堆栈内存溢出
  简体   繁体   English

我可以让 Spring Boot 创建一个使用 OAuth2 的 WebClient 而不尝试将 OAuth 流应用到我的端点吗?

[英]Can I have Spring Boot create a WebClient which uses OAuth2 without it trying to apply the OAuth flow to my endpoints?

 原文  2023-01-27 16:27:50       spring-boot/ spring-security/ oauth-2.0

问题描述

I want to have a WebClient which uses a client_credentials OAuth2 flow to authorize with an API. I've followed various sets of instructions from the documentation to several tutorials.我想要一个使用 client_credentials OAuth2 流来授权 API 的 WebClient。我遵循了从文档到几个教程的各种说明。

I feel like I'm pretty close to getting Spring Boot to do what I want, but the default behaviour is doing something I don't want - I get redirected to /login when I make a request to any of my controllers.我觉得我非常接近让 Spring Boot 做我想做的事,但默认行为是做我不想做的事——当我向我的任何控制器发出请求时,我被重定向到 /login。 I want to be able to (at the moment) do an unauthorized request to my API, and have the service-to-service call use the configured OAuth2 flow.我希望能够(目前)对我的 API 进行未经授权的请求,并让服务到服务调用使用配置的 OAuth2 流程。

spring:
  main:
    web-application-type: reactive
  security:
    oauth2:
      client:
        registration:
          my-private-api:
            client-id: <foo>
            client-secret: <bar>
            authorization-grant-type: client_credentials
        provider:
          my-private-api:
            token-uri: <uri>

    @Bean
    WebClient webClient( final ReactiveClientRegistrationRepository clientRegistrations,
        final ReactiveOAuth2AuthorizedClientService authorizedClientService )
    {
        ServerOAuth2AuthorizedClientExchangeFilterFunction oauth =
            new ServerOAuth2AuthorizedClientExchangeFilterFunction( new AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager(
                clientRegistrations,
                authorizedClientService ) );
        oauth.setDefaultClientRegistrationId( "my-private-api" );
        return WebClient.builder().filter( oauth ).build();
    }

Do I need to do lots of manual configuration in order to avoid this default behaviour I don't want?我是否需要进行大量手动配置才能避免这种我不想要的默认行为?

1 个解决方案

解决方案1
 0  2023-01-28 07:31:58

So turns out my OAuth configuration was fine, what I was actually asking for was "how do I disable the default behaviour of Spring Security's SecurityWebFilterChain" - which is to add a bean overriding the behaviour:结果证明我的 OAuth 配置很好,我实际上要求的是“如何禁用 Spring Security 的 SecurityWebFilterChain 的默认行为”——这是添加一个覆盖行为的 bean:

    @Bean
    SecurityWebFilterChain springWebFilterChain( final ServerHttpSecurity http )
    {
        http.httpBasic().disable().formLogin().disable().csrf().disable().logout().disable();
        return http.build();
    }

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Spring Boot WebClient 与 OAuth2 并使用 InsecureTrustManagerFactory - Spring Boot WebClient with OAuth2 and use InsecureTrustManagerFactory 如何使用 spring boot 和 oauth2 公开端点 - How to expose endpoints with spring boot and oauth2 避免对特定端点进行oauth身份验证:Spring boot oAuth2 - Avoid oauth authentication for specific endpoints: Spring boot oAuth2 如何在我在Spring ElasticBeanstalk和Nginx上使用OAuth2的Spring Boot应用程序上强制使用SSL? - How do I force SSL on my Spring Boot app that uses OAuth2 on AWS ElasticBeanstalk and Nginx? Spring Boot WebClient OAuth2 client_credentials是否受支持? - Is Spring Boot WebClient OAuth2 client_credentials supported? Spring Boot OAuth2 - Spring Boot OAuth2 如何在Spring Boot Security OAuth2应用程序中仅对某些类启用OAuth2? - How do I enable OAuth2 for only certain classes in my Spring Boot Security OAuth2 app? 如何在 Spring 启动、JPA、Spring 中将表单登录扩展到 Google 登录 (OAuth2) - How I can extend my form login to Google Sign in (OAuth2) in Spring Boot, JPA, Spring Security OAuth2 with Google 和 Spring Boot - 我无法注销 - OAuth2 with Google and Spring Boot - I can't log out Spring OAuth2 - 如何使用我生成的调用 Web 服务的 JWT 令牌来保护 Spring Boot REST API? - Spring OAuth2 - How to secure spring boot REST API using JWT token which i have generated calling webservice?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM