2. 程式人生 > >如何使用Google作為認證方配置Spring Boot 2 Security5整合的OAuth2登入我們自己的工程專案------範例1

如何使用Google作為認證方配置Spring Boot 2 Security5整合的OAuth2登入我們自己的工程專案------範例1

阿新 發佈:2019-01-22

Google客戶端授權生成client-id和client-secret我們需要登入以下地址
https://console.developers.google.com

第1部分:

範例工程專案結構如下:

Enabling OAuth 2 login

Suppose that you want to enable users of your application to be able to sign in with Google. With Spring Security 5, it couldn’t be any easier. All you need to do is add Spring Security’s OAuth 2 client support to your project’s build and then configure your application’s Google credentials.

First, add the Spring Security OAuth 2 client library to your Spring Boot project’s build, along with the Spring Security starter dependency:

		<dependency>
			<groupId>org.springframework.boot</groupId>
			<artifactId>spring-boot-starter-security</artifactId>
		</dependency>
		<dependency>
			<groupId>org.springframework.security</groupId>
			<artifactId>spring-security-oauth2-client</artifactId>
		</dependency>

/opt/coding/spring-boot2-oauth2-security5/src/main/java/com/contoso/Application.java

package com.contoso;

import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;

@SpringBootApplication
public class Application {

	public static void main(String[] args) {
		SpringApplication.run(Application.class, args);
	}
}

/opt/coding/spring-boot2-oauth2-security5/src/main/java/com/contoso/api/OAuth2Controller.java

package com.contoso.api;

import java.util.Collections;
import java.util.Map;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpHeaders;
import org.springframework.security.oauth2.client.OAuth2AuthorizedClient;
import org.springframework.security.oauth2.client.OAuth2AuthorizedClientService;
import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken;
import org.springframework.security.oauth2.core.OAuth2AccessToken;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.util.StringUtils;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.reactive.function.client.ClientRequest;
import org.springframework.web.reactive.function.client.ExchangeFilterFunction;
import org.springframework.web.reactive.function.client.WebClient;

import reactor.core.publisher.Mono;

@Controller
public class OAuth2Controller {

	@Autowired
	private OAuth2AuthorizedClientService authorizedClientService;
	
	@RequestMapping("/")
	public String index(Model model, OAuth2AuthenticationToken authentication) {
		OAuth2AuthorizedClient authorizedClient = this.getAuthorizedClient(authentication);
		model.addAttribute("userName", authentication.getName());
		model.addAttribute("clientName", authorizedClient.getClientRegistration().getClientName());
		return "index";
	}

	private OAuth2AuthorizedClient getAuthorizedClient(OAuth2AuthenticationToken authentication) {
		return this.authorizedClientService.loadAuthorizedClient(
			authentication.getAuthorizedClientRegistrationId(), authentication.getName());
    }
	
	@RequestMapping("/userinfo")
	public String userinfo(Model model,OAuth2AuthenticationToken authentication) {
		// authentication.getAuthorizedClientRegistrationId() returns the
		// registrationId of the Client that was authorized during the Login flow
		OAuth2AuthorizedClient authorizedClient =
			this.authorizedClientService.loadAuthorizedClient(
				authentication.getAuthorizedClientRegistrationId(),authentication.getName());
		OAuth2AccessToken accessToken = authorizedClient.getAccessToken();
		System.out.println(accessToken.getTokenValue());
		Map userAttributes = Collections.emptyMap();
		String userInfoEndpointUri = authorizedClient.getClientRegistration()
			.getProviderDetails().getUserInfoEndpoint().getUri();
		if (!StringUtils.isEmpty(userInfoEndpointUri)) {// userInfoEndpointUri is optional for OIDC Clients
			userAttributes = WebClient.builder()
				.filter(oauth2Credentials(authorizedClient))
				.build().get().uri(userInfoEndpointUri).retrieve().bodyToMono(Map.class).block();
		}
		model.addAttribute("userAttributes", userAttributes);
		return "userinfo";
	}
	
	private ExchangeFilterFunction oauth2Credentials(OAuth2AuthorizedClient authorizedClient) {
		return ExchangeFilterFunction.ofRequestProcessor(
			clientRequest -> {
			ClientRequest authorizedRequest = ClientRequest.from(clientRequest)
			.header(HttpHeaders.AUTHORIZATION, "Bearer " + 
			authorizedClient.getAccessToken().getTokenValue()).build();
			return Mono.just(authorizedRequest);
		});
    }
}

