We have a Spring Boot 1.3.2/Webflow web app which we're converting to use SSO. I've followed the steps in the "Migrating OAuth2 Apps from Spring Boot 1.2 to 1.3" blog and have the app handing off to our Auth server for authentication and the web app using the token to populate it's security context correctly.
The only piece not working is the custom authentication success handler we have that configures a few bits in the users session before they continue to their landing page.
This is currently configured as follows in our security config, which extends WebSecurityConfigurerAdapter
@Override
protected void configure(HttpSecurity http) throws Exception {
// These are all the unprotected endpoints.
http.authorizeRequests()
.antMatchers(new String[] { "/", "/login", "/error",
"/loginFailed", "/static/**" })
.permitAll();
// Protect all the other endpoints with a login page.
http.authorizeRequests().anyRequest()
.hasAnyAuthority("USER", "ADMIN").and().formLogin().loginPage("/login").failureUrl("/loginFailed")
.successHandler(customAuthenticationSuccessHandler()).and().logout()
.logoutRequestMatcher(new AntPathRequestMatcher("/logout"));
http.exceptionHandling().accessDeniedHandler(new AccessDeniedHandler() {
@Override
public void handle(HttpServletRequest request, HttpServletResponse response,
AccessDeniedException accessDeniedException) throws IOException, ServletException {
if (accessDeniedException instanceof CsrfException) {
response.sendRedirect(request.getContextPath() + "/logout");
}
}
});
}
I can see the handler being configured during startup, but it is never called once the user has successfully logged in. All of the questions I've found on the subject refer to using a OAuth2SsoConfigurerAdapter, however as we're no longer using spring-cloud-security this class is not available.
UPDATE: I've discovered that this is possible using a BeanPostProcessor:
public static class DefaultRolesPrefixPostProcessor implements BeanPostProcessor, PriorityOrdered {
@Override
public Object postProcessAfterInitialization(Object bean, String beanName) throws BeansException {
if (bean instanceof FilterChainProxy) {
FilterChainProxy chains = (FilterChainProxy) bean;
for (SecurityFilterChain chain : chains.getFilterChains()) {
for (Filter filter : chain.getFilters()) {
if (filter instanceof OAuth2ClientAuthenticationProcessingFilter) {
OAuth2ClientAuthenticationProcessingFilter oAuth2ClientAuthenticationProcessingFilter = (OAuth2ClientAuthenticationProcessingFilter) filter;
oAuth2ClientAuthenticationProcessingFilter
.setAuthenticationSuccessHandler(customAuthenticationSuccessHandler());
}
}
}
}
return bean;
}
}
Is there a better way to configure this though?
If you follow Dave Syers excellent Spring boot oauth2 tutorial, you will end up with a method that returns your ssoFilter
I added a setAuthenticationSuccessHandler to this filter
@Autowired
private CustomAuthenticationSuccessHandler customAuthenticationSuccessHandler;
private Filter ssoFilter() {
OAuth2ClientAuthenticationProcessingFilter facebookFilter = new OAuth2ClientAuthenticationProcessingFilter("/login/facebook");
OAuth2RestTemplate facebookTemplate = new OAuth2RestTemplate(facebook(), oauth2ClientContext);
facebookFilter.setRestTemplate(facebookTemplate);
facebookFilter.setTokenServices(new UserInfoTokenServices(facebookResource().getUserInfoUri(), facebook().getClientId()));
facebookFilter.setAuthenticationSuccessHandler(customAuthenticationSuccessHandler);
return facebookFilter;
}
And my CustomAuthenticationSuccessHandler was just a component that extended AuthenticationSuccessHandler
@Component
public class CustomAuthenticationSuccessHandler implements AuthenticationSuccessHandler {
@Override
public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response,
Authentication authentication) throws IOException, ServletException {
//implementation
}
}
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With