堆栈内存溢出
  简体   繁体   English

Spring 安全 OAuth2 令牌自省

[英]Spring security OAuth2 token introspection

 原文  2020-04-08 09:13:18       spring/ security/ oauth/ token/ introspection

问题描述

i try to use Spring security to valid OAuth2 token by introspection.我尝试通过自省使用 Spring 安全性来验证 OAuth2 令牌。 Actually my application dont try to hit OAuth server for introspection et return 403 when i call my controller.实际上,当我调用 controller 时,我的应用程序不会尝试访问 OAuth 服务器进行自省并返回 403。

My conf:我的自信:

spring.security.oauth2.resourceserver.opaquetoken.introspection-uri=https://example.net/introspection
spring.security.oauth2.resourceserver.opaquetoken.client-id=clientId
spring.security.oauth2.resourceserver.opaquetoken.client-secret=clientSecret

Websecurity:网络安全:

@EnableWebSecurity
public class WebServerConfig extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.oauth2ResourceServer().opaqueToken();
    }
}

My Controller:我的 Controller:

@RestController
public class Controller {

    @PostMapping(value = "/foo", consumes = MediaType.APPLICATION_JSON_VALUE)
    @ResponseStatus(HttpStatus.CREATED)
    public void uploadMedia(BearerTokenAuthentication bearerTokenAuthentication,
                        @RequestHeader(value = "Authorization") String bearerToken){

        System.out.println(bearerTokenAuthentication.getToken().getTokenValue());
    }
}

How to use spring securty to valid OAuth token by introspection?如何通过自省使用 spring 安全性来有效的 OAuth 令牌?

Mathieu马修

1 个解决方案

解决方案1
 0  2021-04-16 05:32:10

Try adding below dependency尝试添加以下依赖项

<dependency>
    <groupId>org.springframework.security.oauth.boot</groupId>
    <artifactId>spring-security-oauth2-autoconfigure</artifactId>
    <version>2.1.8.RELEASE</version>
</dependency>

And in application property, you can specify在应用程序属性中,您可以指定

security.oauth2.resource.token-info-uri=http://localhost:8080/oauth/check_token.

Now, core class - RemoteTokenServices.loadAuthentication will be used to call authorization server.现在,核心 class - RemoteTokenServices.loadAuthentication 将用于调用授权服务器。 You can put it in debug.你可以把它放在调试中。

security.oauth2.client.client-id=client1
security.oauth2.client.client-secret=secret1

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 令牌URL因Spring Security OAuth2而失败 - Token URL fails with spring security oauth2 Spring Security OAuth2-验证访问令牌 - Spring security OAuth2 - verify access token Spring Security OAuth2 JWT 匿名令牌 - Spring Security OAuth2 JWT anonymous token Spring 安全 oauth2 - 在 oauth/token 调用后添加过滤器 - Spring security oauth2 - add filter after oauth/token call 带有oAuth2 / oAuth / Token请求405方法的Spring Security不允许 - Spring Security with oAuth2 /oAuth/Token request 405 method not allow Spring Security和OAuth2使用自定义授权类型生成令牌 - Spring Security and OAuth2 generate token with custom grant type 如何使用Spring Cloud Security实现OAuth2“令牌交换” - How to implement OAuth2 “Token Exchange” with Spring Cloud Security Spring Security OAuth2-如何禁用访问令牌到期? - Spring security OAuth2 - how to disable access token expiry? Spring Security 不适用于授权:来自 OAuth2 的不记名令牌 - Spring Security is not working with Authorization: Bearer token from OAuth2 Spring Security OAuth2 何时检查访问令牌过期? - When does Spring Security OAuth2 check access token expiration?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM