[英]Spring Security: Purpose of .oauth2Client(withDefaults()); in HttpSecurity
public HttpSecurity oauth2Client(Customizer<OAuth2ClientConfigurer> oauth2ClientCustomizer) throws java.lang.Exception
公共 HttpSecurity oauth2Client (Customizer<OAuth2ClientConfigurer> oauth2ClientCustomizer) 抛出 java.lang.Exception
Configures OAuth 2.0 Client support.
配置 OAuth 2.0 客户端支持。
Example Configuration
示例配置
The following example demonstrates how to enable OAuth 2.0 Client support for all endpoints.
以下示例演示如何为所有端点启用 OAuth 2.0 客户端支持。
@Configuration @EnableWebSecurity public class OAuth2ClientSecurityConfig extends WebSecurityConfigurerAdapter { @Override protected void configure(HttpSecurity http) throws Exception { http .authorizeRequests((authorizeRequests) -> authorizeRequests .anyRequest().authenticated() ) .oauth2Client(withDefaults()); } }
Parameters: auth2ClientCustomizer - the Customizer to provide more options for the OAuth2ClientConfigurer
参数: auth2ClientCustomizer - 为 OAuth2ClientConfigurer 提供更多选项的定制器
Returns: the HttpSecurity for further customizations
返回:用于进一步自定义的 HttpSecurity
The thing I understood is any requests coming to this server should be authenticated.我的理解是任何到达该服务器的请求都应该进行身份验证。
How does .oauth2Client(withDefaults());
.oauth2Client(withDefaults());
help in this case?在这种情况下有帮助吗?
If I'm not wrong, an oAuth2 client is the one sending the requet, what can we actually configure about this?如果我没记错的话,oAuth2 客户端是发送请求的客户端,我们实际上可以为此配置什么? The documentation doesnt really explain much.
文档并没有真正解释太多。
The http instance of HttpSecurity is a "bean settings server/application side". HttpSecurity 的 http 实例是“bean 设置服务器/应用程序端”。
Its method oauth2Client is not related to client configurations, but how and where the server/application should handle them.它的方法oauth2Client与客户端配置无关,而是服务器/应用程序应该如何以及在哪里处理它们。
Example:例子:
I think here , you can find more details about oauth2Client defaults .我想在这里,您可以找到有关 oauth2Client 默认值的更多详细信息。
@EnableWebSecurity
public class OAuth2ClientSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.oauth2Client(oauth2Client ->
oauth2Client
.clientRegistrationRepository(this.clientRegistrationRepository())
.authorizedClientRepository(this.authorizedClientRepository())
.authorizedClientService(this.authorizedClientService())
.authorizationCodeGrant(authorizationCodeGrant ->
authorizationCodeGrant
.authorizationRequestRepository(this.authorizationRequestRepository())
.authorizationRequestResolver(this.authorizationRequestResolver())
.accessTokenResponseClient(this.accessTokenResponseClient())
)
);
}
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.