6

我正在为一组需要能够相互调用传递令牌的端点进行概念验证,这些令牌是通过 OAuth 2 客户端凭据流获得的。我正在使用 Spring Boot 和相关项目来构建这些端点,我很困惑为什么框架似乎对以下代码非常固执己见:

package com.example.client;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.oauth2.client.OAuth2ClientContext;
import org.springframework.security.oauth2.client.OAuth2RestOperations;
import org.springframework.security.oauth2.client.OAuth2RestTemplate;
import org.springframework.security.oauth2.client.resource.OAuth2ProtectedResourceDetails;
import org.springframework.security.oauth2.client.token.grant.client.ClientCredentialsResourceDetails;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableOAuth2Client;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RestController;

@Configuration
@EnableAutoConfiguration
@EnableOAuth2Client
@RestController
public class StuffClient {

    @Value("${security.oauth2.client.access-token-uri}")
    private String tokenUrl;

    @Value("${security.oauth2.client.id}")
    private String clientId;

    @Value("${security.oauth2.client.client-secret}")
    private String clientSecret;

    @Value("${security.oauth2.client.grant-type}")
    private String grantType;

    @Autowired
    private OAuth2RestOperations restTemplate;

    private String uri = "http://localhost:8082/stuff/";

    @RequestMapping(value = "/client/{stuffName}", method = RequestMethod.GET)
    public String client(@PathVariable("stuffName") String stuffName) {
        String request = uri + stuffName;
        return restTemplate.getForObject(request, String.class);
    }

    @Bean
    public OAuth2RestOperations restTemplate(OAuth2ClientContext clientContext) {
        return new OAuth2RestTemplate(resource(), clientContext);
    }

    @Bean
    protected OAuth2ProtectedResourceDetails resource() {
        ClientCredentialsResourceDetails resource = new ClientCredentialsResourceDetails();
        resource.setAccessTokenUri(tokenUrl);
        resource.setClientId(clientId);
        resource.setClientSecret(clientSecret);
        resource.setGrantType(grantType);
        return resource;
    }
}

以及随附的配置文件:

server:
  port: 8081

security:
  basic:
    enabled: false
  oauth2:
    client:
      id: test-client
      client-secret: test-secret
      access-token-uri: http://localhost:8080/uaa/oauth/token
      grant-type: client_credentials

以上工作完全符合预期。如果我更改security.oauth2.client.idsecurity.oauth2.client.client-id(在 Java 代码和 YAML 中),我会收到 500 错误,其中第一行是:

org.springframework.security.oauth2.client.resource.OAuth2AccessDeniedException: Unable to obtain a new access token for resource 'null'. The provider manager is not configured to support it.

如果我对所有实例变量的值进行硬编码,该代码也可以正常工作。实际上,在填充这些实例变量的每一种排列中,它似乎都可以正常工作,除了我@Value用来填充clientId值的那个security.oauth2.client.client-id

所以我的主要问题是:框架是否真的以这种非常具体的方式自以为是?如果是这样,为什么?而且,我可以利用这种固执己见来简化我的代码吗?

4

1 回答 1

1

我不确定您使用的是哪个 spring-boot 版本。我正在使用 spring-boot 版本1.5.4.RELEASED并简化您的代码,

你可以注入OAuth2ProtectedResourceDetails

@Autowired
private OAuth2ProtectedResourceDetails resource;

并将OAuth2RestTemplate创建为

@Bean
@Primary
public OAuth2RestOperations restTemplate(OAuth2ClientContext clientContext) {
    return new OAuth2RestTemplate(resource, clientContext);
}

示例 yaml ..

### OAuth2 settings ### 
security:
  user:
    password: none
  oauth2:
    client:
      accessTokenUri: ${auth-server}/oauth/token
      userAuthorizationUri: ${auth-server}/oauth/authorize
      clientId: myclient
      clientSecret: secret
    resource:
      user-info-uri: ${auth-server}/sso/user
      jwt:
        keyValue: |
          -----BEGIN PUBLIC KEY-----
          your public key
          -----END PUBLIC KEY-----

然后,restTemplate在控制器中使用实例作为

@Autowired
private OAuth2RestOperations restTemplate;

我希望对你有所帮助。

于 2017-07-12T03:37:48.973 回答