3

I am trying to implement user registration and log in flow | SSO using Spring Security Oauth 2.0 and Google as the authentication provider.

  • How should I initiate registration and login flow? What filter needs to be applied?

  • In registration flow, I will needs user's details (name, email) that are part of successful authorization response, to be persisted in my local database. How do I handle that?

  • What's the purpose of oauth2:client id="oauth2ClientFilter" ?

This is how my application context file looks like:-

<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/mvc"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"   xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:jdbc="http://www.springframework.org/schema/jdbc" xmlns:c="http://www.springframework.org/schema/c"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:oauth2="http://www.springframework.org/schema/security/oauth2"
xsi:schemaLocation="http://www.springframework.org/schema/jdbc  http://www.springframework.org/schema/jdbc/spring-jdbc-3.0.xsd
    http://www.springframework.org/schema/security/oauth2 http://www.springframework.org/schema/security/spring-security-oauth2.xsd
    http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc.xsd
    http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.2.xsd
    http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
    http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd">

<!-- DispatcherServlet Context: defines this servlet's request-processing 
    infrastructure -->

<!-- Enables the Spring MVC @Controller programming model -->
<annotation-driven />

<!-- Handles HTTP GET requests for /resources/** by efficiently serving 
    up static resources in the ${webappRoot}/resources directory -->
<resources mapping="/resources/**" location="/resources/" />

<!-- Resolves views selected for rendering by @Controllers to .jsp resources 
    in the /WEB-INF/views directory -->
<beans:bean
    class="org.springframework.web.servlet.view.InternalResourceViewResolver">
    <beans:property name="prefix" value="/WEB-INF/views/" />
    <beans:property name="suffix" value=".jsp" />
</beans:bean>

<context:component-scan base-package="com.samsoft.spring" />

<!-- ================================================== SECURITY START ================================================== -->

<security:http security="none" pattern="/" />
<security:http security="none" pattern="/resources/**" />
<security:global-method-security
    secured-annotations="enabled" />

<security:http auto-config="true">
    <security:intercept-url pattern="/**"
        requires-channel="https" access="IS_AUTHENTICATED_FULLY" />
    <security:custom-filter ref="oauth2ClientFilter"
        after="EXCEPTION_TRANSLATION_FILTER" />
</security:http>
<oauth2:client id="oauth2ClientFilter" />

<oauth2:resource id="googleOauth2Resource" type="authorization_code"
    client-id="530420474177-clientid.apps.googleusercontent.com"
    client-secret="client-secret-here" access-token-uri="https://accounts.google.com/o/oauth2/token"
    user-authorization-uri="https://accounts.google.com/o/oauth2/auth"
    scope="https://www.googleapis.com/auth/calendar"
    client-authentication-scheme="form"
    pre-established-redirect-uri="https://ohad.sealdoc.com/oauth2-client/hello" />

<oauth2:rest-template id="googleOauthRestTemplate"
    resource="googleOauth2Resource" />

<security:authentication-manager>
    <security:authentication-provider>
        <security:user-service>
            <security:user name="test" authorities="ROLE_USER" password="test"/>
        </security:user-service>
    </security:authentication-provider>
</security:authentication-manager>



<!-- ================================================== SECURITY END ================================================== -->

EDIT

I did implemented same use case using Spring Security OpenID by:-

  1. Declaring openid:form tag with exchange attributed configured
  2. Extend the UserDetailsService as described here.

I am looking for equivalent configuration for Oauth 2.0.

4

1 回答 1

0

您是否在 Google 中注册了您的客户端应用程序?这就是 oAuth2 的工作原理……客户端应该在提供者中注册,并获得客户端 ID 和客户端密码。在您的 XML 中,您似乎没有注册:

client-secret="client-secret-here"

阅读Google oAuth2 文档

更新

至于您更新的问题,我认为您看到的行为是由于您的应用程序应该允许在您的 security.xml 文件中访问 "/oauth2/google" 。

于 2013-12-19T18:19:01.120 回答