Spring Security系列之Spring Social社交登录的绑定与解绑(十五)

Spring Security系列之Spring Social社交登录的绑定与解绑(十五)

在之前的Spring Social系列中,我们只是实现了使用服务提供商账号登录到业务系统中,但没有与业务系统中的账号进行关联。本章承接之前社交系列来实现社交账号与业务系统账号的绑定与解绑。

UserConnection

create table UserConnection (
	userId varchar(255) not null,
	providerId varchar(255) not null,
	providerUserId varchar(255),
	......
	primary key (userId, providerId, providerUserId));
create unique index UserConnectionRank on UserConnection(userId, providerId, rank);
复制代码

在使用社交登录的时我们创建的UserConnection表,下面我们来简单分析一下

  1. userId业务系统的用户唯一标识(我们使用的是username)
  2. providerId用于区分不同的服务提供商(qq,weixin,weibo)
  3. providerUserId 服务提供商返回的唯一标识(openid)

社交登录注册实现

取消MyConnectionSignUp

在Spring-Security源码分析六-Spring-Social社交登录源码解析中,我们得知,当配置ConnectionSignUp 时,Spring Social会根据我们配置的MyConnectionSignUp返回userId ,接着执行 userDetailsService.loadUserByUserId(userId) ,实现社交账号登录。当取消掉 MyConnectionSignUp 则会抛出 BadCredentialsException,BadCredentialsExceptionSocialAuthenticationFilter 处理,跳转到默认的 /signup 注册请求,跳转之前会将当前的社交账号信息保存到 session 中。

添加自定义注册请求/socialRegister

@Override
    protected <T> T postProcess(T object) {
        SocialAuthenticationFilter filter = (SocialAuthenticationFilter) super.postProcess(object);
        filter.setFilterProcessesUrl(filterProcessesUrl);
        filter.setSignupUrl("/socialRegister");
        return (T) filter;
    }
复制代码

添加到.permitAll();

.authorizeRequests().antMatchers(SecurityConstants.DEFAULT_UNAUTHENTICATION_URL,
             	......
                "/socialRegister",//社交账号注册和绑定页面
                "/user/register",//处理社交注册请求
              	......
                .permitAll()//以上的请求都不需要认证
复制代码

配置ProviderSignInUtils

从Session中获取社交账号信息

@Bean
    public ProviderSignInUtils providerSignInUtils(ConnectionFactoryLocator factoryLocator) {
        return new ProviderSignInUtils(factoryLocator, getUsersConnectionRepository(factoryLocator));
    }
复制代码

创建SocialUserInfo

展示当前社交账号信息

@Data
public class SocialUserInfo {

	private String providerId;

	private String providerUserId;

	private String nickname;

	private String headImg;

}
复制代码

实现socialRegister和user/register

/socialRegister

@GetMapping(value = "/socialRegister")
    public ModelAndView socialRegister(HttpServletRequest request, Map<String, Object> map) {
        SocialUserInfo userInfo = new SocialUserInfo();
        Connection<?> connection = providerSignInUtils.getConnectionFromSession(new ServletWebRequest(request));
        userInfo.setProviderId(connection.getKey().getProviderId());//哪一个服务提供商
        userInfo.setProviderUserId(connection.getKey().getProviderUserId());//openid
        userInfo.setNickname(connection.getDisplayName());//名称
        userInfo.setHeadImg(connection.getImageUrl());//显示头像
        map.put("user", userInfo);
        return new ModelAndView("socialRegister", map);
    }
复制代码

/user/register

@PostMapping("/user/register")
    public String register(SysUser user, HttpServletRequest request, HttpServletResponse response) throws IOException {
        String userId = user.getUsername();//获取用户名
        SysUser result =  sysUserService.findByUsername(userId);//根据用户名查询用户信息
        if(result==null){
            //如果为空则注册用户
            sysUserService.save(user);
        }
        //将业务系统的用户与社交用户绑定
        providerSignInUtils.doPostSignUp(userId, new ServletWebRequest(request));
        //跳转到index
        return "redirect:/index";
    }
复制代码

修改MyUserDetailsService#loadUserByUserId

@Override
    public SocialUserDetails loadUserByUserId(String userId) throws UsernameNotFoundException {
        SysUser user = repository.findByUsername(userId);//根据用户名查找用户
        return user;
    }
复制代码

效果如下: 注册效果如下:

Spring Security系列之Spring Social社交登录的绑定与解绑(十五)

绑定与解绑实现

要实现绑定与解绑,首先我们需要知道社交账号的绑定状态,绑定就是重新走一下OAuth2流程,关联当前登录用户,解绑就是删除 UserConnection数据Spring Social 默认在 ConnectController 类上已经帮我们实现了以上的需求

获取状态

/connect 获取状态。

@RequestMapping(method=RequestMethod.GET)
	public String connectionStatus(NativeWebRequest request, Model model) {
		setNoCache(request);
		processFlash(request, model);
		Map<String, List<Connection<?>>> connections = connectionRepository.findAllConnections();//根据userId查询UserConnection表
		model.addAttribute("providerIds", connectionFactoryLocator.registeredProviderIds());//系统中已经注册的服务提供商		
		model.addAttribute("connectionMap", connections);
		return connectView();//返回connectView()
	}
	protected String connectView() {
		return getViewPath() + "status";//connect/status 
	}
复制代码

由以上可得,实现 connect/status 视图即可获得社交账号的绑定状态。

实现connect/status

@Component("connect/status")
public class SocialConnectionStatusView extends AbstractView {

    @Autowired
    private ObjectMapper objectMapper;

    @Override
    protected void renderMergedOutputModel(Map<String, Object> model, HttpServletRequest request, HttpServletResponse response) throws Exception {
        Map<String, List<Connection<?>>> connections = (Map<String, List<Connection<?>>>) model.get("connectionMap");

        Map<String, Boolean> result = new HashMap<>();
        for (String key : connections.keySet()) {
            result.put(key, CollectionUtils.isNotEmpty(connections.get(key)));
        }

        response.setContentType("application/json;charset=UTF-8");
        response.getWriter().write(objectMapper.writeValueAsString(ResultUtil.success(result)));
    }
}
复制代码

返回结果如下:

Spring Security系列之Spring Social社交登录的绑定与解绑(十五)

绑定的实现

/connect/{providerId} 绑定社交账号(POST请求)

////跳转到授权的页面
@RequestMapping(value="/{providerId}", method=RequestMethod.POST)
	public RedirectView connect(@PathVariable String providerId, NativeWebRequest request) {
		ConnectionFactory<?> connectionFactory = connectionFactoryLocator.getConnectionFactory(providerId);
		MultiValueMap<String, String> parameters = new LinkedMultiValueMap<String, String>(); 
		preConnect(connectionFactory, parameters, request);
		try {
			return new RedirectView(connectSupport.buildOAuthUrl(connectionFactory, request, parameters));
		} catch (Exception e) {
			sessionStrategy.setAttribute(request, PROVIDER_ERROR_ATTRIBUTE, e);
			return connectionStatusRedirect(providerId, request);
		}
	}
复制代码

授权成功的回调地址

//将当前的登录账户与社交账号绑定(写入到UserConnection表)
@RequestMapping(value="/{providerId}", method=RequestMethod.GET, params="code")
	public RedirectView oauth2Callback(@PathVariable String providerId, NativeWebRequest request) {
		try {
			OAuth2ConnectionFactory<?> connectionFactory = (OAuth2ConnectionFactory<?>) connectionFactoryLocator.getConnectionFactory(providerId);
			Connection<?> connection = connectSupport.completeConnection(connectionFactory, request);
			addConnection(connection, connectionFactory, request);
		} catch (Exception e) {
			sessionStrategy.setAttribute(request, PROVIDER_ERROR_ATTRIBUTE, e);
			logger.warn("Exception while handling OAuth2 callback (" + e.getMessage() + "). Redirecting to " + providerId +" connection status page.");
		}
		return connectionStatusRedirect(providerId, request);
	}
	
	//返回/connext/qqed视图
	protected RedirectView connectionStatusRedirect(String providerId, NativeWebRequest request) {
		HttpServletRequest servletRequest = request.getNativeRequest(HttpServletRequest.class);
		String path = "/connect/" + providerId + getPathExtension(servletRequest);
		if (prependServletPath(servletRequest)) {
			path = servletRequest.getServletPath() + path;
		}
		return new RedirectView(path, true);
	}
复制代码

实现 connect/qqConnected视图

@Bean("connect/qqConnected")
    public View qqConnectedView() {
        return new SocialConnectView();
    }
	
	public class SocialConnectView extends AbstractView {
    @Override
    protected void renderMergedOutputModel(Map<String, Object> model, HttpServletRequest request, HttpServletResponse response) throws Exception {
        String msg = "";
        response.setContentType("text/html;charset=UTF-8");
        if (model.get("connections") == null) {
            msg = "unBindingSuccess";
//            response.getWriter().write("<h3>解绑成功</h3>");
        } else {
            msg = "bindingSuccess";
//            response.getWriter().write("<h3>绑定成功</h3>");
        }

        response.sendRedirect("/message/" + msg);
    }
}
复制代码

效果如下:

Spring Security系列之Spring Social社交登录的绑定与解绑(十五)

解绑的实现

/connect/{providerId} 绑定社交账号( DELETE请求

//删除UserConnection表数据,返回connect/qqConnect视图
@RequestMapping(value="/{providerId}", method=RequestMethod.DELETE)
	public RedirectView removeConnections(@PathVariable String providerId, NativeWebRequest request) {
		ConnectionFactory<?> connectionFactory = connectionFactoryLocator.getConnectionFactory(providerId);
		preDisconnect(connectionFactory, request);
		connectionRepository.removeConnections(providerId);
		postDisconnect(connectionFactory, request);
		return connectionStatusRedirect(providerId, request);
	}
复制代码

实现connect/qqConnect视图

/**
     * /connect/qq POST请求,绑定微信返回connect/qqConnected视图
     * /connect/qq DELETE请求,解绑返回connect/qqConnect视图
     * @return
     */
    @Bean({"connect/qqConnect", "connect/qqConnected"})
    @ConditionalOnMissingBean(name = "qqConnectedView")
    public View qqConnectedView() {
        return new SocialConnectView();
    }
复制代码

效果如下:

Spring Security系列之Spring Social社交登录的绑定与解绑(十五)

原文 

https://juejin.im/post/5c19f4dde51d4526aa3f6cb3

本站部分文章源于互联网,本着传播知识、有益学习和研究的目的进行的转载,为网友免费提供。如有著作权人或出版方提出异议,本站将立即删除。如果您对文章转载有任何疑问请告之我们,以便我们及时纠正。

PS:推荐一个微信公众号: askHarries 或者qq群:474807195,里面会分享一些资深架构师录制的视频录像:有Spring,MyBatis,Netty源码分析,高并发、高性能、分布式、微服务架构的原理,JVM性能优化这些成为架构师必备的知识体系。还能领取免费的学习资源,目前受益良多

转载请注明原文出处:Harries Blog™ » Spring Security系列之Spring Social社交登录的绑定与解绑(十五)

赞 (0)
分享到:更多 ()

评论 0

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址