我正在尝试构建oAuth2提供程序。 当前,这应该使用一些硬编码的用户,但是目标是将他们绑定到现有的LDAP服务器。
我正在使用Spring引导框架。
这是我的入口点:
@SpringBootApplication
public class OauthserverApplication {
public static void main(String[] args) {
SpringApplication.run(OauthserverApplication.class, args);
}
}
这是我的控制者:
@RestController
@RequestMapping("clients")
public class CustomOAuth2Controller {
@Autowired private ClientDetailsRepository clientDetailsRepository;
@GetMapping
public List<CustomClientDetails> getAll(){
List<CustomClientDetails> l = new ArrayList<>();
for(CustomClientDetails ccd : this.clientDetailsRepository.findAll())
l.add(ccd);
return l;
}
@PostMapping
public String addClient(@RequestBody CustomClientDetails customClientDetails){
this.clientDetailsRepository.save(customClientDetails);
return "Added Successfully";
}
@DeleteMapping
public String removeClient(@RequestParam("clientid") String clientid){
try {
Long l = Long.parseLong(clientid);
this.clientDetailsRepository.deleteById(l);
}catch (Exception ex){}
return "Deleted";
}
}
保存我的用户详细信息的存储库非常标准:
@Repository
public interface ClientDetailsRepository extends
CrudRepository<CustomClientDetails,Long> {
}
为oAuth进行配置的类
@Configuration
@EnableAuthorizationServer
public class OAuth2Config extends AuthorizationServerConfigurerAdapter {
@Autowired private final AuthenticationManager authenticationManager;
@Autowired private ClientDetailsRepository clientDetailsRepository;
@Autowired
public OAuth2Config(AuthenticationConfiguration authenticationConfiguration) throws Exception {
this.authenticationManager = authenticationConfiguration.getAuthenticationManager();
}
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients.withClientDetails( identifier -> {
System.out.println(" client id from ui "+identifier);
return clientDetailsRepository.findById(Long.parseLong(identifier)).get();
});
}
@Override
public void configure(AuthorizationServerSecurityConfigurer oauthServer) throws Exception {
oauthServer
.tokenKeyAccess("permitAll()")
.checkTokenAccess("isAuthenticated()")
.passwordEncoder(NoOpPasswordEncoder.getInstance());
}
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
endpoints.authenticationManager(authenticationManager);
}
}
我的登录配置:
@Configuration
@EnableWebSecurity
@Order(1)
public class LoginConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.anyRequest()
.authenticated()
.and()
.formLogin()
.and()
.httpBasic();
}
@Override
@Bean
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication().withUser(User.withDefaultPasswordEncoder().username("user").password("user").roles("USER").build());
}
}
在我的客户端应用程序中,我使用以下凭据:
server:
port: 9090
security:
oauth2:
client:
client-id: acme
client-secret: acmesecret
scope: read,write
auto-approve-scopes: '.*'
accessTokenUri: http://localhost:8010/login/oauth/access_token
userAuthorizationUri: http://localhost:8010/login/oauth/authorize
clientAuthenticationScheme: form
resource:
userInfoUri: http://localhost:8010/user
以及以下配置:
@SpringBootApplication
@EnableOAuth2Sso
@RestController
public class SpringBootOauth2Application extends WebSecurityConfigurerAdapter {
public static void main(String[] args) {
SpringApplication.run(SpringBootOauth2Application.class, args);
}
@RequestMapping({ "/user", "/me" })
public Map<String, String> user(Principal principal) {
Map<String, String> map = new LinkedHashMap<>();
map.put("name", principal.getName());
return map;
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.antMatcher("/**")
.authorizeRequests()
.antMatchers("/", "/login**", "/webjars/**", "/error**")
.permitAll()
.anyRequest()
.authenticated()
.and().logout().logoutSuccessUrl("/").permitAll()
.and().csrf().csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse());
}
}
部分起作用。 我可以选择“登录”,它会将我重定向到我的oAuth提供程序上的登录页面。但是,一旦我输入凭据并确认,它将抛出404。