Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
alvachien
spring-auth-server-demo
提交
28a2b53b
S
spring-auth-server-demo
项目概览
alvachien
/
spring-auth-server-demo
通知
1
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
DevOps
流水线
流水线任务
计划
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
S
spring-auth-server-demo
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
DevOps
DevOps
流水线
流水线任务
计划
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
流水线任务
提交
Issue看板
前往新版Gitcode,体验更适合开发者的 AI 搜索 >>
提交
28a2b53b
编写于
12月 13, 2022
作者:
alvachien
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Retry the login
上级
c7039c3c
变更
12
隐藏空白更改
内联
并排
Showing
12 changed file
with
389 addition
and
37 deletion
+389
-37
auth-server-demo/pom.xml
auth-server-demo/pom.xml
+4
-0
auth-server-demo/src/main/java/com/poc/alvachien/authserverdemo/config/AuthorizationServerConfig.java
...hien/authserverdemo/config/AuthorizationServerConfig.java
+22
-17
auth-server-demo/src/main/java/com/poc/alvachien/authserverdemo/config/SecurityConfig.java
...m/poc/alvachien/authserverdemo/config/SecurityConfig.java
+27
-14
auth-server-demo/src/main/java/com/poc/alvachien/authserverdemo/controller/LoginController.java
.../alvachien/authserverdemo/controller/LoginController.java
+13
-0
auth-server-demo/src/main/java/com/poc/alvachien/authserverdemo/controller/MainController.java
...c/alvachien/authserverdemo/controller/MainController.java
+0
-6
auth-server-demo/src/main/java/com/poc/alvachien/authserverdemo/security/IdentityAuthenticationEntryPoint.java
...serverdemo/security/IdentityAuthenticationEntryPoint.java
+60
-0
auth-server-demo/src/main/java/com/poc/alvachien/authserverdemo/security/IdentityAuthenticationSuccessHandler.java
...erdemo/security/IdentityAuthenticationSuccessHandler.java
+47
-0
auth-server-demo/src/main/java/com/poc/alvachien/authserverdemo/security/IdentityConfigurer.java
...alvachien/authserverdemo/security/IdentityConfigurer.java
+100
-0
auth-server-demo/src/main/java/com/poc/alvachien/authserverdemo/security/IdentityIdTokenCustomizer.java
...en/authserverdemo/security/IdentityIdTokenCustomizer.java
+68
-0
auth-server-demo/src/main/java/com/poc/alvachien/authserverdemo/security/UserRepositoryOAuth2UserHandler.java
...hserverdemo/security/UserRepositoryOAuth2UserHandler.java
+36
-0
auth-server-demo/src/main/resources/application.properties
auth-server-demo/src/main/resources/application.properties
+6
-0
auth-server-demo/src/main/resources/templates/login.html
auth-server-demo/src/main/resources/templates/login.html
+6
-0
未找到文件。
auth-server-demo/pom.xml
浏览文件 @
28a2b53b
...
...
@@ -48,6 +48,10 @@
<groupId>
org.springframework.boot
</groupId>
<artifactId>
spring-boot-starter-validation
</artifactId>
</dependency>
<dependency>
<groupId>
org.springframework.boot
</groupId>
<artifactId>
spring-boot-starter-oauth2-client
</artifactId>
</dependency>
<dependency>
<groupId>
com.microsoft.sqlserver
</groupId>
<artifactId>
mssql-jdbc
</artifactId>
...
...
auth-server-demo/src/main/java/com/poc/alvachien/authserverdemo/config/AuthorizationServerConfig.java
浏览文件 @
28a2b53b
...
...
@@ -5,6 +5,8 @@ import com.nimbusds.jose.jwk.RSAKey;
import
com.nimbusds.jose.jwk.source.ImmutableJWKSet
;
import
com.nimbusds.jose.jwk.source.JWKSource
;
import
com.nimbusds.jose.proc.SecurityContext
;
import
com.poc.alvachien.authserverdemo.security.IdentityConfigurer
;
import
com.poc.alvachien.authserverdemo.security.IdentityIdTokenCustomizer
;
import
java.security.KeyPair
;
import
java.security.KeyPairGenerator
;
...
...
@@ -16,15 +18,22 @@ import org.springframework.context.annotation.Bean;
import
org.springframework.context.annotation.Configuration
;
import
org.springframework.core.Ordered
;
import
org.springframework.core.annotation.Order
;
import
org.springframework.jdbc.core.JdbcTemplate
;
import
org.springframework.security.config.Customizer
;
import
org.springframework.security.config.annotation.web.builders.HttpSecurity
;
import
org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer
;
import
org.springframework.security.oauth2.jwt.JwtDecoder
;
import
org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationConsentService
;
import
org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService
;
import
org.springframework.security.oauth2.server.authorization.JdbcOAuth2AuthorizationConsentService
;
import
org.springframework.security.oauth2.server.authorization.JdbcOAuth2AuthorizationService
;
import
org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository
;
import
org.springframework.security.oauth2.server.authorization.config.annotation.web.configuration.OAuth2AuthorizationServerConfiguration
;
import
org.springframework.security.oauth2.server.authorization.config.annotation.web.configurers.OAuth2AuthorizationServerConfigurer
;
import
org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings
;
import
org.springframework.security.oauth2.server.authorization.token.JwtEncodingContext
;
import
org.springframework.security.oauth2.server.authorization.token.OAuth2TokenCustomizer
;
import
org.springframework.security.web.SecurityFilterChain
;
import
org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint
;
@Configuration
(
proxyBeanMethods
=
false
)
...
...
@@ -36,24 +45,21 @@ public class AuthorizationServerConfig {
http
.
getConfigurer
(
OAuth2AuthorizationServerConfigurer
.
class
)
.
oidc
(
Customizer
.
withDefaults
());
// Enable OpenID Connect 1.0
http
.
exceptionHandling
(
exceptions
->
exceptions
.
authenticationEntryPoint
(
new
LoginUrlAuthenticationEntryPoint
(
"/login"
))
)
.
oauth2ResourceServer
(
OAuth2ResourceServerConfigurer:
:
jwt
);
// http
// .exceptionHandling(exceptions ->
// exceptions.authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/login"))
// )
// .oauth2ResourceServer(OAuth2ResourceServerConfigurer::jwt);
http
.
oauth2ResourceServer
(
OAuth2ResourceServerConfigurer:
:
jwt
);
http
.
apply
(
new
IdentityConfigurer
());
return
http
.
build
();
}
// @Bean
// public OAuth2AuthorizationService authorizationService(JdbcTemplate jdbcTemplate, RegisteredClientRepository registeredClientRepository) {
// return new JdbcOAuth2AuthorizationService(jdbcTemplate, registeredClientRepository);
// }
// @Bean
// public OAuth2AuthorizationConsentService authorizationConsentService(JdbcTemplate jdbcTemplate, RegisteredClientRepository registeredClientRepository) {
// return new JdbcOAuth2AuthorizationConsentService(jdbcTemplate, registeredClientRepository);
// }
@Bean
public
OAuth2TokenCustomizer
<
JwtEncodingContext
>
idTokenCustomizer
()
{
return
new
IdentityIdTokenCustomizer
();
}
@Bean
public
JWKSource
<
SecurityContext
>
jwkSource
()
{
...
...
@@ -88,7 +94,6 @@ public class AuthorizationServerConfig {
@Bean
public
AuthorizationServerSettings
authorizationServerSettings
()
{
return
AuthorizationServerSettings
.
builder
()
.
build
();
return
AuthorizationServerSettings
.
builder
().
build
();
}
}
auth-server-demo/src/main/java/com/poc/alvachien/authserverdemo/config/SecurityConfig.java
浏览文件 @
28a2b53b
...
...
