记录下如何将oauth2的参数转存到/login请求上

最新推荐文章于 2024-07-10 14:10:05 发布
最新推荐文章于 2024-07-10 14:10:05 发布
阅读量1k 收藏 1
点赞数
分类专栏: java 文章标签: spring cloud spring spring boot
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/liu346487291/article/details/126426279
版权

需求:/oauth/authorize请求除标准参数外,有自定义参数,这些参数要用在spring security认证流程中,UserDetailsService的实现有多个,要根据自定义参数来区分

框架:spring-cloud-starter-oauth2,jwt

要解决的问题:1.LoginUrlAuthenticationEntryPoint.buildRedirectUrlToLoginPage方法返回的重定向url没有加queryString,2.生成默认登录页面的过滤器的url匹配是全路径匹配,会包含queryString,3.UsernamePasswordAuthenticationFilter中使用的WebAuthenticationDetailsSource只处理了remoteAddress和sessionId两个参数,没有处理自定义参数

实现:1.自定义CustomLoginUrlAuthenticationEntryPoint,代码如下

package org.liu.auth.entrypoint;

import lombok.extern.slf4j.Slf4j;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint;
import org.springframework.security.web.util.RedirectUrlBuilder;
import org.springframework.security.web.util.UrlUtils;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/**
 * 自定义拒绝访问时redirect到登录url的entryPoint
 *
 * @Author lzs
 * @Date 2022/8/18 10:19
 **/
@Slf4j
public class CustomLoginUrlAuthenticationEntryPoint extends LoginUrlAuthenticationEntryPoint {

    public CustomLoginUrlAuthenticationEntryPoint() {
        this("/login");
    }

    public CustomLoginUrlAuthenticationEntryPoint(String loginFormUrl) {
        super(loginFormUrl);
    }

    @Override
    protected String buildRedirectUrlToLoginPage(HttpServletRequest request, HttpServletResponse response, AuthenticationException authException) {
        String loginForm = determineUrlToUseForThisRequest(request, response,
                authException);

        if (UrlUtils.isAbsoluteUrl(loginForm)) {
            return loginForm;
        }

        int serverPort = super.getPortResolver().getServerPort(request);
        String scheme = request.getScheme();

        RedirectUrlBuilder urlBuilder = new RedirectUrlBuilder();

        urlBuilder.setScheme(scheme);
        urlBuilder.setServerName(request.getServerName());
        urlBuilder.setPort(serverPort);
        urlBuilder.setContextPath(request.getContextPath());
        urlBuilder.setPathInfo(loginForm);
        urlBuilder.setQuery(request.getQueryString());

        if (super.isForceHttps() && "http".equals(scheme)) {
            Integer httpsPort = super.getPortMapper().lookupHttpsPort(serverPort);

            if (httpsPort != null) {
                // Overwrite scheme and port in the redirect URL
                urlBuilder.setScheme("https");
                urlBuilder.setPort(httpsPort);
            } else {
                log.warn("Unable to redirect to HTTPS as no port mapping found for HTTP port "
                        + serverPort);
            }
        }

        return urlBuilder.getUrl();
    }
}

2.自定义CustomDefaultLoginPageGeneratingFilter,CustomDefaultLoginPageConfigurer

package org.liu.auth.filter;

import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.WebAttributes;
import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices;
import org.springframework.util.Assert;
import org.springframework.web.filter.GenericFilterBean;
import org.springframework.web.util.HtmlUtils;

import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.util.Collections;
import java.util.Map;
import java.util.function.Function;

/**
 * 重写了DefaultLoginPageGeneratingFilter,只是修改了isLoginUrlRequest方法的判断逻辑
 *
 * @Author lzs
 * @Date 2022/8/19 8:43
 **/
public class CustomDefaultLoginPageGeneratingFilter extends GenericFilterBean {
    public static final String DEFAULT_LOGIN_PAGE_URL = "/login";
    public static final String ERROR_PARAMETER_NAME = "error";
    private String loginPageUrl;
    private String logoutSuccessUrl;
    private String failureUrl;
    private boolean formLoginEnabled;
    private boolean openIdEnabled;
    private boolean oauth2LoginEnabled;
    private boolean saml2LoginEnabled;
    private String authenticationUrl;
    private String usernameParameter;
    private String passwordParameter;
    private String rememberMeParameter;
    private String openIDauthenticationUrl;
    private String openIDusernameParameter;
    private String openIDrememberMeParameter;
    private Map<String, String> oauth2AuthenticationUrlToClientName;
    private Map<String, String> saml2AuthenticationUrlToProviderName;
    private Function<HttpServletRequest, Map<String, String>> resolveHiddenInputs = request -> Collections
            .emptyMap();


    public CustomDefaultLoginPageGeneratingFilter() {
    }

    public CustomDefaultLoginPageGeneratingFilter(AbstractAuthenticationProcessingFilter filter) {
        if (filter instanceof UsernamePasswordAuthenticationFilter) {
            init((UsernamePasswordAuthenticationFilter) filter, null);
        } else {
            init(null, filter);
        }
    }

    public CustomDefaultLoginPageGeneratingFilter(
            UsernamePasswordAuthenticationFilter authFilter,
            AbstractAuthenticationProcessingFilter openIDFilter) {
        init(authFilter, openIDFilter);
    }

    private void init(UsernamePasswordAuthenticationFilter authFilter,
                      AbstractAuthenticationProcessingFilter openIDFilter) {
        this.loginPageUrl = DEFAULT_LOGIN_PAGE_URL;
        this.logoutSuccessUrl = DEFAULT_LOGIN_PAGE_URL + "?logout";
        this.failureUrl = DEFAULT_LOGIN_PAGE_URL + "?" + ERROR_PARAMETER_NAME;
        if (authFilter != null) {
            formLoginEnabled = true;
            usernameParameter = authFilter.getUsernameParameter();
            passwordParameter = authFilter.getPasswordParameter();

            if (authFilter.getRememberMeServices() instanceof AbstractRememberMeServices) {
                rememberMeParameter = ((AbstractRememberMeServices) authFilter
                        .getRememberMeServices()).getParameter();
            }
        }

        if (openIDFilter != null) {
            openIdEnabled = true;
            openIDusernameParameter = "openid_identifier";

            if (openIDFilter.getRememberMeServices() instanceof AbstractRememberMeServices) {
                openIDrememberMeParameter = ((AbstractRememberMeServices) openIDFilter
                        .getRememberMeServices()).getParameter();
            }
        }
    }

    /**
     * Sets a Function used to resolve a Map of the hidden inputs where the key is the
     * name of the input and the value is the value of the input. Typically this is used
     * to resolve the CSRF token.
     *
     * @param resolveHiddenInputs the function to resolve the inputs
     */
    public void setResolveHiddenInputs(
            Function<HttpServletRequest, Map<String, String>> resolveHiddenInputs) {
        Assert.notNull(resolveHiddenInputs, "resolveHiddenInputs cannot be null");
        this.resolveHiddenInputs = resolveHiddenInputs;
    }

    public boolean isEnabled() {
        return formLoginEnabled || openIdEnabled || oauth2LoginEnabled || this.saml2LoginEnabled;
    }

    public void setLogoutSuccessUrl(String logoutSuccessUrl) {
        this.logoutSuccessUrl = logoutSuccessUrl;
    }

    public String getLoginPageUrl() {
        return loginPageUrl;
    }

    public void setLoginPageUrl(String loginPageUrl) {
        this.loginPageUrl = loginPageUrl;
    }

    public void setFailureUrl(String failureUrl) {
        this.failureUrl = failureUrl;
    }

    public void setFormLoginEnabled(boolean formLoginEnabled) {
        this.formLoginEnabled = formLoginEnabled;
    }

    public void setOpenIdEnabled(boolean openIdEnabled) {
        this.openIdEnabled = openIdEnabled;
    }

    public void setOauth2LoginEnabled(boolean oauth2LoginEnabled) {
        this.oauth2LoginEnabled = oauth2LoginEnabled;
    }

    public void setSaml2LoginEnabled(boolean saml2LoginEnabled) {
        this.saml2LoginEnabled = saml2LoginEnabled;
    }

    public void setAuthenticationUrl(String authenticationUrl) {
        this.authenticationUrl = authenticationUrl;
    }

    public void setUsernameParameter(String usernameParameter) {
        this.usernameParameter = usernameParameter;
    }

    public void setPasswordParameter(String passwordParameter) {
        this.passwordParameter = passwordParameter;
    }

    public void setRememberMeParameter(String rememberMeParameter) {
        this.rememberMeParameter = rememberMeParameter;
        this.openIDrememberMeParameter = rememberMeParameter;
    }

