thymeleaf-extras-springsecurity icon indicating copy to clipboard operation
thymeleaf-extras-springsecurity copied to clipboard

Published 20 hours ago verified publisher icon thymeleaf

sec:authorize="isAuthenticated()" not working oauth2

Open NCanhhieu opened this issue 1 year ago • 1 comments

i use my customoauth2user implement userdetail , and update in security config for both oauth2 login and spring security login. but thymeleaf sec:authorize="isauthenticated()" not show up th:if="${level == 0}" (this is a property in account entity so spring security formlogin do show up this ) if i login using oauth2

                     <ul class="dropdown-menu level1"  sec:authorize="isAuthenticated()">
                            <li><a th:if="${level == 0}" th:href="@{/buyaccount}">Buy Account</a></li>
                            <li><a th:href="@{/profile}">Profile</a></li>
                            <li class="it-last"><a href="/logout">Logout</a></li>
                        </ul>
My customOauth2User:

 public class CustomOAuth2User implements OAuth2User , UserDetails { private OAuth2User oauth2User; private String email; private Collection<? extends GrantedAuthority> authorities; private Provider provider;

public CustomOAuth2User(OAuth2User oauth2User, String clientRegistrationId  ) {
    this.oauth2User = oauth2User;
    this.provider = determineProvider(clientRegistrationId);
    this.email = getEmail();
    this.authorities = getAuthorities();
}

private Provider determineProvider(String clientRegistrationId) {
    if (clientRegistrationId.equals("google")) {
        return Provider.GOOGLE;
    } else if (clientRegistrationId.equals("github")) {
        return Provider.GITHUB;
    } else {
        return Provider.LOCAL;
    }
}
@Override
public Map<String, Object> getAttributes() {
    return oauth2User.getAttributes();
}

@Override public Collection<? extends GrantedAuthority> getAuthorities() { if (authorities == null) { List<GrantedAuthority> authorities = new ArrayList<>(); authorities.add(new SimpleGrantedAuthority("ROLE_USER")); this.authorities = authorities; } return authorities; } @Override public String getName() { String loginAttribute = "login"; String provider = oauth2User.getAttribute("provider"); if (provider != null && provider.equals("github")) { loginAttribute = "login"; } else if (provider != null && provider.equals("google")) { loginAttribute = "name"; }

String email = oauth2User.getAttribute("email");
if (loginAttribute.equals("login") && email != null && email.contains("@gmail.com")) {
    loginAttribute = "name";
}


return oauth2User.<String>getAttribute(loginAttribute);

} public String getEmail() { String email = oauth2User.<String>getAttribute("email"); if (email == null) { return "http://github.com/" + oauth2User.<String>getAttribute("login"); } else { return email; } } @Column(name = "level") private int level; public int getLevel() { return level; }

public void setLevel(int level) {
    this.level = level;
}
public Provider getProvider() {
    return provider;
}
// Implement UserDetails methods
 @Override
public String getUsername() {
    return  getName();
}

@Override
public String getPassword() {
    return null;
}

@Override
public boolean isAccountNonExpired() {
    return true;
}

@Override
public boolean isAccountNonLocked() {
    return true;
}

@Override
public boolean isCredentialsNonExpired() {
    return true;
}

@Override
public boolean isEnabled() {
    return true;
}

} SecurityCongfig @Bean public SecurityFilterChain securityFilterChain(HttpSecurity httpSecurity) throws Exception { httpSecurity.sessionManagement( s -> s.sessionCreationPolicy(SessionCreationPolicy.ALWAYS) ); httpSecurity.getSharedObject(AuthenticationManagerBuilder.class) .authenticationProvider(daoAuthenticationProvider()); httpSecurity.authorizeHttpRequests(request -> { request.requestMatchers("/css/", "/js/", "/images/").permitAll(); request.requestMatchers("/getCategories","/getGenres").denyAll(); request.requestMatchers("/").permitAll(); request.requestMatchers("/login/oauth2/").permitAll(); request.requestMatchers("/oauth/").permitAll(); request.requestMatchers("/share/facebook").permitAll(); request.requestMatchers(GET,"/admin/").hasAuthority("ROLE_ADMIN"); request.anyRequest().permitAll(); })

