1. 首頁
  2. 問答
  3. 從春天OAuth2更改SSO認證用戶的權限/角色OAuth2客戶端

從春天OAuth2更改SSO認證用戶的權限/角色OAuth2客戶端

2016-11-22 161 views
1

我試圖從Facebook認證用戶並存儲它的用戶名,併爲我的應用程序的管理員的子集提供自定義權限。我的問題是,我如何提供像「Admin」這樣的自定義角色進行身份驗證並在Oauth2Client中對其進行授權。從春天OAuth2更改SSO認證用戶的權限/角色OAuth2客戶端

@Configuration 
class WebSecurityConfiguration extends GlobalAuthenticationConfigurerAdapter { 

@Autowired 
UserRepository userRepository; 

@Override 
public void init(AuthenticationManagerBuilder auth) throws Exception { 
    auth.userDetailsService(userDetailsService()); 

} 

@Bean 
UserDetailsService userDetailsService() { 
    return new UserDetailsService() { 
     @Override 
     public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException { 
      User account = userRepository.findOne(username); 
      if (account != null) { 
       List<String> rolesList = userRepository.getRoles(username); 
       String[] roles = new String[rolesList.size()]; 


       // userRepository.findRoles List<String> roles = 
       //account.getUserroles().; 
       User user = new User(account.getUserssoid(), account.getSecretKey(), true, true, true, true, 
         AuthorityUtils.createAuthorityList(rolesList.toArray(roles))); 

       return user; 
      } else { 
       throw new UsernameNotFoundException("could not find the user '" + username + "'"); 
      } 
     } 
    }; 
} 
}

我想用OAuth2客戶端做類似的事情。

感謝

來源

2016-11-22 Nagaraja Acharya

回答

0

你需要的是與你的ersistence庫作爲參數,然後在你的Facebook的過濾器中使用自定義UserInfoTokenServices insted的defaul像這樣的定製UserInfoTokenServices實施:

private Filter ssoFilter() { 
    CompositeFilter filter = new CompositeFilter(); 
    List<Filter> filters = new ArrayList<>(); 
    filters.add(ssoFilter(facebook(), "/login/facebook")); 
    filters.add(ssoFilter(google(), "/login/google")); 
    filter.setFilters(filters); 
    return filter; 
} 

private Filter ssoFilter(ClientResources client, String path) { 
    OAuth2ClientAuthenticationProcessingFilter filter = new OAuth2ClientAuthenticationProcessingFilter(path); 
    OAuth2RestTemplate template = new OAuth2RestTemplate(client.getClient(), oauth2ClientContext); 
    filter.setRestTemplate(template); 
    CustomSocialUserInfoTokenServices tokenServices = new CustomSocialUserInfoTokenServices(
      client.getResource().getUserInfoUri(), client.getClient().getClientId(), userRepository); 
    tokenServices.setRestTemplate(template); 
    filter.setTokenServices(tokenServices); 

    return filter; 
}

比您的自定義UserInfoTokenServices您可以像這樣添加自定義AuthoritiesExtractor private AuthoritiesExtractor authoritiesExtractor = new CustomSocialAuthoritiesExtractor(); 在那裏您可以運行數據庫查詢或任何邏輯來獲取您的自定義權限並將其傳遞給客戶端。

希望這有助於

來源

2017-05-24 09:46:27 Atif

0

你不neccessaraly需要CustomSocialUserInfoTokenServices。 相反,你可以使用現有的UserInfoTokenServices並設置你的CustomSocialAuthoritiesExtractor。

private Filter ssoFilter(ClientResources client, String path) { 
    ... 
    UserInfoTokenServices tokenServices = new UserInfoTokenServices(client.getResource().getUserInfoUri(), client.getClient().getClientId()); 
    tokenServices.setRestTemplate(template); 
    tokenServices.setAuthoritiesExtractor(new CustomSocialAuthoritiesExtractor()); 
    filter.setTokenServices(tokenServices); 

return filter;

}

public class CustomSocialAuthoritiesExtractor implements AuthoritiesExtractor { 
    @Override 
    public List<GrantedAuthority> extractAuthorities(Map<String, Object> map) { 
    String authorities = "ROLE_CUSTOMUSER"; 

    return AuthorityUtils.commaSeparatedStringToAuthorityList(authorities); 
    } 
}

來源

2017-10-13 21:48:44 Matthias

0

你可以做到這一點就更簡單了,當你不希望提供自己的UserInfoTokenServices。只需在您的安全配置中提供AuthoritiesExtractor bean即可。

@Bean 
public AuthoritiesExtractor customAuthoritiesExtractor() { 
    return new CustomAuthoritiesExtractor(); 
} 

public class CustomAuthoritiesExtractor implements AuthoritiesExtractor { 

    @Override 
    public List<GrantedAuthority> extractAuthorities(Map<String, Object> map) { 

     // map contains information from your OAuth profile provider 

     boolean userExist = true; // TODO 
     if (!userExist) { 
      throw new BadCredentialsException("User does not exists"); 
     } 

     String authorities = "ROLE_ADMIN"; // TODO your own roles 
     return AuthorityUtils.commaSeparatedStringToAuthorityList(authorities); 
    } 
}

欲瞭解更多詳情,請參閱本教程:https://spring.io/guides/tutorials/spring-boot-oauth2/#_social_login_logout

來源

2018-01-28 11:06:01

相關問題

 相關問題