/opt/coding/spring-boot2-oauth2-security5/src/main/java/com/contoso/config/OAuth2LoginConfig.java

package com.contoso.config;

import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

@Configuration
public class OAuth2LoginConfig {

	@EnableWebSecurity
	public static class OAuth2LoginSecurityConfig extends WebSecurityConfigurerAdapter {

		@Override
		protected void configure(HttpSecurity http) throws Exception {
			http
				.authorizeRequests()
				.anyRequest().authenticated()
				.and()
				.oauth2Login();
		}
	}

}

application.yml

server:
  port: 8080

logging:
  level:
    root: INFO
    org.springframework.web: INFO
    org.springframework.security: INFO
#    org.springframework.boot.autoconfigure: DEBUG

spring:
  thymeleaf:
    cache: false
  security:
    oauth2:
      client:
        registration:
          google:
            client-id: 212269349981-v8oa5coeuali2tufmh0nm41q9k6geet7.apps.googleusercontent.com
            client-secret: CqLWmSzFg83Jj-MyAtRVkUH6
            client-authentication-method: basic
            authorization-grant-type: authorization_code
            redirect-uri-template: "{baseUrl}/login/oauth2/code/{registrationId}"
            scope: openid, profile, email, address, phone
            client-name: Google Login
        provider: 
          google:   
            authorization-uri: https://accounts.google.com/o/oauth2/v2/auth
            token-uri: https://www.googleapis.com/oauth2/v4/token
            user-info-uri: https://www.googleapis.com/oauth2/v3/userinfo
            jwk-set-uri: https://www.googleapis.com/oauth2/v3/certs
            user-name-attribute: sub

index.html

<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:th="http://www.thymeleaf.org" xmlns:sec="http://www.thymeleaf.org/thymeleaf-extras-springsecurity4">
<head>
	<title>Spring Security - OAuth2 Login</title>
	<meta charset="utf-8" />
</head>
<body>
<div style="float: right" th:fragment="logout" sec:authorize="isAuthenticated()">
	<div style="float:left">
		<span style="font-weight:bold">User: </span><span sec:authentication="name"></span>
	</div>
	<div style="float:none">&nbsp;</div>
	<div style="float:right">
		<form action="#" th:action="@{/logout}" method="post">
			<input type="submit" value="Logout" />
		</form>
	</div>
</div>
<h1>OAuth2 Login with Spring Security</h1>
<div>
	You are successfully logged in <span style="font-weight:bold" th:text="${userName}"></span>
	via the OAuth2 Client <span style="font-weight:bold" th:text="${clientName}"></span>
</div>
<div>&nbsp;</div>
<div>
	<a href="/userinfo" th:href="@{/userinfo}">Display User Information</a>
</div>
</body>
</html>

userinfo.html

<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:th="http://www.thymeleaf.org" 
xmlns:sec="http://www.thymeleaf.org/thymeleaf-extras-springsecurity4">
<head>
	<title>Spring Security - OAuth2 User Information</title>
	<meta charset="utf-8" />
</head>
<body>
<div th:substituteby="index::logout"></div>
<h1>OAuth2 User Information</h1>
<div>
	<span style="font-weight:bold">User Attributes:</span>
	<ul>
		<li th:each="userAttribute : ${userAttributes}">
			<span style="font-weight:bold" th:text="${userAttribute.key}"></span>: 
			<span th:text="${userAttribute.value}"></span>
		</li>
	</ul>
</div>
</body>
</html>

pom.xml

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
	<modelVersion>4.0.0</modelVersion>

	<groupId>com.contoso</groupId>
	<artifactId>spring-boot2-oauth2-security5</artifactId>
	<version>0.0.1-SNAPSHOT</version>
	<packaging>jar</packaging>

	<name>spring-boot2-oauth2-security5</name>
	<description>Demo project for Spring Boot</description>

	<parent>
		<groupId>org.springframework.boot</groupId>
		<artifactId>spring-boot-starter-parent</artifactId>
		<version>2.0.4.RELEASE</version>
		<relativePath /> <!-- lookup parent from repository -->
	</parent>

	<properties>
		<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
		<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
		<java.version>1.8</java.version>
	</properties>

	<dependencies>
		<dependency>
			<groupId>org.springframework.boot</groupId>
			<artifactId>spring-boot-starter-thymeleaf</artifactId>
		</dependency>
		<dependency>
			<groupId>org.thymeleaf.extras</groupId>
			<artifactId>thymeleaf-extras-springsecurity4</artifactId>
		</dependency>
		<dependency>
			<groupId>org.springframework.boot</groupId>
			<artifactId>spring-boot-starter-web</artifactId>
		</dependency>
		<dependency>
			<groupId>org.springframework.boot</groupId>
			<artifactId>spring-boot-starter-webflux</artifactId>
		</dependency>
		<dependency>
			<groupId>org.springframework.boot</groupId>
			<artifactId>spring-boot-starter-security</artifactId>
		</dependency>
		<dependency>
			<groupId>org.springframework.security</groupId>
			<artifactId>spring-security-oauth2-client</artifactId>
		</dependency>
		<dependency>
			<groupId>org.springframework.security</groupId>
			<artifactId>spring-security-oauth2-jose</artifactId>
		</dependency>
		<dependency>
			<groupId>org.springframework.boot</groupId>
			<artifactId>spring-boot-starter-test</artifactId>
			<scope>test</scope>
		</dependency>
		<dependency>
			<groupId>io.projectreactor</groupId>
			<artifactId>reactor-test</artifactId>
			<scope>test</scope>
		</dependency>
		<dependency>
			<groupId>org.springframework.security</groupId>
			<artifactId>spring-security-test</artifactId>
			<scope>test</scope>
		</dependency>
	</dependencies>

	<build>
		<plugins>
			<plugin>
				<groupId>org.springframework.boot</groupId>
				<artifactId>spring-boot-maven-plugin</artifactId>
			</plugin>
		</plugins>
	</build>

	<pluginRepositories>
		<pluginRepository>
			<id>spring-snapshots</id>
			<name>Spring Snapshots</name>
			<url>https://repo.spring.io/snapshot</url>
			<snapshots>
				<enabled>true</enabled>
			</snapshots>
		</pluginRepository>
		<pluginRepository>
			<id>spring-milestones</id>
			<name>Spring Milestones</name>
			<url>https://repo.spring.io/milestone</url>
			<snapshots>
				<enabled>false</enabled>
			</snapshots>
		</pluginRepository>
	</pluginRepositories>

</project>

第2部分:

只保留application.yml以下部分使用同樣的方式登入,一樣可以獲得Google上註冊時填寫的個人資訊

第3部分:

使用Java程式碼替代application.yml配置檔案方式實現同樣的效果,application.yml配置檔案內容如下:

server:
  port: 8080

logging:
  level:
    root: INFO
    org.springframework.web: INFO
    org.springframework.security: INFO
#    org.springframework.boot.autoconfigure: DEBUG

spring:
  thymeleaf:
    cache: false

/opt/coding/spring-boot2-oauth2-security5/src/main/java/com/contoso/config/OAuth2LoginConfig.java

package com.contoso.config;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.oauth2.client.registration.ClientRegistration;
import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
import org.springframework.security.oauth2.client.registration.InMemoryClientRegistrationRepository;
import org.springframework.security.oauth2.core.AuthorizationGrantType;
import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
import org.springframework.security.oauth2.core.oidc.IdTokenClaimNames;

