2
我想通過facebook/twitter帳戶在我的網站上對用戶進行身份驗證。但在春季的例子中,春季要求我先登錄,然後在用戶已經擁有角色之後,我可以連接到Facebook並獲取一些數據。即使facebookData控制器沒有權限(intercept-url pattern="/**" access="permitAll"
),spring也會將我重定向到登錄頁面。使用Spring oAuth2.0進行身份驗證
- 是不是說OpenAuth不能用於認證 anonymouse用戶?
我的彈簧安全:
<http use-expressions="true">
<form-login login-page="/login" />
<intercept-url pattern="/**" access="permitAll" />
<logout />
<custom-filter ref="oauth2ClientFilter" after="EXCEPTION_TRANSLATION_FILTER" />
</http>
<oauth:client id="oauth2ClientFilter" />
<oauth:resource id="facebook" type="authorization_code" client-id="..." client-secret="..." authentication-scheme="query"
access-token-uri="https://graph.facebook.com/oauth/access_token" user-authorization-uri="https://www.facebook.com/dialog/oauth" token-name="oauth_token" client-authentication-scheme="form" scope="email"/>
<bean id="facebookController" class="org.springframework.security.oauth.examples.tonr.mvc.FacebookController" />
<oauth:rest-template resource="facebook" id="fasebookRestTemplate">
<property name="messageConverters">
<list>
<bean class="org.springframework.http.converter.json.MappingJacksonHttpMessageConverter">
<property name="supportedMediaTypes">
<list>
<bean class="org.springframework.http.MediaType">
<!--facebook sends its json as text/javascript for some reason -->
<constructor-arg value="text" />
<constructor-arg value="javascript" />
</bean>
<bean class="org.springframework.http.MediaType">
<constructor-arg value="application" />
<constructor-arg value="json" />
</bean>
</list>
</property>
</bean>
</list>
</property>
</oauth:rest-template>
和Facebook控制器:
@Autowired
private RestOperations facebookRestTemplate;
@RequestMapping("/facebook/info")
public String photos(Model model) throws Exception {
ObjectNode resultNode = facebookRestTemplate.getForObject("https://graph.facebook.com/me/friends", ObjectNode.class);
ArrayNode data = (ArrayNode) resultNode.get("data");
ArrayList<String> friends = new ArrayList<String>();
for (JsonNode dataNode : data) {
friends.add(dataNode.get("name").getTextValue());
}
model.addAttribute("friends", friends);
return "facebook";
}
謝謝,但我打算不僅連接Facebook和Twitter,任何方式我找到答案在這裏http://forum.spring.io/forum/spring-projects/security/oauth/121682-authentication-is-required -to-獲得-的訪問令牌,匿名不被允許 – user1406196