Spring Boot - set default HTTP Oauth2Login() registration/provider

问题

New to spring boot and I'm working on an application that already had some Oauth2 authentication done for signing in with azure. I was tasked with setting up some auth for another API and now I have two registrations(client id/secret/grant-type) in my application-local.properties.

spring.security.oauth2.resource.jwk.key-set-uri=xxxxxxxx
spring.security.oauth2.client.registration.azure.client-secret=xxxx
spring.security.auth2.client.registration.azure.client-id=xxxxx
spring.security.oauth2.client.registration.azure.authorization-grant-type=authorization_code
spring.security.oauth2.client.registration.azure.client-name=azure
spring.security.oauth2.client.registration.azure.provider=azure
spring.security.oauth2.client.registration.azure.scope=openid,profile,email,offline_access

spring.security.oauth2.client.provider.test.token-uri=xxxxx
spring.security.oauth2.client.registration.test.client-id=xxxxx
spring.security.oauth2.client.registration.test.client-secret=xxxxx
spring.security.oauth2.client.registration.test.authorization-grant-type=client_credentials

example of login prompt

This works. The problem now is when visiting the application for the first time, you are prompted to choose which service you would like to login with, either azure or test. I would like to be able to set a default for this and use azure for logging into the application so the user isn't prompted.

        http.authorizeRequests()
                .antMatchers("/impersonate/**").hasAnyRole(roleAdmin)
                .antMatchers("/login", "/health").permitAll()
                .anyRequest().authenticated()
                .antMatchers("/logout").hasRole(prevRoleAdmin)
                .anyRequest().fullyAuthenticated()
                .and()
                .csrf().disable()
                .logout()
                .logoutSuccessUrl("/admin")
                .and()

                .oauth2Login() // Is there a way to pass which registration it should use after this?

                .userInfoEndpoint()
                .oidcUserService(this.oidcUserService())
        ;

Is there any way to set this to seek out and use the creds for azure?

回答1:

By default, Spring Security shows the chooser page, but you can set the login page to a specific client:

@Configuration
public class RedirectToAzureConfig extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) {
        http
            // ... 
            .oauth2Login(oauth2 -> oauth2
                .loginPage("/oauth2/authorization/azure")
            );
    }

}

For every client listed in your application.properties, Spring Security will respond to /oauth2/authorization/{registrationId} requests and negotiate with the corresponding authorization server to get the user logged in.

If you need to programmatically decide what to redirect to, you can register an AuthenticationEntryPoint instead of setting the loginPage().

回答2:

Webflux way of defining the Authentication Entry Point:

@Configuration
public class RedirectToAzureConfig {

    @Bean
    public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {

        http
            // ...
            .oauth2Login()
            .and()
            .exceptionHandling()
                .authenticationEntryPoint(new RedirectServerAuthenticationEntryPoint("/oauth2/authorization/azure")));
        return http.build();
    }
}

来源：https://stackoverflow.com/questions/60674060/spring-boot-set-default-http-oauth2login-registration-provider