我有一个在java 11中使用spring security和google oauth登录的工作代码。
@GetMapping("/google/integration")
public String googleIntegracionUsuario(@RegisteredOAuth2AuthorizedClient("google") OAuth2AuthorizedClient user, HttpServletRequest request, HttpServletResponse response) {
System.out.println("\n\n RefreshToken: " + user.getRefreshToken().getTokenValue());
System.out.println("\n\n AccessToken: " + user.getAccessToken().getTokenValue());
return "hello user";
}
在@配置中
@Override
public void configure(HttpSecurity httpSecurity) throws Exception {
httpSecurity
.cors().and().csrf().disable()
.authorizeRequests()
.antMatchers("/google/integration").authenticated()
.anyRequest().permitAll()
.and()
.oauth2Login()
.authorizationEndpoint()
.authorizationRequestResolver(new CustomAuthorizationRequestResolver(
this.clientRegistrationRepository));
}
在CustomAuthorizationRequestResolver中。
public class CustomAuthorizationRequestResolver implements OAuth2AuthorizationRequestResolver {
private final OAuth2AuthorizationRequestResolver defaultAuthorizationRequestResolver;
public CustomAuthorizationRequestResolver(
ClientRegistrationRepository clientRegistrationRepository) {
this.defaultAuthorizationRequestResolver =
new DefaultOAuth2AuthorizationRequestResolver(
clientRegistrationRepository, "/oauth2/authorization");
}
@Override
public OAuth2AuthorizationRequest resolve(HttpServletRequest request) {
final OAuth2AuthorizationRequest authorizationRequest = this.defaultAuthorizationRequestResolver.resolve(request);
return authorizationRequest != null ? customAuthorizationRequest(authorizationRequest) : null;
}
@Override
public OAuth2AuthorizationRequest resolve(HttpServletRequest request, String clientRegistrationId) {
final OAuth2AuthorizationRequest authorizationRequest = this.defaultAuthorizationRequestResolver.resolve(request, clientRegistrationId);
return authorizationRequest != null ? customAuthorizationRequest(authorizationRequest) : null;
}
private OAuth2AuthorizationRequest customAuthorizationRequest(OAuth2AuthorizationRequest authorizationRequest) {
Map<String, Object> additionalParameters = new LinkedHashMap<>(authorizationRequest.getAdditionalParameters());
additionalParameters.put("access_type", "offline");
return OAuth2AuthorizationRequest.from(authorizationRequest)
.additionalParameters(additionalParameters)
.build();
}
}
而在.properties中
spring.security.oauth2.client.registration.google.client-id=clientIdValue
spring.security.oauth2.client.registration.google.client-secret=clientSecret
spring.security.oauth2.client.registration.google.scope=https://www.googleapis.com/auth/calendar,email,https://www.googleapis.com/auth/contacts.readonly
问题是,当在本地主机上测试时,一切都很顺利,但当把项目上传到远程服务器上时,刷新令牌为NULL!我没有远程服务器的域名,但我已经编辑了etchosts,给远程服务器的公共ip的别名,并且我已经在google控制台的url重定向中添加了别名。
我没有远程服务器的域名,但我已经编辑了etchosts,给远程服务器的公共IP的别名,并且我已经添加了该别名的url重定向在谷歌控制台开发人员
在远程服务器上,登录工作正常,用户实际上是用hisher google账户登录的,实际上,我可以在远程服务器上得到一个用户的工作访问令牌,但刷新令牌无处可寻,该值只是作为null!我有一个在java 11中的工作代码,用spring security和google oauth登录@GetMapping("googleintegration") public String googleIntegracionUsuario(@RegisteredOAuth2A)。
System.out.println("\n\n AccessToken: " + uuser.getAccessToken().getTokenValue());
//prints: AccessToken: 'AccessToken value' in localhost and remoteServer
System.out.println("\n\n AccessToken: " + user.getRefreshToken().getTokenValue());
//prints: RefreshToken: 'RefreshToken value' in localhost
//Throws NullPointerException in remoteServer
我发现远程服务器上的刷新令牌只有在用户第一次登录时才会得到值,这是oauth2框架的预期行为,但我不知道为什么我每次在本地主机上都会得到刷新令牌,这就是让我感到困惑的地方,我想这是因为它没有绑定到一个特定的url