Spring oauth2 как авторизоваться через сторонний сервис?

Question

[taluks]

Сконфигурировал веб-приложение на 4-м спринге, без boot, для авторизации через фейсбук:

build.gradle

compile group: 'org.springframework', name: 'spring-core', 	  version: '4.3.22.RELEASE'
    compile group: 'org.springframework', name: 'spring-context', version: '4.3.22.RELEASE'
    compile group: 'org.springframework', name: 'spring-jdbc', 	  version: '4.3.22.RELEASE'
    compile group: 'org.springframework', name: 'spring-webmvc',  version: '4.3.22.RELEASE'
    
    compile group: 'org.springframework.security', name: 'spring-security-web', version: '4.2.11.RELEASE'
    compile group: 'org.springframework.security', name: 'spring-security-config', version: '4.2.11.RELEASE'
    compile group: 'org.springframework.security.oauth', name: 'spring-security-oauth2', version: '2.3.5.RELEASE'
...

WebSecurityConfig.java

@Configuration
@EnableWebSecurity
@EnableOAuth2Client
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

	@Override
	protected void configure(HttpSecurity http) throws Exception {
		//http.csrf().disable();
		
		http.authorizeRequests().mvcMatchers("/**",
				"/css/*.css", 
				"/js/*.js", 
				"/images/*.png").permitAll()
		.anyRequest().authenticated();
		
	}

	@Bean
	public OAuth2RestTemplate oauth2RestTemplate(OAuth2ClientContext oauth2ClientContext,
			OAuth2ProtectedResourceDetails details) {
		return new OAuth2RestTemplate(details, oauth2ClientContext);
	}

	@Bean
	public OAuth2ProtectedResourceDetails facebook() {
		AuthorizationCodeResourceDetails details = new AuthorizationCodeResourceDetails();
		details.setId("facebook");
		details.setClientId("appId"); // убрал для вопроса
		details.setClientSecret("secret");// убрал для вопроса
		details.setAccessTokenUri("https://graph.facebook.com/oauth/access_token");
		details.setUserAuthorizationUri("https://www.facebook.com/dialog/oauth");
		details.setScope(Arrays.asList("public_profile"));
		details.setTokenName("oauth_token");
		details.setAuthenticationScheme(AuthenticationScheme.query);
		details.setClientAuthenticationScheme(AuthenticationScheme.form);
		return details;
	}
}

Как сделать, чтобы при переходе на сайте вместо "HTTP Status 403 - Access Denied" перенаправлял на фейсбук, чтобы залогиниться?

Comments

[taluks]

разобрался, чтобы не писать свои велосипеды нужно подключить compile group: 'org.springframework.security.oauth.boot', name: 'spring-security-oauth2-autoconfigure', version: '2.1.0.RELEASE' для 4ой версии спринга, отсюда понадобится один класс UserInfoTokenServices :

package com.tm.web.config;

import java.util.Arrays;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.security.oauth2.resource.UserInfoTokenServices;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.oauth2.client.OAuth2ClientContext;
import org.springframework.security.oauth2.client.OAuth2RestTemplate;
import org.springframework.security.oauth2.client.filter.OAuth2ClientAuthenticationProcessingFilter;
import org.springframework.security.oauth2.client.filter.OAuth2ClientContextFilter;
import org.springframework.security.oauth2.client.resource.OAuth2ProtectedResourceDetails;
import org.springframework.security.oauth2.client.token.grant.code.AuthorizationCodeResourceDetails;
import org.springframework.security.oauth2.common.AuthenticationScheme;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableOAuth2Client;
import org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter;
import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
import org.springframework.security.web.csrf.CookieCsrfTokenRepository;

@Configuration
@EnableWebSecurity
@EnableOAuth2Client
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
	
	@Autowired
	public OAuth2ClientContext oauth2ClientContext;

	@Autowired
	public OAuth2RestTemplate auth2RestTemplate;

	@Autowired
	public OAuth2ClientContextFilter auth2ClientContextFilter;

	@Override
	protected void configure(HttpSecurity http) throws Exception {

		OAuth2ClientAuthenticationProcessingFilter filter = new OAuth2ClientAuthenticationProcessingFilter(
				"/login/facebook");
		filter.setRestTemplate(auth2RestTemplate);
		filter.setTokenServices(new UserInfoTokenServices("https://graph.facebook.com/me", "appId"));

		http.logout().and().authorizeRequests().antMatchers("/", "/css/*.css", "/js/*.js", "/images/*.png").permitAll()
				.antMatchers("/login/facebook").permitAll().anyRequest().authenticated().and()
				.addFilterAfter(auth2ClientContextFilter, AbstractPreAuthenticatedProcessingFilter.class)
				.addFilterBefore(filter, BasicAuthenticationFilter.class).anonymous().disable().csrf()
				.csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse());

		http.exceptionHandling().authenticationEntryPoint((request, response, authException) -> {
			if (authException != null) {
				response.sendRedirect(request.getContextPath() + "/login/facebook");
			}
		});

	}

	@Bean
	public OAuth2RestTemplate oauth2RestTemplate(OAuth2ClientContext oauth2ClientContext,
			OAuth2ProtectedResourceDetails details) {
		return new OAuth2RestTemplate(details, oauth2ClientContext);
	}

	@Bean
	public OAuth2ProtectedResourceDetails facebook() {
		AuthorizationCodeResourceDetails details = new AuthorizationCodeResourceDetails();
		details.setId("facebook");
		details.setClientId("appId");
		details.setClientSecret("secret");
		details.setAccessTokenUri("https://graph.facebook.com/oauth/access_token");
		details.setUserAuthorizationUri("https://www.facebook.com/dialog/oauth");
		details.setScope(Arrays.asList("public_profile"));
		details.setTokenName("oauth_token");
		details.setAuthenticationScheme(AuthenticationScheme.query);
		details.setClientAuthenticationScheme(AuthenticationScheme.form);
		return details;
	}

}

и еще нужно добавить RequestContextListener ( No thread-bound request found: Are you referring to request attributes outside of an actual web request, ...)

public class WebAppInitializer implements WebApplicationInitializer {

	private static final String MAPPING_URL = "/";

	@Override
	public void onStartup(ServletContext servletContext) throws ServletException {
		// Create the 'root' Spring application context
		AnnotationConfigWebApplicationContext rootContext = new AnnotationConfigWebApplicationContext();
		rootContext.register(AppConfig.class);
		rootContext.registerShutdownHook();

		// Manage the lifecycle of the root application context
		servletContext.addListener(new ContextLoaderListener(rootContext));

		// Create the dispatcher servlet's Spring application context
		AnnotationConfigWebApplicationContext dispatcherContext = new AnnotationConfigWebApplicationContext();
		dispatcherContext.registerShutdownHook();

		// Register and map the dispatcher servlet
		ServletRegistration.Dynamic dispatcher = servletContext.addServlet("dispatcher",
				new DispatcherServlet(dispatcherContext));
		dispatcher.setLoadOnStartup(1);
		dispatcher.addMapping(MAPPING_URL);

		servletContext.addListener(new RequestContextListener());
	}
}

[MaxLich]

taluks, в виде ответы бы лучше оформил