從 Spring security oauth2 client 自動配置中獲取當前登錄用戶信息

從 Spring security oauth2 client 自動配置中獲取當前登錄用戶信息

方法一：在AuthenticationSuccessHandler實現類中獲取

• 缺點：獲取用戶信息後需要做跳轉，底層框架並不會自動跳轉回未授權之前訪問的頁面

package com.lee.demo.handler;

import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.Authentication;
import org.springframework.security.oauth2.core.user.OAuth2User;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.stereotype.Component;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;

@Slf4j
@Component
public class Oauth2AuthenticationSuccessHandler implements AuthenticationSuccessHandler {

    @Autowired
    public Oauth2AuthenticationSuccessHandler() {
    }

    @Override
    public void onAuthenticationSuccess(HttpServletRequest request,
                                        HttpServletResponse response,
                                        Authentication authentication) throws IOException {
        OAuth2User oAuth2User = (OAuth2User) authentication.getPrincipal();
        if (oAuth2User != null) {
            log.info(oAuth2User.toString());
        }
        response.sendRedirect("/index");
    }
}

方法二：在controller中獲取

• 這裏就可以不用配置AuthenticationSuccessHandler

package com.lee.demo.configurations;

import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

@Configuration
public class OAuth2SecurityConfiguration extends WebSecurityConfigurerAdapter {
    // @Autowired
    // private Oauth2AuthenticationSuccessHandler oauth2AuthenticationSuccessHandler;

	@Override
    protected void configure(HttpSecurity http) throws Exception {
        http
                .authorizeRequests()
                .anyRequest().authenticated()
                .and()
                .oauth2Login()
                .redirectionEndpoint()
                .baseUri("/oauth2/callback")
                // .and()
				// .successHandler(oauth2AuthenticationSuccessHandler)
        ;
    }
}

• 直接訪問 /info 時框架會自動注入 Authentication，從中便可獲取
• 或者直接訪問user，框架會自動注入user，從中也可獲取
• 不用幫前端做跳轉，前後端分離更加徹底

package com.lee.demo.controller;

import com.lee.demo.model.UserInfoDTO;
import lombok.extern.slf4j.Slf4j;
import org.springframework.security.core.Authentication;
import org.springframework.security.oauth2.client.OAuth2AuthorizedClient;
import org.springframework.security.oauth2.client.annotation.RegisteredOAuth2AuthorizedClient;
import org.springframework.security.oauth2.core.user.OAuth2User;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RestController;

@Slf4j
@RestController
public class HelloController {
    // 用 "/login" 路徑有問題
    @GetMapping("/info")
    public UserInfoDTO info(Authentication authentication) {
        OAuth2User oAuth2User = (OAuth2User) authentication.getPrincipal();
        UserInfoDTO userInfoDTO = new UserInfoDTO();
        userInfoDTO.setId((Integer) oAuth2User.getAttributes().get("id"));
        userInfoDTO.setLogin((String) oAuth2User.getAttributes().get("login"));
        userInfoDTO.setAvatar_url((String) oAuth2User.getAttributes().get("avatar_url"));

        return userInfoDTO;
    }

	@GetMapping("/user")
    public Principal user(Principal principal) {
        return principal;
    }
}

{
    "id": 48xxxx8,
    "login": "zxxx1",
    "avatar_url": "https://avatars3.githubusercontent.com/u/4xxxx28?v=4"
}