我正在开发Google Home Automation技能 . 部分任务是设置OAuth2服务器 .
考虑到我们已经设置了LDAP服务器,我认为这相对容易 .
我去了Spring Boot框架 .
application.java
@SpringBootApplication
@RestController
@EnableOAuth2Client
@EnableAuthorizationServer
@Order(200)
public class Application {
private static final Log logger = LogFactory.getLog(Application.class);
public static void main(String[] args) {
SpringApplication.run(Application.class, args);
}
@RequestMapping("/user")
public Principal user(Principal user)
{
logger.info("/user has been called");
logger.debug("user info: " + user.toString());
return user;
}
LdapConfig.java
@Configuration
public class LdapConfig extends GlobalAuthenticationConfigurerAdapter {
@Value("${ldap.url}")
private String url;
@Value("${ldap.search_filter}")
private String searchFilter;
/*
@Value("${ldap.domain}")
private String domain;
*/
@Override
public void init(AuthenticationManagerBuilder auth) throws Exception {
auth.ldapAuthentication()
.userSearchFilter(searchFilter)
.contextSource().url(url);
}
}
WebSecurityConfig.java
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
OAuth2ClientContext oauth2ClientContext;
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http.antMatcher("/**").authorizeRequests().antMatchers("/", "/login**", "/webjars/**").permitAll().anyRequest()
.authenticated().and().exceptionHandling()
.authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/")).and().logout()
.logoutSuccessUrl("/").permitAll().and().csrf()
.csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse());//.and()
//.addFilterBefore(ssoFilter(), BasicAuthenticationFilter.class);
// @formatter:on
}
}
如果我注释掉LdapConfig,我可以卷曲我的localhost并获得一个令牌
curl acme:acmesecret @ localhost:8080 / oauth / token -d grant_type = client_credentials -d username = user -d password = password {“access_token”:“0710dd10-ae02-4e26-989af120b01bafa0”,“token_type”:“bearer” ,“expires_in”:43199,“范围”:“读写”}
但这显然不会让我的ldap参与其中 .