAuthorities(Map<String, Object> attributes)
    {
        var resourceRoles = new ArrayList<>();
        var resourceAccess = (Map<String, List<String>>) attributes.get("resource_access");
        if (resourceAccess.containsKey(location))
        {
            resourceRoles.addAll(((Map<String, List<String>>) resourceAccess.get(location)).get("roles"));
        }
        return resourceRoles.isEmpty() ? emptySet() : resourceRoles.stream().map(r -> new SimpleGrantedAuthority(valueOf(r))).collect(toSet());
    }
}

，这没有被http.oauth2Login()覆盖

我的解决方案是添加一个AuthenticationProvider到AuthenticationManagerBuilder。

它有重做和设置由auto-config创建的现有身份验证的任务

下面是我的代码:

@Autowired
private KeycloakAuthenticationSuccessHandler successHandler;

http.oauth2Login().successHandler(successHandler);

and my successHandler:

@Component
public class KeycloakAuthenticationSuccessHandler implements AuthenticationSuccessHandler
{
    @Value("${logging.groupId}")
    private String location;

    private RequestCache requestCache = new HttpSessionRequestCache();

    private RedirectStrategy redirectStrategy = new DefaultRedirectStrategy();

    @Override
    public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication)
            throws IOException, ServletException
    {
        var persistedAuth = (OAuth2AuthenticationToken) authentication;
        var user = new DefaultOAuth2User(persistedAuth.getAuthorities(), persistedAuth.getPrincipal().getAttributes(), "name");

        /*
         * Sets new OAuth2AuthenticationToken with mapped authorities
         */
        SecurityContextHolder.getContext()
                .setAuthentication(new OAuth2AuthenticationToken(user, mapAuthorities(persistedAuth.getPrincipal().getAttributes()), persistedAuth
                        .getAuthorizedClientRegistrationId()));

        /*
         * Redirecting to the index page of website
         */
        var redirectUri = requestCache.getRequest(request, response).getRedirectUrl();
        redirectStrategy.sendRedirect(request, response, redirectUri);
    }

    @SuppressWarnings("unchecked")
    private Collectionextends GrantedAuthority> mapAuthorities(Map<String, Object> attributes)
    {
        var resourceRoles = new ArrayList<>();
        var resourceAccess = (Map<String, List<String>>) attributes.get("resource_access");
        if (resourceAccess.containsKey(location))
        {
            resourceRoles.addAll(((Map<String, List<String>>) resourceAccess.get(location)).get("roles"));
        }
        return resourceRoles.isEmpty() ? emptySet() : resourceRoles.stream().map(r -> new SimpleGrantedAuthority(valueOf(r))).collect(toSet());
    }
}

Btw:感谢Marcus，通过提示和调试器，我找到了解决方案!

Answer 1

现在我自己解决了我的问题。

问题是，

@Autowired
private KeycloakAuthenticationSuccessHandler successHandler;

http.oauth2Login().successHandler(successHandler);

的配置提供了它自己的

@Component
public class KeycloakAuthenticationSuccessHandler implements AuthenticationSuccessHandler
{
    @Value("${logging.groupId}")
    private String location;

    private RequestCache requestCache = new HttpSessionRequestCache();

    private RedirectStrategy redirectStrategy = new DefaultRedirectStrategy();

    @Override
    public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication)
            throws IOException, ServletException
    {
        var persistedAuth = (OAuth2AuthenticationToken) authentication;
        var user = new DefaultOAuth2User(persistedAuth.getAuthorities(), persistedAuth.getPrincipal().getAttributes(), "name");

        /*
         * Sets new OAuth2AuthenticationToken with mapped authorities
         */
        SecurityContextHolder.getContext()
                .setAuthentication(new OAuth2AuthenticationToken(user, mapAuthorities(persistedAuth.getPrincipal().getAttributes()), persistedAuth
                        .getAuthorizedClientRegistrationId()));

