具有Spring Security 和自定义提供程序的oauth2不传递state参数

hiz5n14c  于 2021-07-13  发布在  Java
关注(0)|答案(0)|浏览(313)

尝试通过自定义oauth2提供程序授权时,“.redirectionendpoint()”中出现错误。这个自定义提供程序在url中不传递state param,只传递code param,我不知道还能怎么做。oauth2和google一起工作很好。
证券配置

@Override
    protected void configure(HttpSecurity http) throws Exception {
        http
                .cors()
                    .and()
                .sessionManagement()
                    .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
                    .and()
                .csrf()
                    .disable()
                .exceptionHandling()
                    .authenticationEntryPoint(unauthorizedHandler)
                    .and()
                .authorizeRequests()
                    {*nothing important*, this works fine*}
                .oauth2Login()
                    .authorizationEndpoint()
                        .baseUri("/api/oauth2/authorize")
                        .authorizationRequestRepository(cookieAuthorizationRequestRepository())
                        .and()
                    .redirectionEndpoint()
                        .baseUri("/api/oauth2/callback/*")
                        .and()
                    .userInfoEndpoint()
                        .userService(customOAuth2UserService)
                        .and()
                    .successHandler(oAuth2AuthenticationSuccessHandler)
                    .failureHandler(oAuth2AuthenticationFailureHandler);

        // Add our custom JWT security filter
        http.addFilterBefore(jwtAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class);

    }

来自org.springframework.security.oauth2.client.web包的oauth2loginauthenticationfilter

@Override
    public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response)
            throws AuthenticationException {

        MultiValueMap<String, String> params = OAuth2AuthorizationResponseUtils.toMultiMap(request.getParameterMap());
      **// in params just only code without state, therefore throwing exception**
        if (!OAuth2AuthorizationResponseUtils.isAuthorizationResponse(params)) {
            OAuth2Error oauth2Error = new OAuth2Error(OAuth2ErrorCodes.INVALID_REQUEST);
            throw new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString());
        }

        {*nothing important*}

        return oauth2Authentication;
    }

应用程序.yaml

spring:
  datasource:
    url: ${SPRING_DATASOURCE_URL}
    username: ${SPRING_DATASOURCE_USERNAME}
    password: ${SPRING_DATASOURCE_PASSWORD}
    initialization-mode: always
    driver-class-name: org.postgresql.Driver

  jpa:
    show-sql: false
    hibernate:
      ddl-auto: update
    properties:
      hibernate:
        dialect: org.hibernate.dialect.PostgreSQL94Dialect
  security:
    oauth2:
      client:
        registration:
          google:
            clientId: ${GOOGLE_CLIENT_ID}
            clientSecret: ${GOOGLE_CLIENT_SECRET}
            redirectUri: "{baseUrl}/oauth2/callback/{registrationId}"
            scope:
              - email
              - profile
          some:
            clientId: ${SECRET_NAME_ONE_CLIENT_ID}
            clientSecret: ${SECRET_NAME_CLIENT_SECRET}
            authorization-grant-type: authorization_code
            redirectUri: "{baseUrl}/oauth2/callback/{registrationId}"
            scope:
              - email
        provider:
          some:
            authorizationUri: "https://*******/oauth"
            token-uri: "https://********/oauth.echangeToken"
app:
  auth:
    tokenSecret:********
    tokenExpirationMsec:*********
  oauth2:
    authorizedRedirectUris:
      - ${AUTHORIZED_REDIRECT_URIS}
server:
  port: 8080

暂无答案!

目前还没有任何答案,快来回答吧!

相关问题