Example 1 with JdbcRegisteredClientRepository
use of org.springframework.security.oauth2.server.authorization.client.JdbcRegisteredClientRepository in project best-cloud by shanzhaozhen.
the class AuthorizationServerConfig method registeredClientRepository.
/**
* 配置客户端
* @return
*/
@Bean
public RegisteredClientRepository registeredClientRepository(JdbcTemplate jdbcTemplate) {
// 使用内存作为客户端的信息库
// RegisteredClient registeredClient = RegisteredClient.withId(UUID.randomUUID().toString())
// // 客户端id 需要唯一
// .clientId("auth")
// // 客户端密码
// .clientSecret("123456")
// // 可以基于 basic 的方式和授权服务器进行认证
// .clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_BASIC)
// // 授权码
// .authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
// // 刷新token
// .authorizationGrantType(AuthorizationGrantType.REFRESH_TOKEN)
// // 客户端模式
// .authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS)
// // 密码模式
// .authorizationGrantType(AuthorizationGrantType.PASSWORD)
// // 重定向url
// // 回调地址名单,不在此列将被拒绝 而且只能使用IP或者域名 不能使用 localhost
// .redirectUri("http://127.0.0.1:8080/login/oauth2/code/messaging-client-oidc")
// .redirectUri("http://127.0.0.1:8080/authorized")
// .redirectUri("http://www.baidu.com")
// // 客户端申请的作用域,也可以理解这个客户端申请访问用户的哪些信息,比如:获取用户信息,获取用户照片等
// // OIDC支持
// .scope(OidcScopes.OPENID)
// // 其它Scope
// .scope("all")
// .scope("message.read")
// .scope("message.write")
// .clientSettings(ClientSettings
// .builder()
// // 是否需要用户确认一下客户端需要获取用户的哪些权限
// // 比如:客户端需要获取用户的 用户信息、用户照片 但是此处用户可以控制只给客户端授权获取 用户信息。
// // 配置客户端相关的配置项,包括验证密钥或者 是否需要授权页面
// .requireAuthorizationConsent(true).build())
// .tokenSettings(TokenSettings.builder()
// // accessToken 的有效期
// .accessTokenTimeToLive(Duration.ofHours(1))
// // refreshToken 的有效期
// .refreshTokenTimeToLive(Duration.ofDays(3))
// // 是否可重用刷新令牌
// .reuseRefreshTokens(true)
// .build()
// )
// .build();
// return new InMemoryRegisteredClientRepository(registeredClient);
// return new JdbcRegisteredClientRepository(jdbcTemplate);
// 使用数据库作为客户端的信息库
// JdbcRegisteredClientRepository jdbcRegisteredClientRepository = new JdbcRegisteredClientRepository(jdbcTemplate);
// jdbcRegisteredClientRepository.save(registeredClient);
// return jdbcRegisteredClientRepository;
JdbcRegisteredClientRepository jdbcRegisteredClientRepository = new JdbcRegisteredClientRepository(jdbcTemplate);
// 解决json 反序列化 白名单问题
JdbcRegisteredClientRepository.RegisteredClientRowMapper registeredClientRowMapper = new JdbcRegisteredClientRepository.RegisteredClientRowMapper();
registeredClientRowMapper.setObjectMapper(SecurityJacksonConfig.objectMapper);
jdbcRegisteredClientRepository.setRegisteredClientRowMapper(registeredClientRowMapper);
return jdbcRegisteredClientRepository;
}
Also used :
JdbcRegisteredClientRepository(org.springframework.security.oauth2.server.authorization.client.JdbcRegisteredClientRepository)
Bean(org.springframework.context.annotation.Bean)
Example 2 with JdbcRegisteredClientRepository
use of org.springframework.security.oauth2.server.authorization.client.JdbcRegisteredClientRepository in project platform-base by SummerWindL.
the class AuthorizationConfig method registeredClientRepository.
/**
* 创建客户端信息,可以保存在内存和数据库,此处保存在数据库中
*/
@Bean
public RegisteredClientRepository registeredClientRepository(JdbcTemplate jdbcTemplate) {
RegisteredClient registeredClient = RegisteredClient.withId(UUID.randomUUID().toString()).clientId("csdn").clientSecret(passwordEncoder.encode("csdn123")).clientAuthenticationMethod(ClientAuthenticationMethod.BASIC).authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE).authorizationGrantType(AuthorizationGrantType.REFRESH_TOKEN).authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS).authorizationGrantType(AuthorizationGrantType.PASSWORD).authorizationGrantType(AuthorizationGrantType.IMPLICIT).redirectUri("https://www.baidu.com").scope("user.userInfo").scope("user.photos").build();
JdbcRegisteredClientRepository jdbcRegisteredClientRepository = new JdbcRegisteredClientRepository(jdbcTemplate);
if (null == jdbcRegisteredClientRepository.findByClientId("csdn")) {
jdbcRegisteredClientRepository.save(registeredClient);
}
return jdbcRegisteredClientRepository;
}
Also used :
JdbcRegisteredClientRepository(org.springframework.security.oauth2.server.authorization.client.JdbcRegisteredClientRepository)
RegisteredClient(org.springframework.security.oauth2.server.authorization.client.RegisteredClient)
Bean(org.springframework.context.annotation.Bean)
Example 3 with JdbcRegisteredClientRepository
use of org.springframework.security.oauth2.server.authorization.client.JdbcRegisteredClientRepository in project platform-base by SummerWindL.
