Sha*_*aun 5 spring-security spring-boot spring-security-oauth2 spring-oauth2
我正在研究一组端点的概念验证,这些端点需要能够相互调用传递令牌,这些令牌是通过OAuth 2客户端凭证流获得的.我正在使用Spring Boot和相关项目来构建这些端点,我很困惑为什么框架似乎对以下代码非常自以为:
package com.example.client;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.oauth2.client.OAuth2ClientContext;
import org.springframework.security.oauth2.client.OAuth2RestOperations;
import org.springframework.security.oauth2.client.OAuth2RestTemplate;
import org.springframework.security.oauth2.client.resource.OAuth2ProtectedResourceDetails;
import org.springframework.security.oauth2.client.token.grant.client.ClientCredentialsResourceDetails;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableOAuth2Client;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RestController;
@Configuration
@EnableAutoConfiguration
@EnableOAuth2Client
@RestController
public class StuffClient {
@Value("${security.oauth2.client.access-token-uri}")
private String tokenUrl;
@Value("${security.oauth2.client.id}")
private String clientId;
@Value("${security.oauth2.client.client-secret}")
private String clientSecret;
@Value("${security.oauth2.client.grant-type}")
private String grantType;
@Autowired
private OAuth2RestOperations restTemplate;
private String uri = "http://localhost:8082/stuff/";
@RequestMapping(value = "/client/{stuffName}", method = RequestMethod.GET)
public String client(@PathVariable("stuffName") String stuffName) {
String request = uri + stuffName;
return restTemplate.getForObject(request, String.class);
}
@Bean
public OAuth2RestOperations restTemplate(OAuth2ClientContext clientContext) {
return new OAuth2RestTemplate(resource(), clientContext);
}
@Bean
protected OAuth2ProtectedResourceDetails resource() {
ClientCredentialsResourceDetails resource = new ClientCredentialsResourceDetails();
resource.setAccessTokenUri(tokenUrl);
resource.setClientId(clientId);
resource.setClientSecret(clientSecret);
resource.setGrantType(grantType);
return resource;
}
}
以及随附的配置文件:
server:
port: 8081
security:
basic:
enabled: false
oauth2:
client:
id: test-client
client-secret: test-secret
access-token-uri: http://localhost:8080/uaa/oauth/token
grant-type: client_credentials
以上工作完全符合预期.如果我security.oauth2.client.id改为security.oauth2.client.client-id(在Java代码和YAML中),我得到500错误,第一行是:
org.springframework.security.oauth2.client.resource.OAuth2AccessDeniedException: Unable to obtain a new access token for resource 'null'. The provider manager is not configured to support it.
如果我硬编码所有实例变量的值,代码也可以正常工作.事实上,在填充那些实例变量的每个排列中似乎工作正常,除了我@Value用来填充clientId值的那个实例变量.security.oauth2.client.client-id
所以我的主要问题是:框架实际上是以这种非常具体的方式表达的吗?如果是这样,为什么?而且,我可以利用这种看法来简化我的代码吗?
我不确定您使用的是哪个 spring-boot 版本。我正在使用 spring-boot 版本1.5.4.RELEASED并简化您的代码,
你可以注入OAuth2ProtectedResourceDetails像
@Autowired
private OAuth2ProtectedResourceDetails resource;
并将OAuth2RestTemplate创建为
@Bean
@Primary
public OAuth2RestOperations restTemplate(OAuth2ClientContext clientContext) {
return new OAuth2RestTemplate(resource, clientContext);
}
示例 yaml ..
### OAuth2 settings ###
security:
user:
password: none
oauth2:
client:
accessTokenUri: ${auth-server}/oauth/token
userAuthorizationUri: ${auth-server}/oauth/authorize
clientId: myclient
clientSecret: secret
resource:
user-info-uri: ${auth-server}/sso/user
jwt:
keyValue: |
-----BEGIN PUBLIC KEY-----
your public key
-----END PUBLIC KEY-----
然后,restTemplate在控制器中使用实例作为
@Autowired
private OAuth2RestOperations restTemplate;
我希望对你有一些帮助。
| 归档时间: |
|
| 查看次数: |
5429 次 |
| 最近记录: |