OAuth 2.0 客户端
OAuth 2.0 客户端功能为 OAuth 2.0 授权框架中定义的客户端角色提供支持。
在高层次上,可用的核心功能包括:
授权许可支持
客户端认证支持
HTTP 客户端支持
- WebClient 与响应式环境的集成(用于请求受保护的资源)
ServerHttpSecurity.oauth2Client() DSL 提供了多个配置选项,用于自定义 OAuth 2.0 客户端使用的核心组件。
以下代码展示了 ServerHttpSecurity.oauth2Client() DSL 提供的完整配置选项:
- Java
- Kotlin
@Configuration
@EnableWebFluxSecurity
public class OAuth2ClientSecurityConfig {
@Bean
public SecurityWebFilterChain securityWebFilterChain(ServerHttpSecurity http) {
http
.oauth2Client(oauth2 -> oauth2
.clientRegistrationRepository(this.clientRegistrationRepository())
.authorizedClientRepository(this.authorizedClientRepository())
.authorizationRequestRepository(this.authorizationRequestRepository())
.authorizationRequestResolver(this.authorizationRequestResolver())
.authenticationConverter(this.authenticationConverter())
.authenticationManager(this.authenticationManager())
);
return http.build();
}
}
@Configuration
@EnableWebFluxSecurity
class OAuth2ClientSecurityConfig {
@Bean
fun securityFilterChain(http: ServerHttpSecurity): SecurityWebFilterChain {
http {
oauth2Client {
clientRegistrationRepository = clientRegistrationRepository()
authorizedClientRepository = authorizedClientRepository()
authorizationRequestRepository = authorizedRequestRepository()
authorizationRequestResolver = authorizationRequestResolver()
authenticationConverter = authenticationConverter()
authenticationManager = authenticationManager()
}
}
return http.build()
}
}
ReactiveOAuth2AuthorizedClientManager 负责管理 OAuth 2.0 客户端的授权(或重新授权),并与一个或多个 ReactiveOAuth2AuthorizedClientProvider 协同工作。
以下代码展示了如何注册一个 ReactiveOAuth2AuthorizedClientManager @Bean,并将其与一个 ReactiveOAuth2AuthorizedClientProvider 组合关联,该组合支持 authorization_code、refresh_token、client_credentials 和 password 授权类型:
- Java
- Kotlin
@Bean
public ReactiveOAuth2AuthorizedClientManager authorizedClientManager(
ReactiveClientRegistrationRepository clientRegistrationRepository,
ServerOAuth2AuthorizedClientRepository authorizedClientRepository) {
ReactiveOAuth2AuthorizedClientProvider authorizedClientProvider =
ReactiveOAuth2AuthorizedClientProviderBuilder.builder()
.authorizationCode()
.refreshToken()
.clientCredentials()
.password()
.build();
DefaultReactiveOAuth2AuthorizedClientManager authorizedClientManager =
new DefaultReactiveOAuth2AuthorizedClientManager(
clientRegistrationRepository, authorizedClientRepository);
authorizedClientManager.setAuthorizedClientProvider(authorizedClientProvider);
return authorizedClientManager;
}
@Bean
fun authorizedClientManager(
clientRegistrationRepository: ReactiveClientRegistrationRepository,
authorizedClientRepository: ServerOAuth2AuthorizedClientRepository): ReactiveOAuth2AuthorizedClientManager {
val authorizedClientProvider: ReactiveOAuth2AuthorizedClientProvider = ReactiveOAuth2AuthorizedClientProviderBuilder.builder()
.authorizationCode()
.refreshToken()
.clientCredentials()
.password()
.build()
val authorizedClientManager = DefaultReactiveOAuth2AuthorizedClientManager(
clientRegistrationRepository, authorizedClientRepository)
authorizedClientManager.setAuthorizedClientProvider(authorizedClientProvider)
return authorizedClientManager
}
章节摘要
📄️ 核心接口和类
ClientRegistration 是表示已注册到 OAuth 2.0 或 OpenID Connect 1.0 提供程序的客户端。
📄️ OAuth2 授权许可类型
本节描述了 Spring Security 对授权许可的支持。
📄️ OAuth2 客户端认证
开箱即用支持带有 HTTP Basic 的客户端认证,并且无需任何自定义即可启用它。默认实现由 DefaultOAuth2TokenRequestHeadersConverter 提供。
📄️ OAuth2 授权客户端
本节涵盖 Spring Security 为 OAuth2 Client 提供的其他功能。