当在ServerOAuth2AuthorizedClientExchangeFilterFunction
上应用WebClient.Builder
过滤器(用作所有WebClient
实例的基础)时,如何理解使用Oauth2发出的身份验证请求时遇到了麻烦。
系统本身正在运行,并且根据Oauth2规范生成了请求。但是,我的身份验证服务需要一些其他字段才能使身份验证起作用。这就是问题所在,到目前为止,我找不到添加我所需字段或自定义请求本身的任何合理方法。
到目前为止,我唯一能找到的方法就是实现ReactiveOAuth2AuthorizedClientManager
。但是我对此颇为抵触,因为没有可以扩展的接口的通用实现,并且所有可用的实现均为final
并且无法扩展。由于我的用例只是将一个字段添加到请求主体,所以我希望有一种更好的方法来实现这一点。
任何帮助将不胜感激。谢谢您的时间。
@Configuration
public class WebClientConfig {
@Bean("azure")
public ReactiveClientRegistrationRepository getRegistration(
@Value("${spring.security.oauth2.client.provider.azure.token-uri}")
String tokenUri,
@Value("${spring.security.oauth2.client.registration.azure.client-id}")
String clientId,
@Value("${spring.security.oauth2.client.registration.azure.client-secret}")
String clientSecret,
@Value("${spring.security.oauth2.client.registration.azure.authorization-grant-type}")
String authorizationGrantType
)
{
ClientRegistration registration = getClientRegistration(
"azure",
tokenUri,
clientId,
clientSecret,
getAuthorizationGrantType(authorizationGrantType)
);
return new InMemoryReactiveClientRegistrationRepository(registration);
}
protected AuthorizationGrantType getAuthorizationGrantType(@Value("${spring.security.oauth2.client.registration.azure.authorization-grant-type}") String authorizationGrantType) {
return new AuthorizationGrantType(authorizationGrantType);
}
protected ClientRegistration getClientRegistration(
String registrationId,
String tokenUri,
String clientId,
String clientSecret,
AuthorizationGrantType authorizationGrantType
) {
return ClientRegistration
.withRegistrationId(registrationId)
.tokenUri(tokenUri)
.clientId(clientId)
.clientSecret(clientSecret)
.authorizationGrantType(authorizationGrantType)
.build();
}
@Bean
public ServerOAuth2AuthorizedClientExchangeFilterFunction oauth2AuthenticationFilter(
@Qualifier("azure") ReactiveClientRegistrationRepository clientRegistrations
) {
ServerOAuth2AuthorizedClientExchangeFilterFunction oauth = new ServerOAuth2AuthorizedClientExchangeFilterFunction(
clientRegistrations,
new UnAuthenticatedServerOAuth2AuthorizedClientRepository());
oauth.setDefaultClientRegistrationId("azure");
oauth.setDefaultOAuth2AuthorizedClient(true);
return oauth;
}
@Bean("base")
public WebClient.Builder webClientBaseBuilder()
{
return WebClient.builder();
}
@Bean
@Primary
public WebClient.Builder webClientBuilderWithFilters(
@Qualifier("base") WebClient.Builder baseBuilder,
ServerOAuth2AuthorizedClientExchangeFilterFunction oauth2AuthenticationFilter
) {
return baseBuilder
.filter(oauth2AuthenticationFilter);
}
@Bean
public WebClient webClient(
@Value("${api.appId}") String appId,
@Value("${api.url}") String url,
WebClient.Builder builder
) {
return builder
.baseUrl(url)
.defaultHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE)
.defaultHeader("Application-Id", appId)
.build();
}
}
答案 0 :(得分:0)
请参阅spring安全文档,假设您正在使用客户端凭据授予
如果需要自定义令牌请求的预处理,则可以为DefaultClientCredentialsTokenResponseClient.setRequestEntityConverter()提供自定义Converter
>