堆栈内存溢出
  简体   繁体   English

Spring security oauth2客户端

[英]Spring security oauth2 client

 原文  2012-11-01 17:37:05       java/ spring-security

问题描述

I've setup an OAuth2 server with spring security. 我已经设置了具有spring安全性的OAuth2服务器。 I want to write client application to use this oauth server with spring security without protecting any resource. 我想编写客户端应用程序以使用具有spring安全性的此oauth服务器而不保护任何资源。 Means I just want to run oauth2 from client side with spring security 3.1. 意味着我只想用spring security 3.1从客户端运行oauth2。 I have written the following configuration but it asks for credentials before redirecting to oauth2 server authorize page. 我编写了以下配置,但在重定向到oauth2服务器授权页面之前要求提供凭据。 But I want to redirect user to oauth2 server authorization page before asking any credentials from client side. 但是我想在从客户端询问任何凭据之前将用户重定向到oauth2服务器授权页面。 I am using following configuration 我正在使用以下配置 

<http auto-config='true' xmlns="http://www.springframework.org/schema/security">
    <intercept-url pattern="/product/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
    <custom-filter ref="oauth2ClientFilter" after="EXCEPTION_TRANSLATION_FILTER" />
</http>

<authentication-manager xmlns="http://www.springframework.org/schema/security">
    <authentication-provider>
        <user-service>
            <user name="jimi" password="jimi" authorities="ROLE_USER" />
        </user-service>
    </authentication-provider>
</authentication-manager>

<!--apply the oauth client context -->
<oauth:client id="oauth2ClientFilter" />


<oauth:resource id="fooClient" type="authorization_code"
    client-id="foo" client-secret="secret" access-token-uri="${accessTokenUri}"
    user-authorization-uri="${userAuthorizationUri}" scope="read" />


 <bean id="dService" class="com.abc.service.DServiceImpl">
    <property name="dURL" value="${dURL}"></property>
    <property name="dRestTemplate">
        <oauth:rest-template resource="fooClient" />
    </property>

 </bean>

So i just want /product url should access oauth2 server. 所以我只想/产品网址应该访问oauth2服务器。 Rest of the URL mapping should work without this. 其余的URL映射应该没有这个。 And User should be anonymous for client ( No need to show login from on client side). 并且用户应该对客户端匿名(无需在客户端显示登录)。

But When I run my application "http://localhost/client-sample/product/1" then it shows "http://localhost/client-sample/spring_security_login". 但是当我运行我的应用程序“http:// localhost / client-sample / product / 1”时,它会显示“http:// localhost / client-sample / spring_security_login”。 But I want user should redirect to oaut2 server page. 但我希望用户应该重定向到oaut2服务器页面。

1 个解决方案

解决方案1
 12 已采纳  2012-11-05 07:45:37

Spring security prevents anonymous users from acquiring an access token. Spring安全性可防止匿名用户获取访问令牌。 But if you still want this functionality in your application then you will have to extend org.springframework.security.oauth2.client.token.grant.code.AuthorizationCodeResourceDetails class and override isClientOnly() method. 但是,如果您仍然希望在应用程序中使用此功能,则必须扩展org.springframework.security.oauth2.client.token.grant.code.AuthorizationCodeResourceDetails类并覆盖isClientOnly()方法。 

import org.springframework.security.oauth2.client.token.grant.code.AuthorizationCodeResourceDetails;

public class ExtendedBaseOAuth2ProtectedResourceDetails extends
    AuthorizationCodeResourceDetails {

public boolean isClientOnly() {
    return true;
}
}

By default this method returns false. 默认情况下,此方法返回false。 So you have to override this method to return true. 所以你必须覆盖这个方法才能返回true。 Then in your root-context.xml file you have to define oaut2 resource like this. 然后在root-context.xml文件中,你必须像这样定义oaut2资源。 

<bean id="fooClient" class="com.abc.service.ExtendedBaseOAuth2ProtectedResourceDetails">
  <property name="clientId" value="foo"></property>
  <property name="clientSecret" value="secret"></property>
  <property name="accessTokenUri" value="${accessTokenUri}"></property>
  <property name="userAuthorizationUri" value="${userAuthorizationUri}"></property>
  <property name="scope" value="#{{'read','write'}}">   </property>
</bean>

<bean id="dService" class="com.abc.service.DServiceImpl">
  <property name="dURL" value="${dURL}"></property>
  <property name="dRestTemplate">
      <oauth:rest-template resource="fooClient" />
  </property>
</bean>

This will not ask authorization on client side before redirecting the user to the oauth2 provider authorization page. 在将用户重定向到oauth2提供程序授权页面之前,这不会在客户端请求授权。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Spring安全中的Oauth2客户端 - Oauth2 Client in Spring security oAuth2客户端在Spring Security中使用密码授予 - oAuth2 client with password grant in Spring Security 带有 spring security 5 和 oauth2 的日历客户端 - Calendar client with spring security 5 and oauth2 Spring 安全 oauth2 客户端 - Twitter 的问题 - Spring Security oauth2 client - problem with Twitter Spring 安全 oauth2 客户端 - 重定向过多 - Spring security oauth2 client - too many redirect Java Spring Security OAuth2:通过POST接受客户端凭据 - Java Spring Security OAuth2: Accept client credentials via POST Spring OAuth2安全性-客户端凭据-自定义AuthenticationProvider - Spring OAuth2 Security - Client Credentials - Custom AuthenticationProvider 春季安全oauth2 client_credentials仅流 - spring security oauth2 client_credentials flow only 使用Spring Security在客户端身份验证上自定义OAuth2错误响应 - Customize OAuth2 error response on client authentication with Spring Security 如何使用 Spring Security 5 OAuth2 客户端和 RestTemplate 刷新 OAuth2 令牌 - How to refresh OAuth2 token with Spring Security 5 OAuth2 client and RestTemplate
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM