spring security oauth2 github 用户权限(GrantedAuthoritiesMapper)

最新推荐文章于 2023-11-03 10:20:25 发布
最新推荐文章于 2023-11-03 10:20:25 发布
阅读量1.5k 收藏 1
点赞数
分类专栏: spring security
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/weixin_43931625/article/details/106124170
版权

spring security oauth2 github 用户权限(GrantedAuthoritiesMapper)

 

应用:为三方授权用户设置自定义的权限

 

 

*****************************

相关类及接口

 

*********************

默认权限设置

 

DefaultOAuth2UserService:获取用户信息的默认实现类,同时为三方用户添加权限

public class DefaultOAuth2UserService implements OAuth2UserService<OAuth2UserRequest, OAuth2User> {
    private static final String MISSING_USER_INFO_URI_ERROR_CODE = "missing_user_info_uri";
    private static final String MISSING_USER_NAME_ATTRIBUTE_ERROR_CODE = "missing_user_name_attribute";
    private static final String INVALID_USER_INFO_RESPONSE_ERROR_CODE = "invalid_user_info_response";
    private static final ParameterizedTypeReference<Map<String, Object>> PARAMETERIZED_RESPONSE_TYPE = new ParameterizedTypeReference<Map<String, Object>>() {
    };
    private Converter<OAuth2UserRequest, RequestEntity<?>> requestEntityConverter = new OAuth2UserRequestEntityConverter();
    private RestOperations restOperations;

    public DefaultOAuth2UserService() {
        RestTemplate restTemplate = new RestTemplate();
        restTemplate.setErrorHandler(new OAuth2ErrorResponseErrorHandler());
        this.restOperations = restTemplate;
    }

    public OAuth2User loadUser(OAuth2UserRequest userRequest) throws OAuth2AuthenticationException {
        Assert.notNull(userRequest, "userRequest cannot be null");
        if (!StringUtils.hasText(userRequest.getClientRegistration().getProviderDetails().getUserInfoEndpoint().getUri())) {
            OAuth2Error oauth2Error = new OAuth2Error("missing_user_info_uri", "Missing required UserInfo Uri in UserInfoEndpoint for Client Registration: " + userRequest.getClientRegistration().getRegistrationId(), (String)null);
            throw new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString());
        } else {
            String userNameAttributeName = userRequest.getClientRegistration().getProviderDetails().getUserInfoEndpoint().getUserNameAttributeName();
            if (!StringUtils.hasText(userNameAttributeName)) {
                OAuth2Error oauth2Error = new OAuth2Error("missing_user_name_attribute", "Missing required \"user name\" attribute name in UserInfoEndpoint for Client Registration: " + userRequest.getClientRegistration().getRegistrationId(), (String)null);
                throw new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString());
            } else {
                RequestEntity request = (RequestEntity)this.requestEntityConverter.convert(userRequest);

                ResponseEntity response;
                OAuth2Error oauth2Error;
                try {
                    response = this.restOperations.exchange(request, PARAMETERIZED_RESPONSE_TYPE);
                } catch (OAuth2AuthorizationException var10) {
                    oauth2Error = var10.getError();
                    StringBuilder errorDetails = new StringBuilder();
                    errorDetails.append("Error details: [");
                    errorDetails.append("UserInfo Uri: ").append(userRequest.getClientRegistration().getProviderDetails().getUserInfoEndpoint().getUri());
                    errorDetails.append(", Error Code: ").append(oauth2Error.getErrorCode());
                    if (oauth2Error.getDescription() != null) {
                        errorDetails.append(", Error Description: ").append(oauth2Error.getDescription());
                    }

                    errorDetails.append("]");
                    oauth2Error = new OAuth2Error("invalid_user_info_response", "An error occurred while attempting to retrieve the UserInfo Resource: " + errorDetails.toString(), (String)null);
                    throw new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString(), var10);
                } catch (RestClientException var11) {
                    oauth2Error = new OAuth2Error("invalid_user_info_response", "An error occurred while attempting to retrieve the UserInfo Resource: " + var11.getMessage(), (String)null);
                    throw new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString(), var11);
                }

                Map<String, Object> userAttributes = (Map)response.getBody();
                Set<GrantedAuthority> authorities = new LinkedHashSet();
                authorities.add(new OAuth2UserAuthority(userAttributes)); //为用户设置默认的权限

                OAuth2AccessToken token = userRequest.getAccessToken();
                Iterator var8 = token.getScopes().iterator();

                while(var8.hasNext()) {
                    String authority = (String)var8.next();
                    authorities.add(new SimpleGrantedAuthority("SCOPE_" + authority));
                }  //遍历用户scope,添加前缀为SCOPE_的权限

                return new DefaultOAuth2User(authorities, userAttributes, userNameAttributeName);
            }
        }
    }

    public final void setRequestEntityConverter(Converter<OAuth2UserRequest, RequestEntity<?>> requestEntityConverter) {
        Assert.notNull(requestEntityConverter, "requestEntityConverter cannot be null");
        this.requestEntityConverter = requestEntityConverter;
    }

    public final void setRestOperations(RestOperations restOperations) {
        Assert.notNull(restOperations, "restOperations cannot be null");
        this.restOperations = restOperations;
    }
}

 

OAuth2UserAuthority:用户权限类

public class OAuth2UserAuthority implements GrantedAuthority {
    private static final long serialVersionUID = 520L;
    private final String authority;
    private final Map<String, Object> attributes;

    public OAuth2UserAuthority(Map<String, Object> attributes) {
        this("ROLE_USER", attributes);
    }  //authority的值默认为ROLE_USER

    public OAuth2UserAuthority(String authority, Map<String, Object> attributes) {
        Assert.hasText(authority, "authority cannot be empty");
        Assert.notEmpty(attributes, "attributes cannot be empty");
        this.authority = authority;
        this.attributes = Collections.unmodifiableMap(new LinkedHashMap(attributes));
    }

    public String getAuthority() {
    public Map<String, Object> getAttributes() {

    public boolean equals(Object obj) {
    public int hashCode() {

    public String toString() {
        return this.getAuthority();
    }
}

 

*********************

自定义用户权限

 

GrantedAuthoritiesMapper:自定义权限类接口

public interface GrantedAuthoritiesMapper {
    Collection<? extends GrantedAuthority> mapAuthorities(Collection<? extends GrantedAuthority> var1);
}

 

 

*****************************

示例

 

*********************

controller 层

 

HelloController

@RestController
public class HelloController {
 
    @RequestMapping("/hello")
    public String hello(Principal principal){
        System.out.println(principal.toString());
 
        return "hello "+principal.getName();
    }
 
    @RequestMapping("/")
    public String redirect(){
        return "redirect";
    }
}

 

*********************

默认权限

 

WebSecurityConfig

@Configuration
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    @Resource
    private UserService userService;

    @Bean
    public PasswordEncoder initPasswordEncoder(){
        return new BCryptPasswordEncoder();
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.formLogin().loginPage("/login/github").loginProcessingUrl("/login/form")
                .and()
                .authorizeRequests()
                .antMatchers("/hello").hasAnyAuthority("ROLE_USER")
                .antMatchers("/**").permitAll()
                .and()
                .logout().deleteCookies("JSESSIONID")
                .logoutSuccessUrl("/").permitAll();

        http.oauth2Login().loginPage("/login/github");
    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(userService).passwordEncoder(initPasswordEncoder());
    }

}

 

通过权限认证后控制台输出

org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken@c8e5585: 
Principal: Name: [41827785], Granted Authorities: [[ROLE_USER, SCOPE_read:user]], User Attributes: [{login=lihu12344, id=41827785, node_id=MDQ6VXNlcjQxODI3Nzg1, avatar_url=https://avatars3.githubusercontent.com/u/41827785?v=4, gravatar_id=, url=https://api.github.com/users/lihu12344, html_url=https://github.com/lihu12344, followers_url=https://api.github.com/users/lihu12344/followers, following_url=https://api.github.com/users/lihu12344/following{/other_user}, gists_url=https://api.github.com/users/lihu12344/gists{/gist_id}, starred_url=https://api.github.com/users/lihu12344/starred{/owner}{/repo}, subscriptions_url=https://api.github.com/users/lihu12344/subscriptions, organizations_url=https://api.github.com/users/lihu12344/orgs, repos_url=https://api.github.com/users/lihu12344/repos, events_url=https://api.github.com/users/lihu12344/events{/privacy}, received_events_url=https://api.github.com/users/lihu12344/received_events, type=User, site_admin=false, name=null, company=null, blog=, location=null, email=null, hireable=null, bio=null, public_repos=83, public_gists=0, followers=0, following=0, created_at=2018-07-28T11:56:10Z, updated_at=2020-05-15T00:53:27Z, private_gists=0, total_private_repos=0, owned_private_repos=0, disk_usage=4269, collaborators=0, two_factor_authentication=false, plan={name=free, space=976562499, collaborators=0, private_repos=10000}}]; 
Credentials: [PROTECTED];
Authenticated: true; 
Details: org.springframework.security.web.authentication.WebAuthenticationDetails@fffd3270: RemoteIpAddress: 0:0:0:0:0:0:0:1; 
SessionId: D4C6C91511D3A2717BC5EE8CBB539BFB; 
Granted Authorities: ROLE_USER, SCOPE_read:user

 

 

*********************

自定义OAuth2User权限

 

GithubOAuth2User

public class GithubOAuth2User implements OAuth2User {

    private String id;
    private String login;
    private String email;

    private List<GrantedAuthority> authorities= AuthorityUtils.createAuthorityList("ROLE_USER");
    private Map<String,Object> attributes;

    @Override
    public List<GrantedAuthority> getAuthorities() {
        return authorities;
    }

    @Override
    public Map<String, Object> getAttributes() {
        if (attributes==null){
            attributes=new HashMap<>();

            attributes.put("id",this.getId());
            attributes.put("name",this.getName());
            attributes.put("login",this.getLogin());
            attributes.put("email",this.getEmail());
        }

        return attributes;
    }

    public String getId() {
    public void setId(String id) {

    @Override
    public String getName() {
        return this.id;
    }

    public String getLogin() {
    public void setLogin(String login) {

    public String getEmail() {
    public void setEmail(String email) {

    @Override
    public boolean equals(Object o) {

    @Override
    public int hashCode() {

    @Override
    public String toString() {

 

WebSecurityConfig

@Configuration
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    @Resource
    private UserService userService;

    @Bean
    public PasswordEncoder initPasswordEncoder(){
        return new BCryptPasswordEncoder();
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.formLogin().loginPage("/login/github").loginProcessingUrl("/login/form")
                .and()
                .authorizeRequests()
                .antMatchers("/hello").hasAnyAuthority("ROLE_USER")
                .antMatchers("/**").permitAll()
                .and()
                .logout().deleteCookies("JSESSIONID")
                .logoutSuccessUrl("/").permitAll();

        http.oauth2Login().loginPage("/login/github")
                .userInfoEndpoint().customUserType(GithubOAuth2User.class,"github");
    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(userService).passwordEncoder(initPasswordEncoder());
    }

}

 

通过认证后控制台输出

org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken@e402384d: 
Principal: GithubOAuth2User{id='41827785', login='lihu12344', email='null', authorities=[ROLE_USER], attributes={name=41827785, id=41827785, login=lihu12344, email=null}}; 
Credentials: [PROTECTED]; 
Authenticated: true; 
Details: org.springframework.security.web.authentication.WebAuthenticationDetails@fffc7f0c: RemoteIpAddress: 0:0:0:0:0:0:0:1; 
SessionId: 6C7A7C9AD0275652B4B8286F7BCEE53F; 
Granted Authorities: ROLE_USER

说明:默认权限为自定义的用户权限ROLE_USER

 

 

*********************

自定义权限

 

WebSecurityConfig

@Configuration
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    @Resource
    private UserService userService;

    @Bean
    public PasswordEncoder initPasswordEncoder(){
        return new BCryptPasswordEncoder();
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.formLogin().loginPage("/login/github").loginProcessingUrl("/login/form")
                .and()
                .authorizeRequests()
                .antMatchers("/hello").hasAnyAuthority("ROLE_USER")
                .antMatchers("/**").permitAll()
                .and()
                .logout().deleteCookies("JSESSIONID")
                .logoutSuccessUrl("/").permitAll();

        http.oauth2Login().loginPage("/login/github")
                .userInfoEndpoint().customUserType(GithubOAuth2User.class,"github");
    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(userService).passwordEncoder(initPasswordEncoder());
    }

    @Bean
    public GrantedAuthoritiesMapper initGrantedAuthoritiesMapper(){
        return collection -> {
            Set<GrantedAuthority> authorities=new HashSet<>();

            authorities.add(new SimpleGrantedAuthority("ROLE_USER"));
            authorities.add(new SimpleGrantedAuthority("ROLE_ADMIN"));

            return authorities;
        };
    }
}

 

通过认证后控制台输出

org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken@5b5d3dfb: 
Principal: GithubOAuth2User{id='41827785', login='lihu12344', email='null', authorities=[ROLE_USER], attributes={name=41827785, id=41827785, login=lihu12344, email=null}}; 
Credentials: [PROTECTED]; 
Authenticated: true; 
Details: org.springframework.security.web.authentication.WebAuthenticationDetails@ffff4c9c: RemoteIpAddress: 0:0:0:0:0:0:0:1; 
SessionId: 8CF27F8FB80EBC68844C00764E0ECD4E; 
Granted Authorities: ROLE_USER, ROLE_ADMIN

说明:使用自定义的权限ROLE_USER、ROLE_ADMIN

 

 

