There is a web application on Spring MVC, I try to add Google authentication to it. I configure SpringSecurity as follows:
@Configuration @EnableWebSecurity @EnableOAuth2Client @PropertySource("classpath:google-oauth2.properties") public class SecurityConfig extends WebSecurityConfigurerAdapter{ @Autowired OAuth2ClientContext oauth2ClientContext; @Autowired private OAuth2ClientContextFilter oauth2ClientContextFilter; @Value("${oauth2.clientId}") private String clientId; @Value("${oauth2.clientSecret}") private String clientSecret; @Value("${oauth2.userAuthorizationUri}") private String userAuthorizationUri; @Value("${oauth2.accessTokenUri}") private String accessTokenUri; @Value("${oauth2.tokenName:authorization_code}") private String tokenName; @Value("${oauth2.scope}") private String scope; @Value("${oauth2.userInfoUri}") private String userInfoUri; @Value("${oauth2.filterCallbackPath}") private String oauth2FilterCallbackPath; @Bean public AuthenticationEntryPoint authenticationEntryPoint() { // May need an OAuth2AuthenticationEntryPoint for non-browser clients return new LoginUrlAuthenticationEntryPoint(oauth2FilterCallbackPath); } @Override protected void configure(HttpSecurity http) throws Exception { http.antMatcher("/**") .authorizeRequests() .antMatchers("/", "/oauth2/**").permitAll() .anyRequest().authenticated().and() .exceptionHandling().authenticationEntryPoint(authenticationEntryPoint()).and() .logout().logoutUrl("/logout").logoutSuccessUrl("/").permitAll().and() .addFilterBefore(ssoFilter(), FilterSecurityInterceptor.class) .addFilterAfter(oauth2ClientContextFilter, ExceptionTranslationFilter.class) .anonymous().disable(); } @Bean public Filter ssoFilter() { OAuth2ClientAuthenticationProcessingFilter facebookFilter = new OAuth2ClientAuthenticationProcessingFilter(oauth2FilterCallbackPath); OAuth2RestTemplate facebookTemplate = new OAuth2RestTemplate(facebook(), oauth2ClientContext); GoogleUserInfoTokenServices tokenServices = new GoogleUserInfoTokenServices(userInfoUri, clientId); facebookFilter.setRestTemplate(facebookTemplate); facebookFilter.setTokenServices(tokenServices); return facebookFilter; } @Bean public OAuth2ProtectedResourceDetails facebook() { AuthorizationCodeResourceDetails details = new AuthorizationCodeResourceDetails(); details.setId("google-oauth-client"); details.setClientId(clientId); details.setClientSecret(clientSecret); details.setUserAuthorizationUri(userAuthorizationUri); details.setAccessTokenUri(accessTokenUri); details.setTokenName(tokenName); String commaSeparatedScopes = scope; details.setScope(parseScopes(commaSeparatedScopes)); details.setAuthenticationScheme(AuthenticationScheme.query); details.setClientAuthenticationScheme(AuthenticationScheme.form); return details; } private List<String> parseScopes(String commaSeparatedScopes) { List<String> scopes = new LinkedList<>(); Collections.addAll(scopes, commaSeparatedScopes.split(",")); return scopes; } @Override public void configure(WebSecurity web) throws Exception { web.ignoring().antMatchers("/css/**", "/js/**", "/pages/**"); } @Override protected AuthenticationManager authenticationManager() throws Exception { return new NoopAuthenticationManager(); } private static class NoopAuthenticationManager implements AuthenticationManager { @Override public Authentication authenticate(Authentication authentication) throws AuthenticationException { throw new UnsupportedOperationException( "No authentication should be done with this AuthenticationManager"); } } @Bean @Description("Enables ${...} expressions in the @Value annotations" + " on fields of this configuration. Not needed if one is" + " already available.") public static PropertySourcesPlaceholderConfigurer propertySourcesPlaceholderConfigurer() { return new PropertySourcesPlaceholderConfigurer(); } } Logging in through google works fine, but because of the disabled anonymous access, users cannot even go to the main page without authorization. If you enable anonymous access, OAuth stops working with the error:
Authentication Failed: anonymous not allowed
The only normal description of the problem found on the forum Spring
But I can not understand 1 point. In my scenario, users, before logging in, go through the site under an anonymous account, and after logging in through OAuth, they receive their profile and go under it. Correspondingly, authorization through OAuth is needed in order to map Google account with a local user and get some data from the Google profile. In the variant described on the forum it is said that prior to authorization through OAuth, it is necessary to give the user a non-anonymous account to identify the user.
Please tell me how to implement such an authentication mechanism. Maybe I fundamentally do not understand the purpose of OAuth?
