我只想覆盖默认的oauth2登录网址(/login)。我该怎么做?我尝试过的配置没有成功:
@Bean
public SecurityWebFilterChain securityWebFilterChain(ServerHttpSecurity http) {
http
.authorizeExchange().pathMatchers(permittedUrls).permitAll()
.anyExchange().authenticated()
.and()
.oauth2Login(Customizer.withDefaults()).formLogin().loginPage("/oauth2_login")
.authenticationSuccessHandler(this::onAuthenticationSuccess)
.and()
.csrf().disable();
return http.build();
我希望它会重定向到/oauth2_login网址,但它不起作用。它仍然重定向到/login。但这次它返回 404 而不是显示默认登录页面。
上面的代码正在自定义formLogin登录页面,这通常是基于用户名/密码的表单登录。使用新的 lambda 样式方法更容易查看您正在影响的配置,因此我更新了整个配置以使用它。如果要自定义 oauth2Login 的登录页面,则应更改其上的登录页面。例如:
@Bean
public SecurityWebFilterChain securityWebFilterChain(ServerHttpSecurity http) {
http
.authorizeExchange(exchanges -> exchanges
.pathMatchers(permittedUrls).permitAll()
.anyExchange().authenticated()
)
.oauth2Login(oauth2 -> oauth2
// you now must render a log in page for the URL /login
.loginPage("/login")
);
// remove formLogin that was for a username/password based log in
// if you are doing oauth2 login I'm guessing you allow users to work within a browser, so you should not disable csrf
return http.build();
}