As I am new the springboot, I got stuck with a senario, pls help me out. I have custom login page where it takes a username and password and validate it. If user present, in my database then jwt token is generated, I have implemented this and this case is working. Now my problem is
I am trying to integrate the google sign-in. But while integrating the google sign-in, I am
getting authorized as anonymous user and I couldn't able proceed further. This is not the
case I dont want.
when ever user logged with google sign in option user must be able to sign in and could able to
generate the jwt token. How can I solve my problem. I am using technology springboot and reactjs.
My security configuration code.
public class Springsec extends WebSecurityConfigurerAdapter {
@Override
public void configure(HttpSecurity http) throws Exception{
http
.csrf()
.disable()
.antMatcher("/**")
.authorizeRequests()
.antMatchers("/", "/index.html","/error/**")
.permitAll()
.anyRequest().authenticated().and().formLogin();
/* http
.exceptionHandling()
.authenticationEntryPoint(auth)
.and()
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
http.addFilterBefore(securityFilter, UsernamePasswordAuthenticationFilter.class);
}
}
Is Below one is the only way to solve my problem or is there any way to solve the problem
google sign in must me authorized by reactjs then we have to send access token to the server
and generate the jwt token.
If there is any other way pls help out. If possible send me sample code.
If My guess is the only way to solve the problem, Then simply say yes.
Thank you. please help me out.
I have written about this here. Your configure method could look something like:
@Override
protected void configure(HttpSecurity http) throws Exception {
http.antMatcher("/**")
.authorizeRequests(t -> t.anyRequest().authenticated())
.formLogin(t -> t.loginPage("/login").permitAll())
.logout(t -> t.logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
.logoutSuccessUrl("/").permitAll());
try {
ClientRegistrationRepository repository =
getApplicationContext().getBean(ClientRegistrationRepository.class);
if (repository != null) {
http.oauth2Login(t -> t.clientRegistrationRepository(repository)
.userInfoEndpoint(u -> u.oidcUserService(oidcUserService))
.loginPage("/login").permitAll());
}
} catch (Exception exception) {
}
http.sessionManagement(t -> t.maximumSessions(-1).sessionRegistry(sessionRegistry()));
}
and the OAuth2 configuration (in application.yaml):
---
spring:
security:
oauth2:
client:
registration:
google:
client-id: XXXXXXXXXXXXXXXXXXXX
client-secret: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
provider:
google:
user-name-attribute: email