添加自定义 OidcUserService 以与 Spring Azure AAD OidcUserService 配合使用
我们有以下 Spring Security Configuration 类,它扩展了 Spring Azure 配置适配器,并希望将自定义 OidcUserService 添加到 userInfo 回调中。我们有两个独立的项目,一个是原型项目,另一个是我们的真实项目。我们使用原型来证明它可以工作,一旦工作成功,就将其转移到我们的实际项目中。两个项目在配置、类路径上的 pom/库等方面都是相同的。但在实际项目中,我们收到一个错误,指出配置中存在循环依赖。我们不知道如何解决这个问题。
编辑:更多的发现,看来真实项目中的Spring将我们的自定义OidcUserService注入到AADO安全bean中,而不是使用它们自己的,而原型则放入了正确的AADO OidcUserService。就像项目之间 bean 实例化的顺序不同一样,即使我们没有在两个项目中指定顺序。
这是两个项目中用于配置的代码。自定义 OidcUserService 对于每个项目都是相同的。从一个项目复制/粘贴到另一个项目,包括此配置。
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
class AADOAuth2LoginSecurityConfig extends AADWebSecurityConfigurerAdapter {
@Resource
OAuth2UserService<OidcUserRequest, OidcUser> customOidcUserService;
@Override
protected void configure(HttpSecurity http) throws Exception {
super.configure(http);
http
.authorizeRequests()
.antMatchers("/", "/login", "/*.js", "/*.css").permitAll()
.anyRequest().authenticated()
.and()
.csrf()
.disable()
.oauth2Login(oauth2Login ->
oauth2Login.userInfoEndpoint(userInfoEndpoint ->
userInfoEndpoint.oidcUserService(customOidcUserService)
)
);
}
。
如果您想查看的话,这是定制服务
@Service
public class CustomOidcUserService implements OAuth2UserService<OidcUserRequest, OidcUser> {
final private OAuth2UserService<OidcUserRequest, OidcUser> aadoAuth2UserService;
public CustomOidcUserService(OAuth2UserService<OidcUserRequest, OidcUser> aadoAuth2UserService) {
this.aadoAuth2UserService = aadoAuth2UserService;
}
public OidcUser loadUser(OidcUserRequest userRequest) throws OAuth2AuthenticationException {
OidcUser oidcUser = aadoAuth2UserService.loadUser(userRequest);
//Custom code would go here
return oidcUser;
}
}
We have the following Spring Security Configuration class that extends Spring Azure configuration adapter and want to add a custom OidcUserService to the userInfo callback. We have 2 separate projects, a prototype one and our real project. We used the prototype to prove that it can work, and once it worked move it to our real project. Both projects are identical in configuration, pom/libraries on the class path, etc. But in the real project we get an error stating there is a circular dependency in the configuration. We can't figure out how to resolve this problem.
EDIT: Some more findings, It appears Spring in the real project is injecting our custom OidcUserService into the AADO Security beans instead of using their own, whereas the prototype puts in the correct AADO OidcUserService. Like the order of bean instantiation is different between projects even though we do not specify order in either project.
Here is the code in both projects for the configuration. The custom OidcUserService is identical to each project. Copy/Pasted from one project to the other, including this configuration.
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
class AADOAuth2LoginSecurityConfig extends AADWebSecurityConfigurerAdapter {
@Resource
OAuth2UserService<OidcUserRequest, OidcUser> customOidcUserService;
@Override
protected void configure(HttpSecurity http) throws Exception {
super.configure(http);
http
.authorizeRequests()
.antMatchers("/", "/login", "/*.js", "/*.css").permitAll()
.anyRequest().authenticated()
.and()
.csrf()
.disable()
.oauth2Login(oauth2Login ->
oauth2Login.userInfoEndpoint(userInfoEndpoint ->
userInfoEndpoint.oidcUserService(customOidcUserService)
)
);
}
}
Here is the custom service, in case you wanted to see it.
@Service
public class CustomOidcUserService implements OAuth2UserService<OidcUserRequest, OidcUser> {
final private OAuth2UserService<OidcUserRequest, OidcUser> aadoAuth2UserService;
public CustomOidcUserService(OAuth2UserService<OidcUserRequest, OidcUser> aadoAuth2UserService) {
this.aadoAuth2UserService = aadoAuth2UserService;
}
public OidcUser loadUser(OidcUserRequest userRequest) throws OAuth2AuthenticationException {
OidcUser oidcUser = aadoAuth2UserService.loadUser(userRequest);
//Custom code would go here
return oidcUser;
}
}
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
中有
@ConditionalOnMissingBeanhref="https://github.com/Azure/azure-sdk-for-java/blob/azure-spring-boot-starter-active-directory_3.14.0/sdk/spring/azure-spring-boot/src/main /java/com/azure/spring/aad/webapp/AADWebApplicationConfiguration.java#L39" rel="nofollow noreferrer">azure-spring-boot的源代码,因此,如果您将CustomOidcUserService定义为 bean,则不会创建AADOAuth2UserServicebean。但是在实际项目中我们收到一个错误,指出配置中存在循环依赖。我们不知道如何解决这个问题。。可以分享一下日志吗?虽然原型放入了正确的 AADO OidcUserService,但您的意思是正确的 AADO OidcUserService应该是AADOAuth2UserService吗?对于此类问题,最好在 GitHub 中创建一个问题,并描述如何重现您的问题。因此,您可以在此处创建问题。
There is
@ConditionalOnMissingBeanin the source code of azure-spring-boot, so if you definedCustomOidcUserServiceas a bean,AADOAuth2UserServicebean will not be created.But in the real project we get an error stating there is a circular dependency in the configuration. We can't figure out how to resolve this problem.. Could you please share the log?whereas the prototype puts in the correct AADO OidcUserService, do you mean thecorrect AADO OidcUserServiceshould beAADOAuth2UserService?For such kind of problems, it's better to create an issue in the GitHub, and describe how to reproduce your problem. So you can create an issue here.