Examples with InMemoryRegisteredClientRepository org.springframework.security.oauth2.server.authorization.client.InMemoryRegisteredClientRepository used on opensource projects

Search in sources :

Example 1 with InMemoryRegisteredClientRepository

use of org.springframework.security.oauth2.server.authorization.client.InMemoryRegisteredClientRepository in project best-cloud by shanzhaozhen.

the class AuthorizationServerConfig method registeredClientRepository.

/**
 * 配置客户端
 * @return
 */
@Bean
public RegisteredClientRepository registeredClientRepository(JdbcTemplate jdbcTemplate) {
    // 使用内存作为客户端的信息库
    // RegisteredClient registeredClient = RegisteredClient.withId(UUID.randomUUID().toString())
    // // 客户端id 需要唯一
    // .clientId("auth")
    // // 客户端密码
    // .clientSecret("123456")
    // // 可以基于 basic 的方式和授权服务器进行认证
    // .clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_BASIC)
    // // 授权码
    // .authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
    // // 刷新token
    // .authorizationGrantType(AuthorizationGrantType.REFRESH_TOKEN)
    // // 客户端模式
    // .authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS)
    // // 密码模式
    // .authorizationGrantType(AuthorizationGrantType.PASSWORD)
    // // 重定向url
    // // 回调地址名单,不在此列将被拒绝 而且只能使用IP或者域名  不能使用 localhost
    // .redirectUri("http://127.0.0.1:8080/login/oauth2/code/messaging-client-oidc")
    // .redirectUri("http://127.0.0.1:8080/authorized")
    // .redirectUri("http://www.baidu.com")
    // // 客户端申请的作用域,也可以理解这个客户端申请访问用户的哪些信息,比如:获取用户信息,获取用户照片等
    // // OIDC支持
    // .scope(OidcScopes.OPENID)
    // // 其它Scope
    // .scope("all")
    // .scope("message.read")
    // .scope("message.write")
    // .clientSettings(ClientSettings
    // .builder()
    // // 是否需要用户确认一下客户端需要获取用户的哪些权限
    // // 比如:客户端需要获取用户的 用户信息、用户照片 但是此处用户可以控制只给客户端授权获取 用户信息。
    // // 配置客户端相关的配置项,包括验证密钥或者 是否需要授权页面
    // .requireAuthorizationConsent(true).build())
    // .tokenSettings(TokenSettings.builder()
    // // accessToken 的有效期
    // .accessTokenTimeToLive(Duration.ofHours(1))
    // // refreshToken 的有效期
    // .refreshTokenTimeToLive(Duration.ofDays(3))
    // // 是否可重用刷新令牌
    // .reuseRefreshTokens(true)
    // .build()
    // )
    // .build();
    // return new InMemoryRegisteredClientRepository(registeredClient);
    // return new JdbcRegisteredClientRepository(jdbcTemplate);
    // 使用数据库作为客户端的信息库
    // JdbcRegisteredClientRepository jdbcRegisteredClientRepository = new JdbcRegisteredClientRepository(jdbcTemplate);
    // jdbcRegisteredClientRepository.save(registeredClient);
    // return jdbcRegisteredClientRepository;
    JdbcRegisteredClientRepository jdbcRegisteredClientRepository = new JdbcRegisteredClientRepository(jdbcTemplate);
    // 解决json 反序列化 白名单问题
    JdbcRegisteredClientRepository.RegisteredClientRowMapper registeredClientRowMapper = new JdbcRegisteredClientRepository.RegisteredClientRowMapper();
    registeredClientRowMapper.setObjectMapper(SecurityJacksonConfig.objectMapper);
    jdbcRegisteredClientRepository.setRegisteredClientRowMapper(registeredClientRowMapper);
    return jdbcRegisteredClientRepository;
}
Also used : JdbcRegisteredClientRepository(org.springframework.security.oauth2.server.authorization.client.JdbcRegisteredClientRepository) Bean(org.springframework.context.annotation.Bean)

Example 2 with InMemoryRegisteredClientRepository

use of org.springframework.security.oauth2.server.authorization.client.InMemoryRegisteredClientRepository in project muses by acgist.

the class AuthorizationServerConfig method registeredClientRepository.

/**
 * 注意ID不能随机生成否者重启之后Redis不能正确加载
 *
 * 如果需要指定重定向地址不能使用localhost等等本地回环地址
 * 正确跳转:http://localhost:9999/oauth2/authorize?response_type=code&client_id=web&client_secret=acgist&scope=all&state=state
 * 不能跳转:http://localhost:9999/oauth2/authorize?response_type=code&client_id=web&client_secret=acgist&scope=all&state=state&redirect_uri=http://localhost:9999/code
 */
@Bean
@ConditionalOnMissingBean
public RegisteredClientRepository registeredClientRepository(PasswordEncoder passwordEncoder) {
    // TODO:密码模式
    final TokenSettings tokenSettings = this.tokenSettings();
    final List<RegisteredClient> clients = new ArrayList<>();
    this.oAuth2Config.getClients().forEach((name, secret) -> {
        LOGGER.info("注册授权客户端:{}", name);
        final RegisteredClient client = RegisteredClient.withId(name).clientId(name).clientSecret(passwordEncoder.encode(secret)).clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_BASIC).authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE).authorizationGrantType(AuthorizationGrantType.REFRESH_TOKEN).redirectUri(this.oAuth2Config.getRedirectUri()).tokenSettings(tokenSettings).scope("all").build();
        clients.add(client);
    });
    return new InMemoryRegisteredClientRepository(clients);
}
Also used : InMemoryRegisteredClientRepository(org.springframework.security.oauth2.server.authorization.client.InMemoryRegisteredClientRepository) TokenSettings(org.springframework.security.oauth2.server.authorization.config.TokenSettings) ArrayList(java.util.ArrayList) RegisteredClient(org.springframework.security.oauth2.server.authorization.client.RegisteredClient) ConditionalOnMissingBean(org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean) ConditionalOnMissingBean(org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean) Bean(org.springframework.context.annotation.Bean)

Example 3 with InMemoryRegisteredClientRepository

use of org.springframework.security.oauth2.server.authorization.client.InMemoryRegisteredClientRepository in project ara by Decathlon.

the class AuthorizationServerConfig method registeredClientRepository.

@Bean
public RegisteredClientRepository registeredClientRepository() {
    RegisteredClient registeredClientAC = RegisteredClient.withId(UUID.randomUUID().toString()).clientId("ara-client").clientSecret("{noop}ara-client").clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_BASIC).authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE).authorizationGrantType(AuthorizationGrantType.REFRESH_TOKEN).redirectUri(String.format("%s/oauth/logincomplete/ara-client-oidc", clientUrl)).scope(OidcScopes.OPENID).scope(OidcScopes.PROFILE).scope("ara.read").build();
    RegisteredClient registeredClientCC = RegisteredClient.withId(UUID.randomUUID().toString()).clientId("other-client").clientSecret("{noop}other-client").clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_BASIC).authorizationGrantType(AuthorizationGrantType.REFRESH_TOKEN).authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS).scope(OidcScopes.OPENID).scope("ara.read").build();
    return new InMemoryRegisteredClientRepository(registeredClientAC, registeredClientCC);
}
Also used : InMemoryRegisteredClientRepository(org.springframework.security.oauth2.server.authorization.client.InMemoryRegisteredClientRepository) RegisteredClient(org.springframework.security.oauth2.server.authorization.client.RegisteredClient) Bean(org.springframework.context.annotation.Bean)

Example 4 with InMemoryRegisteredClientRepository

use of org.springframework.security.oauth2.server.authorization.client.InMemoryRegisteredClientRepository in project tutorials by csh0034.

the class AuthorizationServerConfig method registeredClientRepository.

@Bean
public RegisteredClientRepository registeredClientRepository() {
    RegisteredClient loginClient = RegisteredClient.withId(UUID.randomUUID().toString()).clientId("login-client").clientSecret("{noop}openid-connect").clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_BASIC).authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE).authorizationGrantType(AuthorizationGrantType.REFRESH_TOKEN).redirectUri("http://127.0.0.1:8080/login/oauth2/code/login-client").redirectUri("http://127.0.0.1:8080/authorized").scope(OidcScopes.OPENID).scope(OidcScopes.PROFILE).clientSettings(ClientSettings.builder().requireAuthorizationConsent(true).build()).build();
    RegisteredClient registeredClient = RegisteredClient.withId(UUID.randomUUID().toString()).clientId("messaging-client").clientSecret("{noop}secret").clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_BASIC).authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS).tokenSettings(TokenSettings.builder().accessTokenTimeToLive(Duration.ofHours(1)).build()).scope("message:read").scope("message:write").build();
    return new InMemoryRegisteredClientRepository(loginClient, registeredClient);
}
Also used : InMemoryRegisteredClientRepository(org.springframework.security.oauth2.server.authorization.client.InMemoryRegisteredClientRepository) RegisteredClient(org.springframework.security.oauth2.server.authorization.client.RegisteredClient) Bean(org.springframework.context.annotation.Bean)

Example 5 with InMemoryRegisteredClientRepository

use of org.springframework.security.oauth2.server.authorization.client.InMemoryRegisteredClientRepository in project spring-security-samples by spring-projects.

the class OAuth2AuthorizationServerSecurityConfiguration method registeredClientRepository.

@Bean
public RegisteredClientRepository registeredClientRepository() {
    // @formatter:off
    RegisteredClient loginClient = RegisteredClient.withId(UUID.randomUUID().toString()).clientId("login-client").clientSecret("{noop}openid-connect").clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_BASIC).authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE).authorizationGrantType(AuthorizationGrantType.REFRESH_TOKEN).redirectUri("http://127.0.0.1:8080/login/oauth2/code/login-client").redirectUri("http://127.0.0.1:8080/authorized").scope(OidcScopes.OPENID).scope(OidcScopes.PROFILE).clientSettings(ClientSettings.builder().requireAuthorizationConsent(true).build()).build();
    RegisteredClient registeredClient = RegisteredClient.withId(UUID.randomUUID().toString()).clientId("messaging-client").clientSecret("{noop}secret").clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_BASIC).authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS).scope("message:read").scope("message:write").build();
    return new InMemoryRegisteredClientRepository(loginClient, registeredClient);
}
Also used : InMemoryRegisteredClientRepository(org.springframework.security.oauth2.server.authorization.client.InMemoryRegisteredClientRepository) RegisteredClient(org.springframework.security.oauth2.server.authorization.client.RegisteredClient) Bean(org.springframework.context.annotation.Bean)

Aggregations

Bean (org.springframework.context.annotation.Bean)5 InMemoryRegisteredClientRepository (org.springframework.security.oauth2.server.authorization.client.InMemoryRegisteredClientRepository)4 RegisteredClient (org.springframework.security.oauth2.server.authorization.client.RegisteredClient)4 ArrayList (java.util.ArrayList)1 ConditionalOnMissingBean (org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean)1 JdbcRegisteredClientRepository (org.springframework.security.oauth2.server.authorization.client.JdbcRegisteredClientRepository)1 TokenSettings (org.springframework.security.oauth2.server.authorization.config.TokenSettings)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial