Как сделать OAuth2 авторизацию через Вконтакте и Одноклассников на Spring Security?

Question

[Алексей П]

Здравствуйте!

Подскажите, как реализовать OAuth2 авторизацию для Вконтакте и Одноклассников на Spring Security? Сейчас имею такие настройки:

spring:
  security:
    oauth2:
      client:
        registration:
          vk:
            clientName: vk
            clientId: clientId
            clientSecret: clientSecret
            redirectUriTemplate: http://localhost:8080/login/vk/success
            authorizationGrantType: authorization_code
            clientAuthenticationMethod: form
            scope: email
            provider: vk
        provider:
          vk:
            authorizationUri: https://oauth.vk.com/authorize
            tokenUri: https://oauth.vk.com/access_token
            userInfoUri: https://api.vk.com/method/users.get
            userNameAttribute: id

И такой конфиг Spring Security:

@Configuration
@EnableOAuth2Client
class SecurityConfig extends WebSecurityConfigurerAdapter {

    private OAuth2ClientContextFilter oauth2ClientContextFilter;

    SecurityConfig(OAuth2ClientContextFilter oauth2ClientContextFilter) {
        this.oauth2ClientContextFilter = oauth2ClientContextFilter
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
                .authorizeRequests()
                .anyRequest().authenticated().and()
                .logout().logoutSuccessUrl("/").permitAll().and()
                .oauth2Login()
                .redirectionEndpoint()
                .baseUri("/login/vk/success")
    }
}

И такой стектрейс:

2018-08-11 10:05:17.893 DEBUG 14757 --- [nio-8080-exec-5] o.s.b.w.s.f.OrderedRequestContextFilter  : Bound request context to thread: org.springframework.session.web.http.SessionRepositoryFilter$SessionRepositoryRequestWrapper@6a12b9e9
2018-08-11 10:05:17.893 DEBUG 14757 --- [nio-8080-exec-5] o.s.security.web.FilterChainProxy        : /login/vk/success?code=c1447fa57e60c3c927&state=yn9oFB9FPrL7ZcxpjYcrR6_CHq7wjEk_KiBA5zO93x4= at position 1 of 14 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
2018-08-11 10:05:17.893 DEBUG 14757 --- [nio-8080-exec-5] o.s.security.web.FilterChainProxy        : /login/vk/success?code=c1447fa57e60c3c927&state=yn9oFB9FPrL7ZcxpjYcrR6_CHq7wjEk_KiBA5zO93x4= at position 2 of 14 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
2018-08-11 10:05:17.894 DEBUG 14757 --- [nio-8080-exec-5] o.s.d.redis.core.RedisConnectionUtils    : Opening RedisConnection
2018-08-11 10:05:17.895 DEBUG 14757 --- [nio-8080-exec-5] o.s.d.redis.core.RedisConnectionUtils    : Closing Redis Connection
2018-08-11 10:05:17.900 DEBUG 14757 --- [nio-8080-exec-5] w.c.HttpSessionSecurityContextRepository : HttpSession returned null object for SPRING_SECURITY_CONTEXT
2018-08-11 10:05:17.900 DEBUG 14757 --- [nio-8080-exec-5] w.c.HttpSessionSecurityContextRepository : No SecurityContext was available from the HttpSession: org.springframework.session.web.http.SessionRepositoryFilter$SessionRepositoryRequestWrapper$HttpSessionWrapper@60ead299. A new one will be created.
2018-08-11 10:05:17.900 DEBUG 14757 --- [nio-8080-exec-5] o.s.security.web.FilterChainProxy        : /login/vk/success?code=c1447fa57e60c3c927&state=yn9oFB9FPrL7ZcxpjYcrR6_CHq7wjEk_KiBA5zO93x4= at position 3 of 14 in additional filter chain; firing Filter: 'HeaderWriterFilter'
2018-08-11 10:05:17.900 DEBUG 14757 --- [nio-8080-exec-5] o.s.security.web.FilterChainProxy        : /login/vk/success?code=c1447fa57e60c3c927&state=yn9oFB9FPrL7ZcxpjYcrR6_CHq7wjEk_KiBA5zO93x4= at position 4 of 14 in additional filter chain; firing Filter: 'CsrfFilter'
2018-08-11 10:05:17.900 DEBUG 14757 --- [nio-8080-exec-5] o.s.security.web.FilterChainProxy        : /login/vk/success?code=c1447fa57e60c3c927&state=yn9oFB9FPrL7ZcxpjYcrR6_CHq7wjEk_KiBA5zO93x4= at position 5 of 14 in additional filter chain; firing Filter: 'LogoutFilter'
2018-08-11 10:05:17.900 DEBUG 14757 --- [nio-8080-exec-5] o.s.s.w.u.matcher.AntPathRequestMatcher  : Request 'GET /login/vk/success' doesn't match 'POST /logout
2018-08-11 10:05:17.900 DEBUG 14757 --- [nio-8080-exec-5] o.s.security.web.FilterChainProxy        : /login/vk/success?code=c1447fa57e60c3c927&state=yn9oFB9FPrL7ZcxpjYcrR6_CHq7wjEk_KiBA5zO93x4= at position 6 of 14 in additional filter chain; firing Filter: 'OAuth2AuthorizationRequestRedirectFilter'
2018-08-11 10:05:17.900 DEBUG 14757 --- [nio-8080-exec-5] o.s.s.w.u.matcher.AntPathRequestMatcher  : Checking match of request : '/login/vk/success'; against '/oauth2/authorization/{registrationId}'
2018-08-11 10:05:17.901 DEBUG 14757 --- [nio-8080-exec-5] o.s.security.web.FilterChainProxy        : /login/vk/success?code=c1447fa57e60c3c927&state=yn9oFB9FPrL7ZcxpjYcrR6_CHq7wjEk_KiBA5zO93x4= at position 7 of 14 in additional filter chain; firing Filter: 'OAuth2LoginAuthenticationFilter'
2018-08-11 10:05:17.901 DEBUG 14757 --- [nio-8080-exec-5] o.s.s.w.u.matcher.AntPathRequestMatcher  : Checking match of request : '/login/vk/success'; against '/login/vk/success'
2018-08-11 10:05:17.901 DEBUG 14757 --- [nio-8080-exec-5] .s.o.c.w.OAuth2LoginAuthenticationFilter : Request is to process authentication
2018-08-11 10:05:17.909 DEBUG 14757 --- [nio-8080-exec-5] o.s.s.authentication.ProviderManager     : Authentication attempt using org.springframework.security.oauth2.client.authentication.OAuth2LoginAuthenticationProvider
2018-08-11 10:05:38.699 DEBUG 14757 --- [nio-8080-exec-5] o.s.s.authentication.ProviderManager     : Authentication attempt using org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer$OidcAuthenticationRequestChecker
2018-08-11 10:05:38.704 DEBUG 14757 --- [nio-8080-exec-5] .s.o.c.w.OAuth2LoginAuthenticationFilter : Authentication request failed: org.springframework.security.oauth2.core.OAuth2AuthenticationException: [invalid_client] client_secret is undefined

org.springframework.security.oauth2.core.OAuth2AuthenticationException: [invalid_client] client_secret is undefined
	at org.springframework.security.oauth2.client.endpoint.NimbusAuthorizationCodeTokenResponseClient.getTokenResponse(NimbusAuthorizationCodeTokenResponseClient.java:116) ~[spring-security-oauth2-client-5.0.7.RELEASE.jar:5.0.7.RELEASE]
	at org.springframework.security.oauth2.client.endpoint.NimbusAuthorizationCodeTokenResponseClient.getTokenResponse(NimbusAuthorizationCodeTokenResponseClient.java:67) ~[spring-security-oauth2-client-5.0.7.RELEASE.jar:5.0.7.RELEASE]
	at org.springframework.security.oauth2.client.authentication.OAuth2LoginAuthenticationProvider.authenticate(OAuth2LoginAuthenticationProvider.java:121) ~[spring-security-oauth2-client-5.0.7.RELEASE.jar:5.0.7.RELEASE]
	at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:174) ~[spring-security-core-5.0.7.RELEASE.jar:5.0.7.RELEASE]
	at org.springframework.security.oauth2.client.web.OAuth2LoginAuthenticationFilter.attemptAuthentication(OAuth2LoginAuthenticationFilter.java:164) ~[spring-security-oauth2-client-5.0.7.RELEASE.jar:5.0.7.RELEASE]
	at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:212) ~[spring-security-web-5.0.7.RELEASE.jar:5.0.7.RELEASE]
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.0.7.RELEASE.jar:5.0.7.RELEASE]
	at

Comments

[edik10altc]

Привет, хотел узнать получилось ли у тебя настроить это??Буду благодарен за ответ

[Алексей П]

edik10altc, нет

[Алексей П]

edik10altc, но я сейчас занимаюсь этим вопросом. Сейчас есть проект в котором есть пока только авторизацию по JWT токену

[J_Forseti]

Алексей Попрядухин, Разобрался?

[J_Forseti]

Алексей Попрядухин, ??

[Алексей П]

J_Forseti, вот репозиторий с JWT токеном https://github.com/lynx-r/tictactoe-microservices-...

[J_Forseti]

Алексей Попрядухин, ты в итоге не стал использовать oauth 2 в Spring Security 5?А сделал через фильтр?

[Алексей П]

J_Forseti, да

[J_Forseti]

Алексей Попрядухин, ((

[J_Forseti]

В итоге я сделал как обычно делаю на PHP.Я получил данные и зашел вот так:

Authentication auth = new UsernamePasswordAuthenticationToken(
                UserPrincipal.create(user, attributes), null, Arrays.asList(
                new SimpleGrantedAuthority("OAuh2Vk")));
        SecurityContextHolder.getContext().setAuthentication(auth);