我正在尝试从第三方SSO服务器获取JWT令牌。它在第一个授权请求中需要一个附加参数,例如
https://[third-party-sso-server]/oauth2/authorize?client_id=[my-client-id]&redirect_uri=http://localhost:8080/login&response_type=code&state=[state-value]
但Spring Security有标准的重定向URI:
package hello;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.cloud.netflix.zuul.EnableZuulProxy;
import org.springframework.context.annotation.Bean;
import hello.filters.pre.SimpleFilter;
import org.springframework.boot.autoconfigure.security.oauth2.resource.UserInfoTokenServices;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableOAuth2Client;
import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
import javax.servlet.Filter;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.security.oauth2.resource.ResourceServerProperties;
import org.springframework.boot.context.properties.ConfigurationProperties;
import org.springframework.security.oauth2.client.OAuth2ClientContext;
import org.springframework.security.oauth2.client.OAuth2RestTemplate;
import org.springframework.security.oauth2.client.token.grant.code.AuthorizationCodeResourceDetails;
@SpringBootApplication
@EnableZuulProxy
@EnableOAuth2Client
public class GatewayApplication extends WebSecurityConfigurerAdapter
{
@Autowired
OAuth2ClientContext oauth2ClientContext;
public static void main(String[] args) {
SpringApplication.run(GatewayApplication.class, args);
}
@Bean
public SimpleFilter simpleFilter() {
return new SimpleFilter();
}
private Filter ssoFilter() {
OAuth2ClientAuthenticationProcessingFilter customFilter = new OAuth2ClientAuthenticationProcessingFilter("/login");
OAuth2RestTemplate customTemplate = new OAuth2RestTemplate(thirdPartySso(), oauth2ClientContext);
customFilter.setRestTemplate(customTemplate);
customFilter.setTokenServices(new UserInfoTokenServices(myResource().getUserInfoUri(), thirdPartySso().getClientId()));
return customFilter;
}
@Bean
@ConfigurationProperties("security.oauth2.client")
public AuthorizationCodeResourceDetails thirdPartySso() {
return new AuthorizationCodeResourceDetails();
}
@Bean
@ConfigurationProperties("security.oauth2.resource")
public ResourceServerProperties myResource() {
return new ResourceServerProperties();
}
@Override
public void configure(HttpSecurity http) throws Exception {
// It doesn't work
//http.headers().addHeaderWriter(new StaticHeadersWriter("Location","new location"));
http.antMatcher("/**").addFilterBefore(ssoFilter(), BasicAuthenticationFilter.class)
.authorizeRequests().antMatchers("/").authenticated();
}
}
所以我不能使用任何过滤器或HeaderWriter添加此附加参数。我无法使用DefaultRedirectStrategy类更改重定向策略。
我的代码基于本教程https://spring.io/guides/tutorials/spring-boot-oauth2/#_social_login_manual
`
Spring Boot configuration file:
server:
port: 8090
zuul:
routes :
admin :
path: /api/admin/**
url : http://localhost:2222/admin
security:
oauth2:
client:
clientId: [clientid]
clientSecret: [secret]
accessTokenUri: https://[third-party-uri]/oauth2/token
userAuthorizationUri: https://[third-party-uri]/adfs/oauth2/authorize
useCurrentUri : false
tokenName: accessToken
authenticationScheme: query
clientAuthenticationScheme: form
resource:
userInfoUri: http://localhost:5555/oauth2/token
spring:
application:
name: zuul-server
ribbon:
eureka:
enabled: false
http://teamcity.jetbrains.com/app/rest/buildTypes?locator=affectedProject:(id:TeamCityPluginsByJetBrains)&fields=buildType(id,name,builds($locator(running:false,canceled:false,count:1),build(number,status,statusText)))
`
答案 0 :(得分:1)
我刚刚通过添加额外的过滤器修改了问题,并更改了默认的重定向策略
`
...
@Override
public void configure(HttpSecurity http) throws Exception {
http.antMatcher("/**").addFilterBefore(ssoFilter(), BasicAuthenticationFilter.class).addFilterAfter(oAuth2ClientContextFilterFilter(), SecurityContextPersistenceFilter.class)
.authorizeRequests().antMatchers("/").authenticated();
}
public Filter oAuth2ClientContextFilterFilter()
{
OAuth2ClientContextFilter filter = new OAuth2ClientContextFilter();
filter.setRedirectStrategy(new CustomRedirectStrategy());
return filter;
}
...
public class CustomRedirectStrategy extends DefaultRedirectStrategy {
@Override
public void sendRedirect(HttpServletRequest request, HttpServletResponse response, String url) throws IOException {
super.sendRedirect(request, response, url+"&additional_param=value");
}
}
`