@Configuration
public class OAuth2LoginConfig {

	@EnableWebSecurity
	public static class OAuth2LoginSecurityConfig extends WebSecurityConfigurerAdapter {

		@Override
		protected void configure(HttpSecurity http) throws Exception {
			http
				.authorizeRequests()
				.anyRequest().authenticated()
				.and()
				.oauth2Login();
		}
	}
	

	@Bean
	public ClientRegistrationRepository clientRegistrationRepository() {
		return new InMemoryClientRegistrationRepository(this.googleClientRegistration());
	}
	
	private ClientRegistration googleClientRegistration() {
		return ClientRegistration.withRegistrationId("google")
			.clientId("212269349981-v8oa5coeuali2tufmh0nm41q9k6geet7.apps.googleusercontent.com")
			.clientSecret("CqLWmSzFg83Jj-MyAtRVkUH6")
			.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
			.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
			.redirectUriTemplate("{baseUrl}/login/oauth2/code/{registrationId}")
			.scope("openid", "profile", "email", "address", "phone")
			.authorizationUri("https://accounts.google.com/o/oauth2/v2/auth")
			.tokenUri("https://www.googleapis.com/oauth2/v4/token")
			.userInfoUri("https://www.googleapis.com/oauth2/v3/userinfo")
			.userNameAttributeName(IdTokenClaimNames.SUB)
			.jwkSetUri("https://www.googleapis.com/oauth2/v3/certs")
			.clientName("Google Login")
			.build();
	}

}

相關推薦

如何使用Google作為認證配置Spring Boot 2 Security5整合OAuth2登入我們自己工程專案------範例1

Google客戶端授權生成client-id和client-secret我們需要登入以下地址 https://console.developers.google.com 第1部分: 範例工程專案結構如下: Enabling OAuth 2 login Supp

Spring Boot 2.0 整合攜程Apollo配置中心

Apollo(阿波羅)是攜程框架部門研發的分散式配置中心,能夠集中化管理應用不同環境、不同叢集的配置,配置修改後能夠實時推送到應用端,並且具備規範的許可權、流程治理等特性,適用於微服務配置管理場景。 服務端基於Spring Boot和Spring Cloud開發,打包後可以直接執行,不需

Spring Boot 2.0 整合Thymeleaf 模板引擎

reporting 配置信息 name www. title 建模 type 引擎 suffix 本節將和大家一起實戰Spring Boot 2.0 和thymeleaf 模板引擎 1. 創建項目 2. 使用Spring Initlizr 快速創建Spring Boot

從零實現 Spring Boot 2.0 整合 weixin-java-mp(weixin-java-tools) 獲取 openId,用於微信授權

步驟: 一、內網穿透申請二級域名(有伺服器和域名者可略過) 二、申請微信公眾平臺測試號(有已認證的微信服務號者可略過) 三、搭建 Spring Boot 2.0 專案實現獲取openId 一、內網穿透: 因為要直接用內網本機開發除錯,微信網頁授權在回撥時要訪問本機,所以直接

spring-boot 2.0 整合 dubbo

spring-boot 2.0 整合 dubbo 新增如下依賴,需要執行 zookeeper <dependencies> <!-- Spring Boot Dubbo 依賴 --> <dependency> &

Spring Boot 2.0 整合 Mybatis

Spring Boot 2.0 整合 Mybatis分為兩種模式。一種是XML配置,一種是註解。 一、XML配置方式整合 1.1 依賴檔案 <?xml version="1.0" encoding="UTF-8"?> <project xmlns="http:/

spring boot 2.X整合spring security和spring oauth

​ 網上有很多該系列的教程,但是很多都是spring boot1.x,很少看見關於spring boot 2.0 .本人是打算做個spring cloud的web程式,這個整合我就是放在zuul上,類似於做了個閘道器的鑑權吧。。 國際通用案例

