由于对 ClientDetailService 的依赖使得从 getTokenGranter 方法获取默认授予者变得困难,我找不到一种方法。我从 AuthorizationServerEndpointsConfigurer#tokenGranter() 复制了代码,并将我的 clientDetailService 和其他 bean 直接传递给构造函数。请注意,我添加创建一个 DefaultOAuth2RequestFactory 以传递给授予者和端点:
public TokenGranter tokenGranter() {
ClientDetailsService clientDetails = clientDetailsService;
AuthorizationServerTokenServices tokenServices = tokenServices();
AuthorizationCodeServices authorizationCodeServices = authorizationCodeServices();
OAuth2RequestFactory requestFactory = requestFactory();
List<TokenGranter> tokenGranters = new ArrayList<TokenGranter>();
tokenGranters.add(new AuthorizationCodeTokenGranter(tokenServices, authorizationCodeServices,
clientDetails, requestFactory));
tokenGranters.add(new RefreshTokenGranter(tokenServices, clientDetails, requestFactory));
tokenGranters.add(new ImplicitTokenGranter(tokenServices, clientDetails, requestFactory));
tokenGranters.add(new ClientCredentialsTokenGranter(tokenServices, clientDetails, requestFactory));
tokenGranters.add(new ResourceOwnerPasswordTokenGranter(authenticationManager, tokenServices,
clientDetails, requestFactory));
tokenGranters.add(new CustomTokenGranter(authenticationManager, tokenServices(), clientDetailsService,
requestFactory));
return new CompositeTokenGranter(tokenGranters);
}
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
endpoints
.tokenServices(tokenServices())
.tokenStore(tokenStore())
.tokenEnhancer(tokenEnhancer())
.authorizationCodeServices(authorizationCodeServices())
.userApprovalHandler(userApprovalHandler())
.authenticationManager(authenticationManager)
.requestFactory(requestFactory())
.tokenGranter(tokenGranter());
}
话虽如此,我最终删除了该代码并简单地添加了另一个 AuthenticationProvider ,因为我的新授权类型无论如何都使用了 UsernamePasswordAuthenticationToken 的子类,这是密码授权默认使用的身份验证类型。