1

我尝试实现本教程https://spring.io/guides/tutorials/spring-boot-oauth2/#_social_login_logout 这是我的应用程序配置(spring boot)

@Configuration
@ComponentScan(basePackages = {"org.fiodorov.controller","org.fiodorov.service", "org.fiodorov.config"})
@EntityScan(basePackages = "org.fiodorov.model")
@EnableJpaRepositories(basePackages = "org.fiodorov.repository")
@EnableOAuth2Client
@EnableAutoConfiguration
public class Application extends WebSecurityConfigurerAdapter{

    @Autowired
    OAuth2ClientContext oauth2ClientContext;

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.antMatcher("/**")
        .addFilterBefore(ssoFilter(), BasicAuthenticationFilter.class);
    }


    public static void main(String[] args) {
        SpringApplication.run(
                Application.class, args);
    }

    private Filter ssoFilter() {
        OAuth2ClientAuthenticationProcessingFilter facebookFilter = new OAuth2ClientAuthenticationProcessingFilter("/login/facebook");
        OAuth2RestTemplate facebookTemplate = new OAuth2RestTemplate(facebook(), oauth2ClientContext);
        facebookFilter.setRestTemplate(facebookTemplate);
        facebookFilter.setTokenServices(new UserInfoTokenServices(facebookResource().getUserInfoUri(), facebook().getClientId()));
        return facebookFilter;
    }

    @Bean
    @ConfigurationProperties("facebook.client")
    OAuth2ProtectedResourceDetails facebook() {
        return new AuthorizationCodeResourceDetails();
    }

    @Bean
    @ConfigurationProperties("facebook.resource")
    ResourceServerProperties facebookResource() {
        return new ResourceServerProperties();
    }

    @Bean
    public FilterRegistrationBean oauth2ClientFilterRegistration(
            OAuth2ClientContextFilter filter) {
        FilterRegistrationBean registration = new FilterRegistrationBean();
        registration.setFilter(filter);
        registration.setOrder(-100);
        return registration;
    }

}

它有效。我可以登录并可以按照教程中的说明获取用户信息。但是我不知道如何在登录后和重定向到主页之前找到将用户详细信息存储在数据库中的时刻,如果用户不存在并验证他的角色是否存在。

我怎样才能做到这一点?

4

1 回答 1

2

你可以让这个类在登录后将用户详细信息存储在数据库中。登录后执行successAuthentication

class OAuth2ClientAuthenticationProcessingAndSavingFilter extends OAuth2ClientAuthenticationProcessingFilter {

    public OAuth2ClientAuthenticationProcessingAndSavingFilter(String defaultFilterProcessesUrl) {
        super(defaultFilterProcessesUrl);
    }

    @Override
    protected void successfulAuthentication(HttpServletRequest request, HttpServletResponse response,
            FilterChain chain, Authentication authResult) throws IOException, ServletException {
        super.successfulAuthentication(request, response, chain, authResult);

        SecurityContext context =  SecurityContextHolder.getContext();
    }
}

在您必须通过 OAuth2ClientAuthenticationProcessingAndSavingFilter 修改 OAuth2ClientAuthenticationProcessingFilter 之后

private Filter ssoFilter() {
        OAuth2ClientAuthenticationProcessingAndSavingFilter facebookFilter = new OAuth2ClientAuthenticationProcessingAndSavingFilter("/login/facebook");
        OAuth2RestTemplate facebookTemplate = new OAuth2RestTemplate(facebook(), oauth2ClientContext);
        facebookFilter.setRestTemplate(facebookTemplate);
        facebookFilter.setTokenServices(new UserInfoTokenServices(facebookResource().getUserInfoUri(), facebook().getClientId()));
        return facebookFilter;
    }
于 2016-10-07T21:24:04.363 回答