![](/img/trans.png)
[英]Spring OAuth2 Auth Server: a specific /oauth/token filter?
[英]Adding more then one client to the Spring OAuth2 Auth Server
我有 Spring OAuth 授权服务器,我想添加对多个客户端(id)的支持。 我这样配置客户端:
clients
.inMemory().withClient(client).secret(clientSecret)
.resourceIds(resourceId)
.authorizedGrantTypes("client_credentials", "password", "refresh_token", "implicit", "authorization_code")
.authorities("ROLE_USER")
.scopes("read", "write")
.autoApprove(true)
.and()
.inMemory().withClient("acme").secret("acmesecret")
.resourceIds(resourceId)
.authorizedGrantTypes("client_credentials", "password", "refresh_token", "implicit", "authorization_code")
.authorities("ROLE_USER_ACME")
.scopes("read", "write")
.autoApprove(true);
我可以使用第一个客户端获取访问令牌,但是在尝试使用第二个客户端获取访问令牌时出现此错误:
{
"timestamp": 1456822249638,
"status": 401,
"error": "Unauthorized",
"message": "Bad credentials",
"path": "/oauth/token"
}
是否可以添加多个客户端以及如何添加? 另外,如何从数据库中读取客户端?
不要使用多个inMemory
建设者,而不是连接多个withClient
的内线一个inMemory
:
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients.inMemory()
.withClient("first")
.secret("secret")
.scopes("read")
.authorizedGrantTypes("password")
.and()
.withClient("sec")
.secret("secret")
.scopes("read")
.authorizedGrantTypes("password");
}
对于具有配置的inMemory
构建器(您必须定义自己的配置):
@Override
public void configure ( ClientDetailsServiceConfigurer clients ) throws Exception {
// @formatter:off
InMemoryClientDetailsServiceBuilder inMemoryBuilder = clients.inMemory ();
for (String clientKey: authServerProperties.getClient ().keySet ()) {
OAuthClientProperties client = authServerProperties.getClient ().get ( clientKey );
inMemoryBuilder
.withClient ( client.getClientId () )
.secret ( client.getClientSecret () )
.scopes ( client.getScopes () == null ? new String[] {"openid"} : client.getScopes () )
.authorizedGrantTypes ( client.getAuthorizedGrandTypes () == null ? "client_credentials" : client.getAuthorizedGrandTypes () );
}
// @formatter:on
}
有两个额外的类:
@ConfigurationProperties ( prefix = "my-authorization-server" )
public class AuthServerProperties
private final Map<String, OAuthClientProperties> client = new HashMap<> ();
...
public Map<String, OAuthClientProperties> getClient () {
return client;
}
...
}
public class OAuthClientProperties {
private String clientId;
private String clientSecret;
private String[] scopes;
private String authorizedGrandTypes;
public String getClientId () {
return clientId;
}
public void setClientId ( String clientId ) {
this.clientId = clientId;
}
public String getClientSecret () {
return clientSecret;
}
public void setClientSecret ( String clientSecret ) {
this.clientSecret = clientSecret;
}
public String[] getScopes () {
return scopes;
}
public void setScopes ( String[] scopes ) {
this.scopes = scopes;
}
public String getAuthorizedGrandTypes () {
return authorizedGrandTypes;
}
public void setAuthorizedGrandTypes ( String authorizedGrandTypes ) {
this.authorizedGrandTypes = authorizedGrandTypes;
}
}
最后,在属性中你会有这样的东西:
my-authorization-server.client.foo.client-id=foo-client
my-authorization-server.client.foo.client-secret=foo-client-supersecret
my-authorization-server.client.foo.scopes=read
my-authorization-server.client.bar.client-id=bar-client
my-authorization-server.client.bar.client-secret=bar-client-verysupersecret
my-authorization-server.client.bar.scopes=read,write
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.