當前位置:
首頁 >
前端技术
> javascript
>内容正文
javascript
Spring Security OAuth2源码解析(三)——单点登录。
生活随笔
收集整理的這篇文章主要介紹了
Spring Security OAuth2源码解析(三)——单点登录。
小編覺得挺不錯的,現在分享給大家,幫大家做個參考.
引入
@EnableOAuth2Client @EnableConfigurationProperties(OAuth2SsoProperties.class) @Import({ OAuth2SsoDefaultConfiguration.class, OAuth2SsoCustomConfiguration.class,ResourceServerTokenServicesConfiguration.class }) public @interface EnableOAuth2Sso {}EnableOAuth2Sso注解引入了3個配置類:OAuth2SsoDefaultConfiguration,OAuth2SsoCustomConfiguration,ResourceServerTokenServicesConfiguration和一個屬性類OAuth2SsoProperties。
OAuth2SsoProperties?
OAuth2SsoProperties 主要用于設置單點登錄login path。
@ConfigurationProperties(prefix = "security.oauth2.sso") public class OAuth2SsoProperties {public static final String DEFAULT_LOGIN_PATH = "/login"; }ResourceServerTokenServicesConfiguration
ResourceServerTokenServicesConfiguration用于引入資源服務,token服務的配置信息。
OAuth2SsoDefaultConfiguration
OAuth2SsoDefaultConfiguration實現WebSecurityConfigurerAdapter。所有資源都需要驗證。
同時引入了配置SsoSecurityConfigurer。
@Overrideprotected void configure(HttpSecurity http) throws Exception {http.antMatcher("/**").authorizeRequests().anyRequest().authenticated();new SsoSecurityConfigurer(this.applicationContext).configure(http);}?SsoSecurityConfigurer
SsoSecurityConfigurer引入了OAuth2ClientAuthenticationProcessingFilter 。
@Overridepublic void configure(HttpSecurity builder) throws Exception {OAuth2ClientAuthenticationProcessingFilter ssoFilter = this.filter;ssoFilter.setSessionAuthenticationStrategy(builder.getSharedObject(SessionAuthenticationStrategy.class));builder.addFilterAfter(ssoFilter, AbstractPreAuthenticatedProcessingFilter.class);}OAuth2ClientAuthenticationProcessingFilter
OAuth2ClientAuthenticationProcessingFilter過濾器 其要完成的工作就是 通過獲取到的code碼調用 授權服務 /oauth/token 接口獲取 token 信息,并將獲取到的token 信息解析成 OAuth2Authentication 認證對象。
@Overridepublic Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response)throws AuthenticationException, IOException, ServletException {OAuth2AccessToken accessToken;try {accessToken = restTemplate.getAccessToken();} catch (OAuth2Exception e) {BadCredentialsException bad = new BadCredentialsException("Could not obtain access token", e);publish(new OAuth2AuthenticationFailureEvent(bad));throw bad; }try {OAuth2Authentication result = tokenServices.loadAuthentication(accessToken.getValue());if (authenticationDetailsSource!=null) {request.setAttribute(OAuth2AuthenticationDetails.ACCESS_TOKEN_VALUE, accessToken.getValue());request.setAttribute(OAuth2AuthenticationDetails.ACCESS_TOKEN_TYPE, accessToken.getTokenType());result.setDetails(authenticationDetailsSource.buildDetails(request));}publish(new AuthenticationSuccessEvent(result));return result;}catch (InvalidTokenException e) {BadCredentialsException bad = new BadCredentialsException("Could not obtain user details from token", e);publish(new OAuth2AuthenticationFailureEvent(bad));throw bad; }}OAuth2SsoCustomConfiguration
OAuth2SsoCustomConfiguration用于給ProxyFactory增加AOP
public Object postProcessAfterInitialization(Object bean, String beanName) throws BeansException {if (this.configType.isAssignableFrom(bean.getClass()) && bean instanceof WebSecurityConfigurerAdapter) {ProxyFactory factory = new ProxyFactory();factory.setTarget(bean);factory.addAdvice(new SsoSecurityAdapter(this.applicationContext));bean = factory.getProxy();}return bean;} private static class SsoSecurityAdapter implements MethodInterceptor {private SsoSecurityConfigurer configurer;SsoSecurityAdapter(ApplicationContext applicationContext) {this.configurer = new SsoSecurityConfigurer(applicationContext);}@Overridepublic Object invoke(MethodInvocation invocation) throws Throwable {if (invocation.getMethod().getName().equals("init")) {Method method = ReflectionUtils.findMethod(WebSecurityConfigurerAdapter.class, "getHttp");ReflectionUtils.makeAccessible(method);HttpSecurity http = (HttpSecurity) ReflectionUtils.invokeMethod(method, invocation.getThis());this.configurer.configure(http);}return invocation.proceed();}}總結
以上是生活随笔為你收集整理的Spring Security OAuth2源码解析(三)——单点登录。的全部內容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: Spring Security OAut
- 下一篇: Spring Boot Transact