多个 oauth 客户端 spring 安全
Multiple oauth client spring Security
我有两个 table,在每个不同的用户中,有两个应用程序 Web 连接到我的 Spring 后端,每个前端应用程序有一个 table用户。我希望每个 table 的用户连接不同的 clientId 和 clientSecret。我试图创建两个授权服务器,但似乎行不通。
public class ClientAuthorizationServerConfiguration extends
AuthorizationServerConfigurerAdapter {
@Autowired
private ClientConfigurationProperties clientConfiguration;
private TokenStore tokenStore = new InMemoryTokenStore();
@Autowired
@Qualifier("authenticationManagerBean")
private AuthenticationManager authenticationManager;
@Autowired
private RepositoryClientDetailsService clientDetailsService;
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints)
throws Exception {
endpoints
.tokenStore(this.tokenStore)
.authenticationManager(this.authenticationManager)
.userDetailsService(clientDetailsService);
}
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws
Exception {
clients
.inMemory()
.withClient(clientConfiguration.getClientId())
.authorizedGrantTypes("password", "refresh_token")
.authorities("USER")
.scopes("read", "write")
.resourceIds(ClientApiResourceServerConfiguration.RESOURCE_ID)
.secret("{noop}"+clientConfiguration.getClientSecret());
}
@Bean
@Primary
public DefaultTokenServices tokenServices() {
DefaultTokenServices tokenServices = new DefaultTokenServices();
tokenServices.setSupportRefreshToken(true);
tokenServices.setTokenStore(this.tokenStore);
return tokenServices;
}
@Bean
public PasswordEncoder passwordEncoder() {
return PasswordEncoderFactories.createDelegatingPasswordEncoder();
}
}
this is my second authorization server
@Configuration
@EnableAuthorizationServer
@Order(1)
public class AuthorizationServerConfiguration extends
AuthorizationServerConfigurerAdapter {
@Autowired
private ApplicationConfigurationProperties configuration;
@Autowired
private RepositoryClientDetailsService clientDetailsService;
private TokenStore tokenStore = new InMemoryTokenStore();
@Autowired
@Qualifier("authenticationManagerBean")
private AuthenticationManager authenticationManager;
@Autowired
private RepositoryUserDetailsService userDetailsService;
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints)
throws Exception {
endpoints
.tokenStore(this.tokenStore)
.authenticationManager(this.authenticationManager)
.userDetailsService(userDetailsService);
}
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws
Exception {
clients
.inMemory()
.withClient(configuration.getClientId())
.authorizedGrantTypes("password", "refresh_token")
.authorities("USER")
.scopes("read", "write")
.resourceIds(RestApiResourceServerConfiguration.RESOURCE_ID)
.secret("{noop}"+configuration.getClientSecret());
}
@Bean
@Primary
public DefaultTokenServices tokenServices() {
DefaultTokenServices tokenServices = new DefaultTokenServices();
tokenServices.setSupportRefreshToken(true);
tokenServices.setTokenStore(this.tokenStore);
return tokenServices;
}
@Bean
public PasswordEncoder passwordEncoder() {
return PasswordEncoderFactories.createDelegatingPasswordEncoder();
}
}
您可以添加一个中央数据库,仅用于身份验证目的。该数据库将包含所有客户端信息(客户端 ID、客户端密码等)和所有用户信息(主要是用户名和密码)。完整的用户信息将保留在各自的数据库中,但此身份验证数据库将只有用户凭据。
您的所有应用程序都可以使用客户端凭据授权类型对自己进行身份验证。 Spring 提供 OAuth2RestTemplate 来发出经过身份验证的 REST 请求。
您的所有用户(来自两个应用程序)也可以使用一个集中式身份验证服务器和身份验证数据库来验证自己。
我有两个 table,在每个不同的用户中,有两个应用程序 Web 连接到我的 Spring 后端,每个前端应用程序有一个 table用户。我希望每个 table 的用户连接不同的 clientId 和 clientSecret。我试图创建两个授权服务器,但似乎行不通。
public class ClientAuthorizationServerConfiguration extends
AuthorizationServerConfigurerAdapter {
@Autowired
private ClientConfigurationProperties clientConfiguration;
private TokenStore tokenStore = new InMemoryTokenStore();
@Autowired
@Qualifier("authenticationManagerBean")
private AuthenticationManager authenticationManager;
@Autowired
private RepositoryClientDetailsService clientDetailsService;
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints)
throws Exception {
endpoints
.tokenStore(this.tokenStore)
.authenticationManager(this.authenticationManager)
.userDetailsService(clientDetailsService);
}
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws
Exception {
clients
.inMemory()
.withClient(clientConfiguration.getClientId())
.authorizedGrantTypes("password", "refresh_token")
.authorities("USER")
.scopes("read", "write")
.resourceIds(ClientApiResourceServerConfiguration.RESOURCE_ID)
.secret("{noop}"+clientConfiguration.getClientSecret());
}
@Bean
@Primary
public DefaultTokenServices tokenServices() {
DefaultTokenServices tokenServices = new DefaultTokenServices();
tokenServices.setSupportRefreshToken(true);
tokenServices.setTokenStore(this.tokenStore);
return tokenServices;
}
@Bean
public PasswordEncoder passwordEncoder() {
return PasswordEncoderFactories.createDelegatingPasswordEncoder();
}
}
this is my second authorization server
@Configuration
@EnableAuthorizationServer
@Order(1)
public class AuthorizationServerConfiguration extends
AuthorizationServerConfigurerAdapter {
@Autowired
private ApplicationConfigurationProperties configuration;
@Autowired
private RepositoryClientDetailsService clientDetailsService;
private TokenStore tokenStore = new InMemoryTokenStore();
@Autowired
@Qualifier("authenticationManagerBean")
private AuthenticationManager authenticationManager;
@Autowired
private RepositoryUserDetailsService userDetailsService;
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints)
throws Exception {
endpoints
.tokenStore(this.tokenStore)
.authenticationManager(this.authenticationManager)
.userDetailsService(userDetailsService);
}
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws
Exception {
clients
.inMemory()
.withClient(configuration.getClientId())
.authorizedGrantTypes("password", "refresh_token")
.authorities("USER")
.scopes("read", "write")
.resourceIds(RestApiResourceServerConfiguration.RESOURCE_ID)
.secret("{noop}"+configuration.getClientSecret());
}
@Bean
@Primary
public DefaultTokenServices tokenServices() {
DefaultTokenServices tokenServices = new DefaultTokenServices();
tokenServices.setSupportRefreshToken(true);
tokenServices.setTokenStore(this.tokenStore);
return tokenServices;
}
@Bean
public PasswordEncoder passwordEncoder() {
return PasswordEncoderFactories.createDelegatingPasswordEncoder();
}
}
您可以添加一个中央数据库,仅用于身份验证目的。该数据库将包含所有客户端信息(客户端 ID、客户端密码等)和所有用户信息(主要是用户名和密码)。完整的用户信息将保留在各自的数据库中,但此身份验证数据库将只有用户凭据。
您的所有应用程序都可以使用客户端凭据授权类型对自己进行身份验证。 Spring 提供 OAuth2RestTemplate 来发出经过身份验证的 REST 请求。
您的所有用户(来自两个应用程序)也可以使用一个集中式身份验证服务器和身份验证数据库来验证自己。