            .logout(logout -> {
                logout.logoutRequestMatcher(new AntPathRequestMatcher("/logout"));
                logout.logoutSuccessUrl("/");
                logout.deleteCookies("JSESSIONID");
                logout.invalidateHttpSession(true);
                logout.clearAuthentication(true);
            })

            .formLogin(login -> {
                login.loginPage("/login");
                login.failureUrl("/login?error=true");
                login.successHandler(customAuthenticationSuccessHandler);
                 login.permitAll();
            })
            .rememberMe(rememberMe -> {
                rememberMe.key("remember-me");                                                    
                rememberMe.tokenValiditySeconds(3 * 24 * 60 * 60);       
                rememberMe.tokenRepository(persistentTokenRepository());
            })
            .oauth2Login(oauth2 -> {
                oauth2.loginPage("/login");
                 oauth2.userInfoEndpoint()
                        .userAuthoritiesMapper(userAuthoritiesMapper())
                        .userService(oauthUserService);
                oauth2.successHandler(      customAuthenticationSuccessHandler  );
            })
            .csrf(AbstractHttpConfigurer::disable) ;

return httpSecurity.build(); } @Bean GrantedAuthoritiesMapper userAuthoritiesMapper() { return (authorities) -> { Set<GrantedAuthority> mappedAuthorities = new HashSet<>();

        authorities.forEach(authority -> {
            if (authority instanceof OidcUserAuthority oidcAuth) {
                oidcAuth.getIdToken().getClaimAsStringList("groups").forEach(a -> mappedAuthorities.add(new SimpleGrantedAuthority(a)));
            } else if (authority instanceof OAuth2UserAuthority oauth2Auth) {
                ((List<String>) oauth2Auth.getAttributes().getOrDefault("groups", List.of())).forEach(a -> mappedAuthorities.add(new SimpleGrantedAuthority(a)));
            }
        });

        return mappedAuthorities;
    };
}

@Component public class CustomAuthenticationSuccessHandler implements AuthenticationSuccessHandler {

@Autowired
private AccountsService accountsService;

@Override
public void onAuthenticationSuccess(HttpServletRequest trequest, HttpServletResponse response,
                                    Authentication authentication) throws IOException, ServletException {
    // Handle OAuth2 user processing
    if (authentication.getPrincipal() instanceof CustomOAuth2User) {
        CustomOAuth2User oauthUser = (CustomOAuth2User) authentication.getPrincipal();
        accountsService.processOAuthPostLogin(oauthUser, trequest); 
    }
    // Set Authentication in the session
    HttpSession session = trequest.getSession(true); // Now you can access the request object
    session.setAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY, SecurityContextHolder.getContext());
    String targetUrl = trequest.getHeader("Referer"); // Get the original URL
    if (targetUrl == null || targetUrl.isEmpty()) {
        targetUrl = "/movies"; // Default to root path if no referrer is available
    }
    response.sendRedirect(targetUrl);
}

} my CustomOAuth2UserService : @Service public class CustomOAuth2UserService extends DefaultOAuth2UserService {

@Override
public OAuth2User loadUser(OAuth2UserRequest userRequest) throws OAuth2AuthenticationException {
    OAuth2User user =  super.loadUser(userRequest);

    return new CustomOAuth2User(user, userRequest.getClientRegistration().getRegistrationId());
}

}

NCanhhieu avatar Jul 14 '24 05:07 NCanhhieu

@NCanhhieu try adding the code below which worked for me: xmlns:sec="http://www.thymeleaf.org/thymeleaf-extras-springsecurity3"

towfiq-bK avatar Oct 29 '24 04:10 towfiq-bK