我希望能够将其他参数从客户端传递到oauth2用户服务。在这个Spring之后https://docs.spring.io/spring-security/site/docs/5.1.1.release/reference/htmlsingle/#oauth2client-授权请求解析器,我可以向oauth2authorizationrequest添加额外的参数。当我尝试在自定义defaultoauth2userservice中检索参数时,它不再是oauth2userrequest的一部分。
我认为这个问题与oauth2authorizationrequest的resolve方法有关,它被调用了两次,第二次authorizationrequest为null。请参阅下面的调试日志
关于如何解决这个问题有什么建议吗?
客户请求
http://localhost:8080/oauth2/authorize/github?redirect_uri=http://localhost:3000/oauth2/redirect&action=signup详细日志
CustomAuthorizationRequestResolver : in CustomAuthorizationRequestResolver.resolve() authorizationRequest is [Initialized]
CustomAuthorizationRequestResolver: action parameter from HttpServletRequest is [signup]
CustomAuthorizationRequestResolver: number of additional parameters added to OAuth2AuthorizationRequest is [1]
CustomAuthorizationRequestResolver: in CustomAuthorizationRequestResolver.resolve() authorizationRequest is [null]
CustomOAuth2UserService: in CustomOAuth2UserService.loadUser() size of additional parameters [0]customauthorizationrequestresolver
public class CustomAuthorizationRequestResolver implements OAuth2AuthorizationRequestResolver {
private final static Logger logger = LoggerFactory.getLogger(CustomAuthorizationRequestResolver.class);
private final OAuth2AuthorizationRequestResolver defaultAuthorizationRequestResolver;
public CustomAuthorizationRequestResolver(ClientRegistrationRepository clientRegistrationRepository) {
this.defaultAuthorizationRequestResolver = new DefaultOAuth2AuthorizationRequestResolver(clientRegistrationRepository,
"/oauth2/authorize");
}
@Override
public OAuth2AuthorizationRequest resolve(HttpServletRequest request) {
OAuth2AuthorizationRequest authorizationRequest = this.defaultAuthorizationRequestResolver.resolve(request);
logger.debug("in CustomAuthorizationRequestResolver.resolve() authorizationRequest is [{}]",
authorizationRequest == null ? "null" : "Initialized");
return authorizationRequest != null ? customAuthorizationRequest(request, authorizationRequest) : null;
}
@Override
public OAuth2AuthorizationRequest resolve(HttpServletRequest request, String clientRegistrationId) {
OAuth2AuthorizationRequest authorizationRequest = this.defaultAuthorizationRequestResolver.resolve(
request, clientRegistrationId);
return authorizationRequest != null ? customAuthorizationRequest(request, authorizationRequest) : null;
}
private OAuth2AuthorizationRequest customAuthorizationRequest(HttpServletRequest request,
OAuth2AuthorizationRequest authorizationRequest) {
String action = request.getParameter("action");
logger.debug("action parameter from HttpServletRequest is [{}]", action);
Map<String, Object> additionalParameters = new LinkedHashMap<>(authorizationRequest.getAdditionalParameters());
additionalParameters.put("action", action);
OAuth2AuthorizationRequest rtn = OAuth2AuthorizationRequest.from(authorizationRequest).additionalParameters(
additionalParameters).build();
logger.debug("number of additional parameters added to OAuth2AuthorizationRequest is [{}]", rtn.getAdditionalParameters()
.size());
return rtn;
}
}customoauth2userservice
public class CustomOAuth2UserService extends DefaultOAuth2UserService {
private final Logger logger = LoggerFactory.getLogger(CustomOAuth2UserService.class);
@Autowired
private UserRepository userRepository;
@Override
public OAuth2User loadUser(OAuth2UserRequest oAuth2UserRequest) throws OAuth2AuthenticationException {
OAuth2User oAuth2User = super.loadUser(oAuth2UserRequest);
logger.debug("in CustomOAuth2UserService.loadUser() size of additional parameters [{}]", oAuth2UserRequest
.getAdditionalParameters().size());
// other processing
}
// other methods
}
1条答案
按热度按时间eoigrqb61#
这个
OAuth2AuthorizationRequest及OAuth2UserRequest是对不同端点的不同请求。这个
OAuth2AuthorizationRequest表示对的请求http://localhost:8080/oauth2/authorize/github?redirect_uri=http://localhost:3000/oauth2/redirect&action=signup,而OAuth2UserRequest表示请求,例如,http://localhost:3000/userinfo.附加参数从来都不是问题的一部分
OAuth2UserRequest.