    public void setOpenIDauthenticationUrl(String openIDauthenticationUrl) {
        this.openIDauthenticationUrl = openIDauthenticationUrl;
    }

    public void setOpenIDusernameParameter(String openIDusernameParameter) {
        this.openIDusernameParameter = openIDusernameParameter;
    }

    public void setOauth2AuthenticationUrlToClientName(Map<String, String> oauth2AuthenticationUrlToClientName) {
        this.oauth2AuthenticationUrlToClientName = oauth2AuthenticationUrlToClientName;
    }

    public void setSaml2AuthenticationUrlToProviderName(Map<String, String> saml2AuthenticationUrlToProviderName) {
        this.saml2AuthenticationUrlToProviderName = saml2AuthenticationUrlToProviderName;
    }

    public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
            throws IOException, ServletException {
        HttpServletRequest request = (HttpServletRequest) req;
        HttpServletResponse response = (HttpServletResponse) res;

        boolean loginError = isErrorPage(request);
        boolean logoutSuccess = isLogoutSuccess(request);
        if (isLoginUrlRequest(request) || loginError || logoutSuccess) {
            String loginPageHtml = generateLoginPageHtml(request, loginError,
                    logoutSuccess);
            response.setContentType("text/html;charset=UTF-8");
            response.setContentLength(loginPageHtml.getBytes(StandardCharsets.UTF_8).length);
            response.getWriter().write(loginPageHtml);

            return;
        }

        chain.doFilter(request, response);
    }

    private String generateLoginPageHtml(HttpServletRequest request, boolean loginError,
                                         boolean logoutSuccess) {
        String errorMsg = "Invalid credentials";

        if (loginError) {
            HttpSession session = request.getSession(false);

            if (session != null) {
                AuthenticationException ex = (AuthenticationException) session
                        .getAttribute(WebAttributes.AUTHENTICATION_EXCEPTION);
                errorMsg = ex != null ? ex.getMessage() : "Invalid credentials";
            }
        }

        StringBuilder sb = new StringBuilder();

        sb.append("<!DOCTYPE html>\n"
                + "<html lang=\"en\">\n"
                + "  <head>\n"
                + "    <meta charset=\"utf-8\">\n"
                + "    <meta name=\"viewport\" content=\"width=device-width, initial-scale=1, shrink-to-fit=no\">\n"
                + "    <meta name=\"description\" content=\"\">\n"
                + "    <meta name=\"author\" content=\"\">\n"
                + "    <title>Please sign in</title>\n"
                + "    <link href=\"https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0-beta/css/bootstrap.min.css\" rel=\"stylesheet\" integrity=\"sha384-/Y6pD6FV/Vv2HJnA6t+vslU6fwYXjCFtcEpHbNJ0lyAFsXTsjBbfaDjzALeQsN6M\" crossorigin=\"anonymous\">\n"
                + "    <link href=\"https://getbootstrap.com/docs/4.0/examples/signin/signin.css\" rel=\"stylesheet\" crossorigin=\"anonymous\"/>\n"
                + "  </head>\n"
                + "  <body>\n"
                + "     <div class=\"container\">\n");

        String contextPath = request.getContextPath();
        if (this.formLoginEnabled) {
            sb.append("      <form class=\"form-signin\" method=\"post\" action=\"" + contextPath + this.authenticationUrl + "\">\n"
                    + "        <h2 class=\"form-signin-heading\">Please sign in</h2>\n"
                    + createError(loginError, errorMsg)
                    + createLogoutSuccess(logoutSuccess)
                    + "        <p>\n"
                    + "          <label for=\"username\" class=\"sr-only\">Username</label>\n"
                    + "          <input type=\"text\" id=\"username\" name=\"" + this.usernameParameter + "\" class=\"form-control\" placeholder=\"Username\" required autofocus>\n"
                    + "        </p>\n"
                    + "        <p>\n"
                    + "          <label for=\"password\" class=\"sr-only\">Password</label>\n"
                    + "          <input type=\"password\" id=\"password\" name=\"" + this.passwordParameter + "\" class=\"form-control\" placeholder=\"Password\" required>\n"
                    + "        </p>\n"
                    + createRememberMe(this.rememberMeParameter)
                    + renderHiddenInputs(request)
                    + "        <button class=\"btn btn-lg btn-primary btn-block\" type=\"submit\">Sign in</button>\n"
                    + "      </form>\n");
        }

        if (openIdEnabled) {
            sb.append("      <form name=\"oidf\" class=\"form-signin\" method=\"post\" action=\"" + contextPath + this.openIDauthenticationUrl + "\">\n"
                    + "        <h2 class=\"form-signin-heading\">Login with OpenID Identity</h2>\n"
                    + createError(loginError, errorMsg)
                    + createLogoutSuccess(logoutSuccess)
                    + "        <p>\n"
                    + "          <label for=\"username\" class=\"sr-only\">Identity</label>\n"
                    + "          <input type=\"text\" id=\"username\" name=\"" + this.openIDusernameParameter + "\" class=\"form-control\" placeholder=\"Username\" required autofocus>\n"
                    + "        </p>\n"
                    + createRememberMe(this.openIDrememberMeParameter)
                    + renderHiddenInputs(request)
                    + "        <button class=\"btn btn-lg btn-primary btn-block\" type=\"submit\">Sign in</button>\n"
                    + "      </form>\n");
        }

        if (oauth2LoginEnabled) {
            sb.append("<h2 class=\"form-signin-heading\">Login with OAuth 2.0</h2>");
            sb.append(createError(loginError, errorMsg));
            sb.append(createLogoutSuccess(logoutSuccess));
            sb.append("<table class=\"table table-striped\">\n");
            for (Map.Entry<String, String> clientAuthenticationUrlToClientName : oauth2AuthenticationUrlToClientName.entrySet()) {
                sb.append(" <tr><td>");
                String url = clientAuthenticationUrlToClientName.getKey();
                sb.append("<a href=\"").append(contextPath).append(url).append("\">");
                String clientName = HtmlUtils.htmlEscape(clientAuthenticationUrlToClientName.getValue());
                sb.append(clientName);
                sb.append("</a>");
                sb.append("</td></tr>\n");
            }
            sb.append("</table>\n");
        }

        if (this.saml2LoginEnabled) {
            sb.append("<h2 class=\"form-signin-heading\">Login with SAML 2.0</h2>");
            sb.append(createError(loginError, errorMsg));
            sb.append(createLogoutSuccess(logoutSuccess));
            sb.append("<table class=\"table table-striped\">\n");
            for (Map.Entry<String, String> relyingPartyUrlToName : saml2AuthenticationUrlToProviderName.entrySet()) {
                sb.append(" <tr><td>");
                String url = relyingPartyUrlToName.getKey();
                sb.append("<a href=\"").append(contextPath).append(url).append("\">");
                String partyName = HtmlUtils.htmlEscape(relyingPartyUrlToName.getValue());
                sb.append(partyName);
                sb.append("</a>");
                sb.append("</td></tr>\n");
            }
            sb.append("</table>\n");
        }
        sb.append("</div>\n");
        sb.append("</body></html>");

        return sb.toString();
    }

    private String renderHiddenInputs(HttpServletRequest request) {
        StringBuilder sb = new StringBuilder();
        for (Map.Entry<String, String> input : this.resolveHiddenInputs.apply(request).entrySet()) {
            sb.append("<input name=\"").append(input.getKey()).append("\" type=\"hidden\" value=\"").append(input.getValue()).append("\" />\n");
        }
        return sb.toString();
    }

    private String createRememberMe(String paramName) {
        if (paramName == null) {
            return "";
        }
        return "<p><input type='checkbox' name='"
                + paramName
                + "'/> Remember me on this computer.</p>\n";
    }

    private boolean isLogoutSuccess(HttpServletRequest request) {
        return logoutSuccessUrl != null && matches(request, logoutSuccessUrl);
    }

    /**
     * change this method only
     *
     * @param request
     * @return
     */
    private boolean isLoginUrlRequest(HttpServletRequest request) {
        return matchesUri(request, loginPageUrl);
    }

    private boolean isErrorPage(HttpServletRequest request) {
        return matches(request, failureUrl);
    }

    private static String createError(boolean isError, String message) {
        return isError ? "<div class=\"alert alert-danger\" role=\"alert\">" + HtmlUtils.htmlEscape(message) + "</div>" : "";
    }

    private static String createLogoutSuccess(boolean isLogoutSuccess) {
        return isLogoutSuccess ? "<div class=\"alert alert-success\" role=\"alert\">You have been signed out</div>" : "";
    }