@@ -15,6 +15,8 @@ import com.nimbusds.jose.jwk.RSAKey;
import
com.nimbusds.jose.jwk.source.ImmutableJWKSet
;
import
com.nimbusds.jose.jwk.source.JWKSource
;
import
com.nimbusds.jose.proc.SecurityContext
;
import
com.poc.alvachien.authserverdemo.security.IdentityConfigurer
;
import
com.poc.alvachien.authserverdemo.security.UserRepositoryOAuth2UserHandler
;
import
com.poc.alvachien.authserverdemo.service.MyUserDetailsService
;
import
org.springframework.context.ApplicationEventPublisher
;
...
...
@@ -172,23 +174,34 @@ public class SecurityConfig {
@Bean
SecurityFilterChain
defaultSecurityFilterChain
(
HttpSecurity
http
)
throws
Exception
{
// http
// .authorizeHttpRequests(authorize ->
// authorize.anyRequest().authenticated()
// )
// .formLogin(withDefaults());
// // // Try to customize the login page
// // .formLogin(
// // form -> form.loginPage("/login").successForwardUrl("/")
// // )
// // .logout(
// // form -> form.logoutUrl("/logout").permitAll()
// // )
// // .authorizeHttpRequests(
// // requests -> requests.requestMatchers("/", "/home", "/login**", "/static/**", "/logout**").permitAll()
// // .anyRequest().authenticated()
// // );
// ;
IdentityConfigurer
federatedIdentityConfigurer
=
new
IdentityConfigurer
()
.
oauth2UserHandler
(
new
UserRepositoryOAuth2UserHandler
());
http
.
authorizeHttpRequests
(
authorize
->
authorize
.
anyRequest
().
authenticated
()
authorize
.
requestMatchers
(
"/"
,
"/home"
,
"/login**"
,
"/static/**"
).
permitAll
()
.
anyRequest
().
authenticated
()
)
.
formLogin
(
withDefaults
());
// // Try to customize the login page
// .formLogin(
// form -> form.loginPage("/login").successForwardUrl("/")
// )
// .logout(
// form -> form.logoutUrl("/logout").permitAll()
// )
// .authorizeHttpRequests(
// requests -> requests.requestMatchers("/", "/home", "/login**", "/static/**", "/logout**").permitAll()
// .anyRequest().authenticated()
// );
;
.
formLogin
(
Customizer
.
withDefaults
())
.
apply
(
federatedIdentityConfigurer
);
return
http
.
build
();
}
...
...
auth-server-demo/src/main/java/com/poc/alvachien/authserverdemo/controller/LoginController.java
0 → 100644
浏览文件 @
28a2b53b
package
com.poc.alvachien.authserverdemo.controller
;
import
org.springframework.stereotype.Controller
;
import
org.springframework.web.bind.annotation.GetMapping
;
@Controller
public
class
LoginController
{
@GetMapping
(
"/login"
)
public
String
login
()
{
return
"login"
;
}
}
auth-server-demo/src/main/java/com/poc/alvachien/authserverdemo/controller/MainController.java
浏览文件 @
28a2b53b
...
...
@@ -39,12 +39,6 @@ public class MainController {
return
"home"
;
}
@GetMapping
(
"/login"
)
public
String
loginForm
(
Model
model
)
{
log
.
info
(
"Requiring /login"
);
return
"login"
;
}
// @GetMapping("/login")
// public String loginForm(Model model) {
// log.info("Requiring /login");
...
...
auth-server-demo/src/main/java/com/poc/alvachien/authserverdemo/security/IdentityAuthenticationEntryPoint.java
0 → 100644
浏览文件 @
28a2b53b
package
com.poc.alvachien.authserverdemo.security
;
import
java.io.IOException
;
import
jakarta.servlet.ServletException
;
import
jakarta.servlet.http.HttpServletRequest
;
import
jakarta.servlet.http.HttpServletResponse
;
import
org.springframework.http.server.ServletServerHttpRequest
;
import
org.springframework.security.core.AuthenticationException
;
import
org.springframework.security.oauth2.client.registration.ClientRegistration
;
import
org.springframework.security.oauth2.client.registration.ClientRegistrationRepository
;
import
org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter
;
import
org.springframework.security.web.AuthenticationEntryPoint
;
import
org.springframework.security.web.DefaultRedirectStrategy
;
import
org.springframework.security.web.RedirectStrategy
;
import
org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint
;
import
org.springframework.web.util.UriComponentsBuilder
;
public
class
IdentityAuthenticationEntryPoint
implements
AuthenticationEntryPoint
{
private
final
RedirectStrategy
redirectStrategy
=
new
DefaultRedirectStrategy
();
private
String
authorizationRequestUri
=
OAuth2AuthorizationRequestRedirectFilter
.
