[英]Using Azure Active Directory as an OAUTH2 Authentication service for a Spring-boot REST service
I'm trying to implement a spring-boot based REST service that should use Azure AD as an OAuth2 server for client authentication. 我正在尝试实现基于Spring-boot的REST服务,该服务应该使用Azure AD作为OAuth2服务器进行客户端身份验证。
I registered two applicatons: 我注册了两个应用程序:
All requests to the backend app should be authenticated through Azure AD with using OAuth2 flow. 应通过Azure AD使用OAuth2流对所有对后端应用程序的请求进行身份验证。
As an implementation of mobile app I'm using curl: 作为移动应用程序的一个实现我使用curl:
For obtaining a Bearer token I use https://login.microsoftonline.com/TENANT_ID/oauth2/token 要获得Bearer令牌,请使用https://login.microsoftonline.com/TENANT_ID/oauth2/token
curl -s -X POST https://login.microsoftonline.com/<TENANT_ID>/oauth2/token -d grant_type=password -d username=$USER_NAME -d password=$PASSWORD -d resource=$RESOURCE_ID -d client_id=$CLIENT_ID
where $USER_NAME and $PASSWORD are credetials of an Azure AD user, $RESOURCE_ID is a SID of my REST service and $CLIENT_ID is a SID of my mobile client for the REST serice. 其中$ USER_NAME和$ PASSWORD是Azure AD用户的凭据,$ RESOURCE_ID是我的REST服务的SID,$ CLIENT_ID是我的移动客户端的SID,用于REST服务。
Azure successfully returns JSON with token data. Azure使用令牌数据成功返回JSON。
My Oauth2 Config for Backend app: 我的Oauth2配置后端应用程序:
@Configuration
@EnableResourceServer
public class OAuth2Config extends ResourceServerConfigurerAdapter {
@Bean
ResourceServerTokenServices resourceTokenServices() {
RemoteTokenServices tokenServices = new RemoteTokenServices();
tokenServices.setClientId(resourceId);
tokenServices.setClientSecret(/*I do not have it*/resourcePassword);
tokenServices.setCheckTokenEndpointUrl(/*I do not have it*/checkToken);
return tokenServices;
}
@Override
public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
resources.tokenServices(resourceTokenServices());
resources.resourceId("rest_api");
}
@Override
public void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().antMatchers("/**").authenticated();
}
}
My REST controller: 我的REST控制器:
@RestController
@RequestMapping("/data")
public class CustomerRestController {
@RequestMapping(method = RequestMethod.GET)
public SomeData getMyData(Principal principal){
System.out.println("RESOURCE WAS REQUESTED BY " + principal.getName());
return new SomeData(principal.getName());
}
}
But I didn't find in the endpoint list any URL that can be used by my REST service for checking a bearer token and obtaining user data from Azure AD. 但是我没有在端点列表中找到我的REST服务可用于检查持票人令牌和从Azure AD获取用户数据的任何URL。 Also, as I understand, it should be present some kind of credentials for my REST service for using Azure AD
此外,据我所知,它应该为我的REST服务提供某种凭据以使用Azure AD
How can I find required values or I'm going by a wrong way? 我怎样才能找到所需的值或者我走错了路?
Finally I've got an answer. 最后我得到了答案。
Azure AD uses JWT tokens for authorization, so I have to implement work with this type of tokens instead of checking a token on the server. Azure AD使用JWT令牌进行授权,因此我必须使用此类令牌实现工作,而不是检查服务器上的令牌。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.