    private boolean matchesUri(HttpServletRequest request, String url) {
        if (!"GET".equals(request.getMethod()) || url == null) {
            return false;
        }
        String uri = request.getRequestURI();
        int pathParamIndex = uri.indexOf(';');

        if (pathParamIndex > 0) {
            // strip everything after the first semi-colon
            uri = uri.substring(0, pathParamIndex);
        }
        if ("".equals(request.getContextPath())) {
            return uri.equals(url);
        }

        return uri.equals(request.getContextPath() + url);
    }

    private boolean matches(HttpServletRequest request, String url) {
        if (!"GET".equals(request.getMethod()) || url == null) {
            return false;
        }
        String uri = request.getRequestURI();
        int pathParamIndex = uri.indexOf(';');

        if (pathParamIndex > 0) {
            // strip everything after the first semi-colon
            uri = uri.substring(0, pathParamIndex);
        }

        if (request.getQueryString() != null) {
            uri += "?" + request.getQueryString();
        }

        if ("".equals(request.getContextPath())) {
            return uri.equals(url);
        }

        return uri.equals(request.getContextPath() + url);
    }
}

package org.liu.auth.configurer;

import org.liu.auth.filter.CustomDefaultLoginPageGeneratingFilter;
import org.springframework.security.config.annotation.web.HttpSecurityBuilder;
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
import org.springframework.security.config.annotation.web.configurers.DefaultLoginPageConfigurer;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.security.web.authentication.ui.DefaultLogoutPageGeneratingFilter;
import org.springframework.security.web.csrf.CsrfToken;

import javax.servlet.http.HttpServletRequest;
import java.util.Collections;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Map;
import java.util.function.Function;

/**
 * 自定义默认登陆页面的配置
 *
 * @Author lzs
 * @Date 2022/8/18 17:24
 **/
public class CustomDefaultLoginPageConfigurer<H extends HttpSecurityBuilder<H>> extends
        AbstractHttpConfigurer<DefaultLoginPageConfigurer<H>, H> {

    private CustomDefaultLoginPageGeneratingFilter loginPageGeneratingFilterFilter = new CustomDefaultLoginPageGeneratingFilter();
    private DefaultLogoutPageGeneratingFilter logoutPageGeneratingFilter = new DefaultLogoutPageGeneratingFilter();

    @Override
    public void init(H http) {
        initDefaultLoginFilter(http);
        initDefaultLogoutFilter(http);
    }

    @Override
    public void configure(H http) {
        if (loginPageGeneratingFilterFilter.isEnabled()) {
            loginPageGeneratingFilterFilter = postProcess(loginPageGeneratingFilterFilter);
            http.addFilterAfter(loginPageGeneratingFilterFilter, UsernamePasswordAuthenticationFilter.class);
            http.addFilter(this.logoutPageGeneratingFilter);
        }
    }

    private void initDefaultLoginFilter(H http) {
        Function<HttpServletRequest, Map<String, String>> resolveHiddenInputs = request -> {
            Map<String, String> map = new HashMap<>();
            CsrfToken token = (CsrfToken) request.getAttribute(CsrfToken.class.getName());
            if (token != null) {
                map.put(token.getParameterName(), token.getToken());
            }
            Enumeration<String> parameterNames = request.getParameterNames();
            while (parameterNames.hasMoreElements()) {
                String paramName = parameterNames.nextElement();
                String paramValue = request.getParameter(paramName);
                map.put(paramName, paramValue);
            }
            return map;
        };
        loginPageGeneratingFilterFilter.setFormLoginEnabled(true);
        loginPageGeneratingFilterFilter.setUsernameParameter("username");
        loginPageGeneratingFilterFilter.setPasswordParameter("password");
        loginPageGeneratingFilterFilter.setLoginPageUrl("/login");
        loginPageGeneratingFilterFilter.setFailureUrl("/login?error");
        loginPageGeneratingFilterFilter.setAuthenticationUrl("/login");
        loginPageGeneratingFilterFilter.setResolveHiddenInputs(resolveHiddenInputs);
        http.setSharedObject(CustomDefaultLoginPageGeneratingFilter.class, loginPageGeneratingFilterFilter);
    }

    private void initDefaultLogoutFilter(H http) {
        Function<HttpServletRequest, Map<String, String>> hiddenInputs = request -> {
            CsrfToken token = (CsrfToken) request.getAttribute(CsrfToken.class.getName());
            if (token == null) {
                return Collections.emptyMap();
            }
            return Collections.singletonMap(token.getParameterName(), token.getToken());
        };
        this.logoutPageGeneratingFilter.setResolveHiddenInputs(hiddenInputs);
        http.setSharedObject(DefaultLogoutPageGeneratingFilter.class,
                logoutPageGeneratingFilter);
    }

