rev*_*dev 7 security spring oauth-2.0 spring-security-oauth2
我正在使用Spring Security OAuth2.客户端应用程序(我们拥有)发出"密码"授权请求,该请求传递用户的用户名和密码.就像草案规定的一样.
我需要这种机制来支持其他类型的凭证,例如卡号,PIN,甚至是预先认证的,不需要密码的授权.
请记住,这些请求只能由特权client_id允许,该特权client_id只能从我们拥有的应用程序中使用.
戴夫,谢谢你的快速反应.我实际上找到了一个完美的解决方案,一个你参与的解决方案.它与"自定义授权"令牌授予者有关... https://jira.spring.io/browse/SECOAUTH-347
如果我更新了我可能已经知道的相当旧的1.0.0.M5版本.
我的方法是扩展AbstractTokenGranter一个支持自定义授权类型的类(我称之为"studentCard").一旦身份验证请求到达此处,我就会检查参数列表ResourceOwnerPasswordTokenGranter,但是请查找我的自定义"cardNumber"参数.然后,我将自己的基于UsernamePasswordAuthenticationToken身份的版本传递给我的AuthenticationProvider,后者知道如何根据身份证对用户进行身份验证.
这是我提出的自定义令牌granter类:
public class StudentCardTokenGranter extends AbstractTokenGranter {
private static final String GRANT_TYPE = "studentCard";
private final AuthenticationManager authenticationManager;
public StudentCardTokenGranter(AuthenticationManager authenticationManager,
AuthorizationServerTokenServices tokenServices, ClientDetailsService clientDetailsService) {
super(tokenServices, clientDetailsService, GRANT_TYPE);
this.authenticationManager = authenticationManager;
}
@Override
protected OAuth2Authentication getOAuth2Authentication(AuthorizationRequest clientToken) {
Map<String, String> parameters = clientToken.getAuthorizationParameters();
String cardNumber = parameters.get("cardNumber");
Authentication userAuth = new StudentCardAuthenticationToken(cardNumber);
try {
userAuth = authenticationManager.authenticate(userAuth);
} catch (BadCredentialsException e) {
// If the username/password are wrong the spec says we should send 400/bad grant
throw new InvalidGrantException(e.getMessage());
}
if (userAuth == null || !userAuth.isAuthenticated()) {
throw new InvalidGrantException("Could not authenticate student: " + cardNumber);
}
return new OAuth2Authentication(clientToken, userAuth);
}
}
我的授权服务器配置:
<!-- Issues tokens for both client and client/user authorization requests -->
<oauth:authorization-server client-details-service-ref="clientDetails" token-services-ref="tokenServices">
<oauth:refresh-token />
<oauth:client-credentials />
<oauth:password authentication-manager-ref="myUserManager" />
<oauth:custom-grant token-granter-ref="studentCardGranter" />
</oauth:authorization-server>
<bean id="studentCardGranter" class="com.api.security.StudentCardTokenGranter">
<constructor-arg name="authenticationManager" ref="myUserManager" />
<constructor-arg name="tokenServices" ref="tokenServices" />
<constructor-arg name="clientDetailsService" ref="clientDetails" />
</bean>
| 归档时间: |
|
| 查看次数: |
6145 次 |
| 最近记录: |