1

Spring boot 2.3.x 和 Spring 5.x 最近添加了对基于WebClient类配置响应式 oauth2 客户端的支持。

我需要客户端凭据授予流程配置

在没有 Mutual TLS/SSL 的情况下进行此调用非常简单。

正常(无 TLS/SSL)配置(@Configuration)代码提取如下:-

@Bean
public ReactiveOAuth2AuthorizedClientManager authorizedClientManager(
        ReactiveClientRegistrationRepository clientRegistrationRepository,
        ServerOAuth2AuthorizedClientRepository authorizedClientRepository){

    ReactiveOAuth2AuthorizedClientProvider authorizedClientProvider = ReactiveOAuth2AuthorizedClientProviderBuilder.builder()
            .clientCredentials()
            .build();

    DefaultReactiveOAuth2AuthorizedClientManager authorizedClientManager = new DefaultReactiveOAuth2AuthorizedClientManager(clientRegistrationRepository, authorizedClientRepository);

    authorizedClientManager.setAuthorizedClientProvider(authorizedClientProvider);
    return authorizedClientManager;
}

@Bean("testClient")
public WebClient webClient(ReactiveOAuth2AuthorizedClientManager authorizedClientManager,
                           @Value("${test.client.base.url}") String baseUrl) {
    ServerOAuth2AuthorizedClientExchangeFilterFunction oauthFunction = new ServerOAuth2AuthorizedClientExchangeFilterFunction(authorizedClientManager);
    oauthFunction.setDefaultClientRegistrationId("local");
    return WebClient.builder()
            .baseUrl(baseUrl)
            .filter(oauthFunction)
            .build();
}

@Bean
public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
    http.oauth2Client();
    return http.build();
}

属性文件

spring.security.oauth2.client.registration.local.authorization-grant-type=client_credentials
spring.security.oauth2.client.registration.local.client-id=client_id
spring.security.oauth2.client.registration.local.client-secret=client_secret

spring.security.oauth2.client.provider.local.token-uri=http://hostname:port/oauth/token
test.client.base.url=http://protected-resource/v1/apis

但是通过 Mutual TLS(客户端证书)调用 oauth2 授权服务器是一件大事。

怎么做?我想与社区分享相同的内容,并在下面自己回答

4

1 回答 1

2

需求的答案和主要变化将在 bean 中authorizedClientManager

答案的范围是客户端凭据授权流程,尽管其他 oauth2 授权流程的更改应该相似,这也将有所帮助。

@Bean
public ReactiveOAuth2AuthorizedClientManager authorizedClientManager(
        ReactiveClientRegistrationRepository clientRegistrationRepository,
        ServerOAuth2AuthorizedClientRepository authorizedClientRepository){

    // construct client credential token response client yourself
    WebClientReactiveClientCredentialsTokenResponseClient accessTokenResponseClient = new WebClientReactiveClientCredentialsTokenResponseClient();

    // construct the sslContext as per your needs and inject in below
    // and create httpClient by injecting your sslContext here
    HttpClient httpClient = HttpClient.create()
            .tcpConfiguration(client -> client.option(ChannelOption.CONNECT_TIMEOUT_MILLIS, 10000))
            .secure(sslContextSpec -> sslContextSpec.sslContext(sslContext));

    ClientHttpConnector httpConnector = new ReactorClientHttpConnector(httpClient);

    accessTokenResponseClient.setWebClient(WebClient.builder().clientConnector(httpConnector).build());

    ReactiveOAuth2AuthorizedClientProvider authorizedClientProvider = ReactiveOAuth2AuthorizedClientProviderBuilder
            .builder()
            .clientCredentials(c -> {
                c.accessTokenResponseClient(accessTokenResponseClient);
            }).build();

    DefaultReactiveOAuth2AuthorizedClientManager authorizedClientManager = new DefaultReactiveOAuth2AuthorizedClientManager(clientRegistrationRepository, authorizedClientRepository);

    authorizedClientManager.setAuthorizedClientProvider(authorizedClientProvider);
    return authorizedClientManager;
}

如果你看到这条线.secure(sslContextSpec -> sslContextSpec.sslContext(sslContext));

您需要构建 sslContext 并注入相同的内容,这完全取决于您的代码设置。

有关详细的代码和说明,您可以转到此处的链接

于 2020-07-16T13:33:54.890 回答