}

3.自定义CustomWebAuthenticationDetailsSource,CustomWebAuthenticationDetails

package org.liu.auth.authentication;

import org.springframework.security.authentication.AuthenticationDetailsSource;
import org.springframework.security.web.savedrequest.HttpSessionRequestCache;
import org.springframework.security.web.savedrequest.RequestCache;
import org.springframework.security.web.savedrequest.SavedRequest;
import org.springframework.util.CollectionUtils;
import org.springframework.util.StringUtils;

import javax.servlet.http.HttpServletRequest;
import java.util.List;

import static org.liu.common.core.constants.CommonConstants.HEADER_CLIENT;
import static org.liu.common.core.constants.CommonConstants.HEADER_TENANT_ID;

/**
 * @Author lzs
 * @Date 2022/8/15 16:15
 **/
public class CustomWebAuthenticationDetailsSource implements AuthenticationDetailsSource<HttpServletRequest, CustomWebAuthenticationDetails> {

    private RequestCache requestCache = new HttpSessionRequestCache();

    @Override
    public CustomWebAuthenticationDetails buildDetails(HttpServletRequest context) {
        String client = context.getHeader(HEADER_CLIENT);
        if (!StringUtils.hasText(client)) {
            client = context.getParameter(HEADER_CLIENT);
        }
        Long tenantId = null;
        String tenantIdStr = context.getHeader(HEADER_TENANT_ID);
        if (StringUtils.hasText(tenantIdStr)) {
            tenantId = Long.parseLong(tenantIdStr);
        } else {
            tenantIdStr = context.getParameter(HEADER_TENANT_ID);
            if (StringUtils.hasText(tenantIdStr)) {
                tenantId = Long.parseLong(tenantIdStr);
            }
        }
        return new CustomWebAuthenticationDetails(context, client, tenantId);
    }
}

package org.liu.auth.authentication;

import lombok.Getter;
import org.springframework.security.web.authentication.WebAuthenticationDetails;

import javax.servlet.http.HttpServletRequest;

/**
 * @Author lzs
 * @Date 2022/8/15 16:17
 **/
@Getter
public class CustomWebAuthenticationDetails extends WebAuthenticationDetails {

    private final String client;
    private final Long tenantId;

    public CustomWebAuthenticationDetails(HttpServletRequest request, String client, Long tenantId) {
        super(request);
        this.client = client;
        this.tenantId = tenantId;
    }

    @Override
    public boolean equals(Object obj) {
        if (obj instanceof CustomWebAuthenticationDetails) {
            CustomWebAuthenticationDetails details = (CustomWebAuthenticationDetails) obj;
            if (null != client && null == details.getClient()) {
                return false;
            }
            if (null == client && null != details.getClient()) {
                return false;
            }
            if (null != client && !client.equals(details.getClient())) {
                return false;
            }

            if (null != tenantId && null == details.getTenantId()) {
                return false;
            }
            if (null == tenantId && null != details.getTenantId()) {
                return false;
            }
            if (null != tenantId && tenantId.equals(details.getTenantId())) {
                return false;
            }
        } else {
            return false;
        }
        return super.equals(obj);
    }

    @Override
    public int hashCode() {
        int code = super.hashCode();
        if (null != client) {
            code = code * (this.client.hashCode() % 7);
        }
        if (null != tenantId) {
            code = code * (this.tenantId.hashCode() % 7);
        }
        return code;
    }

