spring-boot集成spring-security的oauth2如何實(shí)現github登錄
發(fā)布時(shí)間:2021-07-27 11:45
來(lái)源:億速云
閱讀:0
作者:小新
欄目: 編程語(yǔ)言
歡迎投稿:712375056
這篇文章主要為大家展示了“spring-boot集成spring-security的oauth2如何實(shí)現github登錄網(wǎng)站”�,內容簡(jiǎn)而易懂����,條理清晰���,希望能夠幫助大家解決疑惑�����,下面讓小編帶領(lǐng)大家一起研究并學(xué)習一下“spring-boot集成spring-security的oauth2如何實(shí)現github登錄網(wǎng)站”這篇文章吧�����。
引入依賴(lài)
<dependency>
<groupId>org.springframework.security.oauth</groupId>
<artifactId>spring-security-oauth3</artifactId>
</dependency>
添加配置
security:
oauth3:
client:
client-id:
client-secret:
accessTokenUri: https://github.com/login/oauth/access_token
userAuthorizationUri: https://github.com/login/oauth/authorize
clientAuthenticationScheme: form
registered-redirect-uri: ${site.baseUrl}/github_login
use-current-uri: false
resource:
userInfoUri: https://api.github.com/user
sso:
login-path: /github_login在啟動(dòng)類(lèi)上加上注解 @EnableOAuth3Sso 一個(gè)注解搞定一切
注意:
github上的申請應用�����,這里不多說(shuō)�����,要注意的是github上要填的回調地址是跟上面配置的 registered-redirect-uri 一樣的
加上 @EnableOAuth3Sso 注解后�,原來(lái)系統里配置的 /login 就默認成了oauth3登錄的路由了���,這里通過(guò)配置 security.oauth3.sso.login-path 更改了
保存登錄用戶(hù)
注解 @EnableOAuth3Sso 登錄成功了�����,會(huì )把用戶(hù)信息寫(xiě)入到內存���,還是跟session生命周期一樣的��,session沒(méi)了�����,它就沒(méi)了��, 所以既然登錄成功了��,就要保存到數據庫里�,而且也可以跟本地用戶(hù)做關(guān)聯(lián)�����,登錄成功了��,直接讀取用戶(hù)的權限信息
保存用戶(hù)登錄信息����,只要實(shí)現一個(gè)接口就可以了�����,在oauth3授權成功了����,它會(huì )回調這個(gè)接口的���,上代碼
這個(gè)類(lèi)放哪都可以����,只要能被spring管理就行
@Bean
public PrincipalExtractor principalExtractor() {
return map -> {
String login = map.get("login").toString();//github的登錄名
GithubUser githubUser = githubUserService.findByLogin(login);
User user;
if (githubUser == null) {
githubUser = new GithubUser();
githubUser = githubUserService.convert(map, githubUser);
//創(chuàng )建一個(gè)本地用戶(hù)
user = userService.findByUsername(login);
if (user == null) {
user = new User();
user.setUsername(login);
} else {
user.setUsername(login + "_" + githubUser.getGithubId());
}
user.setEmail(githubUser.getEmail());
user.setBio(githubUser.getBio());
user.setUrl(githubUser.getHtml_url());
user.setPassword(new BCryptPasswordEncoder().encode(StrUtil.randomString(16)));
user.setInTime(new Date());
user.setBlock(false);
user.setToken(UUID.randomUUID().toString());
user.setAvatar(githubUser.getAvatar_url());
user.setAttempts(0);
user.setScore(2000);// first register score 2000
user.setSpaceSize(siteConfig.getUserUploadSpaceSize());
user.setGithubUser(githubUser);
// set user's role
Role role = roleService.findById(3); // normal user
Set roles = new HashSet();
roles.add(role);
user.setRoles(roles);
userService.save(user);
} else {
githubUser = githubUserService.convert(map, githubUser);
user = githubUser.getUser();
githubUserService.save(githubUser);
}
//加載用戶(hù)的權限信息
return yiiuUserDetailService.loadUserByUsername(user.getUsername());
};
}上面 yiiuUserDetailService.loadUserByUsername(user.getUsername()) 這段代碼見(jiàn)下面���,就是spring-security的加載用戶(hù)權限代碼
@Service
public class YiiuUserDetailService implements UserDetailsService {
private Logger log = Logger.getLogger(YiiuUserDetailService.class);
@Autowired
private UserService userService;
@Autowired
private PermissionService permissionService;
public UserDetails loadUserByUsername(String username) {
User user = userService.findByUsername(username);
if (user != null) {
List<Permission> permissions = permissionService.findByAdminUserId(user.getId());
List<GrantedAuthority> grantedAuthorities = new ArrayList<>();
for (Permission permission : permissions) {
GrantedAuthority grantedAuthority = new SimpleGrantedAuthority(permission.getName());
grantedAuthorities.add(grantedAuthority);
}
return new org.springframework.security.core.userdetails.User(user.getUsername(), user.getPassword(),
true, true, true, !user.isBlock(), grantedAuthorities);
} else {
log.info("用戶(hù)" + username + " 不存在");
throw new UsernameNotFoundException("用戶(hù)名或密碼不正確");
}
}
}