DEFAULT_AUTHORIZATION_REQUEST_BASE_URI
+
"/{registrationId}"
;
private
final
AuthenticationEntryPoint
delegate
;
private
final
ClientRegistrationRepository
clientRegistrationRepository
;
public
IdentityAuthenticationEntryPoint
(
String
loginPageUrl
,
ClientRegistrationRepository
clientRegistrationRepository
)
{
this
.
delegate
=
new
LoginUrlAuthenticationEntryPoint
(
loginPageUrl
);
this
.
clientRegistrationRepository
=
clientRegistrationRepository
;
}
@Override
public
void
commence
(
HttpServletRequest
request
,
HttpServletResponse
response
,
AuthenticationException
authenticationException
)
throws
IOException
,
ServletException
{
String
idp
=
request
.
getParameter
(
"idp"
);
if
(
idp
!=
null
)
{
ClientRegistration
clientRegistration
=
this
.
clientRegistrationRepository
.
findByRegistrationId
(
idp
);
if
(
clientRegistration
!=
null
)
{
String
redirectUri
=
UriComponentsBuilder
.
fromHttpRequest
(
new
ServletServerHttpRequest
(
request
))
.
replaceQuery
(
null
)
.
replacePath
(
this
.
authorizationRequestUri
)
.
buildAndExpand
(
clientRegistration
.
getRegistrationId
())
.
toUriString
();
this
.
redirectStrategy
.
sendRedirect
(
request
,
response
,
redirectUri
);
return
;
}
}
this
.
delegate
.
commence
(
request
,
response
,
authenticationException
);
}
public
void
setAuthorizationRequestUri
(
String
authorizationRequestUri
)
{
this
.
authorizationRequestUri
=
authorizationRequestUri
;
}
}
auth-server-demo/src/main/java/com/poc/alvachien/authserverdemo/security/IdentityAuthenticationSuccessHandler.java
0 → 100644
浏览文件 @
28a2b53b
package
com.poc.alvachien.authserverdemo.security
;
import
java.io.IOException
;
import
java.util.function.Consumer
;
import
jakarta.servlet.ServletException
;
import
jakarta.servlet.http.HttpServletRequest
;
import
jakarta.servlet.http.HttpServletResponse
;
import
org.springframework.security.core.Authentication
;
import
org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken
;
import
org.springframework.security.oauth2.core.oidc.user.OidcUser
;
import
org.springframework.security.oauth2.core.user.OAuth2User
;
import
org.springframework.security.web.authentication.AuthenticationSuccessHandler
;
import
org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler
;
public
final
class
IdentityAuthenticationSuccessHandler
implements
AuthenticationSuccessHandler
{
private
final
AuthenticationSuccessHandler
delegate
=
new
SavedRequestAwareAuthenticationSuccessHandler
();
private
Consumer
<
OAuth2User
>
oauth2UserHandler
=
(
user
)
->
{};
private
Consumer
<
OidcUser
>
oidcUserHandler
=
(
user
)
->
this
.
oauth2UserHandler
.
accept
(
user
);
@Override
public
void
onAuthenticationSuccess
(
HttpServletRequest
request
,
HttpServletResponse
response
,
Authentication
authentication
)
throws
IOException
,
ServletException
{
if
(
authentication
instanceof
OAuth2AuthenticationToken
)
{
if
(
authentication
.
getPrincipal
()
instanceof
OidcUser
)
{
this
.
oidcUserHandler
.
accept
((
OidcUser
)
authentication
.
getPrincipal
());
}
else
if
(
authentication
.
getPrincipal
()
instanceof
OAuth2User
)
{
this
.
oauth2UserHandler
.
