update oidc config and outputs user info

2022-03-06 11:09:24 +08:00
parent 6880dd513e
commit 2c0273dd76
3 changed files with 11 additions and 18 deletions
--- a/src/main/java/me/hatter/sample/SampleController.java
+++ b/src/main/java/me/hatter/sample/SampleController.java
@@ -3,26 +3,21 @@ package me.hatter.sample;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.annotation.AuthenticationPrincipal;
 import org.springframework.security.core.context.SecurityContextHolder;
-import org.springframework.security.oauth2.core.oidc.user.OidcUser;
+import org.springframework.security.oauth2.core.user.OAuth2User;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RestController;

@RestController
 public class SampleController {
-    @GetMapping("/oidc-principal")
-    public OidcUser getOidcUserPrincipal(
-            @AuthenticationPrincipal OidcUser principal) {
+    @GetMapping("/oauth2-principal")
+    public OAuth2User getOidcUserPrincipal(
+            @AuthenticationPrincipal OAuth2User principal) {
        return principal;
    }

-    @GetMapping("/oidc-principal2")
+    @GetMapping("/oauth2-principal2")
    public Object getOidcUserPrincipal2() {
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
-        if (authentication.getPrincipal() instanceof OidcUser) {
-            OidcUser principal = ((OidcUser) authentication.getPrincipal());
-            return principal;
-        } else {
-            return authentication.getPrincipal();
-        }
+        return authentication.getPrincipal();
    }
 }
--- a/src/main/java/me/hatter/sample/SecurityConfig.java
+++ b/src/main/java/me/hatter/sample/SecurityConfig.java
@@ -8,12 +8,9 @@ import org.springframework.security.config.annotation.web.configuration.WebSecur
 public class SecurityConfig extends WebSecurityConfigurerAdapter {
    @Override
    protected void configure(HttpSecurity http) throws Exception {
-        http// only disable these during testing or for non-browser clients
-//                .cors().disable()
-//                .csrf().disable()
-                .authorizeRequests()
+        http.authorizeRequests()
                .anyRequest().authenticated()
                .and()
-                .oauth2Login().loginPage("/oauth2/authorization/google");
+                .oauth2Login();
    }
 }
--- a/src/main/resources/application.properties
+++ b/src/main/resources/application.properties
@@ -4,5 +4,6 @@ application.title=This is SpringBoot sample application
 spring.mvc.throw-exception-if-no-handler-found=true
 spring.resources.add-mappings=false

-spring.security.oauth2.client.registration.google.client-id=test
-spring.security.oauth2.client.registration.google.client-secret=test
+spring.security.oauth2.client.provider.login.issuer-uri=<issuer>
+spring.security.oauth2.client.registration.login.client-id=<client-id>
+spring.security.oauth2.client.registration.login.client-secret=<client-secret>