英文:
Spring MVC + security + OAuth2 userInfoEndpoint() not work
问题
我正在尝试作为Spring MVC + Security + OAuth2登录。
当前的身份验证状态已成功接收,并且可以获取用户信息。
我想要获取用户信息,所以我编写了 userInfoEndpoint,但 userInfoEndPoint 根本没有被调用。
另一方面,successHandler 被成功调用并且身份验证具有用户信息。
所以我有两个问题
首先,为什么 userInfoEndpoint 根本没有被调用?
在Spring Boot情况下,它会被成功调用。
其次,如何从 successHandler 的身份验证中获取用户信息?
successHandler 的身份验证只有这个方法。
Object getCredentials();
Object getDetails();
Object getPrincipal();
boolean isAuthenticated();
void setAuthenticated(boolean var1) throws IllegalArgumentException;
——源代码——
SecurityConfig.java
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable()
.authorizeRequests()
.antMatchers("/*").permitAll()
.and()
.logout()
.logoutUrl("/logout")
.logoutSuccessUrl("/")
.and()
.oauth2Login()
.userInfoEndpoint()
.userService(customOAuth2UserService)
.and()
.successHandler(new SuccessHandler());
}
SuccessHandler.java
@Log4j
public class SuccessHandler implements AuthenticationSuccessHandler {
@Override
public void onAuthenticationSuccess(HttpServletRequest httpServletRequest,
HttpServletResponse httpServletResponse,
Authentication authentication) throws IOException, ServletException {
log.info(authentication);
}
}
英文:
I'm trying to login as Spring MVC + security + OAuth2.
The current authentication status is successfully received and user information can be obtained.
I want to get user information so I write userInfoEndpoint, but userInfoEndPoint is not being called at all.
On the other hand successHandler is being successfully called and authentication has the user information.
So I have two questions
First, Why isn't userInfoEndpoint called at all?
In Spring Boot case, it successfully called
Second, How to get user information from the authentication of the successHandler?
The authentication of the successHandler only has this method.
Object getCredentials();
Object getDetails();
Object getPrincipal();
boolean isAuthenticated();
void setAuthenticated(boolean var1) throws IllegalArgumentException;
—Source code—
SecurityConfig.java
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable()
.authorizeRequests()
.antMatchers("/*").permitAll()
.and()
.logout()
.logoutUrl("/logout")
.logoutSuccessUrl("/")
.and()
.oauth2Login()
.userInfoEndpoint()
.userService(customOAuth2UserService)
.and()
.successHandler(new SuccessHandler());
}
SuccessHandler.java
@Log4j
public class SuccessHandler implements AuthenticationSuccessHandler {
@Override
public void onAuthenticationSuccess(HttpServletRequest httpServletRequest,
HttpServletResponse httpServletResponse,
Authentication authentication) throws IOException, ServletException {
log.info(authentication);
}
}
答案1
得分: 0
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable()
.oauth2Login()
.userInfoEndpoint()
.userService(customOAuth2UserService)
.and()
.authorizeRequests()
.antMatchers("/*").permitAll()
.and()
.logout()
.logoutUrl("/logout")
.logoutSuccessUrl("/")
.and()
.successHandler(new SuccessHandler());
}
因为下面的代码允许所有的 URL,导致 oauth2Login() 的代码无法被执行到。
.authorizeRequests()
.antMatchers("/*").permitAll()
英文:
Can you try changing the sequence like this in SecurityConfig.java:
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable()
.oauth2Login()
.userInfoEndpoint()
.userService(customOAuth2UserService)
.and()
.authorizeRequests()
.antMatchers("/*").permitAll()
.and()
.logout()
.logoutUrl("/logout")
.logoutSuccessUrl("/")
.and()
.successHandler(new SuccessHandler());
}
Because below code permits all URL and because of which oauth2Login() code is never reachable.
.authorizeRequests()
.antMatchers("/*").permitAll()
答案2
得分: 0
我使用的是Spring 3.1.0,遇到了相同的问题,但并未起作用,我的CustomOAuth2Service根本没有被调用。
英文:
I'm having the same issue using Spring 3.1.0 and it is not working, my CustomOAuth2Service is not called at all
专注分享java语言的经验与见解,让所有开发者获益!
评论