use of org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository in project best-cloud by shanzhaozhen.
the class AuthorizationServerConfig method registeredClientRepository.
/**
* 配置客户端
* @return
*/
@Bean
public RegisteredClientRepository registeredClientRepository(JdbcTemplate jdbcTemplate) {
// 使用内存作为客户端的信息库
// RegisteredClient registeredClient = RegisteredClient.withId(UUID.randomUUID().toString())
// // 客户端id 需要唯一
// .clientId("auth")
// // 客户端密码
// .clientSecret("123456")
// // 可以基于 basic 的方式和授权服务器进行认证
// .clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_BASIC)
// // 授权码
// .authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
// // 刷新token
// .authorizationGrantType(AuthorizationGrantType.REFRESH_TOKEN)
// // 客户端模式
// .authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS)
// // 密码模式
// .authorizationGrantType(AuthorizationGrantType.PASSWORD)
// // 重定向url
// // 回调地址名单,不在此列将被拒绝 而且只能使用IP或者域名 不能使用 localhost
// .redirectUri("http://127.0.0.1:8080/login/oauth2/code/messaging-client-oidc")
// .redirectUri("http://127.0.0.1:8080/authorized")
// .redirectUri("http://www.baidu.com")
// // 客户端申请的作用域,也可以理解这个客户端申请访问用户的哪些信息,比如:获取用户信息,获取用户照片等
// // OIDC支持
// .scope(OidcScopes.OPENID)
// // 其它Scope
// .scope("all")
// .scope("message.read")
// .scope("message.write")
// .clientSettings(ClientSettings
// .builder()
// // 是否需要用户确认一下客户端需要获取用户的哪些权限
// // 比如:客户端需要获取用户的 用户信息、用户照片 但是此处用户可以控制只给客户端授权获取 用户信息。
// // 配置客户端相关的配置项,包括验证密钥或者 是否需要授权页面
// .requireAuthorizationConsent(true).build())
// .tokenSettings(TokenSettings.builder()
// // accessToken 的有效期
// .accessTokenTimeToLive(Duration.ofHours(1))
// // refreshToken 的有效期
// .refreshTokenTimeToLive(Duration.ofDays(3))
// // 是否可重用刷新令牌
// .reuseRefreshTokens(true)
// .build()
// )
// .build();
// return new InMemoryRegisteredClientRepository(registeredClient);
// return new JdbcRegisteredClientRepository(jdbcTemplate);
// 使用数据库作为客户端的信息库
// JdbcRegisteredClientRepository jdbcRegisteredClientRepository = new JdbcRegisteredClientRepository(jdbcTemplate);
// jdbcRegisteredClientRepository.save(registeredClient);
// return jdbcRegisteredClientRepository;
JdbcRegisteredClientRepository jdbcRegisteredClientRepository = new JdbcRegisteredClientRepository(jdbcTemplate);
// 解决json 反序列化 白名单问题
JdbcRegisteredClientRepository.RegisteredClientRowMapper registeredClientRowMapper = new JdbcRegisteredClientRepository.RegisteredClientRowMapper();
registeredClientRowMapper.setObjectMapper(SecurityJacksonConfig.objectMapper);
jdbcRegisteredClientRepository.setRegisteredClientRowMapper(registeredClientRowMapper);
return jdbcRegisteredClientRepository;
}
use of org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository in project platform-base by SummerWindL.
the class AuthorizationConfig method registeredClientRepository.