accept
((
OAuth2User
)
authentication
.
getPrincipal
());
}
}
this
.
delegate
.
onAuthenticationSuccess
(
request
,
response
,
authentication
);
}
public
void
setOAuth2UserHandler
(
Consumer
<
OAuth2User
>
oauth2UserHandler
)
{
this
.
oauth2UserHandler
=
oauth2UserHandler
;
}
public
void
setOidcUserHandler
(
Consumer
<
OidcUser
>
oidcUserHandler
)
{
this
.
oidcUserHandler
=
oidcUserHandler
;
}
}
auth-server-demo/src/main/java/com/poc/alvachien/authserverdemo/security/IdentityConfigurer.java
0 → 100644
浏览文件 @
28a2b53b
package
com.poc.alvachien.authserverdemo.security
;
import
java.util.function.Consumer
;
import
org.springframework.context.ApplicationContext
;
import
org.springframework.security.config.annotation.web.builders.HttpSecurity
;
import
org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer
;
import
org.springframework.security.oauth2.client.registration.ClientRegistrationRepository
;
import
org.springframework.security.oauth2.core.oidc.user.OidcUser
;
import
org.springframework.security.oauth2.core.user.OAuth2User
;
import
org.springframework.util.Assert
;
public
class
IdentityConfigurer
extends
AbstractHttpConfigurer
<
IdentityConfigurer
,
HttpSecurity
>
{
private
String
loginPageUrl
=
"/login"
;
private
String
authorizationRequestUri
;
private
Consumer
<
OAuth2User
>
oauth2UserHandler
;
private
Consumer
<
OidcUser
>
oidcUserHandler
;
/**
* @param loginPageUrl The URL of the login page, defaults to {@code "/login"}
* @return This configurer for additional configuration
*/
public
IdentityConfigurer
loginPageUrl
(
String
loginPageUrl
)
{
Assert
.
hasText
(
loginPageUrl
,
"loginPageUrl cannot be empty"
);
this
.
loginPageUrl
=
loginPageUrl
;
return
this
;
}
/**
* @param authorizationRequestUri The authorization request URI for initiating
* the login flow with an external IDP, defaults to {@code
* "/oauth2/authorization/{registrationId}"}
* @return This configurer for additional configuration
*/
public
IdentityConfigurer
authorizationRequestUri
(
String
authorizationRequestUri
)
{
Assert
.
hasText
(
authorizationRequestUri
,
"authorizationRequestUri cannot be empty"
);
this
.
authorizationRequestUri
=
authorizationRequestUri
;
return
this
;
}
/**
* @param oauth2UserHandler The {@link Consumer} for performing JIT account provisioning
* with an OAuth 2.0 IDP
* @return This configurer for additional configuration
*/
public
IdentityConfigurer
oauth2UserHandler
(
Consumer
<
OAuth2User
>
oauth2UserHandler
)
{
Assert
.
notNull
(
oauth2UserHandler
,
"oauth2UserHandler cannot be null"
);
this
.
oauth2UserHandler
=
oauth2UserHandler
;
return
this
;
}
/**
* @param oidcUserHandler The {@link Consumer} for performing JIT account provisioning
* with an OpenID Connect 1.0 IDP
* @return This configurer for additional configuration
*/
public
IdentityConfigurer
oidcUserHandler
(
Consumer
<
OidcUser
>
oidcUserHandler
)
{
Assert
.
notNull
(
oidcUserHandler
,
"oidcUserHandler cannot be null"
);
this
.
oidcUserHandler
=
oidcUserHandler
;
return
this
;
}
// @formatter:off
@Override
public
void
init
(
HttpSecurity
http
)
throws
Exception
{
ApplicationContext
applicationContext
=
http
.
getSharedObject
(
ApplicationContext
.
class
);
ClientRegistrationRepository
clientRegistrationRepository
=
applicationContext
.
getBean
(
ClientRegistrationRepository
.
class
);
IdentityAuthenticationEntryPoint
authenticationEntryPoint
=
new
IdentityAuthenticationEntryPoint
(
this
.
loginPageUrl
,
clientRegistrationRepository
);
if
(
this
.
authorizationRequestUri
!=
null
)
{
authenticationEntryPoint
.
setAuthorizationRequestUri
(
this
.
authorizationRequestUri
);
}
IdentityAuthenticationSuccessHandler
authenticationSuccessHandler
=
new
IdentityAuthenticationSuccessHandler
();
if
(
this
.
oauth2UserHandler
!=
null
)
{
authenticationSuccessHandler
.
setOAuth2UserHandler
(
this
.
oauth2UserHandler
);
}
if
(
this
.
oidcUserHandler
!=
null
)
{
authenticationSuccessHandler
.
setOidcUserHandler
(
this
.
oidcUserHandler
);
}
http
.
exceptionHandling
(
exceptionHandling
->
exceptionHandling
.
authenticationEntryPoint
(
authenticationEntryPoint
)
)
.
oauth2Login
(
oauth2Login
->
{
oauth2Login
.
successHandler
(
authenticationSuccessHandler
);
if
(
this
.
authorizationRequestUri
!=
null
)
{
String
baseUri
=
this
.
authorizationRequestUri
.
replace
(
"/{registrationId}"
,
""
);
oauth2Login
.
authorizationEndpoint
(
authorizationEndpoint
->
authorizationEndpoint
.
baseUri
(
baseUri
)
);
}
});
}
}
auth-server-demo/src/main/java/com/poc/alvachien/authserverdemo/security/IdentityIdTokenCustomizer.java
0 → 100644
浏览文件 @
28a2b53b
package
com.poc.alvachien.authserverdemo.security
;
import
java.util.Arrays
;
import
java.util.Collections
;
import
java.util.HashMap
;
import
java.util.HashSet
;
import
java.util.Map
;
import
java.util.Set
;
import
org.springframework.security.core.Authentication
;
import
org.springframework.security.oauth2.core.oidc.IdTokenClaimNames
;
import
org.springframework.security.oauth2.core.oidc.OidcIdToken
;
import
org.springframework.security.oauth2.core.oidc.endpoint.OidcParameterNames
;
import
org.springframework.security.oauth2.core.oidc.user.OidcUser
;
import
org.springframework.security.oauth2.core.user.OAuth2User
;
import
org.springframework.security.oauth2.server.authorization.token.JwtEncodingContext
;
import
org.springframework.security.oauth2.server.authorization.token.OAuth2TokenCustomizer
;
public
class
IdentityIdTokenCustomizer
implements
OAuth2TokenCustomizer
<
JwtEncodingContext
>
{
private
static
final
Set
<
String
>
ID_TOKEN_CLAIMS
=
Collections
.
unmodifiableSet
(
new
HashSet
<>(
Arrays
.
asList
(
IdTokenClaimNames
.
ISS
,
IdTokenClaimNames
.
SUB
,
IdTokenClaimNames
.
AUD
,
IdTokenClaimNames
.
EXP
,
IdTokenClaimNames
.
IAT
,
IdTokenClaimNames
.
AUTH_TIME
,
IdTokenClaimNames
.
NONCE
,
IdTokenClaimNames
.
ACR
,
IdTokenClaimNames
.
AMR
,
IdTokenClaimNames
.
AZP
,
IdTokenClaimNames
.
AT_HASH
,
IdTokenClaimNames
.
C_HASH
)));
@Override
public
void
customize
(
JwtEncodingContext
context
)
{
if
(
OidcParameterNames
.
ID_TOKEN
.
equals
(
context
.
getTokenType
().
getValue
()))
{
Map
<
String
,
Object
>
thirdPartyClaims
=
extractClaims
(
context
.
getPrincipal
());
context
.
getClaims
().
claims
(
existingClaims
->
{
// Remove conflicting claims set by this authorization server
existingClaims
.
keySet
().
forEach
(
thirdPartyClaims:
:
remove
);
// Remove standard id_token claims that could cause problems with clients
ID_TOKEN_CLAIMS
.
forEach
(
thirdPartyClaims:
:
remove
);
// Add all other claims directly to id_token
existingClaims
.
