Spring Oauth2多重认证

时间:2019-04-04 14:54:23

标签: spring-oauth2

我刚接触oauth-spring项目并尝试在

下构建安全的Rest接口
  

/ api / entity

实体很多,API的范围目前是我正在使用的内部

                @Configuration
static class Oauth2Config extends AuthorizationServerConfigurerAdapter {

    @Autowired
    private AuthenticationManager authenticationManager;

    @Autowired
    private UserDetailsServiceImpl userDetailsService;

    @Override
    public void configure(AuthorizationServerSecurityConfigurer oauthServer) throws Exception {
        oauthServer.checkTokenAccess("permitAll()");
        oauthServer.allowFormAuthenticationForClients();
    }

    /*
     * (non-Javadoc)
     * 
     * @see org.springframework.security.oauth2.config.annotation.web.configuration.
     * AuthorizationServerConfigurerAdapter#configure(org.springframework.security.
     * oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer)
     */
    @Override
    public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
        // @formatter:off
        clients.inMemory()
            .withClient("domain")
            .secret("secret")//.accessTokenValiditySeconds(expiration)
            .scopes("read", "write", "read_all", "modify", "delete")
            .authorizedGrantTypes("password", "refresh_token")
            .resourceIds("api");

        // @formatter:on
    }

    /*
     * (non-Javadoc)
     * 
     * @see org.springframework.security.oauth2.config.annotation.web.configuration.
     * AuthorizationServerConfigurerAdapter#configure(org.springframework.security.
     * oauth2.config.annotation.web.configurers.
     * AuthorizationServerEndpointsConfigurer)
     */
    @Override
    public void configure(AuthorizationServerEndpointsConfigurer configurer) throws Exception {
        configurer.authenticationManager(authenticationManager);
        configurer.userDetailsService(userDetailsService);
    }

    @Bean
    public PasswordEncoder passwordEncoder() {
        return NoOpPasswordEncoder.getInstance();
    }



}

在我的资源服务器上;

@Override
public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
    resources.resourceId("api");
}

及其运作良好,我的下一个任务是计划进行一些整合,

  

/ api / entity / sync

这次,我希望用户在经过身份验证/标记的过程/同步路径时被重定向到外部oauth登录页面。春季Oauth几乎花了一整天的时间,却无法弄清楚该如何实现。

我的拳头与提供商集成,当用户单击“权限”时,“允许”会使用

进行回调
  • 令牌
  • 初始同步有效载荷

我不知道如何自定义以下内容

private static final RequestMatcher API_URLS = new OrRequestMatcher(new AntPathRequestMatcher("/api/**"));

private static final RequestMatcher EXTERNAL_API_URLS = new OrRequestMatcher(new AntPathRequestMatcher("/api/**/sync"));

@Override
public void configure(HttpSecurity http) throws Exception {
    // @formatter:off
    http
            .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
            .and()
            .authorizeRequests()
            .requestMatchers(API_URLS)
            .access("#oauth2.hasScope('read')");     // require 'read' scope to access



    // @formatter:on
}

能够允许oauth2Login和自定义

.oauth2Login()
     .tokenEndpoint()
     .accessTokenResponseClient(accessTokenResponseClient())
     .and()
     .userInfoEndpoint().userService(new ExternalUserDetailsService());

0 个答案:

没有答案