Question

我是Spring安全新手，并使用过jhipster，我在其中配置了基于db和LDAP的身份验证。现在我使用@enableOAuthSso将其与OAuth客户端集成。我可以使用外部OAuth Idp（Okta）进行身份验证，它正在重定向到我的应用程序，我的原则正在更新，我可以通过休息访问资源。但是我的userDetails对象没有被填充。

@Inject
public void configureGlobal(AuthenticationManagerBuilder auth) {
    try {

        auth
            .userDetailsService(userDetailsService)
            .passwordEncoder(passwordEncoder());

        auth
            .ldapAuthentication()
            .ldapAuthoritiesPopulator(ldapAuthoritiesPopulator)
            .userDnPatterns("uid={0},ou=people")
            .userDetailsContextMapper(ldapUserDetailsContextMapper)
            .contextSource(getLDAPContextSource());

    } catch (Exception e) {
        throw new BeanInitializationException("Security configuration failed", e);
    }
}

我已经检查了它失败的地方并找到了以下

public static String getCurrentUserLogin() {
    SecurityContext securityContext = SecurityContextHolder.getContext();
    Authentication authentication = securityContext.getAuthentication();
    String userName = null;
    if (authentication != null) {
        log.info("authentication is not null");
        if (authentication.getPrincipal() instanceof UserDetails) { //failing here
            log.info("principle is instance of userdetails");
            UserDetails springSecurityUser = (UserDetails) authentication.getPrincipal();
            log.info(springSecurityUser.getUsername());
            userName = springSecurityUser.getUsername();
        } else if (authentication.getPrincipal() instanceof String) {
            userName = (String) authentication.getPrincipal();
        }
    }
    return userName;
}

它失败了

if(authentication.getPrincipal() instanceof UserDetails)

处理此更新用户详细信息对象的可行方法和最佳方法是什么。

更新

@Transactional(readOnly = true)
public User getUserWithAuthorities() {
    log.info("======inside getUserWithAuthorities =================");
    log.info("current user is :::::::"+SecurityUtils.getCurrentUserLogin());
    Optional<User> optionalUser = userRepository.findOneByLogin(SecurityUtils.getCurrentUserLogin());
    User user = null;
    if (optionalUser.isPresent()) {
        user = optionalUser.get();
        user.getAuthorities().size(); // eagerly load the association
    }
    return user;
}

它试图从db中获取用户。但是用户不在数据库中

Answer 1

与the LDAP tip类似，我会重新提出创建一个OktaUserDetails类并转换主体。然后，您可以保持大多数身份验证代码相同。下面是LDAP代码示例，OktaUserDetails的格式取决于JSON响应

} else if (authentication.getPrincipal() instanceof LdapUserDetails) {
    LdapUserDetails ldapUser = (LdapUserDetails) authentication.getPrincipal();
    return ldapUser.getUsername();
}

要保存从Oauth2资源收到的信息，请在SecurityConfiguration中声明PrincipalExtractor Bean。这使您可以自定义方式解析响应。一个基本的例子如下（source）。

@Bean
public PrincipalExtractor principalExtractor(UserRepository userRepository) {
    return map -> {
        String principalId = (String) map.get("id");
        User user = userRepository.findByPrincipalId(principalId);
        if (user == null) {
            LOGGER.info("No user found, generating profile for {}", principalId);
            user = new User();
            user.setPrincipalId(principalId);
            user.setCreated(LocalDateTime.now());
            user.setEmail((String) map.get("email"));
            user.setFullName((String) map.get("name"));
            user.setPhoto((String) map.get("picture"));
            user.setLoginType(UserLoginType.GOOGLE);
            user.setLastLogin(LocalDateTime.now());
        } else {
            user.setLastLogin(LocalDateTime.now());
        }
        userRepository.save(user);
        return user;
    };
}

OAuth2用户详细说明不在Spring安全性中更新（SpringBoot）

1 个答案: