Spring Security:.oauth2Client(withDefaults()) 的目的; 在 HttpSecurity 中
[英]Spring Security: Purpose of .oauth2Client(withDefaults()); in HttpSecurity
问题描述
public HttpSecurity oauth2Client(Customizer<OAuth2ClientConfigurer> oauth2ClientCustomizer) throws java.lang.Exception
公共 HttpSecurity oauth2Client (Customizer<OAuth2ClientConfigurer> oauth2ClientCustomizer) 抛出 java.lang.Exception
Configures OAuth 2.0 Client support.
Example Configuration
The following example demonstrates how to enable OAuth 2.0 Client support for all endpoints.
@Configuration @EnableWebSecurity public class OAuth2ClientSecurityConfig extends WebSecurityConfigurerAdapter { @Override protected void configure(HttpSecurity http) throws Exception { http .authorizeRequests((authorizeRequests) -> authorizeRequests .anyRequest().authenticated() ) .oauth2Client(withDefaults()); } }Parameters: auth2ClientCustomizer - the Customizer to provide more options for the OAuth2ClientConfigurer
Returns: the HttpSecurity for further customizations
The thing I understood is any requests coming to this server should be authenticated.我的理解是任何到达该服务器的请求都应该进行身份验证。
How does .oauth2Client(withDefaults()); .oauth2Client(withDefaults()); help in this case?在这种情况下有帮助吗?
If I'm not wrong, an oAuth2 client is the one sending the requet, what can we actually configure about this?如果我没记错的话,oAuth2 客户端是发送请求的客户端,我们实际上可以为此配置什么? The documentation doesnt really explain much.文档并没有真正解释太多。
2 个解决方案
解决方案1
0 2021-10-30 22:38:11
The http instance of HttpSecurity is a "bean settings server/application side". HttpSecurity 的 http 实例是“bean 设置服务器/应用程序端”。
Its method oauth2Client is not related to client configurations, but how and where the server/application should handle them.它的方法oauth2Client与客户端配置无关,而是服务器/应用程序应该如何以及在哪里处理它们。
Example:例子:
- Which clients have been authorized哪些客户已获得授权
- Where to store authorized clients在哪里存储授权客户
- How to authorize clients如何授权客户
- How to remove an old authorized client如何删除旧的授权客户端
解决方案2
0 2021-10-30 22:44:39
I think here , you can find more details about oauth2Client defaults .我想在这里,您可以找到有关 oauth2Client 默认值的更多详细信息。
@EnableWebSecurity
public class OAuth2ClientSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.oauth2Client(oauth2Client ->
oauth2Client
.clientRegistrationRepository(this.clientRegistrationRepository())
.authorizedClientRepository(this.authorizedClientRepository())
.authorizedClientService(this.authorizedClientService())
.authorizationCodeGrant(authorizationCodeGrant ->
authorizationCodeGrant
.authorizationRequestRepository(this.authorizationRequestRepository())
.authorizationRequestResolver(this.authorizationRequestResolver())
.accessTokenResponseClient(this.accessTokenResponseClient())
)
);
}
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.