从 Spring security oauth2 client 自动配置中获取当前登录用户信息
方法一:在AuthenticationSuccessHandler
实现类中获取
- 缺点:获取用户信息后需要做跳转,底层框架并不会自动跳转回未授权之前访问的页面
package com.lee.demo.handler;
import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.Authentication;
import org.springframework.security.oauth2.core.user.OAuth2User;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.stereotype.Component;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
@Slf4j
@Component
public class Oauth2AuthenticationSuccessHandler implements AuthenticationSuccessHandler {
@Autowired
public Oauth2AuthenticationSuccessHandler() {
}
@Override
public void onAuthenticationSuccess(HttpServletRequest request,
HttpServletResponse response,
Authentication authentication) throws IOException {
OAuth2User oAuth2User = (OAuth2User) authentication.getPrincipal();
if (oAuth2User != null) {
log.info(oAuth2User.toString());
}
response.sendRedirect("/index");
}
}
方法二:在controller中获取
- 这里就可以不用配置
AuthenticationSuccessHandler
package com.lee.demo.configurations;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
@Configuration
public class OAuth2SecurityConfiguration extends WebSecurityConfigurerAdapter {
// @Autowired
// private Oauth2AuthenticationSuccessHandler oauth2AuthenticationSuccessHandler;
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.anyRequest().authenticated()
.and()
.oauth2Login()
.redirectionEndpoint()
.baseUri("/oauth2/callback")
// .and()
// .successHandler(oauth2AuthenticationSuccessHandler)
;
}
}
- 直接访问
/info
时框架会自动注入 Authentication
,从中便可获取 - 或者直接访问
user
,框架会自动注入user
,从中也可获取 - 不用帮前端做跳转,前后端分离更加彻底
package com.lee.demo.controller;
import com.lee.demo.model.UserInfoDTO;
import lombok.extern.slf4j.Slf4j;
import org.springframework.security.core.Authentication;
import org.springframework.security.oauth2.client.OAuth2AuthorizedClient;
import org.springframework.security.oauth2.client.annotation.RegisteredOAuth2AuthorizedClient;
import org.springframework.security.oauth2.core.user.OAuth2User;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RestController;
@Slf4j
@RestController
public class HelloController {
// 用 "/login" 路径有问题
@GetMapping("/info")
public UserInfoDTO info(Authentication authentication) {
OAuth2User oAuth2User = (OAuth2User) authentication.getPrincipal();
UserInfoDTO userInfoDTO = new UserInfoDTO();
userInfoDTO.setId((Integer) oAuth2User.getAttributes().get("id"));
userInfoDTO.setLogin((String) oAuth2User.getAttributes().get("login"));
userInfoDTO.setAvatar_url((String) oAuth2User.getAttributes().get("avatar_url"));
return userInfoDTO;
}
@GetMapping("/user")
public Principal user(Principal principal) {
return principal;
}
}
{
"id": 48xxxx8,
"login": "zxxx1",
"avatar_url": "https://avatars3.githubusercontent.com/u/4xxxx28?v=4"
}