    @Override
    public String toString() {
        StringBuilder sb = new StringBuilder();
        sb.append(super.toString()).append(": ");
        sb.append("client: ").append(this.getClient()).append("; ");
        sb.append("tenantId: ").append(this.getTenantId());

        return sb.toString();
    }
}

4.把上面自定义的配置添加到httpSecurity中

http.formLogin().authenticationDetailsSource(customWebAuthenticationDetailsSource);
http.exceptionHandling().authenticationEntryPoint(customLoginUrlAuthenticationEntryPoint);
http.removeConfigurer(DefaultLoginPageConfigurer.class);
http.apply(new CustomDefaultLoginPageConfigurer<>());

it_is_me
关注
专栏目录
详解OAuth2 Token 一定要放在请求头中吗
08-18
当我们使用 Spring Security OAuth2 时,一般情况下需要把认证中心申请的 token 放在请求头中请求目标接口OAuth2AuthenticationProcessingFilter.doFilter 方法中,我们可以看到 Token 解析过程的实现。 在 ...
SpringSecurityOAuth2-微信授权登录
张氏小毛驴的博客
07-03 3521
这一篇主要是介绍了对于微信的第三方登录自定义,讲的可能比较乱,还是得结合源码理解理解,我只想把思路和为什么尽量都分享清楚,当然这只是测试,真正的支持微信第三方还得需要在微信登记公众号等操作,那些是需要认证啥的,我们当前学习的话目前的已经足够了。最后为把代码都上传到Github了,如果觉得有用,帮帮忙点个Start。我的Github。
OAuth2笔记
kimizhou_blog的专栏
11-24 531
本篇只给自己看,讲的只要是一个实例 1: 安卓webView 加载  php页面  http://w.hcyiz.com/api/?do=shop  2: 跳转到  我们的页面  http://car.huasharp.com/OAuth2/Authorize.aspx    3: 没有登录就跳转到   http://car.huasharp.com/User/Login.
SpringSecurity中文文档(Servlet OAuth 2.0 Login
znjy111的博客
07-10 726
OAuth 2.0 Login 功能允许应用程序让用户通过使用 OAuth 2.0 Provider (如 GitHub)或 OpenID Connect 1.0 Provider (如 Google)的现有帐户登录到应用程序。OAuth 2.0 Login 实现了两个用例: “ Login with Google”或“ Login with GitHub”。
oauth2.0 注销登录再次访问authorize授权接口会跳过登录页面问题解决
it佳佳的博客
04-27 2725
子系统前后端分离时,退出并不能正确的清除SSO的login的用户信息,因为它是存在服务器上的,前端无法清除,用后端清除但因为是前后端分离,注销并不能正确携带request给服务器来清空用户登录信息,所以会出现,注销登录再次访问authorize授权接口会默认使用cookie导致登录成功跳过登录页面 解决方案:做AOP切入authorize接口,在使用authorize获取code之前,做一次清除用户信息的操作,使得每次获取code都是未登录状态,避免跳过登录页面 代码直接粘就完了!!! import c
16 OAuth2登录流程分析
Markix的博客
10-28 1599
Client获取用户授权,得到令牌,通过令牌,获取用户信息(资源)。再在本地构建用户登录认证信息,维持用户会话状态,以此达到登录的目的。OAuth2AuthorizationRequestRedirectFilter、OAuth2LoginAuthenticationFilter
Spring Security OAuth2 Login学习及浅析
daiwuliang的博客
06-11 3399
概述 OAuth2是一个授权框架的标准,Spring Security对OAuth2.0的支持加以改造适配,支持用户使用已有的其他系统账户登陆应用(框架中默认支持包括GitHub, Facebook, Google, Okta)。 OAuth2.0 Login Spring Security OAuth2.0 Login是基于OAuth2.0协议和OpenID Connect Core1.0协议,按照其中的授权码模式实现。 使用GitHub账号登陆 GitHub中注册应用 设置地址为:https://git
OAuth2.0
kyokutosimasu的博客
05-11 239
OAuth2.0授权码方式授权
Spring CloudOAUTH2注销的实现示例
08-27
security.oauth2.revoke-token-url=/oauth/token ``` 这将告诉 Spring Cloud 使用我们自定义的 Endpoint 来处理注销请求。 接下来,让我们了解如何使用这个 Endpoint 来注销 OAUTH2 访问令牌。假设我们已经获取了 ...
