Я пытаюсь получить токен JWT с стороннего SSO-сервера. Это требует дополнительного параметра в первом запросе авторизации, напримерZuul proxy и Spring OAuth redirection issue
https://[third-party-sso-server]/oauth2/authorize?client_id=[my-client-id]&redirect_uri=http://localhost:8080/login&response_type=code&additional_param=[value]
но Spring Security имеет стандартное перенаправление URI: https://[third-party-sso-server]/oauth2/authorize?client_id=[my-client-id]&redirect_uri=http://localhost:8080/login&response_type=code&state=[state-value]
Так я не могу добавить дополнительный параметр, используя любой фильтр, ни HeaderWriter. И я не могу изменить стратегию перенаправления с использованием класса DefaultRedirectStrategy. Мой код основан на этом учебнике https://spring.io/guides/tutorials/spring-boot-oauth2/#_social_login_manual
`
package hello;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.cloud.netflix.zuul.EnableZuulProxy;
import org.springframework.context.annotation.Bean;
import hello.filters.pre.SimpleFilter;
import org.springframework.boot.autoconfigure.security.oauth2.resource.UserInfoTokenServices;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableOAuth2Client;
import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
import javax.servlet.Filter;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.security.oauth2.resource.ResourceServerProperties;
import org.springframework.boot.context.properties.ConfigurationProperties;
import org.springframework.security.oauth2.client.OAuth2ClientContext;
import org.springframework.security.oauth2.client.OAuth2RestTemplate;
import org.springframework.security.oauth2.client.token.grant.code.AuthorizationCodeResourceDetails;
@SpringBootApplication
@EnableZuulProxy
@EnableOAuth2Client
public class GatewayApplication extends WebSecurityConfigurerAdapter
{
@Autowired
OAuth2ClientContext oauth2ClientContext;
public static void main(String[] args) {
SpringApplication.run(GatewayApplication.class, args);
}
@Bean
public SimpleFilter simpleFilter() {
return new SimpleFilter();
}
private Filter ssoFilter() {
OAuth2ClientAuthenticationProcessingFilter customFilter = new OAuth2ClientAuthenticationProcessingFilter("/login");
OAuth2RestTemplate customTemplate = new OAuth2RestTemplate(thirdPartySso(), oauth2ClientContext);
customFilter.setRestTemplate(customTemplate);
customFilter.setTokenServices(new UserInfoTokenServices(myResource().getUserInfoUri(), thirdPartySso().getClientId()));
return customFilter;
}
@Bean
@ConfigurationProperties("security.oauth2.client")
public AuthorizationCodeResourceDetails thirdPartySso() {
return new AuthorizationCodeResourceDetails();
}
@Bean
@ConfigurationProperties("security.oauth2.resource")
public ResourceServerProperties myResource() {
return new ResourceServerProperties();
}
@Override
public void configure(HttpSecurity http) throws Exception {
// It doesn't work
//http.headers().addHeaderWriter(new StaticHeadersWriter("Location","new location"));
http.antMatcher("/**").addFilterBefore(ssoFilter(), BasicAuthenticationFilter.class)
.authorizeRequests().antMatchers("/").authenticated();
}
}
Spring Boot configuration file:
server:
port: 8090
zuul:
routes :
admin :
path: /api/admin/**
url : http://localhost:2222/admin
security:
oauth2:
client:
clientId: [clientid]
clientSecret: [secret]
accessTokenUri: https://[third-party-uri]/oauth2/token
userAuthorizationUri: https://[third-party-uri]/adfs/oauth2/authorize
useCurrentUri : false
tokenName: accessToken
authenticationScheme: query
clientAuthenticationScheme: form
resource:
userInfoUri: http://localhost:5555/oauth2/token
spring:
application:
name: zuul-server
ribbon:
eureka:
enabled: false
`