多个oauth客户端弹簧安全性

时间:2018-06-05 15:22:56

标签: java spring spring-security spring-security-oauth2

我有两个表,每个表中有一个不同的用户,有两个连接到我的Spring BackEnd的应用程序web,每个frontEnd应用程序都有一个用户表。我希望每个表的用户连接不同的clientId和clientSecret。我试图创建两个授权服务器,但它似乎不起作用。 

public class ClientAuthorizationServerConfiguration extends 
AuthorizationServerConfigurerAdapter {

@Autowired 
private ClientConfigurationProperties clientConfiguration;

private TokenStore tokenStore = new InMemoryTokenStore();

@Autowired
@Qualifier("authenticationManagerBean")
private AuthenticationManager authenticationManager;

@Autowired
private RepositoryClientDetailsService clientDetailsService;

@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints)
        throws Exception {
    endpoints
            .tokenStore(this.tokenStore)
            .authenticationManager(this.authenticationManager)
            .userDetailsService(clientDetailsService);

}
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws 
Exception {
    clients 
            .inMemory()
            .withClient(clientConfiguration.getClientId())
            .authorizedGrantTypes("password", "refresh_token")
            .authorities("USER")
            .scopes("read", "write")
            .resourceIds(ClientApiResourceServerConfiguration.RESOURCE_ID)
            .secret("{noop}"+clientConfiguration.getClientSecret());

}



@Bean
@Primary
public DefaultTokenServices tokenServices() {
    DefaultTokenServices tokenServices = new DefaultTokenServices();
    tokenServices.setSupportRefreshToken(true);
    tokenServices.setTokenStore(this.tokenStore);
    return tokenServices;
}

@Bean
public PasswordEncoder passwordEncoder() {
  return PasswordEncoderFactories.createDelegatingPasswordEncoder();
}

}
  

这是我的第二个授权服务器

@Configuration
@EnableAuthorizationServer
@Order(1)
public class AuthorizationServerConfiguration extends 
AuthorizationServerConfigurerAdapter {

@Autowired
private ApplicationConfigurationProperties configuration;


@Autowired
private RepositoryClientDetailsService clientDetailsService;




private TokenStore tokenStore = new InMemoryTokenStore();

@Autowired
@Qualifier("authenticationManagerBean")
private AuthenticationManager authenticationManager;

@Autowired
private RepositoryUserDetailsService userDetailsService;

@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints)
        throws Exception {
    endpoints
            .tokenStore(this.tokenStore)
            .authenticationManager(this.authenticationManager)
            .userDetailsService(userDetailsService);

}

@Override
public void configure(ClientDetailsServiceConfigurer clients) throws 
Exception {
    clients 
            .inMemory()
            .withClient(configuration.getClientId())
            .authorizedGrantTypes("password", "refresh_token")
            .authorities("USER")
            .scopes("read", "write")
            .resourceIds(RestApiResourceServerConfiguration.RESOURCE_ID)
            .secret("{noop}"+configuration.getClientSecret());

}


@Bean
@Primary
public DefaultTokenServices tokenServices() {
    DefaultTokenServices tokenServices = new DefaultTokenServices();
    tokenServices.setSupportRefreshToken(true);
    tokenServices.setTokenStore(this.tokenStore);
    return tokenServices;
}

@Bean
public PasswordEncoder passwordEncoder() {
  return PasswordEncoderFactories.createDelegatingPasswordEncoder();
}

}

1 个答案:

答案 0 :(得分:0)

您可以添加一个集中式数据库,仅用于身份验证。此数据库将包含所有客户端信息(客户端ID,客户端密钥等)和所有用户信息(仅限用户名和密码)。完整的用户信息将保留在各自的数据库中,但此身份验证数据库将只包含用户凭据。

您的所有应用程序都可以使用客户端凭据授予类型进行身份验证。 Spring提供OAuth2RestTemplate来进行经过身份验证的REST请求。

所有用户(来自两个应用程序)都可以使用一个集中身份验证服务器和身份验证数据库对自己进行身份验证。

相关问题
最新问题