o_瓜田李下_o
关注
  • 0
    点赞
  • 1
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
专栏目录
spring-boot集成spring-securityoauth2实现github登录网站的示例
08-28
Spring Boot 集成 Spring SecurityOAuth2 实现 GitHub 登录网站的示例 本篇文章主要介绍了 Spring Boot 集成 Spring SecurityOAuth2 实现 GitHub 登录网站的示例,非常具有实用价值,需要的朋友可以参考下...
Spring Security OAuth过期的解决方法
09-07
OAuth2是一个开放标准,用于允许应用程序代表用户获取访问权限到受保护的资源,如API。随着时间的推移,Spring Security OAuth的某些组件可能会变得过时,这可能会影响应用的安全性和兼容性。以下是一些处理Spring ...
OAuth2认证授权(OAuth2Client-OAuth2Server)问题
热门推荐
t0m的专栏
03-22 1万+
OAuth2客户端: spring-boot-starter-security:2.1.2.RELEASE spring-security-oauth2-client:5.1.3.RELEASE OAuth2认证服务: spring-security-oauth2-autoconfigure:2.1.2.RELEASE 具体代码就不一一贴出来了,自己下载看,如有操作姿势不对的地方请联系我...
spring security oauth2 login集成码云,定制部分token端点和user_info端点的逻辑
Ackerly Xu的博客
10-26 1173
spring security oauth2只需要配置一下provider的元数据就能进行oauth2登陆了,但是我在集成码云的时候遇到了两个问题,一个是restTemple在发送http请求如果不加user-agent请求头会返回403,另一个是在访问user-agent端点的时候security默认把access_token放在头部,但是码云接收的是querystring里面的access_t...
Spring Authorization Server入门 (十三) 实现联合身份认证,集成Github与Gitee的OAuth登录
云逸的博客
07-22 2246
什么是联合身份认证? 通过Spring Security OAuth2 Client(Login)模块集成第三方登录至自己的认证服务中,使用联合身份认证只需要请求认证服务,不通过前端来跳转三方的授权申请链接,而是统一通过认证服务来跳转,只需要维护Spring Authorization Server中身份认证提供商的关系即可。
OAuth2 详细介绍!
weixin_52834606的博客
09-22 1万+
OAuth2 , Spring Security OAuth2 , JWT
GrantedAuthoritiesMapper接口
xbcai1的博客
11-03 169
/ 根据权限集合映射新的权限集合。
spring boot security oauth2例子
04-01
一个springboot为框架的security oauth2应用例子,同时集成了swagger2的 restful API查看页面,druid数据源监控, mybatis自动生成和分页插件,远程资源服务器的认证和授权,也可以去github下载 ...
Spring Cloud OAuth2案例
01-19
Spring Cloud OAuth2 是一个基于 Spring Boot 和 Spring Security 的授权服务器实现,它为微服务架构提供了安全的认证和授权服务。这个案例将深入讲解如何在实际项目中应用 OAuth2,以确保用户数据的安全,并允许第...
spring-security-github-client-test:使用带有 Spring Security OAuthGitHub 身份验证的客户端应用程序
06-30
使用带有 Spring Security OAuthGitHub 身份验证的客户端应用程序
Oauth2登录后访问接口权限校验多出 authority=字符串校验失败( 已解决)
orange_bug的博客
11-30 1571
一、发生的问题 oauth登录模块登录成功后,带着token去访问带权限的接口,发生 Spring Security: 不允许访问 的问题 查看权限断点发现是携带的权限被多加了一段字符串 前提: 自定义实现UserDetailsService 加载用户信息和权限 到UserDetails对象 package com.lxy.blog.config; import com.lxy.blog.service.api.UserFeignClient; import domain.SecurityU
oauth2自定义授权认证模式
weixin_45738731的博客
06-06 1379
4、认证服务配置中增加自定义的授权。2、自定义身份授权的Token。1、自定义授权码模式。
四、python Django Auth系统[用户管理、管理员权限分配、更改默认user表]
黑日里不灭的light
08-27 1573
django auth用户管理与权限管理系统
Spring Boot OAuth2 整合—高级配置
深圳市多克创新科技有限公司
10-20 822
Spring Boot OAuth 2.0—高级配置
Spring Security 自定义用户信息端点与多种登录方式共存
分享技术干货和灵感、推荐新书和好玩的项目、分享Java面试题
08-21 2194
我们之前对接第三方OAuth2快捷登录,只要通过配置文件即可实现对接,但是总有一些第三方登录会返回各种各样的格式,导致默认的OAuth2无法使用。为了能够自定义扩展,我们重新创建项目,命名为、。:修改/userinfo,将返回信息包装一下,返回code等属性:自定义获取userInfo的逻辑} }定义了一个Result包装类,这是框架常有的返回结果包装类。userInfoRes . setUsername("阿提说说");} }
spring security oauth2.0搭建用户认证服务(四) - 实现第三方登录
u013911102的博客
09-14 2996
项目场景: 前面有说到登录的方式有用户名密码和手机验证码登录,最常用的还有第三方登录。第三方登录其实oauth已经有了很好的集成。 技术详解: 第三方登录的话,其实也是利用了oauth的相关思想。这里就已微信登录为例吧 从上面的流程图就可以看出,这其实就是oauth2的授权码模式,流程如下: 1.第三方应用请求登录,获取code 2.微信端返回code到回调地址 3.第三方应用根据code,获取token 4.第三方应用根据token获取用户信息 APP之前的第三方登录,是前端获取到了
spring security oauth2 gitee 授权登录
weixin_43931625的博客
05-16 2547
springsecurityoauth2gitee授权登陆
Spring Security OAuth2——自定义OAuth2第三方登录(Gitee)并与UsernamePassword登录关联解决方案
无限迭代中......
03-16 1554
前文:Spring Security OAuth2——自定义OAuth2第三方登录(Gitee) Maven 主要 <!--Spring Security--> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-security&lt.
使用OAuth2实现授权服务
FirstMrRight的博客
09-03 1686
主要用于将自定义的更多用户信息放入Token中。= null) {//把用户标识嵌入JWT Token中去(Key是userDetails) Map < String , Object > additionalInfo = new HashMap < >();} }
基于Spring Security OAuth2的在线网课课堂
最新发布
04-17
3. 在线网课课堂:基于Spring Security OAuth2的在线网课课堂可以实现用户身份验证和授权管理,确保只有经过授权的用户才能访问教学资源和功能。它可以提供以下功能: - 用户注册和登录:用户可以注册账号并使用...

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值