GitLab支援配置第三方登入, 修改配置檔案
gitlab.rb
:
vi /etc/gitlab/gitlab.rb
#OAuth2.0
gitlab_rails['omniauth_enabled'] = true
gitlab_rails['omniauth_allow_single_sign_on'] = ['OneID']
gitlab_rails['omniauth_block_auto_created_users'] = false
gitlab_rails['omniauth_providers'] = [
{
'name' => 'OneID',
'app_id' => '123',
'app_secret' => '1111',
'args' => {
client_options: {
'site' => 'http://10.30.75.85:31900',
'authorize_url' => '/auth',
'user_info_url' => '/userInfo'
},
user_response_structure: {
root_path: [],
id_path: 'userAccountID',
attributes: {
name: 'realName',
nickname: 'nickname',
email: 'email',
username:'username'
}
},
name: 'OneID',
strategy_class: "OmniAuth::Strategies::OAuth2Generic"
}
}
]
http://10.30.75.85:31900
:本人服務的位址
以上資料僅供參考,請根據實際情況修改,不清楚配置請百度,有詳細案例
我服務實作方式為java web項目(Spring boot),配置:
<dependency>
<groupId>org.jsoup</groupId>
<artifactId>jsoup</artifactId>
<version>1.11.3</version>
</dependency>
<dependency>
<groupId>com.konghq</groupId>
<artifactId>unirest-java</artifactId>
<version>3.5.00</version>
</dependency>
<!-- 需要作為獨立jar檔案引用時(包含隐式依賴) -->
<dependency>
<groupId>com.konghq</groupId>
<artifactId>unirest-java</artifactId>
<version>3.5.00</version>
<classifier>standalone</classifier>
</dependency> 定義OAuthController.java
@Controller
@RefreshScope
public class OAuthController extends BaseController {
@Value("${dossen.gitlab.url}")
private String gitLabUrl;
/**
* 獲得通過oneid登入得重定向位址
* @return
*/
@RequestMapping(value = "/login", method = RequestMethod.GET)
public String getGitLabStateVal(HttpServletRequest request, HttpServletResponse response){
//所有cookie-我就看看,沒什麼用
Cookie[] cookies = request.getCookies();
//獲得通過oneid登入得重定向位址
String location = ImitativeLoginGitLabUtil.getLocation(gitLabUrl);
String[] urlAndCookie = location.split("&&");
//設定cookie
Cookie cookie = new Cookie("_gitlab_session",urlAndCookie[1].replaceAll("_gitlab_session=",""));
cookie.setPath("/");
response.addCookie(cookie);
return "redirect:"+urlAndCookie[0];
}
@RequestMapping(value = "/auth", method = RequestMethod.GET)
public String auth(OAuthRequest request) {
//需要自己寫實作邏輯鑒權傳回給gitlab
return "redirect:"";
}
/**
* 擷取使用者資訊
*
* @return
*/
@ResponseBody
@RequestMapping(value = "/userInfo")
public Object userInfo(HttpServletRequest request) {
//gitlab請求參數查詢使用者資訊,傳回給gitlab
UserGetResponse userGetResponse = null;
Map<String, Object> resultMap = new HashMap<String, Object>();
resultMap.put("userAccountID", userGetResponse.getUserAccountID());
resultMap.put("realName", userGetResponse.getRealName());
resultMap.put("nickname", userGetResponse.getRealName());
resultMap.put("username", userGetResponse.getEmail().split("@")[0]);
resultMap.put("email", userGetResponse.getEmail());
ResponseEntity<Object> responseEntity = new ResponseEntity<Object>(resultMap,
HttpStatus.valueOf(200));
return responseEntity;
}
} 定義ImitativeLoginGitLabUtil.java
package com.dossen.gitlab.adapter.util;
import kong.unirest.HttpResponse;
import kong.unirest.Unirest;
import org.jsoup.Jsoup;
import org.jsoup.nodes.Document;
import org.springframework.beans.factory.annotation.Value;
/**
* 模拟登入gitlab請求擷取重定向值
* @Author wenfl
* @Date 2021-10-14
*/
public class ImitativeLoginGitLabUtil {
public static String getLocation(String gitLabUrl){
HttpResponse<String> response = null;
try {
//打開登入頁面
response =Unirest.get(gitLabUrl).asString();
//得到document對象
Document doc = Jsoup.parse(response.getBody());
String authenticity_token = doc.select("meta[name=csrf-token]").get(0).attr("content");
String cookeiValue = response.getHeaders().getFirst("Set-Cookie");
response = Unirest.post(gitLabUrl+"/users/auth/OneID")
.header("Cookie", cookeiValue)
.header("Content-Type", "application/x-www-form-urlencoded")
.field("authenticity_token", authenticity_token)
.asString();
//獲得重定向位址
String location = response.getHeaders().getFirst("Location")+"&&"+cookeiValue.split(";")[0];
return location;
} catch (Exception e) {
e.printStackTrace();
}
return "";
}
} ![Java String.format方法的簡單使用[圖]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)