0
覆蓋OAuth用戶端配置我有以下配置一個Spring啓動應用程序:春季啓動 - 啓動
@SpringBootApplication
@EnableOAuth2Sso
@Configuration
public class DemoApplication extends WebSecurityConfigurerAdapter {
@Override
public void configure(HttpSecurity http) throws Exception {
http
.antMatcher("/**")
.authorizeRequests()
.antMatchers("/","/appConfig", "/login/**", "/webjars/**")
.permitAll()
.anyRequest()
.authenticated()
.and()
.exceptionHandling()
.authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/"))
.and().logout()
.logoutSuccessUrl("/").permitAll()
.and().csrf().csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse());
}
...
}
在資源,我有一個application.yml,其中包含了客戶端配置:
security:
oauth2:
client:
clientId: @[email protected]
clientSecret: @[email protected]
accessTokenUri: https://@[email protected]:@[email protected]/auth/realms/@[email protected]/protocol/openid-connect/token
userAuthorizationUri: https://@[email protected]:@[email protected]/auth/realms/@[email protected]/protocol/openid-connect/auth
authenticationScheme: header
clientAuthenticationScheme: header
resource:
userInfoUri: https://@[email protected]:@[email protected]/auth/realms/@[email protected]/protocol/openid-connect/userinfo
到目前爲止它工作正常,但我必須在應用程序啓動時以編程方式設置clientSecret(也可能還有其他屬性),因爲客戶端在啓動時也向OpenId服務器註冊,所以祕密只在知道註冊完成。
我做了一些實驗與AuthorizationServerConfigurerAdapter創建inMemory客戶端,但如果它也加入到過濾器鏈,該應用程序無法啓動:
- Bean method 'userInfoRestTemplateFactory' not loaded because @ConditionalOnMissingBean (types: org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerEndpointsConfiguration; SearchStrategy: all) found bean 'org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerEndpointsConfiguration'
任何想法如何在設置clientSecret從代碼啓動,而不是在application.yml中硬編碼?
謝謝!做了它,並用@Primary標記它,所以spring知道要使用2個bean中的哪一個。但是這樣clientId和祕密根本就沒有設置。 – clementino
如果你用設置'id'和'secret'的代碼替換'//從某處讀取'? –
是的,當然 - 我硬編碼ID和祕密的構造函數只是爲了確保,如果它像這樣工作,我會做動態閱讀。 我在問自己,如果它在過濾鏈中不太「太晚」來創建這個bean ... – clementino