Spring Reactive Oauth2 Webclient 不使用配置的代理
[英]Spring Reactive Oauth2 Webclient not using configured proxy
问题描述
我有一个 Oauth2 身份验证服务,必须使用代理调用 OAuth 提供程序以在用户身份验证后获取令牌。 此处使用的服务器是 .netty,而出于网关原因我有一个反应式服务器。
这是我正在使用的配置:
@Configuration
public class GithubProxyConfig {
private static final Logger LOGGER = Logger.getLogger(GithubProxyConfig.class);
@Bean("githubClientRegistrationRepository")
public ReactiveClientRegistrationRepository githubClientRegistrationRepository() {
ClientRegistration registration = ClientRegistration
.withRegistrationId("github")
.clientId("ID")
.clientSecret("SECRET")
.redirectUri("https://oauth-service/api/login/oauth2/code/github")
.authorizationUri("https://github.com/login/oauth/authorize")
.tokenUri("https://github.com/login/oauth/access_token")
.userInfoUri("https://api.github.com/user")
.userNameAttributeName("login")
.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
.build();
return new InMemoryReactiveClientRegistrationRepository(registration);
}
@Primary
@Bean
@DependsOn(value = {"githubClientRegistrationRepository"})
public AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager authorizedClientServiceReactiveOAuth2AuthorizedClientManager(
@Qualifier("githubClientRegistrationRepository") ReactiveClientRegistrationRepository clientRegistrations,
WebClientBuilderFactory webClientBuilderFactory
) throws SSLException {
WebClient webClient = webClientBuilderFactory
.newBuilder(LOGGER, "Github Client")
.clientConnector(sslConnectorFrom("60.32.59.68", 8080))
.build();
InMemoryReactiveOAuth2AuthorizedClientService authorizedClientService = new InMemoryReactiveOAuth2AuthorizedClientService(clientRegistrations);
AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager authorizedClientManager =
new AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager(clientRegistrations, authorizedClientService);
authorizedClientManager.setAuthorizedClientProvider(createAuthorizedClientProvider(webClient));
ServerOAuth2AuthorizedClientExchangeFilterFunction oauth2FilterFunction = new ServerOAuth2AuthorizedClientExchangeFilterFunction(
authorizedClientManager
);
oauth2FilterFunction.setDefaultClientRegistrationId("github");
return authorizedClientManager;
}
private ReactiveOAuth2AuthorizedClientProvider createAuthorizedClientProvider(WebClient webClient) {
WebClientReactiveClientCredentialsTokenResponseClient clientCredentialsTokenResponseClient
= new WebClientReactiveClientCredentialsTokenResponseClient();
clientCredentialsTokenResponseClient.setWebClient(webClient);
return ReactiveOAuth2AuthorizedClientProviderBuilder.builder()
.clientCredentials(builder -> builder.accessTokenResponseClient(clientCredentialsTokenResponseClient))
.build();
}
}
当我启动流程时,没有使用代理,甚至没有使用 WebClient 来获取访问令牌。 我得到了一个超时异常。 Github讨论了同样的问题: https://github.com/spring-projects/spring-security/issues/8966
解决此问题以为此客户端使用代理的任何帮助。 谢谢
1 个解决方案
解决方案1
0 2022-04-08 23:03:14
我在我的网关中遇到了问题,反应性 oauth2 也不遵守标准 Java 代理设置,但在我的情况下,它是针对 JWT 解码的。 在那种情况下,我不得不通过将 WebClient 构建器与具有特定代理覆盖的新客户端连接器一起使用,最终构建一个带有实例化 WebClient 的新解码器。
在您的情况下,您可能想尝试类似的方法。 同样,情况不完全相同,但这是我在解码器示例中覆盖 WebClient 的方式。
ReactiveJwtDecoder customDecoder() {
HttpClient httpClient =
HttpClient.create()
.proxy(proxy -> proxy
.type(ProxyProvider.Proxy.HTTP)
.host(proxyHost)
.port(proxyPort));
ReactorClientHttpConnector conn = new ReactorClientHttpConnector(httpClient);
final NimbusReactiveJwtDecoder userTokenDecoder = NimbusReactiveJwtDecoder.withJwkSetUri(this.jwkSetUri)
.webClient(WebClient.builder().clientConnector(conn).build()).build();
...
...
...
return userTokenDecoder;
}
具有OAuth2授权的Spring WebClient
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.