在重定向之前在spring.security.oauth2.client中添加授权URL的请求参数

时间:2019-05-29 01:07:21

标签: java spring-security spring-webflux

我目前有一个使用Netty服务器的网关应用程序,以及OAuth2和网关。当前,它使用ReactiveClientRegistrationRepository@EnableWebFluxSecurityServerHttpSecurity来配置安全性。

当前,我的application.yml如下所示:

spring:
  profiles: local
  autoconfigure: #TODO: track issue https://github.com/spring-projects/spring-security/issues/6314
    exclude: org.springframework.boot.actuate.autoconfigure.security.reactive.ReactiveManagementWebSecurityAutoConfiguration
  security:
    oauth2:
      client:
        registration:
          azure:
            provider: azure
            client-id: ...
            client-secret: ...
            authorization-grant-type: authorization_code
            redirect-uri-template: "{baseUrl}/login/oauth2/code/{registrationId}"
            scope: ...
        provider:
          azure:
            authorization-uri: https://login....com/oauth2/authorize
            token-uri: https://login.com/oauth2/token
            user-info-uri: https://login.com/openid/userinfo
            jwk-set-uri: https://login.com/discovery/keys
            issuer-url: https://login.com/
            user-name-attribute: upn

我有一个添加查询参数的要求(除了默认值,例如范围和状态)。可能是这样的

https://login....com/oauth2/authorize?idp=IDP1

我已经尝试添加过滤器以更改位置并添加查询参数,以及将查询参数添加到yml文件中的授权网址。

后一种情况会导致错误:由于该网址中现在有2个?

Invalid character '=' for QUERY_PARAM in "true?response_type=code" 


@EnableWebFluxSecurity
public class SecurityConfig {

    @Value("${content.security.policy}")
    private String contentSecurityPolicy;

    @Bean
    public SecurityWebFilterChain configure(ServerHttpSecurity http) {

        return http
                .authorizeExchange()
                .anyExchange().authenticated()
                .and().oauth2Login()
                .and().headers().contentSecurityPolicy(contentSecurityPolicy).and()
                .and().build();
    }


@Configuration
public class OAuthWebClientConfig {

    @Bean
    WebClient webClient(ReactiveClientRegistrationRepository clientRegistrationRepository,
                        ServerOAuth2AuthorizedClientRepository authorizedClientRepository) {
        ServerOAuth2AuthorizedClientExchangeFilterFunction oauth =
                new ServerOAuth2AuthorizedClientExchangeFilterFunction(clientRegistrationRepository, authorizedClientRepository);
        // (optional) explicitly opt into using the oauth2Login to provide an access token implicitly
        oauth.setDefaultOAuth2AuthorizedClient(true);
        return WebClient.builder()
                .filter(oauth)
                .build();
    }

build.gradle依赖项

dependencies {
    implementation 'org.springframework.boot:spring-boot-starter-actuator'
    implementation 'org.springframework.cloud:spring-cloud-starter-gateway'
    implementation 'org.bitbucket.b_c:jose4j:0.5.0'
    implementation 'com.google.code.gson:gson:2.8.5'
    implementation 'commons-codec:commons-codec:1.11'
    implementation 'org.springframework.cloud:spring-cloud-starter-contract-stub-runner'
    implementation 'io.reactivex:rxjava:1.3.8'
    implementation 'org.springframework.boot:spring-boot-configuration-processor'
    implementation 'com.google.guava:guava:23.5-jre'

    compile group: 'org.springframework.boot', name: 'spring-boot-starter-oauth2-client', version: '2.1.5.RELEASE'

    implementation 'org.springframework.boot:spring-boot-starter-webflux'
    compile group: 'org.springframework.cloud', name: 'spring-cloud-starter-security', version: '2.1.2.RELEASE'

    compileOnly 'org.projectlombok:lombok'

    testImplementation 'org.springframework.boot:spring-boot-starter-test'
    testImplementation 'com.microsoft.azure:adal4j:1.6.4'
}

预期: 授权URL是使用常规查询参数生成的,例如:redirect_uri,scope,state和CUSTOM参数,例如示例中的idp

实际: 添加到yml文件会导致错误Invalid character '=' for QUERY_PARAM in "true?response_type=code" ServerHttpSecurity上的oauth2Login()没有简单的方法来覆盖授权URL。有什么办法吗?

0 个答案:

没有答案
相关问题
最新问题