我们使用 spring security oauth2 使用客户端凭据授予类型来获取令牌。我们不使用该application.properties文件来指定客户端凭据,而是以编程方式提供它们。
ClientRegistration clientRegistration = ClientRegistration
.withRegistrationId("test")
.clientId("testclientid")
.clientSecret("testclientsecret")
.authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS)
.tokenUri("http://test.tokenuri.com")
.build();
ReactiveClientRegistrationRepository reactiveClientRegistrationRepository = new InMemoryReactiveClientRegistrationRepository(clientRegistration);
ServerOAuth2AuthorizedClientExchangeFilterFunction oauth =
new ServerOAuth2AuthorizedClientExchangeFilterFunction(
reactiveClientRegistrationRepository,
new UnAuthenticatedServerOAuth2AuthorizedClientRepository());
oauth.setDefaultClientRegistrationId("test");
this.webClient = webClientFactory.getBuilder()
.filter(oauth)
.build();
该代码工作正常,但我们看到一条已UnAuthenticatedServerOAuth2AuthorizedClientRepository弃用的警告。api 文档UnAuthenticatedServerOAuth2AuthorizedClientRepository建议使用AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager,但AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager没有实现与UnAuthenticatedServerOAuth2AuthorizedClientRepository. 在这种情况下,对于替换已弃用的内容有何建议UnAuthenticatedServerOAuth2AuthorizedClientRepository?
我找到了https://github.com/spring-projects/spring-security/issues/8016但该问题没有提供太多细节。