该应用程序使用存储在数据库中的数据实现授权的可能性。添加了通过第三方 OAuth 服务器登录的功能。服务器在其数据库中提供客户端 ID,此 ID 存储在一个表中,其中有关应用程序用户的数据位于单独的字段中。
在使用 Spring Boot 2.2.7 授权使用 OAuth2 时,我无法弄清楚如何正确地从应用程序数据库中提取用户角色?据我了解,@EnableOAuth2Sso 和 PrincipalExtractor 已弃用且不起作用(。
请不要太骂我,我经验很少,我试图弄清楚文档https://docs.spring.io/spring-security/site/docs/current/reference/html5/#multiple-httpsecurity . 谢谢大家的帮助!
package ru.geekbase.portal.config;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.security.SecurityProperties;
import org.springframework.boot.autoconfigure.security.oauth2.client.EnableOAuth2Sso;
import org.springframework.boot.autoconfigure.security.oauth2.resource.PrincipalExtractor;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import ru.geekbase.portal.domain.User;
import ru.geekbase.portal.repos.UserRepo;
import ru.geekbase.portal.service.UserService;
import ru.geekbase.portal.util.XSSFilter;
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private UserService userService;
@Autowired
private PasswordEncoder passwordEncoder;
private XSSFilter xssFilter;
@Bean
public PasswordEncoder getPasswordEncoder() {
return new BCryptPasswordEncoder(8);
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable();
// http.addFilterAfter(
// new XSSFilter(), BasicAuthenticationFilter.class);
http.authorizeRequests()
.antMatchers("/",
"/checkUser",
"/checkUser/**",
"/login",
"/login/**",
"/oauth_login",
"/js/public/**",
"/css/**"
,"/registration",
"/nav",
"/success_unsubscrube",
"/unsuccess_unsubscrube",
"/politic",
"/unsuccess_reset_password",
"/success_reset_password",
"/unsuccess_req_password",
"/success_req_password",
"/unsubscribe",
"/unsubscribe/**",
"/resetpassword",
"/resetpassword/**",
"/reqpassword",
"/reqpassword/**",
"/students/**",
"/students",
"/registration",
"/passwordrequest",
"/usergroup",
"/useragreement",
"/studentgroup").permitAll()
.antMatchers("/js/authentificated/**",
"/profile",
"/courcemaker",
"/cource",
"/lectionmaker",
"/lection",
"/answermaker",
"/answer",
"/questionmaker",
"/question",
"/testmaker",
"/test",
"/logout",
"/record",
"/accesstocource",
"/studentlist",
"/seminars",
"/seminar",
"/seminar/**",
"/accessToSeminar",
"/seminarsForStudents").authenticated()
.antMatchers("/js/admin/**",
"/usermaker",
"/srvconf",
"/userlist",
"/srv",
"/group",
"/courcelist",
"/activeMeetings").hasAnyAuthority("ADMIN")
.antMatchers("/llist",
"/lectionlist",
"/activeMeetingsList").hasAnyAuthority("ADMIN","MODERATOR")
.antMatchers("/gs-guide-websocket",
"/lectionStatistics/**",
"/lectionStatistic",
"/seminarListener",
"/accessUserToSeminar",
"/userForSelectList").hasAnyAuthority("USER", "ADMIN","LECTOR")
.antMatchers("/lectionviews",
"/testforuser",
"/testforuser/**",
"/saveanswer",
"/saveanswer/**",
"/testattempt",
"/courceListForStudent",
"/lectionListForStudent",
"/lectionsListForStudent",
"/watchlist",
"/js/student/**",
"/upload",
"/file",
"/downloadFile",
"/filesForLection",
"/seminar/**",
"/seminar/begin/{id}",
"/seminarsForStudent",
"/seminarList").hasAnyAuthority("USER", "ADMIN","LECTOR","STUDENT")
.anyRequest().authenticated()
.and()
.oauth2Login()
.loginPage("/oauth_login")
.permitAll()
.and()
.formLogin()
.loginPage("/login")
.permitAll()
// .and()
// .rememberMe()
.and()
.logout()
.permitAll();
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userService)
.passwordEncoder(passwordEncoder);
}
}
用户服务:
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.stereotype.Service;
import ru.geekbase.portal.repos.UserRepo;
@Service
public class UserService implements UserDetailsService {
@Autowired
private UserRepo userRepo;
@Autowired
private PasswordEncoder passwordEncoder;
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
return userRepo.findByUsername(username);
}
}
用户等级: