spring安全默认登录页面

zpgglvta  于 2021-09-30  发布在  Java
关注(0)|答案(1)|浏览(360)

我已经在我的SpringCloudGateway应用程序中设置了SpringSecurity。当我点燃它的时候。它将我带到一个html页面,在那里我必须选择首选的oauth 2.0类型。
我的pom spring版本2.3.12

<dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-oauth2-client</artifactId>
</dependency>
<dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-oauth2-resource-server</artifactId>
</dependency>
<dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-thymeleaf</artifactId>
</dependency>
<dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-webflux</artifactId>
</dependency>
<dependency>
    <groupId>org.springframework.cloud</groupId>
    <artifactId>spring-cloud-starter-security</artifactId>
</dependency>
        <dependency>
            <groupId>org.springframework.cloud</groupId>
            <artifactId>spring-cloud-starter-gateway</artifactId>
        </dependency>

application.yml

spring:
  profiles: default
  security:
    oauth2:
      resourceserver:
        jwt:
          issuer-uri: https://qa-abchc.cs195.force.com
      client:
        registration:
          sfdc:
            client-id: 3MVG9GnaLrwG9T5ZpEfaDCVDu7N4BibMIHajVSUG5F6epm
            scope: openid,email,phone,profile
            client-secret: fkdslfjklsdjflksjdflsj
            authorization-grant-type: authorization_code
            redirect-uri: http://localhost:7999/oauth2/callback/sfdc
          abc:
            client-id: OIDC_CLIENT
            scope: openid,email,phone,profile
            client-secret: dfjskldjflskfjls
            authorization-grant-type: authorization_code
            redirect-uri: http://localhost:7999/oauth2/callback/abc          
        provider:
          sfdc:
            authorization-uri: https://qa-abchc.cs195.force.com/abcidp/services/oauth2/authorize
            token-uri: https://qa-abchc.cs195.force.com/abcidp/services/oauth2/token 
          abc:
            authorization-uri: https://rrtrr.abc.com/fss/as/authorization.oauth2
            token-uri: https://rrtrr.abc.com/fss/as/token.oauth2

@Configuration
@EnableWebFluxSecurity
public class OAuth2WebSecurity {

    @Value("${spring.security.oauth2.client.provider.sfdc.issuer-uri}")
    String issuerUri;

    @Bean
    ReactiveJwtDecoder jwtDecoder() {
        return ReactiveJwtDecoders.fromOidcIssuerLocation(issuerUri);
    }

    @Bean
    public SecurityWebFilterChain securityWebFilterChain(ServerHttpSecurity http,
            ReactiveClientRegistrationRepository clientRegistrationRepository) {

                http.csrf().disable().authorizeExchange().pathMatchers("/favicon.ico", "/css/**", "/webjars/**",
                "/api/v1.0/applications/**", "/api/v1.0/users/**", "/oauth2/**", "/login/**", "/oauth2/callback/ge",
                "/*").permitAll().anyExchange().authenticated().and().oauth2Login().authorizationRequestResolver(
                        authorizationRequestResolver(clientRegistrationRepository)).and().oauth2ResourceServer(
                                oauth2 -> oauth2.authenticationManagerResolver(authenticationManagerResolver));
        return http.build();

    }

    @Bean
    public ServerOAuth2AuthorizationRequestResolver authorizationRequestResolver(
            ReactiveClientRegistrationRepository clientRegistrationRepository) {
        return new DefaultServerOAuth2AuthorizationRequestResolver(clientRegistrationRepository,
                new PathPatternParserServerWebExchangeMatcher("/login/{registrationId}"));
    }

}

当我尝试在浏览器中访问它时,它会转到http://localhost:8080/login 它返回一个html页面,在这里我可以选择yaml文件中提到的任何一个oauth。
现在,我如何禁用这个html并让它基于上下文路径选择oauth?
本地主机:8080/login/-->转到身份验证服务器
localhost:8080/login/sfdc-->转到sfdc身份验证服务器
身份验证后,它应该转到默认的rest控制器或某个筛选器类

@RestController
public class LoginController {

    @GetMapping("/oauth2/callback/ge")
    public String getLoginInfo(@AuthenticationPrincipal OidcUser principal) {
        System.out.println(principal.getAccessTokenHash());
        return "loginSuccess";
    }

    @GetMapping("/oauth2/callback/sfdc")
    public String getLoginSfdcInfo(@AuthenticationPrincipal OidcUser principal) {
        System.out.println(principal.getAccessTokenHash());
        return "loginSuccess";
    }

}
wb1gzix0

wb1gzix01#

登录页面由spring security生成。您可以通过指定自己的登录页面来禁用它:

.exceptionHandling().authenticationEntryPoint(new RedirectServerAuthenticationEntryPoint("/my-custom-login-page"))

所有这些都是设置一个身份验证入口点,该入口点重定向到/my自定义登录页面。这可能不是您想要的,但它将禁用默认登录页面。如果在未经身份验证的用户发出请求时没有所需的页面或重定向,则不必执行重定向。例如,当用户未通过身份验证时,这将返回401:

.exceptionHandling().authenticationEntryPoint(new HttpStatusServerEntryPoint(HttpStatus.UNAUTHORIZED))

要更改授权端点的路径,可以使用 ServerOAuth2AuthorizationRequestResolver :

@Bean
public SecurityWebFilterChain securityWebFilterChain(ServerHttpSecurity http, ServerOAuth2AuthorizationRequestResolver authorizationRequestResolver) {
    http
        // ...
        .oauth2Login().authorizationRequestResolver(authorizationRequestResolver);

    return http.build();
}
@Bean
public ServerOAuth2AuthorizationRequestResolver authorizationRequestResolver(ReactiveClientRegistrationRepository clientRegistrationRepository) {
    return new DefaultServerOAuth2AuthorizationRequestResolver(clientRegistrationRepository,
            new PathPatternParserServerWebExchangeMatcher("/login/{registrationId}"));
}

这将允许 /login//login/sfdc 去 `` 及 sfdc 分别基于您的客户注册。
最后,回调由spring security处理。所以你的控制器不会被调用。您将要定义身份验证成功处理程序:

.oauth2Login().authenticationSuccessHandler(new RedirectServerAuthenticationSuccessHandler("/my-login-success-page"))

您可以在文档的oauth2 webflux部分阅读更多关于这方面的内容。

相关问题