首页 文章

让oauth2与spring-boot和rest一起工作

提问于
浏览
2

我试图让oauth2与spring-boot一起工作并保护我的休息方法调用,取得了很大的成功 . 我尝试过使用spring-security-oauth2-javaconfig:1.0.0.CI-SNAPSHOT和rg.springframework.boot:spring-boot-starter-security:1.0.0.RC1 .

  • gradle:compile(“org.springframework.boot:spring-boot-starter-security:1.0.0.RC1”)
compile ('org.springframework.security.oauth:spring-security-oauth2-javaconfig:1.0.0.CI-SNAPSHOT'){
    exclude module: 'spring-security-config'
    exclude module: 'spring-security-core'
    exclude module: 'spring-security-web'
}

目前我只是想让身份验证和资源服务器正常工作 . 我已复制并尝试修改spring-security-oauth2-javaconfig示例中的现有sparklr2示例 .

我得到的最后一个错误是:“error”:“invalid_client”,“error_description”:“当我运行curl -v时,客户端凭据错误--data”grant_type = password&username = marissa&password = koala&client_id = tonr&secret = secret“-X POST localhost: 8100 /的OAuth /令牌 .

我从初学者的角度理解oauth2,而oauth2与spring-boot和rest相关的资源很少,这让人很难 . 有什么建议?

如果有人可以提供类似于配置oauth2身份验证和授权的方法来保护rest api调用以及相关的curl命令,那将是非常棒的 .

java rest oauth-2.0 spring-boot

2 回答

  • 3

    oauth2的Java配置支持正在进行中,但使用my fork可能会获得更多成功 . 如果我是你,我bootified sparklr2用最小的XML . 如果您将引导依赖项更新为1.0.0.RC2,我的状态将会很糟糕 .

    更新: @Configuration 内容已移至主OAuth2 repo,因此fork及其父级现在基本上是冗余的(很可能很快就会删除) .

    更新:启动的示例现在也使用 @Configuration .

    回复于
  • 0

    是 . 这就是我为了让它以这种方式工作所做的 . 我相信这是正确的解决方案(除了使用client_credentials for grant_type,但我不是专家:-)如果有更好的解决方案,那将是非常棒的 . 非常感谢您花时间帮助我 .

    import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.oauth2.config.annotation.authentication.configurers.InMemoryClientDetailsServiceConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configuration.OAuth2ServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configurers.OAuth2ServerConfigurer;
import org.springframework.security.oauth2.provider.token.InMemoryTokenStore;
import org.springframework.security.provisioning.InMemoryUserDetailsManager;

import java.util.ArrayList;
import java.util.Collection;
import java.util.List;

@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends OAuth2ServerConfigurerAdapter {

    private final String applicationName = "restservice";

    @Value("${client_id}")
    private String client_id;

    @Value("${client_secret}")
    private String client_secret;

    @Value("${grant_type}")
    private String grant_type;

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
            .requestMatchers()
            .and()
            .authorizeRequests()
                .antMatchers("/").permitAll()
                .anyRequest().authenticated()
                .and()
            .apply(new OAuth2ServerConfigurer())
            .tokenStore(new InMemoryTokenStore())
            .resourceId(applicationName);
    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth
            .userDetailsService(new InMemoryUserDetailsManager(getUserDetails()))
            .and()
            .apply(new InMemoryClientDetailsServiceConfigurer())
                .withClient(client_id)
                .resourceIds(applicationName)
                .scopes("read", "write")
                .authorities("USER")
                .authorizedGrantTypes(grant_type)
                .secret(client_secret);
    }

    private static final Collection<UserDetails> getUserDetails() {
        List<UserDetails> userDetails = new ArrayList<UserDetails>();
        userDetails.add(new User("user", "password", AuthorityUtils.createAuthorityList(
                        "USER", "read", "write")));
        return userDetails;
    }

}
    回复于

相关问题