Fatal编程技术网
  • spring-mvc/
  • Spring mvc 使用自定义登录表单后,OAuth2服务器不会重定向到客户端服务器

Spring mvc 使用自定义登录表单后,OAuth2服务器不会重定向到客户端服务器

spring-mvc spring-boot oauth-2.0

Spring mvc 使用自定义登录表单后,OAuth2服务器不会重定向到客户端服务器,spring-mvc,spring-boot,oauth-2.0,Spring Mvc,Spring Boot,Oauth 2.0,身份验证和授权工作正常。但成功登录后,它并没有将我重定向到客户端,而是进一步打开了一些.js文件的源代码。而上一页(没有自定义登录表单loginPage(“/login”))则成功地将我重定向到单击的最后一页(客户端),这需要进行身份验证 我的服务器端代码如下: 授权服务器 @配置 @EnableAuthorizationServer 公共类AuthorizationServerConfig扩展AuthorizationServerConfigurerAdapter{ @Autowired pr

身份验证和授权工作正常。但成功登录后,它并没有将我重定向到客户端,而是进一步打开了一些.js文件的源代码。而上一页(没有自定义登录表单loginPage(“/login”))则成功地将我重定向到单击的最后一页(客户端),这需要进行身份验证

我的服务器端代码如下:

授权服务器

@配置

@EnableAuthorizationServer

公共类AuthorizationServerConfig扩展AuthorizationServerConfigurerAdapter{

@Autowired
private AuthenticationManager authenticationManager;

@Override
public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {

    security.tokenKeyAccess("permitAll()")
            .checkTokenAccess("isAuthenticated()");
}


@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
    clients
            .inMemory()
            .withClient("ClientId")
            .secret("secret")
            .authorizedGrantTypes("authorization_code")
            .scopes("user_info")
            .redirectUris("http://localhost:8082/ui/login")
            .autoApprove(true);
}


@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {

    endpoints.authenticationManager(authenticationManager);
}

@Override
public void configure(HttpSecurity http) throws Exception {
    http.requestMatchers().antMatchers("/api/**").and().authorizeRequests()
            .antMatchers("/api/**").authenticated().and()
            .antMatcher("/rest/hello/principal")
            .authorizeRequests().anyRequest().authenticated();
}

@Autowired
private CustomUserDetailsService userDetailsService;

@Override
protected void configure(HttpSecurity http) throws Exception {
        
        http.authorizeRequests().antMatchers("/login").permitAll().antMatchers("/oauth/token/revokeById/**").permitAll()
        .antMatchers("/tokens/**").permitAll().anyRequest().authenticated().and()
        .formLogin().loginPage("/login")
        .usernameParameter("username")
        .passwordParameter("password")
        .failureUrl("/login?error")
        .defaultSuccessUrl("/").permitAll().and()
        .csrf().disable();
        
}

@Override
public void configure(AuthenticationManagerBuilder auth) throws Exception {
    auth.userDetailsService(userDetailsService).passwordEncoder(passwordencoder());
}

@Bean(name = "passwordEncoder")
public PasswordEncoder passwordencoder() {
    return new CustomPasswordEncoder();
}
}

资源服务器

@配置

@EnableResourceServer

公共类ResourceServer扩展ResourceServerConfigurerAdapter{

@Autowired
private AuthenticationManager authenticationManager;

@Override
public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {

    security.tokenKeyAccess("permitAll()")
            .checkTokenAccess("isAuthenticated()");
}


@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
    clients
            .inMemory()
            .withClient("ClientId")
            .secret("secret")
            .authorizedGrantTypes("authorization_code")
            .scopes("user_info")
            .redirectUris("http://localhost:8082/ui/login")
            .autoApprove(true);
}


@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {

    endpoints.authenticationManager(authenticationManager);
}

@Override
public void configure(HttpSecurity http) throws Exception {
    http.requestMatchers().antMatchers("/api/**").and().authorizeRequests()
            .antMatchers("/api/**").authenticated().and()
            .antMatcher("/rest/hello/principal")
            .authorizeRequests().anyRequest().authenticated();
}

@Autowired
private CustomUserDetailsService userDetailsService;

@Override
protected void configure(HttpSecurity http) throws Exception {
        
        http.authorizeRequests().antMatchers("/login").permitAll().antMatchers("/oauth/token/revokeById/**").permitAll()
        .antMatchers("/tokens/**").permitAll().anyRequest().authenticated().and()
        .formLogin().loginPage("/login")
        .usernameParameter("username")
        .passwordParameter("password")
        .failureUrl("/login?error")
        .defaultSuccessUrl("/").permitAll().and()
        .csrf().disable();
        
}

@Override
public void configure(AuthenticationManagerBuilder auth) throws Exception {
    auth.userDetailsService(userDetailsService).passwordEncoder(passwordencoder());
}

@Bean(name = "passwordEncoder")
public PasswordEncoder passwordencoder() {
    return new CustomPasswordEncoder();
}
我的安全配置

@配置

公共类WebSecurity配置扩展了WebSecurity配置适配器{

@Autowired
private AuthenticationManager authenticationManager;

@Override
public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {

    security.tokenKeyAccess("permitAll()")
            .checkTokenAccess("isAuthenticated()");
}


@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
    clients
            .inMemory()
            .withClient("ClientId")
            .secret("secret")
            .authorizedGrantTypes("authorization_code")
            .scopes("user_info")
            .redirectUris("http://localhost:8082/ui/login")
            .autoApprove(true);
}


@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {

    endpoints.authenticationManager(authenticationManager);
}

@Override
public void configure(HttpSecurity http) throws Exception {
    http.requestMatchers().antMatchers("/api/**").and().authorizeRequests()
            .antMatchers("/api/**").authenticated().and()
            .antMatcher("/rest/hello/principal")
            .authorizeRequests().anyRequest().authenticated();
}

@Autowired
private CustomUserDetailsService userDetailsService;

@Override
protected void configure(HttpSecurity http) throws Exception {
        
        http.authorizeRequests().antMatchers("/login").permitAll().antMatchers("/oauth/token/revokeById/**").permitAll()
        .antMatchers("/tokens/**").permitAll().anyRequest().authenticated().and()
        .formLogin().loginPage("/login")
        .usernameParameter("username")
        .passwordParameter("password")
        .failureUrl("/login?error")
        .defaultSuccessUrl("/").permitAll().and()
        .csrf().disable();
        
}

@Override
public void configure(AuthenticationManagerBuilder auth) throws Exception {
    auth.userDetailsService(userDetailsService).passwordEncoder(passwordencoder());
}

@Bean(name = "passwordEncoder")
public PasswordEncoder passwordencoder() {
    return new CustomPasswordEncoder();
}
}您需要创建 SimpleRuThenticationSuccessHandler实现

public class RefererRedirectionAuthenticationSuccessHandler 
  extends SimpleUrlAuthenticationSuccessHandler
  implements AuthenticationSuccessHandler {

    public RefererRedirectionAuthenticationSuccessHandler() {
        super();
        setUseReferer(true);
    }

}
并在WebSecurity配置中添加一行 .successHandler(新的RefererAuthenticationSuccessHandler())

之后,您的方法将如下所示

@Override
protected void configure(HttpSecurity http) throws Exception {

        http.authorizeRequests().antMatchers("/login").permitAll().antMatchers("/oauth/token/revokeById/**").permitAll()
        .antMatchers("/tokens/**").permitAll().anyRequest().authenticated().and()
        .formLogin().loginPage("/login")
        .usernameParameter("username")
        .passwordParameter("password")
        .successHandler(new RefererAuthenticationSuccessHandler()) 
        .failureUrl("/login?error")
        .defaultSuccessUrl("/").permitAll().and()
        .csrf().disable();

}
感谢上面的介绍,但结果是一样的,我尝试了refererDirectionAuthenticationSuccessHandler()上的调试点,但似乎控件没有对其进行检查。