我很难找到最新的示例,因此希望能有所帮助。我有一个使用默认登录页面的简单oauth2login()。这样的配置非常简单:
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter{
@Override
public void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.and()
.oauth2Login();
}
我的RESTcontroller和RequestMapping
@RequestMapping("/*")
public String getGithub()
{
return "Welcome Github user!";
}
这是我的application.properties
spring.security.oauth2.client.registration.github.client-id=myclientid
spring.security.oauth2.client.registration.github.client-secret=mysecret
spring.security.oauth2.client.registration.github.scope=oidc
我了解到在新版本中,主体是自动配置的,所以我在控制器中尝试过。
@RequestMapping("/*")
public String getGithub(java.security.Principal user)
{
return "Welcome," + user.getName();
}
最终得到这个:Welcome,14137580
当我打印出toString()时,我得到了。
Welcome,org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken@c65573ba: Principal: Name: [14137580], Granted Authorities: [[ROLE_USER, SCOPE_oidc]], User Attributes: [{login=CatStevens, id=14137570, node_id=MDQ6VXNlcjE0MTM3NTuu, avatar_url=https://avatars0.githubusercontent.com/u/14137570?v=4, gravatar_id=, url=https://api.github.com/users/CatStevensl, html_url=https://github.com/CatStevens, followers_url=https://api.github.com/users/CatStevens/followers, following_url=https://api.github.com/users/CatStevens/following{/other_user}, gists_url=https://api.github.com/users/CatStevens/gists{/gist_id}, starred_url=https://api.github.com/users/CatStevens/starred{/owner}{/repo}, subscriptions_url=https://api.github.com/users/CatStevens/subscriptions, organizations_url=https://api.github.com/users/CatStevens/orgs, repos_url=https://api.github.com/users/CatStevens/repos, events_url=https://api.github.com/users/CatStevens/events{/privacy}, received_events_url=https://api.github.com/users/CatStevens/received_events, type=User, site_admin=false, name=Cat Stevens, company=null, blog=, location=null, email=null, hireable=null, bio=null, public_repos=16, public_gists=0, followers=3, following=1, created_at=2015-09-05T10:56:11Z, updated_at=2019-11-09T02:38:04Z}]; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: E22A05F6B6BEE589F9ED7D57BC3900DD; Granted Authorities: ROLE_USER, SCOPE_oidc
关于如何从Github的OIDC配置文件范围中隔离名称(小写)的任何想法?另外,为什么添加个人资料和电子邮件时无法编译?
这只是一个简单的客户端Spring Boot Web应用程序,具有Github的OAuth 2.0和OIDC。
我可以使用2.2.0版本中使用默认配置最直接的方法是从id_token提取名称并将其添加到我的RequestMapping中,这样它说“你好,从id_token提取的用户名”
旁注:我一直看到自定义项,我只想在OAuth2上使用默认配置,但我也必须使用OIDC。我是否需要在内存中添加ClientRegistration?我所看到的只是EnableOauth2SSO / Principal示例,并且我不想回到该版本。
您可以使用类似的方法来检索id_token和所需的其他详细信息。
@RequestMapping(value = "/name", method = RequestMethod.GET)
@ResponseBody
public String getName(Authentication authentication, Principal principal) {
System.out.println(authentication.getName());
System.out.println(principal.getName());
return authentication.getName();
}
参考:https://www.baeldung.com/get-user-in-spring-security
我的使用aws-cognito的示例项目:https://github.com/h-hub/aws-cognito-spring