我在覆盖TokenEndpoint类中的/oauth/token
的基本身份验证时遇到了一些麻烦。我基本上想添加凭据的自定义验证(client_id
和client_secret
)。
这是授权服务器的配置。
@Configuration
@EnableOAuth2Client
@EnableAuthorizationServer
public class OAuth2Configuration extends AuthorizationServerConfigurerAdapter {
@Autowired
private ClientDetailsService serviceProviderClientDetailsService;
@Autowired
private TokenEnhancer tokenEnhancer;
@Autowired
private TokenStore tokenStore;
@Autowired
private AuthorizationCodeServices authorizationCodeServices;
@Autowired
private OidcWebResponseExceptionTranslator oidcWebResponseExceptionTranslator;
@Autowired
private OidcMnoOAuth2RequestValidator oidcOAuth2RequestValidator;
@Override
public void configure(final ClientDetailsServiceConfigurer clients) throws Exception {
clients.withClientDetails(serviceProviderClientDetailsService);
}
@Override
public void configure(final AuthorizationServerEndpointsConfigurer endpoints) {
endpoints.tokenEnhancer(tokenEnhancer);
endpoints.exceptionTranslator(oidcWebResponseExceptionTranslator);
endpoints.authorizationCodeServices(authorizationCodeServices);
endpoints.tokenStore(tokenStore);
endpoints.setClientDetailsService(serviceProviderClientDetailsService);
endpoints.tokenGranter(oidcAuthorizationCodeTokenGranter());
endpoints.requestValidator(oidcOAuth2RequestValidator);
}
@Override
public void configure(final AuthorizationServerSecurityConfigurer oauthServer) {
oauthServer.allowFormAuthenticationForClients();
}
@Bean
public OidcAuthorizationCodeTokenGranter oidcAuthorizationCodeTokenGranter() {
return new OidcAuthorizationCodeTokenGranter();
}
}
谢谢!
答案 0 :(得分:1)
要向客户或用户凭证添加自定义验证,您可以增加DaoAuthenticationProvider并分配适当的用户详细信息服务。覆盖其additionalAuthenticationChecks(...)
方法以添加自定义行为。
public class AugmentedDaoAuthenticationProvider extends DaoAuthenticationProvider {
@Override
protected void additionalAuthenticationChecks(final UserDetails userDetails, final UsernamePasswordAuthenticationToken authentication) {
final User user = userDao.findByUsername(userDetails.getUsername())
.orElseThrow(() -> new BadCredentialsException("Incorrect username or password."));
// custom authentication logic
// Perform the actual authentication.
super.additionalAuthenticationChecks(userDetails, authentication);
初始化Bean并分配适当的用户详细信息服务:如果对用户凭据进行了其他身份验证检查,则分配UserDetailsService,对于客户端凭据,分配ClientDetailsUserDetailsService
<bean id="clientAuthenticationProvider" class="com.test.AugmentedDaoAuthenticationProvider">
<property name="userDetailsService" ref="clientDetailsUserDetailsService"/>
在评论部分中解决问题:
ClientDetailsUserDetailsService实现UserDetailsService,并且它具有一个以ClientDetailsService作为参数的构造函数。 Bean初始化如下:
<bean id="clientDetailsUserDetailsService" class="org.springframework.security.oauth2.provider.client.ClientDetailsUserDetailsService">
<constructor-arg name="clientDetailsService" ref="serviceProviderClientDetailsService"/>
</bean>
然后您可以将此clientDetailsUserDetailsService
引用到您的自定义DaoAuthenticationProvider
。