the class AuthorizationConfig method registeredClientRepository.
/**
* 创建客户端信息,可以保存在内存和数据库,此处保存在数据库中
*/
@Bean
public RegisteredClientRepository registeredClientRepository(JdbcTemplate jdbcTemplate) {
RegisteredClient registeredClient = RegisteredClient.withId(UUID.randomUUID().toString()).clientId("csdn").clientSecret("csdn123").clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_BASIC).authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE).authorizationGrantType(AuthorizationGrantType.REFRESH_TOKEN).authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS).authorizationGrantType(AuthorizationGrantType.PASSWORD).authorizationGrantType(AuthorizationGrantType.IMPLICIT).redirectUri("https://www.baidu.com").scope("user.userInfo").scope("user.photos").clientSettings(ClientSettings.builder().requireAuthorizationConsent(true).build()).tokenSettings(TokenSettings.builder().accessTokenTimeToLive(Duration.ofHours(1)).refreshTokenTimeToLive(Duration.ofDays(3)).reuseRefreshTokens(true).build()).build();
JdbcRegisteredClientRepository jdbcRegisteredClientRepository = new JdbcRegisteredClientRepository(jdbcTemplate);
if (null == jdbcRegisteredClientRepository.findByClientId("csdn")) {
jdbcRegisteredClientRepository.save(registeredClient);
}
return jdbcRegisteredClientRepository;
}
Also used :
JdbcRegisteredClientRepository(org.springframework.security.oauth2.server.authorization.client.JdbcRegisteredClientRepository)
RegisteredClient(org.springframework.security.oauth2.server.authorization.client.RegisteredClient)
Bean(org.springframework.context.annotation.Bean)
Example 4 with JdbcRegisteredClientRepository
use of org.springframework.security.oauth2.server.authorization.client.JdbcRegisteredClientRepository in project spring-authorization-server by spring-projects.
the class AuthorizationServerConfig method registeredClientRepository.
// @formatter:off
@Bean
public RegisteredClientRepository registeredClientRepository(JdbcTemplate jdbcTemplate) {
RegisteredClient registeredClient = RegisteredClient.withId(UUID.randomUUID().toString()).clientId("messaging-client").clientSecret("{noop}secret").clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_BASIC).authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE).authorizationGrantType(AuthorizationGrantType.REFRESH_TOKEN).authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS).redirectUri("http://127.0.0.1:8080/login/oauth2/code/messaging-client-oidc").redirectUri("http://127.0.0.1:8080/authorized").scope(OidcScopes.OPENID).scope("message.read").scope("message.write").clientSettings(ClientSettings.builder().requireAuthorizationConsent(true).build()).build();
// Save registered client in db as if in-memory
JdbcRegisteredClientRepository registeredClientRepository = new JdbcRegisteredClientRepository(jdbcTemplate);
registeredClientRepository.save(registeredClient);
return registeredClientRepository;
}
Also used :
JdbcRegisteredClientRepository(org.springframework.security.oauth2.server.authorization.client.JdbcRegisteredClientRepository)
RegisteredClient(org.springframework.security.oauth2.server.authorization.client.RegisteredClient)
Bean(org.springframework.context.annotation.Bean)
Example 5 with JdbcRegisteredClientRepository
use of org.springframework.security.oauth2.server.authorization.client.JdbcRegisteredClientRepository in project custom-spring-authorization-server by andifalk.
the class AuthorizationServerConfig method registeredClientRepository.
/*
* Repository with all registered OAuth/OIDC clients.