putAll
(
thirdPartyClaims
);
});
}
}
private
Map
<
String
,
Object
>
extractClaims
(
Authentication
principal
)
{
Map
<
String
,
Object
>
claims
;
if
(
principal
.
getPrincipal
()
instanceof
OidcUser
)
{
OidcUser
oidcUser
=
(
OidcUser
)
principal
.
getPrincipal
();
OidcIdToken
idToken
=
oidcUser
.
getIdToken
();
claims
=
idToken
.
getClaims
();
}
else
if
(
principal
.
getPrincipal
()
instanceof
OAuth2User
)
{
OAuth2User
oauth2User
=
(
OAuth2User
)
principal
.
getPrincipal
();
claims
=
oauth2User
.
getAttributes
();
}
else
{
claims
=
Collections
.
emptyMap
();
}
return
new
HashMap
<>(
claims
);
}
}
auth-server-demo/src/main/java/com/poc/alvachien/authserverdemo/security/UserRepositoryOAuth2UserHandler.java
0 → 100644
浏览文件 @
28a2b53b
package
com.poc.alvachien.authserverdemo.security
;
import
java.util.Map
;
import
java.util.concurrent.ConcurrentHashMap
;
import
java.util.function.Consumer
;
import
org.springframework.security.oauth2.core.user.OAuth2User
;
public
final
class
UserRepositoryOAuth2UserHandler
implements
Consumer
<
OAuth2User
>
{
private
final
UserRepository
userRepository
=
new
UserRepository
();
@Override
public
void
accept
(
OAuth2User
user
)
{
// Capture user in a local data store on first authentication
if
(
this
.
userRepository
.
findByName
(
user
.
getName
())
==
null
)
{
System
.
out
.
println
(
"Saving first-time user: name="
+
user
.
getName
()
+
", claims="
+
user
.
getAttributes
()
+
", authorities="
+
user
.
getAuthorities
());
this
.
userRepository
.
save
(
user
);
}
}
static
class
UserRepository
{
private
final
Map
<
String
,
OAuth2User
>
userCache
=
new
ConcurrentHashMap
<>();
public
OAuth2User
findByName
(
String
name
)
{
return
this
.
userCache
.
get
(
name
);
}
public
void
save
(
OAuth2User
oauth2User
)
{
this
.
userCache
.
put
(
oauth2User
.
getName
(),
oauth2User
);
}
}
}
auth-server-demo/src/main/resources/application.properties
浏览文件 @
28a2b53b
...
...
@@ -5,6 +5,12 @@ spring.mvc.static-path-pattern=/static/**
#thymeleaf
spring.thymeleaf.cache
=
false
spring.security.oauth2.client.registration.github-idp.provider
=
github
spring.security.oauth2.client.registration.github-idp.client-id
=
test
spring.security.oauth2.client.registration.github-idp.client-secret
=
test
spring.security.oauth2.client.registration.github-idp.scope.user
=
email
spring.security.oauth2.client.registration.github-idp.client-name
=
Sign in with GitHub
spring.security.oauth2.client.registration.provider.github.user-name-attribute
=
login
spring.jpa.hibernate.ddl-auto
=
update
spring.datasource.url
=
jdbc:sqlserver://localhost;encrypt=true;database=authdemo;integratedSecurity=true;trustServerCertificate=true
...
...
auth-server-demo/src/main/resources/templates/login.html
浏览文件 @
28a2b53b
...
...
@@ -31,6 +31,12 @@
</div>
<button
class=
"w-100 btn btn-lg btn-primary"
type=
"submit"
>
Sign in
</button>
<a
class=
"btn btn-light btn-block bg-white"
href=
"/oauth2/authorization/github-idp"
role=
"link"
style=
"text-transform: none;"
>
<img
width=
"24"
style=
"margin-right: 5px;"
alt=
"Sign in with GitHub"
src=
"https://github.githubassets.com/images/modules/logos_page/GitHub-Mark.png"
/>
Sign in with Github
</a>
</form>
<!-- <form method="post" role="form" th:action="@{/login}" th:object="${login}">
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录