我有一个Spring Boot(1.2.1.RELEASE)应用程序,它在一个应用程序实例中提供OAuth2(2.0.6.RELEASE)授权和资源服务器.它使用自定义UserDetailsService实现MongoTemplate来搜索MongoDB中的用户.使用grant_type=passwordon进行身份验证/oauth/token就像魅力一样,以及Authorization: Bearer {token}在调用特定资源时使用标头进行授权.
现在我想向服务器添加简单的OAuth确认对话框,因此我可以在api-docs中对受保护资源进行身份验证和授权,例如Swagger UI调用.这是我到目前为止所做的:
@Configuration
@SessionAttributes("authorizationRequest")
class OAuth2ServerConfig extends WebMvcConfigurerAdapter {
@Override
public void addViewControllers(ViewControllerRegistry registry) {
registry.addViewController("/login").setViewName("login");
registry.addViewController("/oauth/confirm_access").setViewName("authorize");
}
@Configuration
@Order(2)
protected static class LoginConfig extends WebSecurityConfigurerAdapter implements ApplicationEventPublisherAware {
@Autowired
UserDetailsService userDetailsService
@Autowired
PasswordEncoder passwordEncoder
ApplicationEventPublisher applicationEventPublisher
@Bean
DaoAuthenticationProvider daoAuthenticationProvider() {
DaoAuthenticationProvider provider = new DaoAuthenticationProvider()
provider.passwordEncoder = passwordEncoder
provider.userDetailsService = userDetailsService
return provider
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception …