Java – spring security oauth2 client

Java

I have set up an oauth2 server with spring security I want to write a client application to use this OAuth server with spring security without protecting any resources That means I just want to run oauth2.0 from the client with spring security 3.1 I wrote the following configuration, but required credentials before redirecting to the oauth2 server authorization page But I want to redirect the user to the oauth2 server authorization page before asking for any credentials from the client I am using the following configuration

<http auto-config='true' xmlns="http://www.springframework.org/schema/security">
    <intercept-url pattern="/product/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
    <custom-filter ref="oauth2ClientFilter" after="EXCEPTION_TRANSLATION_FILTER" />
</http>

<authentication-manager xmlns="http://www.springframework.org/schema/security">
    <authentication-provider>
        <user-service>
            <user name="jimi" password="jimi" authorities="ROLE_USER" />
        </user-service>
    </authentication-provider>
</authentication-manager>

<!--apply the oauth client context -->
<oauth:client id="oauth2ClientFilter" />


<oauth:resource id="fooClient" type="authorization_code"
    client-id="foo" client-secret="secret" access-token-uri="${accessTokenUri}"
    user-authorization-uri="${userAuthorizationUri}" scope="read" />


 <bean id="dService" class="com.abc.service.DServiceImpl">
    <property name="dURL" value="${dURL}"></property>
    <property name="dRestTemplate">
        <oauth:rest-template resource="fooClient" />
    </property>

 </bean>

So I just think / product URL should visit oauth2 server The rest of the URL mappings should not have this And the user should be anonymous to the client (there is no need to display login on the client)

But when I run my application "http: / / localhost / client sample / product / 1", it will display "http: / / localhost / client sample / spring_security_login" But I hope users should redirect to the oaut2 server page

Solution

Spring security prevents anonymous users from obtaining access tokens However, if you still want to use this feature in your application, you must extend org springframework. security. oauth2. client. token. grant. code. The authorizationcoderesourcedetails class and overrides the isclientonly () method

import org.springframework.security.oauth2.client.token.grant.code.AuthorizationCodeResourceDetails;

public class ExtendedBaSEOAuth2ProtectedResourceDetails extends
    AuthorizationCodeResourceDetails {

public boolean isClientOnly() {
    return true;
}
}

By default, this method returns false So you must override this method to return true Then in root context In the XML file, you must define oaut2 resources like this

<bean id="fooClient" class="com.abc.service.ExtendedBaSEOAuth2ProtectedResourceDetails">
  <property name="clientId" value="foo"></property>
  <property name="clientSecret" value="secret"></property>
  <property name="accessTokenUri" value="${accessTokenUri}"></property>
  <property name="userAuthorizationUri" value="${userAuthorizationUri}"></property>
  <property name="scope" value="#{{'read','write'}}">   </property>
</bean>

<bean id="dService" class="com.abc.service.DServiceImpl">
  <property name="dURL" value="${dURL}"></property>
  <property name="dRestTemplate">
      <oauth:rest-template resource="fooClient" />
  </property>
</bean>

This does not require authorization at the client until the user is redirected to the oauth2 provider authorization page

The content of this article comes from the network collection of netizens. It is used as a learning reference. The copyright belongs to the original author.
THE END
分享
二维码
< <上一篇
下一篇>>