Spring boot Spring Boot Oauth2资源服务器用户详细信息服务
试图让UserDetailsService为我设置的oauth2资源服务器工作。我能够成功地对jwt进行身份验证,但我所做的一切似乎都无法让它调用loadUserByUsername方法。这本来是使用SAML的,它可以工作,但现在我切换到Oauth2,我无法让它工作Spring boot Spring Boot Oauth2资源服务器用户详细信息服务,spring-boot,spring-security,spring-security-oauth2,spring-oauth2,userdetailsservice,Spring Boot,Spring Security,Spring Security Oauth2,Spring Oauth2,Userdetailsservice,试图让UserDetailsService为我设置的oauth2资源服务器工作。我能够成功地对jwt进行身份验证,但我所做的一切似乎都无法让它调用loadUserByUsername方法。这本来是使用SAML的,它可以工作,但现在我切换到Oauth2,我无法让它工作 @Service public class OauthUsersDetailsServiceImpl implements UserDetailsService{ @Override
@Service
public class OauthUsersDetailsServiceImpl implements UserDetailsService{
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
//some user loading junk here - this is never called
}
}
我在google上发现,我可以用@service将该类注册为bean,spring会直接获取它,但它不起作用。我还尝试通过AuthenticationManagerBuilder添加它,但也没有成功。我的猜测是,jwt方面有自己的userdetails服务,它实现了这个服务,并且优先于我的服务。也就是说,让我调用的正确方法是什么,还是在身份验证完成并覆盖主体对象后手动调用我的用户加载逻辑更好?我需要在调用端点之前执行此操作,以便预授权可以检查UserDetailsService加载的角色。您需要注册UserDetailsService实现,然后由DaoAuthenticationProvider使用
// userDetailsService bean
@Autowired
private OauthUsersDetailsServiceImpl oauthUsersDetailsServiceImpl;
//
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(oauthUsersDetailsServiceImpl);
}
我明白了。希望这能帮助任何遇到同样问题的人。我必须在链中添加一个自定义筛选器来调用我的用户详细信息服务并覆盖上下文:
public class Oauth2AuthorizationFilter extends GenericFilterBean {
@Autowired
private OauthUsersDetailsServiceImpl oauthUsersDetailsServiceImpl;
public Oauth2AuthorizationFilter (OauthUsersDetailsServiceImpl userDetailsService) {
this.oauthUsersDetailsServiceImpl = userDetailsService;
}
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws IOException, ServletException {
SecurityContext context = SecurityContextHolder.getContext();
if(context.getAuthentication() != null && !(context.getAuthentication().getPrincipal() instanceof Users)) {
UserDetails user = oauthUsersDetailsServiceImpl.loadUserByUsername(((Jwt)context.getAuthentication().getPrincipal()).getClaimAsString("user_name"));
UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(user, null, user.getAuthorities());
context.setAuthentication(authentication);
}
chain.doFilter(request, response);
}
}
这终于满足了我的需要这有帮助吗?@Mahesh_Loya不幸的是,没有,我也试过。这个问题看起来是针对授权服务器的。我的问题是资源服务器。也尝试过这个,但仍然不好。无论如何,AuthenticationManagerBuilder的configure方法肯定是在启动时被调用的,所以就我所知,它正在工作。
public class Oauth2AuthorizationFilter extends GenericFilterBean {
@Autowired
private OauthUsersDetailsServiceImpl oauthUsersDetailsServiceImpl;
public Oauth2AuthorizationFilter (OauthUsersDetailsServiceImpl userDetailsService) {
this.oauthUsersDetailsServiceImpl = userDetailsService;
}
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws IOException, ServletException {
SecurityContext context = SecurityContextHolder.getContext();
if(context.getAuthentication() != null && !(context.getAuthentication().getPrincipal() instanceof Users)) {
UserDetails user = oauthUsersDetailsServiceImpl.loadUserByUsername(((Jwt)context.getAuthentication().getPrincipal()).getClaimAsString("user_name"));
UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(user, null, user.getAuthorities());
context.setAuthentication(authentication);
}
chain.doFilter(request, response);
}
}
@Override
protected void configure(HttpSecurity http) throws Exception
{
//test key for now
SecretKeySpec key = new SecretKeySpec("private key0000000000000000000000000000000".getBytes(), "HMACSHA256");
http.authorizeRequests().antMatchers(/*bunch of junk...*/).permitAll().and().authorizeRequests().anyRequest().authenticated().and()
.oauth2ResourceServer().jwt().decoder(NimbusJwtDecoder.withSecretKey(key).build());
http.addFilterAfter(jwtAuthTokenFilterBean(), SwitchUserFilter.class);
}