[英]Spring Boot Oauth2 Client(Reactive) Mutual TLS/SSL token uri
Spring boot 2.3.x and Spring 5.x had recently added the support for configuring the reactive oauth2 client based on the WebClient class. Spring boot 2.3.x 和 Spring 5.x 最近添加了对基于WebClient class 配置响应式 oauth2 客户端的支持。
I had a requirement for the Client Credentials grant flow configuration我需要客户端凭据授予流程配置
Doing this call without the Mutual TLS/SSL is quiet straight forward.在没有 Mutual TLS/SSL 的情况下进行此调用非常简单。
Normal (without TLS/SSL) configuration ( @Configuration
) the code extract is as below:-正常(没有 TLS/SSL)配置(
@Configuration
)代码提取如下:-
@Bean
public ReactiveOAuth2AuthorizedClientManager authorizedClientManager(
ReactiveClientRegistrationRepository clientRegistrationRepository,
ServerOAuth2AuthorizedClientRepository authorizedClientRepository){
ReactiveOAuth2AuthorizedClientProvider authorizedClientProvider = ReactiveOAuth2AuthorizedClientProviderBuilder.builder()
.clientCredentials()
.build();
DefaultReactiveOAuth2AuthorizedClientManager authorizedClientManager = new DefaultReactiveOAuth2AuthorizedClientManager(clientRegistrationRepository, authorizedClientRepository);
authorizedClientManager.setAuthorizedClientProvider(authorizedClientProvider);
return authorizedClientManager;
}
@Bean("testClient")
public WebClient webClient(ReactiveOAuth2AuthorizedClientManager authorizedClientManager,
@Value("${test.client.base.url}") String baseUrl) {
ServerOAuth2AuthorizedClientExchangeFilterFunction oauthFunction = new ServerOAuth2AuthorizedClientExchangeFilterFunction(authorizedClientManager);
oauthFunction.setDefaultClientRegistrationId("local");
return WebClient.builder()
.baseUrl(baseUrl)
.filter(oauthFunction)
.build();
}
@Bean
public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
http.oauth2Client();
return http.build();
}
The properties file属性文件
spring.security.oauth2.client.registration.local.authorization-grant-type=client_credentials
spring.security.oauth2.client.registration.local.client-id=client_id
spring.security.oauth2.client.registration.local.client-secret=client_secret
spring.security.oauth2.client.provider.local.token-uri=http://hostname:port/oauth/token
test.client.base.url=http://protected-resource/v1/apis
But calling the oauth2 authorization server over Mutual TLS(Client cert) was a big deal.但是通过 Mutual TLS(客户端证书)调用 oauth2 授权服务器是一件大事。
How to do that?怎么做? I would like to share the same with the community and would answer the same myself below
我想与社区分享相同的内容,并在下面自己回答
The answer to the requirement and the main change will be in the bean authorizedClientManager
需求的答案和主要变化将在bean
authorizedClientManager
中
The scope of the answer is the client credentials grant flow only though changes for the other oauth2 grant flows should be similar and this would help there too.答案的 scope 是客户端凭据授予流程,尽管其他 oauth2 授予流程的更改应该相似,这也将有所帮助。
@Bean
public ReactiveOAuth2AuthorizedClientManager authorizedClientManager(
ReactiveClientRegistrationRepository clientRegistrationRepository,
ServerOAuth2AuthorizedClientRepository authorizedClientRepository){
// construct client credential token response client yourself
WebClientReactiveClientCredentialsTokenResponseClient accessTokenResponseClient = new WebClientReactiveClientCredentialsTokenResponseClient();
// construct the sslContext as per your needs and inject in below
// and create httpClient by injecting your sslContext here
HttpClient httpClient = HttpClient.create()
.tcpConfiguration(client -> client.option(ChannelOption.CONNECT_TIMEOUT_MILLIS, 10000))
.secure(sslContextSpec -> sslContextSpec.sslContext(sslContext));
ClientHttpConnector httpConnector = new ReactorClientHttpConnector(httpClient);
accessTokenResponseClient.setWebClient(WebClient.builder().clientConnector(httpConnector).build());
ReactiveOAuth2AuthorizedClientProvider authorizedClientProvider = ReactiveOAuth2AuthorizedClientProviderBuilder
.builder()
.clientCredentials(c -> {
c.accessTokenResponseClient(accessTokenResponseClient);
}).build();
DefaultReactiveOAuth2AuthorizedClientManager authorizedClientManager = new DefaultReactiveOAuth2AuthorizedClientManager(clientRegistrationRepository, authorizedClientRepository);
authorizedClientManager.setAuthorizedClientProvider(authorizedClientProvider);
return authorizedClientManager;
}
Here if you see the line .secure(sslContextSpec -> sslContextSpec.sslContext(sslContext));
在这里,如果您看到
.secure(sslContextSpec -> sslContextSpec.sslContext(sslContext));
You need to construct the sslContext and inject the same, and that would depend entirely on your code setup.您需要构建 sslContext 并注入相同的内容,这完全取决于您的代码设置。
For detailed code and instructions you can go to the link here有关详细代码和说明,您可以 go 到此处的链接
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.