跳到主要内容

QWen Max 中英对照 OAuth2 Client #

OAuth 2.0 客户端

OAuth 2.0 客户端功能为 OAuth 2.0 授权框架中定义的客户端角色提供支持。

从高层次来看,可用的核心功能包括:

授权许可支持

客户端认证支持

HTTP 客户端支持(用于请求受保护的资源)

HttpSecurity.oauth2Client() DSL 提供了许多配置选项,用于自定义 OAuth 2.0 客户端使用的核心组件。此外,HttpSecurity.oauth2Client().authorizationCodeGrant() 可用于自定义授权码授权。

以下代码展示了 HttpSecurity.oauth2Client() DSL 提供的完整配置选项:

@Configuration
@EnableWebSecurity
public class OAuth2ClientSecurityConfig {

    @Bean
    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
        http
            .oauth2Client(oauth2 -> oauth2
                .clientRegistrationRepository(this.clientRegistrationRepository())
                .authorizedClientRepository(this.authorizedClientRepository())
                .authorizedClientService(this.authorizedClientService())
                .authorizationCodeGrant(codeGrant -> codeGrant
                    .authorizationRequestRepository(this.authorizationRequestRepository())
                    .authorizationRequestResolver(this.authorizationRequestResolver())
                    .accessTokenResponseClient(this.accessTokenResponseClient())
                )
            );
        return http.build();
    }
}
java

除了 HttpSecurity.oauth2Client() DSL 之外,还支持 XML 配置。

以下代码展示了在security 命名空间中可用的完整配置选项:

<http>
    <oauth2-client client-registration-repository-ref="clientRegistrationRepository"
                   authorized-client-repository-ref="authorizedClientRepository"
                   authorized-client-service-ref="authorizedClientService">
        <authorization-code-grant
                authorization-request-repository-ref="authorizationRequestRepository"
                authorization-request-resolver-ref="authorizationRequestResolver"
                access-token-response-client-ref="accessTokenResponseClient"/>
    </oauth2-client>
</http>
xml

OAuth2AuthorizedClientManager 负责管理 OAuth 2.0 客户端的授权(或重新授权),并与一个或多个 OAuth2AuthorizedClientProvider 协同工作。

以下代码展示了如何注册一个 OAuth2AuthorizedClientManager @Bean,并将其与支持 authorization_coderefresh_tokenclient_credentialspassword 授权类型的 OAuth2AuthorizedClientProvider 组合关联起来:

@Bean
public OAuth2AuthorizedClientManager authorizedClientManager(
        ClientRegistrationRepository clientRegistrationRepository,
        OAuth2AuthorizedClientRepository authorizedClientRepository) {

    OAuth2AuthorizedClientProvider authorizedClientProvider =
            OAuth2AuthorizedClientProviderBuilder.builder()
                    .authorizationCode()
                    .refreshToken()
                    .clientCredentials()
                    .password()
                    .build();

    DefaultOAuth2AuthorizedClientManager authorizedClientManager =
            new DefaultOAuth2AuthorizedClientManager(
                    clientRegistrationRepository, authorizedClientRepository);
    authorizedClientManager.setAuthorizedClientProvider(authorizedClientProvider);

    return authorizedClientManager;
}
java

章节摘要