弹簧靴2.3.x 和 Spring 5.x 最近添加了对基于以下配置的反应式 oauth2 客户端的支持网络客户端 class.
我需要客户端凭据授予流程配置
在没有相互 TLS/SSL 的情况下执行此调用非常简单。
正常(无 TLS/SSL)配置(@Configuration
)代码摘录如下:-
@Bean
public ReactiveOAuth2AuthorizedClientManager authorizedClientManager(
ReactiveClientRegistrationRepository clientRegistrationRepository,
ServerOAuth2AuthorizedClientRepository authorizedClientRepository){
ReactiveOAuth2AuthorizedClientProvider authorizedClientProvider = ReactiveOAuth2AuthorizedClientProviderBuilder.builder()
.clientCredentials()
.build();
DefaultReactiveOAuth2AuthorizedClientManager authorizedClientManager = new DefaultReactiveOAuth2AuthorizedClientManager(clientRegistrationRepository, authorizedClientRepository);
authorizedClientManager.setAuthorizedClientProvider(authorizedClientProvider);
return authorizedClientManager;
}
@Bean("testClient")
public WebClient webClient(ReactiveOAuth2AuthorizedClientManager authorizedClientManager,
@Value("${test.client.base.url}") String baseUrl) {
ServerOAuth2AuthorizedClientExchangeFilterFunction oauthFunction = new ServerOAuth2AuthorizedClientExchangeFilterFunction(authorizedClientManager);
oauthFunction.setDefaultClientRegistrationId("local");
return WebClient.builder()
.baseUrl(baseUrl)
.filter(oauthFunction)
.build();
}
@Bean
public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
http.oauth2Client();
return http.build();
}
属性文件
spring.security.oauth2.client.registration.local.authorization-grant-type=client_credentials
spring.security.oauth2.client.registration.local.client-id=client_id
spring.security.oauth2.client.registration.local.client-secret=client_secret
spring.security.oauth2.client.provider.local.token-uri=http://hostname:port/oauth/token
test.client.base.url=http://protected-resource/v1/apis
但是通过相互 TLS(客户端证书)调用 oauth2 授权服务器是一件大事。
怎么做?我想与社区分享相同的内容,并在下面亲自回答相同的问题
需求的答案和主要变化将在 bean 中authorizedClientManager
答案的范围只是客户端凭据授予流程,尽管其他 oauth2 授予流程的更改应该类似,这也会有所帮助。
@Bean
public ReactiveOAuth2AuthorizedClientManager authorizedClientManager(
ReactiveClientRegistrationRepository clientRegistrationRepository,
ServerOAuth2AuthorizedClientRepository authorizedClientRepository){
// construct client credential token response client yourself
WebClientReactiveClientCredentialsTokenResponseClient accessTokenResponseClient = new WebClientReactiveClientCredentialsTokenResponseClient();
// construct the sslContext as per your needs and inject in below
// and create httpClient by injecting your sslContext here
HttpClient httpClient = HttpClient.create()
.tcpConfiguration(client -> client.option(ChannelOption.CONNECT_TIMEOUT_MILLIS, 10000))
.secure(sslContextSpec -> sslContextSpec.sslContext(sslContext));
ClientHttpConnector httpConnector = new ReactorClientHttpConnector(httpClient);
accessTokenResponseClient.setWebClient(WebClient.builder().clientConnector(httpConnector).build());
ReactiveOAuth2AuthorizedClientProvider authorizedClientProvider = ReactiveOAuth2AuthorizedClientProviderBuilder
.builder()
.clientCredentials(c -> {
c.accessTokenResponseClient(accessTokenResponseClient);
}).build();
DefaultReactiveOAuth2AuthorizedClientManager authorizedClientManager = new DefaultReactiveOAuth2AuthorizedClientManager(clientRegistrationRepository, authorizedClientRepository);
authorizedClientManager.setAuthorizedClientProvider(authorizedClientProvider);
return authorizedClientManager;
}
如果你看到这条线.secure(sslContextSpec -> sslContextSpec.sslContext(sslContext));
您需要构造 sslContext 并注入相同的内容,这完全取决于您的代码设置。
有关详细代码和说明,您可以访问链接here
本文内容由网友自发贡献,版权归原作者所有,本站不承担相应法律责任。如您发现有涉嫌抄袭侵权的内容,请联系:hwhale#tublm.com(使用前将#替换为@)