当前,我对两种授权类型都有一个Oauth用户身份验证实现:
对于 1。客户端凭据我希望通过使用数据库使其能够工作,并能够创建,读取,更新和删除客户端(从现在开始,我将使用客户端来引用客户端以使用客户端凭据登录授予类型和“用户”来指代使用密码授予类型登录的用户)
如何做到这一点?我将附上当前工作代码的示例:
T
AuthorizationServerConfiguration.java @Configuration
@EnableAuthorizationServer
@RequiredArgsConstructor
public class AuthorizationServerConfiguration extends AuthorizationServerConfigurerAdapter {
@Value("${resource.id:spring-boot-application}")
private String resourceId;
@Value("${access_token.validity_period:3600}")
int accessTokenValiditySeconds = 3600;
private final PasswordEncoder encoder = new BCryptPasswordEncoder();
@Autowired
private AuthenticationManager authenticationManager;
@Bean
public JwtAccessTokenConverter accessTokenConverter() {
return new JwtAccessTokenConverter();
}
@Override
public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
security.allowFormAuthenticationForClients()
.passwordEncoder(encoder)
.tokenKeyAccess("permitAll()").checkTokenAccess("isAuthenticated()");
}
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients.inMemory()
.withClient("client-app")
.authorizedGrantTypes("password", "client_credentials")
.authorities("ROLE_CLIENT")
.scopes("read", "write")
.resourceIds(resourceId)
.secret(encoder.encode("secret"))
.accessTokenValiditySeconds(accessTokenValiditySeconds);
}
public class CustomTokenEnhancer implements TokenEnhancer {
@Override
public OAuth2AccessToken enhance(
OAuth2AccessToken accessToken,
OAuth2Authentication authentication) {
Map<String, Object> additionalInfo = new HashMap<>();
additionalInfo.put("username", authentication.getName());
((DefaultOAuth2AccessToken) accessToken).setAdditionalInformation(additionalInfo);
return accessToken;
}
}
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
TokenEnhancerChain tokenEnhancerChain = new TokenEnhancerChain();
tokenEnhancerChain.setTokenEnhancers(
Arrays.asList(tokenEnhancer(), accessTokenConverter()));
endpoints.tokenStore(tokenStore())
.tokenEnhancer(tokenEnhancerChain)
.authenticationManager(authenticationManager);
}
@Bean
public TokenStore tokenStore() {
return new JwtTokenStore(accessTokenConverter());
}
@Bean
public TokenEnhancer tokenEnhancer() {
return new CustomTokenEnhancer();
}
}
ResourceServerConfiguration.java @Configuration
@EnableResourceServer
public class ResourceServerConfiguration extends ResourceServerConfigurerAdapter {
@Value("${resource.id:spring-boot-application}")
private String resourceId;
@Override
public void configure(ResourceServerSecurityConfigurer resources) {
resources.resourceId(resourceId);
}
@Override
public void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().anyRequest().authenticated();
}
}
SecurityConfiguration.java @Configuration
@EnableGlobalMethodSecurity(prePostEnabled = true)
@EnableWebSecurity
@RequiredArgsConstructor
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
private final ClientService clientService;
private final PasswordEncoder encoder = new BCryptPasswordEncoder();
@Bean
public DaoAuthenticationProvider authenticationProvider() {
final DaoAuthenticationProvider authProvider = new DaoAuthenticationProvider();
authProvider.setUserDetailsService(clientService);
authProvider.setPasswordEncoder(encoder);
return authProvider;
}
@Override
protected void configure(final AuthenticationManagerBuilder auth) throws Exception {
auth.authenticationProvider(authenticationProvider())
.userDetailsService(clientService)
.passwordEncoder(encoder);
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/oauth/**").permitAll()
.anyRequest().authenticated()
.and().httpBasic()
.and().csrf().disable();
}
@Override
@Bean
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
}
ClientService.java如您所见,当前客户端是@Slf4j
@Component
public class ClientService implements UserDetailsService {
@Autowired
private ClientRepository clientRepository;
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
final ClientEntity clientEntity = clientRepository.findOneByEmail(username)
.orElseThrow(() -> new ValidationException(String.format("User not found %s", username)));
User user = new User();
BeanUtils.copyProperties(clientEntity, user);
return user;
}
}
客户端凭据授予类型,而其他用户是使用inMemory服务加载的。我想将客户端更改为从数据库(作为用户)加载。我该如何实现?任何帮助将不胜感激。