spring - Spring Security 默认登录页面
问题描述
我已经在我的 Spring Cloud Gateway 应用程序中设置了 Spring Security。当我启动它时。它带我进入一个 HTML 页面,我必须在其中选择首选的 oauth 2.0 类型。
我的 pom spring 版本 2.3.12
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-oauth2-client</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-oauth2-resource-server</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-thymeleaf</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-webflux</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-gateway</artifactId>
</dependency>
应用程序.yml
spring:
profiles: default
security:
oauth2:
resourceserver:
jwt:
issuer-uri: https://qa-abchc.cs195.force.com
client:
registration:
sfdc:
client-id: 3MVG9GnaLrwG9T5ZpEfaDCVDu7N4BibMIHajVSUG5F6epm
scope: openid,email,phone,profile
client-secret: fkdslfjklsdjflksjdflsj
authorization-grant-type: authorization_code
redirect-uri: http://localhost:7999/oauth2/callback/sfdc
abc:
client-id: OIDC_CLIENT
scope: openid,email,phone,profile
client-secret: dfjskldjflskfjls
authorization-grant-type: authorization_code
redirect-uri: http://localhost:7999/oauth2/callback/abc
provider:
sfdc:
authorization-uri: https://qa-abchc.cs195.force.com/abcidp/services/oauth2/authorize
token-uri: https://qa-abchc.cs195.force.com/abcidp/services/oauth2/token
abc:
authorization-uri: https://rrtrr.abc.com/fss/as/authorization.oauth2
token-uri: https://rrtrr.abc.com/fss/as/token.oauth2
和
@Configuration
@EnableWebFluxSecurity
public class OAuth2WebSecurity {
@Value("${spring.security.oauth2.client.provider.sfdc.issuer-uri}")
String issuerUri;
@Bean
ReactiveJwtDecoder jwtDecoder() {
return ReactiveJwtDecoders.fromOidcIssuerLocation(issuerUri);
}
@Bean
public SecurityWebFilterChain securityWebFilterChain(ServerHttpSecurity http,
ReactiveClientRegistrationRepository clientRegistrationRepository) {
http.csrf().disable().authorizeExchange().pathMatchers("/favicon.ico", "/css/**", "/webjars/**",
"/api/v1.0/applications/**", "/api/v1.0/users/**", "/oauth2/**", "/login/**", "/oauth2/callback/ge",
"/*").permitAll().anyExchange().authenticated().and().oauth2Login().authorizationRequestResolver(
authorizationRequestResolver(clientRegistrationRepository)).and().oauth2ResourceServer(
oauth2 -> oauth2.authenticationManagerResolver(authenticationManagerResolver));
return http.build();
}
@Bean
public ServerOAuth2AuthorizationRequestResolver authorizationRequestResolver(
ReactiveClientRegistrationRepository clientRegistrationRepository) {
return new DefaultServerOAuth2AuthorizationRequestResolver(clientRegistrationRepository,
new PathPatternParserServerWebExchangeMatcher("/login/{registrationId}"));
}
}
当我尝试在浏览器中访问它时,它会转到 http://localhost:8080/login,它会返回一个 HTML 页面,我可以在其中选择 YAML 文件中提到的任何 OAuth。
现在如何禁用此 HTML 并使其根据上下文路径选择 OAuth?
localhost:8080/login/abc --> 进入 abc 认证服务器
localhost:8080/login/sfdc --> 进入 sfdc 认证服务器
身份验证后,它应该转到默认的休息控制器或一些过滤器类
@RestController
public class LoginController {
@GetMapping("/oauth2/callback/ge")
public String getLoginInfo(@AuthenticationPrincipal OidcUser principal) {
System.out.println(principal.getAccessTokenHash());
return "loginSuccess";
}
@GetMapping("/oauth2/callback/sfdc")
public String getLoginSfdcInfo(@AuthenticationPrincipal OidcUser principal) {
System.out.println(principal.getAccessTokenHash());
return "loginSuccess";
}
}
解决方案
登录页面由 Spring Security 生成。您可以通过指定自己的登录页面来禁用它:
.exceptionHandling().authenticationEntryPoint(new RedirectServerAuthenticationEntryPoint("/my-custom-login-page"))
所有这一切都是设置一个重定向到 /my-custom-login-page 的身份验证入口点。这可能不是您想要的,但它会禁用默认登录页面。如果在未经身份验证的用户发出请求时没有所需的页面或重定向,则不必执行重定向。例如,只要用户未通过身份验证,这将返回 401:
.exceptionHandling().authenticationEntryPoint(new HttpStatusServerEntryPoint(HttpStatus.UNAUTHORIZED))
为了更改授权端点的路径,您可以使用以下命令更改请求匹配ServerOAuth2AuthorizationRequestResolver
:
@Bean
public SecurityWebFilterChain securityWebFilterChain(ServerHttpSecurity http, ServerOAuth2AuthorizationRequestResolver authorizationRequestResolver) {
http
// ...
.oauth2Login().authorizationRequestResolver(authorizationRequestResolver);
return http.build();
}
@Bean
public ServerOAuth2AuthorizationRequestResolver authorizationRequestResolver(ReactiveClientRegistrationRepository clientRegistrationRepository) {
return new DefaultServerOAuth2AuthorizationRequestResolver(clientRegistrationRepository,
new PathPatternParserServerWebExchangeMatcher("/login/{registrationId}"));
}
这将允许/login/abc
和/login/sfdc
去abc
和sfdc
分别基于您的客户注册。
最后,回调由 Spring Security 处理。所以你的控制器不会被调用。您将需要定义一个身份验证成功处理程序:
.oauth2Login().authenticationSuccessHandler(new RedirectServerAuthenticationSuccessHandler("/my-login-success-page"))
您可以在文档的OAuth2 WebFlux部分阅读更多相关信息。
推荐阅读
- windows - PowerShell:为已启动的应用程序池运行 Start-WebAppPool 会导致问题吗?
- javascript - React:使用出生日期输入作为死亡日期的最小值
- reactjs - 在 Material-UI 的自动完成中使用“use-places-autocomplete”钩子?
- r - 使用 fable.prophet 时的超参数优化?
- c - 是否可以在 C 中将指针分配给数组或将数组的地址更改为指针地址?
- python - 使用 stdin.read() 从控制台读取值时出现问题
- linux - 作为指定用户从另一个内部调用一个 bash 函数
- typescript - nuxt 将变量分配给这个
- javascript - 无法读取未定义的属性“insertOnMatch”-TypeScript
- python - 更新 mongodb 集合中的列