OIDC9-OIDC集成登录功能(SpringBoot3.0)
1.项目依赖
| <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd"> <modelVersion>4.0.0</modelVersion> <groupId>com.me.mengyu.auth.net</groupId> <artifactId>mengyu-love</artifactId> <version>0.0.1-SNAPSHOT</version> <packaging>war</packaging> <description>Auth</description> <dependencies> <!-- JWT认证利用 --> <dependency> <groupId>io.jsonwebtoken</groupId> <artifactId>jjwt-api</artifactId> <version>0.11.5</version> </dependency> <dependency> <groupId>io.jsonwebtoken</groupId> <artifactId>jjwt-impl</artifactId> <version>0.11.5</version> <scope>runtime</scope> </dependency> <dependency> <groupId>io.jsonwebtoken</groupId> <artifactId>jjwt-jackson</artifactId> <version>0.11.5</version> </dependency>
<!-- OIDC认证利用 --> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-oauth2-client</artifactId> <version>3.0.0</version> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-web</artifactId> <version>3.0.0</version> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-thymeleaf</artifactId> <version>3.0.0</version> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-security</artifactId> <version>3.0.0</version> </dependency> </dependencies> <build> <plugins> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-war-plugin</artifactId> <version>3.3.2</version> <configuration> <failOnMissingWebXml>false</failOnMissingWebXml> </configuration> </plugin> </plugins> </build> </project> |
2.配置应用程序属性
在 src/main/resources/application.yml 中配置 OIDC 相关属性,具体取决于您使用的身份提供者(如 Google、Okta、Auth0 等):
| spring: security: oauth2: client: registration: my-client: client-id: your-client-id client-secret: your-client-secret scope: openid, profile, email redirect-uri: "{baseUrl}/login/oauth2/code/{registrationId}" authorization-grant-type: authorization_code provider: my-provider: authorization-uri: https://your-authorization-server.com/auth token-uri: https://your-authorization-server.com/token user-info-uri: https://your-authorization-server.com/userinfo |
3.创建安全配置类
创建一个安全配置类,继承 WebSecurityConfigurerAdapter,以配置安全性:
| package com.me.mengyu.love.config; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.web.SecurityFilterChain; import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint; @Configuration @EnableWebSecurity public class SecurityConfig { @Bean public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { http . .requestMatchers("/", "/login", "/error").permitAll() // 允许所有用户访问的页面 .anyRequest().authenticated() // 其余请求需要认证 .and() .oauth2Login() .loginPage("/login") // 自定义登录页 .defaultSuccessUrl("/home", true) // 登录成功后的默认跳转页 .failureUrl("/login?error=true") // 登录失败后的跳转页 .and() .exceptionHandling() .authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/login")); // 未认证用户访问的处理
return http.build(); // 返回构建的 HttpSecurity } } |
注意1:在 Spring Security 5.0 及以后的版本中,WebSecurityConfigurerAdapter 类已被标记为不推荐使用(deprecated)。因此,Spring Boot 3.0 和 Spring Security 5.7 及更高版本也不再需要使用 WebSecurityConfigurerAdapter。相应的配置可以通过新的安全配置方法来实现,使用 SecurityFilterChain 和 @EnableWebSecurity 注解来定义安全规则。
4.创建控制器
| package com.me.mengyu.love.controller; import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.GetMapping; @Controller public class HomeController { @GetMapping("/") public String index() { return "index"; // 返回首页视图 } @GetMapping("/home") public String home() { return "home"; // 返回用户主页视图 } @GetMapping("/login") public String login() { return "login"; // 返回登录视图 } } |
5.创建视图
在 src/main/resources/templates/ 下创建相应的 HTML 视图文件(例如,index.html, home.html, login.html)。
| <!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>Index Page</title> </head> <body> <h1>Welcome to the OIDC Demo!</h1> <a href="/login">Login</a> </body> </html> |
| <!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>Login Page</title> </head> <body> <h1>Login</h1> <a href="/oauth2/authorization/my-client">Login with OIDC</a> <div th:if="${param.error}"> <p>Login failed. Please try again.</p> </div> </body> </html> |
| <!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>Home Page</title> </head> <body> <h1>Welcome Home!</h1> <p>You are successfully logged in.</p> <a href="/">Logout</a> </body> </html> |
6.运行应用程序
可以通过访问 http://localhost:8080 来访问应用程序,进行 OIDC 登录测试。
7.处理用户信息
要获取用户信息,您可以在控制器中注入 OAuth2AuthenticationToken,并提取用户详细信息:
| package com.me.mengyu.love.controller; import org.springframework.security.core.annotation.AuthenticationPrincipal; import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken; import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.RestController; @RestController public class UserController { @GetMapping("/user") public String user(@AuthenticationPrincipal OAuth2AuthenticationToken authentication) { return "User: " + authentication.getPrincipal().getAttributes().toString(); } } |