[英]Spring security OAuth2 token introspection
i try to use Spring security to valid OAuth2 token by introspection.我尝试通过自省使用 Spring 安全性来验证 OAuth2 令牌。 Actually my application dont try to hit OAuth server for introspection et return 403 when i call my controller.
实际上,当我调用 controller 时,我的应用程序不会尝试访问 OAuth 服务器进行自省并返回 403。
My conf:我的自信:
spring.security.oauth2.resourceserver.opaquetoken.introspection-uri=https://example.net/introspection
spring.security.oauth2.resourceserver.opaquetoken.client-id=clientId
spring.security.oauth2.resourceserver.opaquetoken.client-secret=clientSecret
Websecurity:网络安全:
@EnableWebSecurity
public class WebServerConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.oauth2ResourceServer().opaqueToken();
}
}
My Controller:我的 Controller:
@RestController
public class Controller {
@PostMapping(value = "/foo", consumes = MediaType.APPLICATION_JSON_VALUE)
@ResponseStatus(HttpStatus.CREATED)
public void uploadMedia(BearerTokenAuthentication bearerTokenAuthentication,
@RequestHeader(value = "Authorization") String bearerToken){
System.out.println(bearerTokenAuthentication.getToken().getTokenValue());
}
}
How to use spring securty to valid OAuth token by introspection?如何通过自省使用 spring 安全性来有效的 OAuth 令牌?
Mathieu马修
Try adding below dependency尝试添加以下依赖项
<dependency>
<groupId>org.springframework.security.oauth.boot</groupId>
<artifactId>spring-security-oauth2-autoconfigure</artifactId>
<version>2.1.8.RELEASE</version>
</dependency>
And in application property, you can specify在应用程序属性中,您可以指定
security.oauth2.resource.token-info-uri=http://localhost:8080/oauth/check_token.
Now, core class - RemoteTokenServices.loadAuthentication will be used to call authorization server.现在,核心 class - RemoteTokenServices.loadAuthentication 将用于调用授权服务器。 You can put it in debug.
你可以把它放在调试中。
security.oauth2.client.client-id=client1
security.oauth2.client.client-secret=secret1
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.