*/
@Bean
public RegisteredClientRepository registeredClientRepository(JdbcTemplate jdbcTemplate, PasswordEncoder passwordEncoder) {
RegisteredClient demoClient = RegisteredClient.withId(UUID.randomUUID().toString()).clientId("demo-client").clientSecret(passwordEncoder.encode("secret")).clientAuthenticationMethods(methods -> methods.addAll(List.of(ClientAuthenticationMethod.CLIENT_SECRET_BASIC, ClientAuthenticationMethod.CLIENT_SECRET_POST))).authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE).authorizationGrantType(AuthorizationGrantType.REFRESH_TOKEN).authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS).redirectUri("http://127.0.0.1:9095/client/callback").redirectUri("http://127.0.0.1:9095/client/authorized").redirectUri("http://127.0.0.1:9095/client").redirectUri("http://127.0.0.1:9095/login/oauth2/code/spring-authz-server").redirectUri("https://oauth.pstmn.io/v1/callback").scopes(scopes -> scopes.addAll(List.of(OidcScopes.OPENID, OidcScopes.PROFILE, OidcScopes.EMAIL, "offline_access"))).clientSettings(ClientSettings.builder().requireAuthorizationConsent(false).build()).build();
RegisteredClient demoClientPkce = RegisteredClient.withId(UUID.randomUUID().toString()).clientId("demo-client-pkce").clientAuthenticationMethod(ClientAuthenticationMethod.NONE).authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE).authorizationGrantType(AuthorizationGrantType.REFRESH_TOKEN).authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS).redirectUri("http://127.0.0.1:9095/client/callback").redirectUri("http://127.0.0.1:9095/client/authorized").redirectUri("http://127.0.0.1:9095/client").redirectUri("http://127.0.0.1:9095/login/oauth2/code/spring-authz-server").redirectUri("https://oauth.pstmn.io/v1/callback").scopes(scopes -> scopes.addAll(List.of(OidcScopes.OPENID, OidcScopes.PROFILE, OidcScopes.EMAIL, "offline_access"))).clientSettings(ClientSettings.builder().requireProofKey(true).requireAuthorizationConsent(false).build()).build();
RegisteredClient demoClientOpaque = RegisteredClient.withId(UUID.randomUUID().toString()).clientId("demo-client-opaque").clientSecret(passwordEncoder.encode("secret")).clientAuthenticationMethods(methods -> methods.addAll(List.of(ClientAuthenticationMethod.CLIENT_SECRET_BASIC, ClientAuthenticationMethod.CLIENT_SECRET_POST))).authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE).authorizationGrantType(AuthorizationGrantType.REFRESH_TOKEN).authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS).tokenSettings(TokenSettings.builder().accessTokenFormat(OAuth2TokenFormat.REFERENCE).build()).redirectUri("http://127.0.0.1:9095/client/callback").redirectUri("http://127.0.0.1:9095/client/authorized").redirectUri("http://127.0.0.1:9095/client").redirectUri("http://127.0.0.1:9095/login/oauth2/code/spring-authz-server").redirectUri("https://oauth.pstmn.io/v1/callback").scopes(scopes -> scopes.addAll(List.of(OidcScopes.OPENID, OidcScopes.PROFILE, OidcScopes.EMAIL, "offline_access"))).clientSettings(ClientSettings.builder().requireAuthorizationConsent(false).build()).build();
RegisteredClient demoClientPkceOpaque = RegisteredClient.withId(UUID.randomUUID().toString()).clientId("demo-client-pkce-opaque").clientSecret(passwordEncoder.encode("secret")).clientAuthenticationMethods(methods -> methods.addAll(List.of(ClientAuthenticationMethod.CLIENT_SECRET_BASIC, ClientAuthenticationMethod.CLIENT_SECRET_POST, ClientAuthenticationMethod.NONE))).authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE).authorizationGrantType(AuthorizationGrantType.REFRESH_TOKEN).authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS).tokenSettings(TokenSettings.builder().accessTokenFormat(OAuth2TokenFormat.REFERENCE).build()).redirectUri("http://127.0.0.1:9095/client/callback").redirectUri("http://127.0.0.1:9095/client/authorized").redirectUri("http://127.0.0.1:9095/client").redirectUri("http://127.0.0.1:9095/login/oauth2/code/spring-authz-server").redirectUri("https://oauth.pstmn.io/v1/callback").scopes(scopes -> scopes.addAll(List.of(OidcScopes.OPENID, OidcScopes.PROFILE, OidcScopes.EMAIL, "offline_access"))).clientSettings(ClientSettings.builder().requireProofKey(true).requireAuthorizationConsent(false).build()).build();
// Save registered client in db as if in-memory
JdbcRegisteredClientRepository registeredClientRepository = new JdbcRegisteredClientRepository(jdbcTemplate);
registeredClientRepository.save(demoClient);
registeredClientRepository.save(demoClientPkce);
