在Spring-cloud-dataflow上启用oauth2客户端信用授权

时间:2019-01-21 16:55:28

标签: spring spring-security-oauth2 spring-cloud-dataflow

我正在设置Spring Cloud Dataflow服务器2.0.0.M1的docker实例,并尝试在Spring Boot App上使用java dsl创建流。 没有启用安全性,一切都无法正常工作,但是我找不到有关如何在Spring Cloud Dataflow服务器上启用客户端凭证授权的文档。

Docker-compose.yml

  dataflow-server:
    image: springcloud/spring-cloud-dataflow-server:2.0.0.M1
    volumes:
     - ~/.m2:/root/.m2    
    container_name: dataflow-server
    ports:
      - "9393:9393"
    environment:
      - spring.datasource.url=jdbc:mysql://mysql:3306/dataflow
      - spring.datasource.username=YYYY
      - spring.datasource.password=XXXX
      - spring.datasource.driver-class-name=org.mariadb.jdbc.Driver    
      - spring.cloud.dataflow.applicationProperties.stream.spring.rabbitmq.host=rabbitmq
      - spring.cloud.skipper.client.serverUri=http://skipper-server:7577/api  
      - spring.main.allow-bean-definition-overriding=true

      - security.oauth2.client.client-id=1fcb6bhh89slo0r39hreq3CSAD
      - security.oauth2.client.client-secret=XXX
      #- security.oauth2.client.scope=http://localhost:9393/login
      - security.oauth2.client.grant-type=client_credentials
      - security.oauth2.client.access-token-uri=https://data-server.auth.us-east-2.amazoncognito.com/oauth2/token

通过这种配置,我希望可以使用客户端凭据通过oauth2保护数据流服务器内部API。

但是使用此配置运行服务器会导致以下错误:

dataflow-server    | ***************************
dataflow-server    | APPLICATION FAILED TO START
dataflow-server    | ***************************
dataflow-server    |
dataflow-server    | Description:
dataflow-server    |
dataflow-server    | Field authorizationCodeResourceDetails in org.springframework.cloud.common.security.OAuthSecurityConfiguration required a bean of type 'org.springframework.security.oauth2.client.token.grant.code.AuthorizationCodeResourceDetails' that could not be found.
dataflow-server    |
dataflow-server    | The injection point has the following annotations:
dataflow-server    |    - @org.springframework.beans.factory.annotation.Value(value=#{@autowiredWebSecurityConfigurersIgnoreParents.getWebSecurityConfigurers()})
dataflow-server    |
dataflow-server    |
dataflow-server    | Action:
dataflow-server    |
dataflow-server    | Consider defining a bean of type 'org.springframework.security.oauth2.client.token.grant.code.AuthorizationCodeResourceDetails' in your configuration.
d

正如我所看到的,一个bean的authorizationCodeResourceDetails是必需的,但是只有授权码的授权才需要这个bean。是否有人能够通过客户端证书授予保护Spring Cloud Dataflow服务器的其余端点?

注意:我只是想让Java DSL工作。我不需要运行服务器用户界面或外壳。

0 个答案:

没有答案