• 这里就可以不用配置AuthenticationSuccessHandler

package com.lee.demo.configurations;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
@Configuration
public class OAuth2SecurityConfiguration extends WebSecurityConfigurerAdapter {
    // @Autowired
    // private Oauth2AuthenticationSuccessHandler oauth2AuthenticationSuccessHandler;
	@Override
    protected void configure(HttpSecurity http) throws Exception {
                .authorizeRequests()
                .anyRequest().authenticated()
                .and()
                .oauth2Login()
                .redirectionEndpoint()
                .baseUri("/oauth2/callback")
                // .and()
				// .successHandler(oauth2AuthenticationSuccessHandler)
直接访问 /info 时框架会自动注入 Authentication，从中便可获取
或者直接访问user，框架会自动注入user，从中也可获取
不用帮前端做跳转，前后端分离更加彻底
 
package com.lee.demo.controller;
import com.lee.demo.model.UserInfoDTO;
import lombok.extern.slf4j.Slf4j;
import org.springframework.security.core.Authentication;
import org.springframework.security.oauth2.client.OAuth2AuthorizedClient;
import org.springframework.security.oauth2.client.annotation.RegisteredOAuth2AuthorizedClient;
import org.springframework.security.oauth2.core.user.OAuth2User;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RestController;
@Slf4j
@RestController
public class HelloController {
    // 用 "/login" 路径有问题
    @GetMapping("/info")
    public UserInfoDTO info(Authentication authentication) {
        OAuth2User oAuth2User = (OAuth2User) authentication.getPrincipal();
        UserInfoDTO userInfoDTO = new UserInfoDTO();
        userInfoDTO.setId((Integer) oAuth2User.getAttributes().get("id"));
        userInfoDTO.setLogin((String) oAuth2User.getAttributes().get("login"));
        userInfoDTO.setAvatar_url((String) oAuth2User.getAttributes().get("avatar_url"));
        return userInfoDTO;
	@GetMapping("/user")
    public Principal user(Principal principal) {
        return principal;
    "id": 48xxxx8,
    "login": "zxxx1",
    "avatar_url": "https://avatars3.githubusercontent.com/u/4xxxx28?v=4"
                    从 Spring security oauth2 client 自动配置中获取当前登录用户信息方法一：在AuthenticationSuccessHandler实现类中获取缺点：获取用户信息后需要做跳转，底层框架并不会自动跳转回未授权之前访问的页面package com.lee.demo.handler;import lombok.extern.slf4j.Slf4j;import...
上一篇我们是用了password模式来进行授权认证，获取token，接下来我们来看看其中关键的类是怎么获取token，分发token的。
ClientCredentialsTokenEndpointFilter
首先外部通过请求/oauth/token来获取token，当请求进来之前就会通过一个ClientCredentialsTokenEndpointFilter的过滤器，关键方如下：
@Override
public Authentication attemptAuthentication(Htt
				
项目场景：
既然前面有说到spring security 是如何验证当前用户以及获取到当前用户信息，哪么spring security auth2.0又是如何验证当前用户信息的呢？
技术详解：
spring security auth2.0验证用户信息其实更加简单，具体的逻辑就在OAuth2AuthenticationProcessingFilter，我们先一起看看OAuth2AuthenticationProcessingFilter的源码吧.
OAuth2AuthenticationProce
				'org.springframework.data.redis.connection.RedisConnectionFactory' that could not be found
					11391