我是Spring Security和Spring的新手,我目前正在尝试创建一个简单的Spring Web应用程序,该应用程序使用Okta作为授权提供程序演示Spring Security OAuth2中的客户端凭据和授权授权流程。
目前,该应用程序有两个html按钮,每个按钮都链接到其中一个流程(oktaAuth和oktaClient)。当用户单击按钮时,它应遵循相应的流程并从已配置的授权服务器检索JWT。在对应用程序和/或用户进行身份验证后,应用程序应使用授予的令牌从AWS Api检索JSON信息。
我的问题是,是否有可能在一个应用程序中演示两个流程,如果是这样,需要做出哪些更改以适应每个应用程序中的差异?
以下是我的代码段: 主要应用
@SpringBootApplication
@EnableOAuth2Client
@RestController
public class BootAndOAuthApplication extends WebSecurityConfigurerAdapter{
public static void main(String[] args) {
SpringApplication.run(BootAndOAuthApplication.class, args);
}
@Autowired
OAuth2ClientContext oauth2ClientContext;
@RequestMapping("/user")
public Principal user(Principal principal) {
return principal;
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.antMatcher("/**")
.authorizeRequests()
.antMatchers("/", "/login**", "/webjars/**")
.permitAll()
.anyRequest()
.authenticated()
.and().logout().logoutSuccessUrl("/").permitAll()
.and().csrf().csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse())
.and().addFilterBefore(ssoFilter(), BasicAuthenticationFilter.class);
}
private Filter ssoFilter() {
CompositeFilter filter = new CompositeFilter();
List<Filter> filters = new ArrayList<>();
filters.add(ssoFilter(oktaAuth(), "/login/oktaAuth"));
OAuth2ClientAuthenticationProcessingFilter oktaClientFilter = new OAuth2ClientAuthenticationProcessingFilter("/login/oktaClient");
OAuth2RestTemplate oktaClientTemplate = new OAuth2RestTemplate(oktaClient(), oauth2ClientContext);
oktaClientFilter.setRestTemplate(oktaClientTemplate);
UserInfoTokenServices tokenServices = new UserInfoTokenServices(oktaClientResource().getTokenInfoUri(), oktaClient().getClientId());
tokenServices.setRestTemplate(oktaClientTemplate);
oktaClientFilter.setTokenServices(tokenServices);
filters.add(oktaClientFilter);
filter.setFilters(filters);
return filter;
}
private Filter ssoFilter(ClientResources client, String path) {
OAuth2ClientAuthenticationProcessingFilter oAuth2ClientAuthenticationFilter = new OAuth2ClientAuthenticationProcessingFilter(path);
OAuth2RestTemplate oAuth2RestTemplate = new OAuth2RestTemplate(client.getClient(), oauth2ClientContext);
oAuth2ClientAuthenticationFilter.setRestTemplate(oAuth2RestTemplate);
UserInfoTokenServices tokenServices = new UserInfoTokenServices(client.getResource().getUserInfoUri(),
client.getClient().getClientId());
tokenServices.setRestTemplate(oAuth2RestTemplate);
oAuth2ClientAuthenticationFilter.setTokenServices(tokenServices);
return oAuth2ClientAuthenticationFilter;
}
@Bean
@ConfigurationProperties("oktaAuth")
public ClientResources oktaAuth() {
return new ClientResources();
}
@Bean
@ConfigurationProperties("oktaClient.client")
public ClientCredentialsResourceDetails oktaClient() {
return new ClientCredentialsResourceDetails();
}
@Bean
@ConfigurationProperties("oktaClient.resource")
public ResourceServerProperties oktaClientResource() {
return new ResourceServerProperties();
}
@Bean
public FilterRegistrationBean oauth2ClientFilterRegistration(
OAuth2ClientContextFilter filter) {
FilterRegistrationBean registration = new FilterRegistrationBean();
registration.setFilter(filter);
registration.setOrder(-100);
return registration;
}
}
class ClientResources {
@NestedConfigurationProperty
private AuthorizationCodeResourceDetails client = new AuthorizationCodeResourceDetails();
@NestedConfigurationProperty
private ResourceServerProperties resource = new ResourceServerProperties();
public AuthorizationCodeResourceDetails getClient() {
return client;
}
public ResourceServerProperties getResource() {
return resource;
}
}
application.yml
oktaAuth:
client:
clientId: [redacted - credentials 1]
clientSecret: [redacted - credentials 1]
accessTokenUri: {Okta Token Url}
userAuthorizationUri: {Okta Authorize Url}
grant-type: authorization_code
clientAuthenticationScheme: form
scope: [redacted]
resource:
userInfoUri: {Okta User Url}
preferTokenInfo: false
oktaClient:
client:
clientId: [redacted - credentials 2]
clientSecret: [redacted - credentials 2]
accessTokenUri:{Okta Token Url}
client-authentication-scheme: form
grant-type: client_credentials
scope:[redacted]
resource:
user-info-uri: {Okta User Url}
preferTokenInfo: true
正如我所说,这对我来说是新的,所以任何帮助都会非常感激!