disco-oauth:简化https://discordapp.com的OAuth2 API使用的库
02-03
在以下情况下,您的拉取请求将被接受并与相应分支合并:- 对所做的更改以及为什么需要进行正确的描述。 它在语法上是正确的,并且执行描述中描述的内容,并且尚未在库中处理。 它遵循整个库中遵循的编码样式。 ...
laravel-oauth2-login:提供中间件来保护需要OAuth2登录的资源
05-07
Laravel OAuth2登录 这是一个Laravel软件包,提供了... 发布配置文件: $ artisan vendor:publish --provider="Kronthto\LaravelOAuth2Login\ServiceProvider" 将您的OAuth提供商的凭据放入已发布的配置中 用法 将Kr
bitnami-docker-oauth2-proxy:用于OAuth2代理的Bitnami Docker映像
04-04
什么是OAuth2代理? 反向代理和静态文件服务器,使用提供程序(Google,GitHub和其他提供商)提供身份验证,以通过电子邮件,域或组验证帐户。 TL; DR $ docker run --name oauth2-proxy bitnami/oauth2-proxy:...
8. Spring Security 5.1之 OAuth 2.0 Login
极客星云-CSDN博客
04-14 6900
OAuth 2.0 Login实现了用例:“使用Google登录”或“使用GitHub登录”。
登录模块 用户认证 SpringSecurity +Oauth2+Jwt
m0_46690280的博客
10-14 7178
SpringSecurity Oauth2 jwtSpringSecurity Oauth2 jwt1 用户认证分析1.1 单点登录1.2 第三方账号登录2 认证解决方案2.1 单点登录技术方案2.2 第三方登录技术方案2.2.1 Oauth2认证流程2.2.2 Oauth2在项目的应用2.3 Spring security Oauth2认证解决方案3 Jwt令牌回顾3.1 令牌结构3.2 生成私钥公钥3.3 基于私钥生成jwt令牌3.3.1导入认证服务3.3.2 认证服务中创建测试类3.4 基于公
SpringSecurityOAuth2登录后无法跳转获取授权码地址,直接跳转根路径原因详解
oPeiJie1的博客
04-10 2760
至于UserDetailsService、TokenConfig、ResourceServerConfig 令牌配置、AuthorityServerConfig、Controller请自行到本文开头提到的那篇文章中查看。
Spring Cloud Gateway作为OAuth2 Client
罗小爬的技术宝书
06-22 2892
本文主要介绍了Spring Cloud Gateway作为OAuth2 Client的设计方案、适用场景以及集成过程中遇到的问题及解决方案,文末附有具体示例代码仓库地址。
oauth2自定义登录页面
lixiang987654321的专栏
08-02 8741
OAuth2自定义登录页面 一、前言 继上一篇文章《OAuth2认证授权流程解析》,我们对OAuth2的4种认证模型的流程做了一一跟踪了解,我们知道当用户访问的资源需要认证之后,就会重定向到登录页面/login,此时就需要用户输入用户名和密码然后post方式提交到/login页面进行登录验证,如果验证通过则会跳转到原来的页面。 这里要说明的是OAuth2提供了默认的登录页面,当你访问资源需要认证时候,默认跳转OAuth2的登录页面: 如果我们定义自己的页面,那么跳转后效果如下(虽然丑一点,不过您可以自己
Spring Security(二)OAuth2认证详解
热门推荐
乌龟的专栏
08-11 1万+
1、OAuth2.0 简介 OAuth 2.0是用于授权的行业标准协议。OAuth 2.0为简化客户端开发提供了特定的授权流,包括Web应用、桌面应用、移动端应用等。 1.1 OAuth2.0 相关名词解释 Resource owner(资源拥有者):拥有该资源的最终用户,他有访问资源的账号密码; Resource server(资源服务器):拥有受保护资源的服务器,如果请求包含正确的访问令牌,可以访问资源; Client(客户端):访问资源的客户端,会使用访问令牌去获取资源服务器的资源,可
oauth过滤login_Oauth2认证模式之授权码模式实现
weixin_35987118的博客
12-23 858
Oauth2认证模式之授权码模式(authorization code)本示例实现了Oauth2之授权码模式,授权码模式(authorization code)是功能最完整、流程最严密的授权模式。它的特点就是通过客户端的后台服务器,与"服务提供商"的认证服务器进行互动。阅读本示例之前,你需要先有以下两点基础:需要对spring security有一定的配置使用经验,用户认证这一块,spring s...
oauth2 oauth2/token请求资源不存在
最新发布
07-27
当发起一个`oauth2/token`请求时,这个请求通常用于获取访问令牌(access token),这个过程通常包括客户端向授权服务器发送身份验证信息并请求授权。 如果服务器返回"资源不存在"这样的错误,说明你在以下几个方面...
评论 1
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值