OAuth 2.0 客戶端
OAuth 2.0 客戶端功能提供對 OAuth 2.0 授權框架 中定義的客戶端角色的支援。
總的來說,可用的核心功能有:
授權許可支援
客戶端認證支援
HTTP 客戶端支援
-
用於響應式環境的
WebClient整合 (用於請求受保護資源)
ServerHttpSecurity.oauth2Client() DSL 提供了許多配置選項,用於自定義 OAuth 2.0 客戶端使用的核心元件。
以下程式碼展示了 ServerHttpSecurity.oauth2Client() DSL 提供的完整配置選項。
OAuth2 客戶端配置選項
-
Java
-
Kotlin
@Configuration
@EnableWebFluxSecurity
public class OAuth2ClientSecurityConfig {
@Bean
public SecurityWebFilterChain securityWebFilterChain(ServerHttpSecurity http) {
http
.oauth2Client((oauth2) -> oauth2
.clientRegistrationRepository(this.clientRegistrationRepository())
.authorizedClientRepository(this.authorizedClientRepository())
.authorizationRequestRepository(this.authorizationRequestRepository())
.authorizationRequestResolver(this.authorizationRequestResolver())
.authenticationConverter(this.authenticationConverter())
.authenticationManager(this.authenticationManager())
);
return http.build();
}
}@Configuration
@EnableWebFluxSecurity
class OAuth2ClientSecurityConfig {
@Bean
fun securityFilterChain(http: ServerHttpSecurity): SecurityWebFilterChain {
http {
oauth2Client {
clientRegistrationRepository = clientRegistrationRepository()
authorizedClientRepository = authorizedClientRepository()
authorizationRequestRepository = authorizedRequestRepository()
authorizationRequestResolver = authorizationRequestResolver()
authenticationConverter = authenticationConverter()
authenticationManager = authenticationManager()
}
}
return http.build()
}
}ReactiveOAuth2AuthorizedClientManager 負責管理 OAuth 2.0 客戶端的授權(或重新授權),並與一個或多個 ReactiveOAuth2AuthorizedClientProvider 協作。
以下程式碼展示瞭如何註冊一個 ReactiveOAuth2AuthorizedClientManager @Bean 並將其與一個 ReactiveOAuth2AuthorizedClientProvider 組合關聯,該組合支援 authorization_code、refresh_token 和 client_credentials 授權許可型別。
-
Java
-
Kotlin
@Bean
public ReactiveOAuth2AuthorizedClientManager authorizedClientManager(
ReactiveClientRegistrationRepository clientRegistrationRepository,
ServerOAuth2AuthorizedClientRepository authorizedClientRepository) {
ReactiveOAuth2AuthorizedClientProvider authorizedClientProvider =
ReactiveOAuth2AuthorizedClientProviderBuilder.builder()
.authorizationCode()
.refreshToken()
.clientCredentials()
.build();
DefaultReactiveOAuth2AuthorizedClientManager authorizedClientManager =
new DefaultReactiveOAuth2AuthorizedClientManager(
clientRegistrationRepository, authorizedClientRepository);
authorizedClientManager.setAuthorizedClientProvider(authorizedClientProvider);
return authorizedClientManager;
}@Bean
fun authorizedClientManager(
clientRegistrationRepository: ReactiveClientRegistrationRepository,
authorizedClientRepository: ServerOAuth2AuthorizedClientRepository): ReactiveOAuth2AuthorizedClientManager {
val authorizedClientProvider: ReactiveOAuth2AuthorizedClientProvider = ReactiveOAuth2AuthorizedClientProviderBuilder.builder()
.authorizationCode()
.refreshToken()
.clientCredentials()
.build()
val authorizedClientManager = DefaultReactiveOAuth2AuthorizedClientManager(
clientRegistrationRepository, authorizedClientRepository)
authorizedClientManager.setAuthorizedClientProvider(authorizedClientProvider)
return authorizedClientManager
}
