spring-security 如何确保使我的自定义OidcUserService调用超过默认值?

kq0g1dla  于 2022-11-11  发布在  Spring
关注(0)|答案(2)|浏览(224)

**tl;dr:**为什么我的OidcUserService没有注册?

我正尝试使用我自己的OAuth2UserService,方法是按照Spring Security文档中的说明注册它。
然而,当我在OidcUserService.loadUser(OidcUserRequest)](https://docs.spring.io/spring-security/site/docs/current/api/org/springframework/security/oauth2/client/oidc/userinfo/oidcUserService.html#loadUser-org.springframework.security.oauth2.client.oidc.userinfo.oidcUserRequest-)方法上设置断点时,它却一直命中com.okta.spring.boot.oauth.OktaOidcUserService!我 * 正在 * 使用com.okta.spring:okta-spring-boot-parent:1.2.2-SNAPSHOT,这可能是问题所在?
我注册了我的OidcUserService,如文档所示:

@SpringBootApplication
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
public class RedirectCodeFlowApplication {

    public static void main(String[] args) {
        SpringApplication.run(RedirectCodeFlowApplication.class, args);
    }

    @Configuration
    static class WebConfig extends WebSecurityConfigurerAdapter {
        @Override
        protected void configure(HttpSecurity http) throws Exception {
            final OidcUserService delegate = new OidcUserService();

            http.authorizeRequests().anyRequest().authenticated()
                .and()
                .oauth2Login()
                .userInfoEndpoint()
                .oidcUserService( (userRequest) -> {
                        System.out.println( "!!xXx!! never gets here" );

                        OidcUser oidcUser = delegate.loadUser(userRequest);

                        OAuth2AccessToken accessToken = userRequest.getAccessToken();
                        Set<GrantedAuthority> mappedAuthorities = new HashSet<>();

                        oidcUser = new DefaultOidcUser(mappedAuthorities, oidcUser.getIdToken(), oidcUser.getUserInfo());

                        return oidcUser;
                    })
            ;
        }

我调用的方法很简单:

@RestController
public class WelcomeController {

    @GetMapping("/")
    public Welcome getMessageOfTheDay(Principal principal) {
        return "The message of the day is boring.";
    }
}

这都是改编自:https://github.com/okta/okta-spring-boot/blob/master/examples/redirect-code-flow/src/main/java/com/okta/spring/example/RedirectCodeFlowApplication.java

fbcarpbf

fbcarpbf1#

简单的解决方案是将您的自定义服务定义为名为“oidcUserService”的Bean。

@Bean(name = "oidcUserService")
  OAuth2UserService<OidcUserRequest, OidcUser> getOidcUserService() {
    return new CustomOidcUserService();
  }

用这个http配置可以简单的如下:

http.authorizeRequests().anyRequest().authenticated()
                .and()
                .oauth2Login();
tyky79it

tyky79it2#

这是一个已知问题:https://github.com/okta/okta-spring-boot/issues/136(仍以下列方式打开:(x、x、e、f、x)
这是一个用于处理如何加载HttpSecurity和HttpConfigurer的变通方法。
我不能100%肯定我们可以解决这个问题,但是,公开一种添加自定义GrantedAuthority方法会很容易。
我将再次研究前者,但作为最后的手段,您能否确认您正在尝试设置自定义的GrantedAuthority?

相关问题