Spring Boot 2.x整合Redis

最近在學習Spring Boot 2.x整合Redis,在這裡和大家分享一下,希望對大家有幫助。 Redis是什麼 Redis 是開源免費高效能的key-value資料庫。有以下的優勢(源於Redis官網http://www.redis.net.cn/): 效能極高 

Spring Boot 2.x 整合Spring Data JPA 教程(上卷)

當你看到了我這篇博文,那麼我想你應該已經知道 Spring Data JPA 在如今的網際網路開發中使用非常頻繁。 所以今天這篇博文主要探討學習Spring Boot 2.x 中如何整合Spring Data JPA. 在寫程式碼之前,請讓我們帶著這三個問題去學習。

Spring Boot 2.0+整合Eureka+Ribbon+Config+Feign+Zuul+Hystrix+ActiveMq等

基於Spring Boot 2.0+ 簡介 一個簡單的Spring Cloud基礎框架,整合config/Eureka/Hystrix/ActiveMQ等元件 工程介紹 工程 埠 描述 cloud

四、spring boot 2.x 整合 swagger

1、引入swagger maven依賴 <dependency> <groupId>io.springfox</groupId> <artif

十四、spring boot 2.x 整合 jpa 進階

本文主要針對jpa常見的用法進行演示講解,主要包括JPA常見的查詢、分頁查詢、HQL操作、SQL操作等幾個方面。 1、JPA支援的常用的查詢 /** * And查詢 等價於SQL中的and<br> */ List<

十六、spring boot 2.x 整合 activemq

一、安裝activemq 根據你的作業系統選擇不同的檔案下載到本地,解壓後進入bin 目錄,執行./activemq  start命令啟動activemq,然後在位址列輸入:http://127.0.0.1:8161 進入activemq網頁 點選Mana

3、Spring Boot 2.x整合Mybatis並且實現單表的增刪除改查

上一篇建立了一個最簡單的Spring Boot 2.x專案,算是有了一個初步的認識。 這一篇我們在上一篇專案的基礎上,實現以下目標: 1、專案中整合Mybatis Generator進行mapper相關檔案的自動生成; 2、整合Mybatis連線資料庫並且實現單表的增刪

spring boot 2.0整合activemq時遇到的錯誤

雖然我在網上看到別人都是這麼寫的,也成功了。 但是我卻老是報錯,報注入jmsTemplate失敗,我就決定手動註冊jmsTemplate,發現我下的maven包裡竟然沒有ActiveMQConnectionFactory這個類。 於是,我只能新增apache包。

spring-boot(八) springboot整合shiro-登入認證和許可權管理

Apache Shiro What is Apache Shiro? Apache Shiro是一個功能強大、靈活的,開源的安全框架。它可以乾淨利落地處理身份驗證、授權、企業會話管理和加密。 Apache Shiro的首要目標是易於使用和理解。安全通常很複雜,甚至讓人感到很痛苦,但是Shiro卻不是

spring boot 2.0 整合 elasticsearch NoNodeAvailableException

true color art tail com node ica clust elastic 原文地址:spring boot 2.0 整合 elasticsearch NoNodeAvailableException 原文說的有點問題,下面貼出我的配置: 碼雲項目地址:h

Spring Boot 2.0 整合日誌框架

一、前言 在Spring Boot的官方文件中,我們發現關於日誌的描述還是比較詳細的:https://docs.spring.io/spring-boot/docs/2.0.4.RELEASE/reference/htmlsingle/#boot-featur

spring boot 2.0 整合redis 完整程式碼

1.建立maven專案:2.pom.xml:<?xml version="1.0" encoding="UTF-8"?> <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http:/

spring boot 2.0+ 錯誤頁面配置

技術 conf 如何 AD inter ogg 存在 one ref 如果訪問了錯誤的路徑,或者後臺報錯 如果沒有一個統一的頁面! 或者說頁面上展示一堆報錯信息,既影響美觀,又對用戶不友好! 那麽如何配置? 定義 ErrorPageConfig,配置錯誤狀態與對應訪問