【发布时间】:2017-04-24 20:10:04
【问题描述】:
我正在尝试从第三方 SSO 服务器获取 JWT 令牌。在第一次授权请求中需要一个额外的参数,例如
https://[third-party-sso-server]/oauth2/authorize?client_id=[my-client-id]&redirect_uri=http://localhost:8080/login&response_type=code&additional_param=[value]
但是 Spring Security 有标准的重定向 URI:
https://[third-party-sso-server]/oauth2/authorize?client_id=[my-client-id]&redirect_uri=http://localhost:8080/login&response_type=code&state=[state-value]
所以我不能使用任何过滤器或 HeaderWriter 添加这个附加参数。而且我无法使用 DefaultRedirectStrategy 类更改重定向策略。
我的代码基于本教程https://spring.io/guides/tutorials/spring-boot-oauth2/#_social_login_manual
`
package hello;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.cloud.netflix.zuul.EnableZuulProxy;
import org.springframework.context.annotation.Bean;
import hello.filters.pre.SimpleFilter;
import org.springframework.boot.autoconfigure.security.oauth2.resource.UserInfoTokenServices;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableOAuth2Client;
import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
import javax.servlet.Filter;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.security.oauth2.resource.ResourceServerProperties;
import org.springframework.boot.context.properties.ConfigurationProperties;
import org.springframework.security.oauth2.client.OAuth2ClientContext;
import org.springframework.security.oauth2.client.OAuth2RestTemplate;
import org.springframework.security.oauth2.client.token.grant.code.AuthorizationCodeResourceDetails;
@SpringBootApplication
@EnableZuulProxy
@EnableOAuth2Client
public class GatewayApplication extends WebSecurityConfigurerAdapter
{
@Autowired
OAuth2ClientContext oauth2ClientContext;
public static void main(String[] args) {
SpringApplication.run(GatewayApplication.class, args);
}
@Bean
public SimpleFilter simpleFilter() {
return new SimpleFilter();
}
private Filter ssoFilter() {
OAuth2ClientAuthenticationProcessingFilter customFilter = new OAuth2ClientAuthenticationProcessingFilter("/login");
OAuth2RestTemplate customTemplate = new OAuth2RestTemplate(thirdPartySso(), oauth2ClientContext);
customFilter.setRestTemplate(customTemplate);
customFilter.setTokenServices(new UserInfoTokenServices(myResource().getUserInfoUri(), thirdPartySso().getClientId()));
return customFilter;
}
@Bean
@ConfigurationProperties("security.oauth2.client")
public AuthorizationCodeResourceDetails thirdPartySso() {
return new AuthorizationCodeResourceDetails();
}
@Bean
@ConfigurationProperties("security.oauth2.resource")
public ResourceServerProperties myResource() {
return new ResourceServerProperties();
}
@Override
public void configure(HttpSecurity http) throws Exception {
// It doesn't work
//http.headers().addHeaderWriter(new StaticHeadersWriter("Location","new location"));
http.antMatcher("/**").addFilterBefore(ssoFilter(), BasicAuthenticationFilter.class)
.authorizeRequests().antMatchers("/").authenticated();
}
}
Spring Boot configuration file:
server:
port: 8090
zuul:
routes :
admin :
path: /api/admin/**
url : http://localhost:2222/admin
security:
oauth2:
client:
clientId: [clientid]
clientSecret: [secret]
accessTokenUri: https://[third-party-uri]/oauth2/token
userAuthorizationUri: https://[third-party-uri]/adfs/oauth2/authorize
useCurrentUri : false
tokenName: accessToken
authenticationScheme: query
clientAuthenticationScheme: form
resource:
userInfoUri: http://localhost:5555/oauth2/token
spring:
application:
name: zuul-server
ribbon:
eureka:
enabled: false
`
【问题讨论】:
标签: spring-security oauth-2.0 single-sign-on netflix-zuul