        /*
         * Redirecting to the index page of website
         */
        var redirectUri = requestCache.getRequest(request, response).getRedirectUrl();
        redirectStrategy.sendRedirect(request, response, redirectUri);
    }

    @SuppressWarnings("unchecked")
    private Collectionextends GrantedAuthority> mapAuthorities(Map<String, Object> attributes)
    {
        var resourceRoles = new ArrayList<>();
        var resourceAccess = (Map<String, List<String>>) attributes.get("resource_access");
        if (resourceAccess.containsKey(location))
        {
            resourceRoles.addAll(((Map<String, List<String>>) resourceAccess.get(location)).get("roles"));
        }
        return resourceRoles.isEmpty() ? emptySet() : resourceRoles.stream().map(r -> new SimpleGrantedAuthority(valueOf(r))).collect(toSet());
    }
}

，这没有被http.oauth2Login()覆盖

我的解决方案是添加一个AuthenticationProvider到AuthenticationManagerBuilder。

它有重做和设置由auto-config创建的现有身份验证的任务

下面是我的代码:

@Autowired
private KeycloakAuthenticationSuccessHandler successHandler;

http.oauth2Login().successHandler(successHandler);

and my successHandler:

@Component
public class KeycloakAuthenticationSuccessHandler implements AuthenticationSuccessHandler
{
    @Value("${logging.groupId}")
    private String location;

    private RequestCache requestCache = new HttpSessionRequestCache();

    private RedirectStrategy redirectStrategy = new DefaultRedirectStrategy();

    @Override
    public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication)
            throws IOException, ServletException
    {
        var persistedAuth = (OAuth2AuthenticationToken) authentication;
        var user = new DefaultOAuth2User(persistedAuth.getAuthorities(), persistedAuth.getPrincipal().getAttributes(), "name");

        /*
         * Sets new OAuth2AuthenticationToken with mapped authorities
         */
        SecurityContextHolder.getContext()
                .setAuthentication(new OAuth2AuthenticationToken(user, mapAuthorities(persistedAuth.getPrincipal().getAttributes()), persistedAuth
                        .getAuthorizedClientRegistrationId()));

        /*
         * Redirecting to the index page of website
         */
        var redirectUri = requestCache.getRequest(request, response).getRedirectUrl();
        redirectStrategy.sendRedirect(request, response, redirectUri);
    }

    @SuppressWarnings("unchecked")
    private Collectionextends GrantedAuthority> mapAuthorities(Map<String, Object> attributes)
    {
        var resourceRoles = new ArrayList<>();
        var resourceAccess = (Map<String, List<String>>) attributes.get("resource_access");
        if (resourceAccess.containsKey(location))
        {
            resourceRoles.addAll(((Map<String, List<String>>) resourceAccess.get(location)).get("roles"));
        }
        return resourceRoles.isEmpty() ? emptySet() : resourceRoles.stream().map(r -> new SimpleGrantedAuthority(valueOf(r))).collect(toSet());
    }
}

Btw:感谢Marcus，通过提示和调试器，我找到了解决方案!

Spring-Security with OAuth2Login & CustomAuthenticationProvider

Spring-Security with OAuth2Login & CustomAuthenticationProvider

0 Comment

0 Comment

About the Author

Question Info

Related Question

How to split a string stored in an object in react return statement and join with bullets which is taken from Mongo DB database [duplicate]

在模拟器中启动safari失败错误"[XCUITest]由于xcodebuild失败而无法启动WebDriverAgent: xcodebuild Failed with code 65"

Flutter: ListView with StreamBuilder Janky上滚动

compiled agaist an openssl with no kerberos, but run with one with kerberos

使用BCEWithLogitsLoss进行训练时，使用pytorch闪电进行预测

tetgen进行四面体生成时有警告Warning: Point # is coincident with #. Ignored!

Commit must be signed with a GPG key - After merge/rebase

jetpack Compose with Coil不加载URL图像

如何使用" shouldrecognizesimuleouslywith otherGestureRecognizer: UIGestureRecognizer"

Detect unselect date of datepicker with selectionMode multiple (Primefaces)