我正在为一组端点做一点概念验证,这些端点需要能够相互调用传递令牌,这些令牌是通过OAuth 2客户端凭证流获得的。我使用Spring Boot和相关项目来构建这些端点,并且我很困惑为什么框架似乎对以下代码非常自以为是:
package com.example.client;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.oauth2.client.OAuth2ClientContext;
import org.springframework.security.oauth2.client.OAuth2RestOperations;
import org.springframework.security.oauth2.client.OAuth2RestTemplate;
import org.springframework.security.oauth2.client.resource.OAuth2ProtectedResourceDetails;
import org.springframework.security.oauth2.client.token.grant.client.ClientCredentialsResourceDetails;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableOAuth2Client;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RestController;
@Configuration
@EnableAutoConfiguration
@EnableOAuth2Client
@RestController
public class StuffClient {
@Value("${security.oauth2.client.access-token-uri}")
private String tokenUrl;
@Value("${security.oauth2.client.id}")
private String clientId;
@Value("${security.oauth2.client.client-secret}")
private String clientSecret;
@Value("${security.oauth2.client.grant-type}")
private String grantType;
@Autowired
private OAuth2RestOperations restTemplate;
private String uri = "http://localhost:8082/stuff/";
@RequestMapping(value = "/client/{stuffName}", method = RequestMethod.GET)
public String client(@PathVariable("stuffName") String stuffName) {
String request = uri + stuffName;
return restTemplate.getForObject(request, String.class);
}
@Bean
public OAuth2RestOperations restTemplate(OAuth2ClientContext clientContext) {
return new OAuth2RestTemplate(resource(), clientContext);
}
@Bean
protected OAuth2ProtectedResourceDetails resource() {
ClientCredentialsResourceDetails resource = new ClientCredentialsResourceDetails();
resource.setAccessTokenUri(tokenUrl);
resource.setClientId(clientId);
resource.setClientSecret(clientSecret);
resource.setGrantType(grantType);
return resource;
}
}
随附的配置文件:
server:
port: 8081
security:
basic:
enabled: false
oauth2:
client:
id: test-client
client-secret: test-secret
access-token-uri: http://localhost:8080/uaa/oauth/token
grant-type: client_credentials
以上工作完全符合预期。如果我将security.oauth2.client.id更改为security.oauth2.client.client-id(在Java代码和YAML中),我会收到500错误,第一行是:
org.springframework.security.oauth2.client.resource.OAuth2AccessDeniedException: Unable to obtain a new access token for resource 'null'. The provider manager is not configured to support it.
如果我对所有实例变量的值进行硬编码,代码也可以正常工作。事实上,在填充这些实例变量的每个排列中似乎都可以正常工作,除了我使用@Value填充clientId值为security.oauth2.client.client-id
所以我的主要问题是:框架实际上是以这种非常具体的方式表达的吗?如果是这样,为什么?而且,我可以利用这种看法来简化我的代码吗?
答案 0 :(得分:1)
我不确定您使用的是哪个弹簧启动版本。我正在使用spring-boot版本1.5.4.RELEASED并简化您的代码,
你可以像{/ 3>那样注入OAuth2ProtectedResourceDetails
@Autowired
private OAuth2ProtectedResourceDetails resource;
@Bean
@Primary
public OAuth2RestOperations restTemplate(OAuth2ClientContext clientContext) {
return new OAuth2RestTemplate(resource, clientContext);
}
示例yaml ..
### OAuth2 settings ###
security:
user:
password: none
oauth2:
client:
accessTokenUri: ${auth-server}/oauth/token
userAuthorizationUri: ${auth-server}/oauth/authorize
clientId: myclient
clientSecret: secret
resource:
user-info-uri: ${auth-server}/sso/user
jwt:
keyValue: |
-----BEGIN PUBLIC KEY-----
your public key
-----END PUBLIC KEY-----
然后,在控制器中使用restTemplate实例作为
@Autowired
private OAuth2RestOperations restTemplate;
我希望有些人能帮到你。