0

我正在尝试使用隐式、密码和授权流程使用 Spring OAuth 2 设置项目。

当我使用相同的令牌端点进行隐式和其他两个令牌端点时出现问题,密码和授权需要基本身份验证进行客户端验证,而隐式不验证客户端密码,我想使用更经典的登录/密码身份验证用于用户授权。

因此,根据配置,一两个流程可以工作。拥有 2 个端点似乎是最简单的解决方案,但我找不到如何实现这一点。

<?xml version="1.0" encoding="UTF-8" ?>
<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns:oauth="http://www.springframework.org/schema/security/oauth2" 
    xmlns:sec="http://www.springframework.org/schema/security"
    xmlns:mvc="http://www.springframework.org/schema/mvc"
    xsi:schemaLocation="http://www.springframework.org/schema/security/oauth2 http://www.springframework.org/schema/security/spring-security-oauth2-1.0.xsd
        http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.1.xsd
        http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd
        http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd">
<!--
    <sec:http pattern="/external/oauth/token" create-session="stateless" authentication-manager-ref="clientAuthenticationManager"
        xmlns="http://www.springframework.org/schema/security" entry-point-ref="authenticationEntryPoint">
        <sec:intercept-url pattern="/external/oauth/token" access="IS_AUTHENTICATED_FULLY" />
        <sec:anonymous enabled="false" />
        <sec:access-denied-handler ref="oauthAccessDeniedHandler" />
    </sec:http>
-->
    <sec:http pattern="/external/oauth/token" create-session="stateless" authentication-manager-ref="clientAuthenticationManager"
        xmlns="http://www.springframework.org/schema/security">
        <sec:intercept-url pattern="/external/oauth/token" access="IS_AUTHENTICATED_FULLY" />
        <sec:anonymous enabled="false" />
        <sec:http-basic entry-point-ref="clientAuthenticationEntryPoint" />
        <sec:access-denied-handler ref="oauthAccessDeniedHandler" />
    </sec:http>

    <bean id="clientAuthenticationEntryPoint" class="org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint">
        <property name="realmName" value="blablabla" />
        <property name="typeName" value="Basic" />
    </bean>
    <bean id="oauthAccessDeniedHandler" class="org.springframework.security.oauth2.provider.error.OAuth2AccessDeniedHandler" />

    <authentication-manager id="clientAuthenticationManager" xmlns="http://www.springframework.org/schema/security">
        <authentication-provider user-service-ref="clientDetailsUserService" />
    </authentication-manager>

    <bean id="clientDetailsUserService" class="org.springframework.security.oauth2.provider.client.ClientDetailsUserDetailsService">
        <constructor-arg ref="clientDetails" />
    </bean>

    <bean id="tokenStore" class="com.proton.oauthprovider.service.ProtOnTokenStore" />

    <bean id="clientDetails" class="com.proton.oauthprovider.service.ProtOnClientDetailsService" />

    <bean id="oauthCodeDetails" class="com.proton.oauthprovider.service.ProtOnAuthorizationCodeServices" />

    <bean id="tokenServices" class="org.springframework.security.oauth2.provider.token.DefaultTokenServices">
        <property name="tokenStore" ref="tokenStore" />
        <property name="supportRefreshToken" value="true" />
        <property name="clientDetailsService" ref="clientDetails" />
    </bean>

    <bean id="userApprovalHandler" class="com.proton.oauthprovider.service.OAuthUserApprovalHandler">
        <property name="autoApproveClients">
            <set>
                <!--  <value>rest-client</value> -->
            </set>
        </property>
        <property name="tokenServices" ref="tokenServices" />
    </bean>

    <oauth:authorization-server client-details-service-ref="clientDetails"  
        token-services-ref="tokenServices"
        user-approval-handler-ref="userApprovalHandler" authorization-endpoint-url="/external/oauth/authorize" 
        user-approval-page="forward:/external/oauth/confirm_access" 
        error-page="forward:/external/oauth/error" 
        token-endpoint-url="/external/oauth/token" >
        <oauth:authorization-code authorization-code-services-ref="oauthCodeDetails"/>
        <oauth:implicit/>
        <oauth:refresh-token />
        <oauth:password authentication-manager-ref="authenticationManager"/>
    </oauth:authorization-server>

    <oauth:web-expression-handler id="oauthWebExpressionHandler" />

    <!-- Override the default mappings for approval and error pages -->
    <bean id="accessConfirmationController" class="com.proton.oauthprovider.controller.AccessConfirmationController">
        <property name="clientDetailsService" ref="clientDetails" />
    </bean>

</beans>

authenticationEntryPoint 是登录表单入口点,自定义类与 sparklr 和 tonr 或多或少相同,只是使用 DB 后端存储客户端和令牌数据。

4

1 回答 1

0

好的,我错了,隐式流不使用令牌端点,它使用授权端点。所以之前的配置没问题,我只需要将隐式流指向 /oauth/authorize/ 就可以按预期工作。

于 2013-04-17T08:52:32.297 回答