我有一些适用于 Spring Boot 的应用程序。这只是登录/注册页面而已。
我的 JWT 过滤器
public class JWTFilter extends GenericFilterBean {
private static final String AUTHORIZATION_HEADER = "X-CustomToken";
private static final String AUTHORITIES_KEY = "roles";
/**
* doFilter method for creating correct token(Bearer has taken from front-end part)
*
* @param req
* @param res
* @param filterChain
* @throws IOException
* @throws ServletException
*/
@Override
public void doFilter(ServletRequest req, ServletResponse res, FilterChain filterChain)
throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) req;
String authHeader = request.getHeader(AUTHORIZATION_HEADER);
if (authHeader == null || !authHeader.startsWith("Bearer ")) {
((HttpServletResponse) res).sendError(HttpServletResponse.SC_UNAUTHORIZED, "Invalid Authorization header.");
} else {
try {
String token = authHeader.substring(7);
Claims claims = Jwts.parser().setSigningKey("secretkey").parseClaimsJws(token).getBody();
request.setAttribute("claims", claims);
SecurityContextHolder.getContext().setAuthentication(getAuthentication(claims));
filterChain.doFilter(req, res);
} catch (SignatureException e) {
((HttpServletResponse) res).sendError(HttpServletResponse.SC_UNAUTHORIZED, "Invalid token");
}
}
}
/**
* Method for creating Authentication for Spring Security Context Holder
* from JWT claims
*/
private Authentication getAuthentication(Claims claims) {
List<SimpleGrantedAuthority> authorities = new ArrayList<>();
List<String> roles = (List<String>) claims.get(AUTHORITIES_KEY);
for (String role : roles) {
authorities.add(new SimpleGrantedAuthority(role));
}
User principal = new User(claims.getSubject(), "", authorities);
UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = new UsernamePasswordAuthenticationToken(
principal, "", authorities);
return usernamePasswordAuthenticationToken;
}
}
我的 WebSecurityConfig 类
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
/**
* This method is for overriding some configuration of the WebSecurity
* If you want to ignore some request or request patterns then you can
* specify that inside this method
*/
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring()
// ignoring the "/index.html", "/app/**", "/registration",
// "/favicon.ico"
.antMatchers("/", "/index.html", "/app/**", "/registration", "/login", "/favicon.ico ", "/confirmRegistration/**")
.and();
}
/**
* This method is used for override HttpSecurity of the web Application.
* We can specify our authorization criteria inside this method.
*/
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.anyRequest().fullyAuthenticated().and()
.addFilterBefore(new JWTFilter(), UsernamePasswordAuthenticationFilter.class)
.httpBasic().and()
.csrf().disable();
}
}
所以我在 data.sql 中硬编码了 1 个管理员,在我的应用程序中注册的每个用户都将获得用户角色并保存到 MySQL 中。我想添加社交应用程序登录(例如 Twitter、Facebook 和 Google)。问题是如果我使用 JWT 如何做到这一点?据我所知,Oauth2 更适合使用社交应用程序,但是我可以按照我的方式来做吗?
如果我想开始使用 Twitter,怎样做最好?
- 从 Twitter API 获取消费者 key 和 secret key
- 将其放入application.properties
- 设置 spring-social 依赖
- 创建 SocialConfig 类
- 更改我的 html 登录页面文件
那么,我需要更改我的登录 Controller 类吗?
最佳答案
我不确定其他社交网络,但是,如果您的代码是 Java 并且您打算使用 Twitter API,那么最好的方法是使用 Twitter4J library 。它是 Java 世界事实上的标准,并且有详细的文档记录。
当然,您需要一个 Twitter 开发帐户。您可以在 Twitter Dev Portal 上获取更多信息。
关于java - 如何使用 JWT 集成 Twitter 登录?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/47310687/