/**
* 创建客户端信息,可以保存在内存和数据库,此处保存在数据库中
*/
@Bean
public RegisteredClientRepository registeredClientRepository(JdbcTemplate jdbcTemplate) {
RegisteredClient registeredClient = RegisteredClient.withId(UUID.randomUUID().toString()).clientId("csdn").clientSecret(passwordEncoder.encode("csdn123")).clientAuthenticationMethod(ClientAuthenticationMethod.BASIC).authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE).authorizationGrantType(AuthorizationGrantType.REFRESH_TOKEN).authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS).authorizationGrantType(AuthorizationGrantType.PASSWORD).authorizationGrantType(AuthorizationGrantType.IMPLICIT).redirectUri("https://www.baidu.com").scope("user.userInfo").scope("user.photos").build();
JdbcRegisteredClientRepository jdbcRegisteredClientRepository = new JdbcRegisteredClientRepository(jdbcTemplate);
if (null == jdbcRegisteredClientRepository.findByClientId("csdn")) {
jdbcRegisteredClientRepository.save(registeredClient);
}
return jdbcRegisteredClientRepository;
}
use of org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository in project platform-base by SummerWindL.
the class AuthorizationConfig method authorizationService.
/**
* 保存授权信息,授权服务器给我们颁发来token,那我们肯定需要保存吧,由这个服务来保存
*/
@Bean
public OAuth2AuthorizationService authorizationService(JdbcTemplate jdbcTemplate, RegisteredClientRepository registeredClientRepository) {
JdbcOAuth2AuthorizationService authorizationService = new JdbcOAuth2AuthorizationService(jdbcTemplate, registeredClientRepository);
class CustomOAuth2AuthorizationRowMapper extends JdbcOAuth2AuthorizationService.OAuth2AuthorizationRowMapper {
public CustomOAuth2AuthorizationRowMapper(RegisteredClientRepository registeredClientRepository) {
super(registeredClientRepository);
getObjectMapper().configure(SerializationFeature.FAIL_ON_EMPTY_BEANS, false);
this.setLobHandler(new DefaultLobHandler());
}
}
CustomOAuth2AuthorizationRowMapper oAuth2AuthorizationRowMapper = new CustomOAuth2AuthorizationRowMapper(registeredClientRepository);
authorizationService.setAuthorizationRowMapper(oAuth2AuthorizationRowMapper);
return authorizationService;
}
use of org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository in project muses by acgist.
the class AuthorizationServerConfig method registeredClientRepository.
/**
* 注意ID不能随机生成否者重启之后Redis不能正确加载
*
* 如果需要指定重定向地址不能使用localhost等等本地回环地址
* 正确跳转:http://localhost:9999/oauth2/authorize?response_type=code&client_id=web&client_secret=acgist&scope=all&state=state
* 不能跳转:http://localhost:9999/oauth2/authorize?response_type=code&client_id=web&client_secret=acgist&scope=all&state=state&redirect_uri=http://localhost:9999/code
*/
@Bean
@ConditionalOnMissingBean
public RegisteredClientRepository registeredClientRepository(PasswordEncoder passwordEncoder) {
// TODO:密码模式
final TokenSettings tokenSettings = this.tokenSettings();
final List<RegisteredClient> clients = new ArrayList<>();
this.oAuth2Config.getClients().forEach((name, secret) -> {
LOGGER.info("注册授权客户端:{}", name);
final RegisteredClient client = RegisteredClient.withId(name).clientId(name).clientSecret(passwordEncoder.encode(secret)).clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_BASIC).authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE).authorizationGrantType(AuthorizationGrantType.REFRESH_TOKEN).redirectUri(this.oAuth2Config.getRedirectUri()).tokenSettings(tokenSettings).scope("all").build();
clients.add(client);
});
return new InMemoryRegisteredClientRepository(clients);
}
use of org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository in project best-cloud by shanzhaozhen.
the class OAuth2ConfigurerUtils method getRegisteredClientRepository.
static <B extends HttpSecurityBuilder<B>> RegisteredClientRepository getRegisteredClientRepository(B builder) {
RegisteredClientRepository registeredClientRepository = builder.getSharedObject(RegisteredClientRepository.class);
if (registeredClientRepository == null) {
registeredClientRepository = getBean(builder, RegisteredClientRepository.class);
builder.setSharedObject(RegisteredClientRepository.class, registeredClientRepository);
}
return registeredClientRepository;
}
Aggregations