Java 具有自定义UserDetailsService和MemberService的Spring SSO客户端
我必须使用SSO实现Java 具有自定义UserDetailsService和MemberService的Spring SSO客户端,java,spring,spring-security,spring-boot,Java,Spring,Spring Security,Spring Boot,我必须使用SSO实现SecurityConfiguration,这样我的应用程序在成功从authserver登录后可以调用customUserDetailsService和customRememberService。下面是application.yml的一部分: security: oauth2: client: client-id: clientid client-secret: clientsecret access-token-uri: ht
SecurityConfiguration
,这样我的应用程序在成功从authserver登录后可以调用customUserDetailsService
和customRememberService
。下面是application.yml
的一部分:
security:
oauth2:
client:
client-id: clientid
client-secret: clientsecret
access-token-uri: http://authserver:9999/oauth/token
user-authorization-uri: http://authserver:9999/oauth/authorize
resource:
user-info-uri: http://authserver:9999/me
安全配置
:
@Configuration
@EnableOAuth2Sso
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
private final Properties properties;
private final AjaxLogoutSuccessHandler ajaxLogoutSuccessHandler;
private final Http401UnauthorizedEntryPoint authenticationEntryPoint;
private final UserDetailsService userDetailsService;
private final RememberMeServices rememberMeServices;
@Inject
public SecurityConfiguration(AjaxLogoutSuccessHandler ajaxLogoutSuccessHandler, RememberMeServices rememberMeServices, Properties properties, UserDetailsService userDetailsService, Http401UnauthorizedEntryPoint authenticationEntryPoint) {
this.ajaxLogoutSuccessHandler = ajaxLogoutSuccessHandler;
this.rememberMeServices = rememberMeServices;
this.properties = properties;
this.userDetailsService = userDetailsService;
this.authenticationEntryPoint = authenticationEntryPoint;
}
@Inject
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService);
}
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring()
.antMatchers(HttpMethod.OPTIONS, "/**")
//and so on...
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.csrf()
.csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse())
.and()
.exceptionHandling()
.authenticationEntryPoint(authenticationEntryPoint)
.and()
.rememberMe()
.rememberMeServices(rememberMeServices)
.rememberMeParameter("remember-me")
.key(properties.getSecurity().getRememberme().getKey())
.and()
.logout()
.logoutUrl("/api/logout")
.logoutSuccessHandler(ajaxLogoutSuccessHandler)
.deleteCookies("JSESSIONID", "CSRF-TOKEN")
.permitAll()
.and()
.headers()
.frameOptions()
.disable()
.and()
.authorizeRequests()
.antMatchers("/**").permitAll();
}
@Bean
public SecurityEvaluationContextExtension securityEvaluationContextExtension() {
return new SecurityEvaluationContextExtension();
}
}
如何登录:1.单击将我重定向到
/login
的按钮2.登录authserver。
3.在客户端上重定向,现在已登录(我使用
SecurityContext::getAuthentication
来确保)。但无论是
UserDetailsService::loadUserByUsername
还是AbstractMemberServices::processAutoLoginCookie
调用