Java 具有自定义UserDetailsService和MemberService的Spring SSO客户端_Java_Spring_Spring Security_Spring Boot

Java 具有自定义UserDetailsService和MemberService的Spring SSO客户端

java spring spring-security spring-boot

Java 具有自定义UserDetailsService和MemberService的Spring SSO客户端,java,spring,spring-security,spring-boot,Java,Spring,Spring Security,Spring Boot,我必须使用SSO实现SecurityConfiguration，这样我的应用程序在成功从authserver登录后可以调用customUserDetailsService和customRememberService。下面是application.yml的一部分： security: oauth2: client: client-id: clientid client-secret: clientsecret access-token-uri: ht

我必须使用SSO实现

SecurityConfiguration

，这样我的应用程序在成功从authserver登录后可以调用custom

UserDetailsService

和custom

RememberService

。下面是

application.yml

的一部分：

security:
  oauth2:
    client:
      client-id: clientid
      client-secret: clientsecret
      access-token-uri: http://authserver:9999/oauth/token
      user-authorization-uri: http://authserver:9999/oauth/authorize
    resource:
      user-info-uri: http://authserver:9999/me

安全配置

：

@Configuration
@EnableOAuth2Sso
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {

    private final Properties properties;

    private final AjaxLogoutSuccessHandler ajaxLogoutSuccessHandler;

    private final Http401UnauthorizedEntryPoint authenticationEntryPoint;

    private final UserDetailsService userDetailsService;

    private final RememberMeServices rememberMeServices;

    @Inject
    public SecurityConfiguration(AjaxLogoutSuccessHandler ajaxLogoutSuccessHandler, RememberMeServices rememberMeServices, Properties properties, UserDetailsService userDetailsService, Http401UnauthorizedEntryPoint authenticationEntryPoint) {
        this.ajaxLogoutSuccessHandler = ajaxLogoutSuccessHandler;
        this.rememberMeServices = rememberMeServices;
        this.properties = properties;
        this.userDetailsService = userDetailsService;
        this.authenticationEntryPoint = authenticationEntryPoint;
    }

    @Inject
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(userDetailsService);
    }

    @Override
    public void configure(WebSecurity web) throws Exception {
        web.ignoring()
            .antMatchers(HttpMethod.OPTIONS, "/**")
            //and so on...
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
            .csrf()
            .csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse())
        .and()
            .exceptionHandling()
            .authenticationEntryPoint(authenticationEntryPoint)
        .and()
            .rememberMe()
            .rememberMeServices(rememberMeServices)
            .rememberMeParameter("remember-me")
            .key(properties.getSecurity().getRememberme().getKey())
        .and()
            .logout()
            .logoutUrl("/api/logout")
            .logoutSuccessHandler(ajaxLogoutSuccessHandler)
            .deleteCookies("JSESSIONID", "CSRF-TOKEN")
            .permitAll()
        .and()
            .headers()
            .frameOptions()
            .disable()
        .and()
            .authorizeRequests()
            .antMatchers("/**").permitAll();

    }

    @Bean
    public SecurityEvaluationContextExtension securityEvaluationContextExtension() {
        return new SecurityEvaluationContextExtension();
    }
}

如何登录：
1.单击将我重定向到

/login

的按钮
2.登录authserver。
3.在客户端上重定向，现在已登录（我使用

SecurityContext:：getAuthentication

来确保）。
但无论是

UserDetailsService:：loadUserByUsername

还是

AbstractMemberServices:：processAutoLoginCookie

调用