registeredClientRepository.save(demoClientOpaque);
registeredClientRepository.save(demoClientPkceOpaque);
LOGGER.info("Registered OAuth2/OIDC clients");
return registeredClientRepository;
}
Also used :
SecurityContext(com.nimbusds.jose.proc.SecurityContext)
Ordered(org.springframework.core.Ordered)
OAuth2AuthorizationServerConfigurer(org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization.OAuth2AuthorizationServerConfigurer)
RegisteredClientRepository(org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository)
LoggerFactory(org.slf4j.LoggerFactory)
JdbcRegisteredClientRepository(org.springframework.security.oauth2.server.authorization.client.JdbcRegisteredClientRepository)
JWKSet(com.nimbusds.jose.jwk.JWKSet)
HashMap(java.util.HashMap)
HttpSecurity(org.springframework.security.config.annotation.web.builders.HttpSecurity)
TokenSettings(org.springframework.security.oauth2.server.authorization.config.TokenSettings)
JdbcTemplate(org.springframework.jdbc.core.JdbcTemplate)
ClientAuthenticationMethod(org.springframework.security.oauth2.core.ClientAuthenticationMethod)
Map(java.util.Map)
EmbeddedDatabaseBuilder(org.springframework.jdbc.datasource.embedded.EmbeddedDatabaseBuilder)
OidcScopes(org.springframework.security.oauth2.core.oidc.OidcScopes)
OAuth2ResourceServerConfigurer(org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer)
EmbeddedDatabase(org.springframework.jdbc.datasource.embedded.EmbeddedDatabase)
OidcUserInfo(org.springframework.security.oauth2.core.oidc.OidcUserInfo)
ClientSettings(org.springframework.security.oauth2.server.authorization.config.ClientSettings)
User(com.example.spring.authorizationserver.user.User)
ProviderSettings(org.springframework.security.oauth2.server.authorization.config.ProviderSettings)
JwtAuthenticationToken(org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken)
Order(org.springframework.core.annotation.Order)
JWKSource(com.nimbusds.jose.jwk.source.JWKSource)
Logger(org.slf4j.Logger)
RegisteredClient(org.springframework.security.oauth2.server.authorization.client.RegisteredClient)
Customizer(org.springframework.security.config.Customizer)
Jwks(com.example.spring.authorizationserver.jose.Jwks)
UUID(java.util.UUID)
RequestMatcher(org.springframework.security.web.util.matcher.RequestMatcher)
SecurityFilterChain(org.springframework.security.web.SecurityFilterChain)
Configuration(org.springframework.context.annotation.Configuration)
org.springframework.security.oauth2.server.authorization(org.springframework.security.oauth2.server.authorization)
List(java.util.List)
EmbeddedDatabaseType(org.springframework.jdbc.datasource.embedded.EmbeddedDatabaseType)
PasswordEncoder(org.springframework.security.crypto.password.PasswordEncoder)
RSAKey(com.nimbusds.jose.jwk.RSAKey)
OAuth2TokenType(org.springframework.security.oauth2.core.OAuth2TokenType)
Bean(org.springframework.context.annotation.Bean)
UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken)
OAuth2TokenFormat(org.springframework.security.oauth2.core.OAuth2TokenFormat)
AuthorizationGrantType(org.springframework.security.oauth2.core.AuthorizationGrantType)
JdbcRegisteredClientRepository(org.springframework.security.oauth2.server.authorization.client.JdbcRegisteredClientRepository)
RegisteredClient(org.springframework.security.oauth2.server.authorization.client.RegisteredClient)
Bean(org.springframework.context.annotation.Bean)
Aggregations
Bean (org.springframework.context.annotation.Bean)5
JdbcRegisteredClientRepository (org.springframework.security.oauth2.server.authorization.client.JdbcRegisteredClientRepository)5
RegisteredClient (org.springframework.security.oauth2.server.authorization.client.RegisteredClient)4
Jwks (com.example.spring.authorizationserver.jose.Jwks)1
User (com.example.spring.authorizationserver.user.User)1
JWKSet (com.nimbusds.jose.jwk.JWKSet)1
RSAKey (com.nimbusds.jose.jwk.RSAKey)1
JWKSource (com.nimbusds.jose.jwk.source.JWKSource)1
SecurityContext (com.nimbusds.jose.proc.SecurityContext)1
HashMap (java.util.HashMap)1
List (java.util.List)1
Map (java.util.Map)1
UUID (java.util.UUID)1
Logger (org.slf4j.Logger)1
LoggerFactory (org.slf4j.LoggerFactory)1
Configuration (org.springframework.context.annotation.Configuration)1
Ordered (org.springframework.core.Ordered)1
Order (org.springframework.core.annotation.Order)1
JdbcTemplate (org.springframework.jdbc.core.JdbcTemplate)1
EmbeddedDatabase (org.springframework.jdbc.datasource.embedded.EmbeddedDatabase)1
