【问题标题】:How to implement about getting current user information from server when using spring security while i access user information from android client如何在我从android客户端访问用户信息时使用spring security从服务器获取当前用户信息
【发布时间】:2017-03-30 06:55:01
【问题描述】:

这是我登录后返回的JSON:

{
"access_token":"41208e01a-f26c-4167-9fc9-d16730022056",
 "token_type": "bearer",
 "refresh_token": "3808e00a-896c-8067-18c9-736730022032",
 "expires_in": 25348,
 "scope": "read write",
 "jti": "6f08e00a-d26c-4067-8fc9-c16730022028"
}

我想从android客户端使用这个url:https://localhost:8080/user/getuserinfo?access_token=41208e01a-f26c-4167-9fc9-d16730022056获取当前用户信息,我的意思是如何在服务器上实现需求,这是我的配置:how can i use spring security & oauth2 to realize the purpose about redirecting to different login pages when user use different terminal browser?

【问题讨论】:

    标签: java spring spring-security spring-security-oauth2


    【解决方案1】:

    我改变了我的spring SecurityConfig,这里用来处理一些authorizeUrls:

    @Configuration
    @Order(ManagementServerProperties.ACCESS_OVERRIDE_ORDER)
    @EnableGlobalMethodSecurity(securedEnabled = true)
    public class SecurityConfig extends GlobalAuthenticationConfigurerAdapter {
    @Override
    public void init(AuthenticationManagerBuilder auth) throws Exception {
    //doing jdbc Authentication
    }
    
    @Override
    public void configure(AuthenticationManagerBuilder auth) throws Exception {
    super.configure(auth);
    }
    @Configuration
    @Order(1)
    public static class ClientSecurityConfigurationAdapter extends
        WebSecurityConfigurerAdapter {
    @Override
    protected void configure(HttpSecurity http) throws Exception {
    http.antMatcher("/mobile/**")
      .formLogin().loginPage("/client/login")
      .loginProcessingUrl("/oauth/login")
      .successHandler(clientLoginSuccessHandler).permitAll()
      .and()
      .logout()
      .logoutSuccessHandler(clientLogoutSuccessHandler)
      .logoutUrl("/client/logout")
      .logoutSuccessUrl("/client/login")
      .invalidateHttpSession(true);
    }
    }
    @Configuration
    @Order(2)
    public static class WebSecurityConfigurerAdapter extends
        WebSecurityConfigurerAdapter {          
    @Override
    protected void configure(HttpSecurity http) throws Exception {
      http.regexMatcher("/((?!api).)*")
                .formLogin()
                .loginPage("/web/login")
                .loginProcessingUrl("/oauth/login")
                .successHandler(loginSuccessHandler)
                .permitAll()
                .and()
                .logout()
                .logoutSuccessHandler(logoutSuccessHandler)
                .logoutUrl("/web/logout")
                .logoutSuccessUrl("/web/login")
                .invalidateHttpSession(true);
      }
     }
    }
    

    并添加 ResourceServerConfig 用于处理令牌验证问题:

    @Configuration
    @EnableResourceServer
    public class ResourceServerConfig extends ResourceServerConfigurerAdapter {
    
    @Autowired
    TokenStore tokenStore;
    
    @Override
    public void configure(HttpSecurity http) throws Exception {
        http.requestMatchers().antMatchers("/api/**").//
                and().authorizeRequests().antMatchers("/api/**",).authenticated();
    }
    
    @Override
    public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
        resources.resourceId("openid").tokenStore(tokenStore);
    }
    
    
    }
    

    最后,构建一个带有请求头的请求

    "Authorization:Bearer <access_token>"
    

    【讨论】:

      猜你喜欢
      • 2011-01-30
      • 2013-04-03
      • 2012-02-28
      • 2014-10-27
      • 1970-01-01
      • 2021-12-05
      • 2017-12-22
      • 1970-01-01
      • 2021-12-11
      相关资源
      最近更新 更多