Warning: file_get_contents(/data/phpspider/zhask/data//catemap/9/java/399.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Java Spring安全OAuth2纯资源服务器_Java_Spring_Spring Security_Oauth 2.0 - Fatal编程技术网
Fatal编程技术网
  • java/
  • Java Spring安全OAuth2纯资源服务器

Java Spring安全OAuth2纯资源服务器

java spring spring-security oauth-2.0

Java Spring安全OAuth2纯资源服务器,java,spring,spring-security,oauth-2.0,Java,Spring,Spring Security,Oauth 2.0,我们已经设置了OAuth2授权服务器,所以我需要创建一个相应的资源服务器(单独的服务器)。我们计划使用SpringSecurityOAuth2项目。他们关于设置资源服务器的文档: 令牌服务ref应指向令牌处理bean。然而,令牌处理似乎是由服务器本身完成的,即使它是资源服务器。似乎没有任何远程令牌服务类或任何与远程服务器相关的配置。这与CloudFoundary UAA()形成对比,后者具有: <bean id="tokenServices" class="org.cloudfoun

我们已经设置了OAuth2授权服务器,所以我需要创建一个相应的资源服务器(单独的服务器)。我们计划使用SpringSecurityOAuth2项目。他们关于设置资源服务器的文档:

令牌服务ref
应指向令牌处理bean。然而,令牌处理似乎是由服务器本身完成的,即使它是资源服务器。似乎没有任何远程令牌服务类或任何与远程服务器相关的配置。这与CloudFoundary UAA()形成对比,后者具有:

<bean id="tokenServices"
  class="org.cloudfoundry.identity.uaa.oauth.RemoteTokenServices">
  <property name="checkTokenEndpointUrl" value="${checkTokenEndpointUrl}" />
对于与单独的OAuth2授权服务器通信的资源服务器,是否有任何方法可以使用Spring Security OAuth2?如何设置通信端点?

只要授权服务器和资源服务器访问共享的
tokenStore
(例如,使用带有公共
数据源的
JdbcTokenStore
),这是可能的。您只需使用
DefaultTokenServices
引用您的共享
tokenStore
。下面是一个示例Spring配置,您应该能够根据需要对其进行调整:


<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
   xmlns:security="http://www.springframework.org/schema/security"
   xmlns:oauth2="http://www.springframework.org/schema/security/oauth2"
   xsi:schemaLocation="
    http://www.springframework.org/schema/beans
    http://www.springframework.org/schema/beans/spring-beans-3.2.xsd
    http://www.springframework.org/schema/security
    http://www.springframework.org/schema/security/spring-security-3.1.xsd
    http://www.springframework.org/schema/security/oauth2
    http://www.springframework.org/schema/security/spring-security-oauth2.xsd">

<bean id="tokenStore" class="org.springframework.security.oauth2.provider.token.JdbcTokenStore">
    <constructor-arg name="dataSource" ref="dataSource" />
</bean>

<bean id="tokenServices" class="org.springframework.security.oauth2.provider.token.DefaultTokenServices">
    <property name="tokenStore" ref="tokenStore" />
</bean>

<bean id="authenticationEntryPoint" class="org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint">
    <property name="realmName" value="myRealm" />
</bean>

<bean id="oauthAccessDeniedHandler" class="org.springframework.security.oauth2.provider.error.OAuth2AccessDeniedHandler" />

<bean id="accessDecisionManager" class="org.springframework.security.access.vote.UnanimousBased">
    <constructor-arg>
        <list>
            <bean class="org.springframework.security.oauth2.provider.vote.ScopeVoter" />
            <bean class="org.springframework.security.access.vote.RoleVoter" />
            <bean class="org.springframework.security.access.vote.AuthenticatedVoter" />
        </list>
    </constructor-arg>
</bean>

<!-- This is not actually used, but it's required by Spring Security -->
<security:authentication-manager alias="authenticationManager" />

<oauth2:expression-handler id="oauthExpressionHandler" />

<oauth2:web-expression-handler id="oauthWebExpressionHandler" />

<security:global-method-security pre-post-annotations="enabled" proxy-target-class="true">
    <security:expression-handler ref="oauthExpressionHandler" />
</security:global-method-security>

<oauth2:resource-server id="myResource" resource-id="myResourceId" token-services-ref="tokenServices" />

<security:http pattern="/myPattern/**" create-session="never"
    entry-point-ref="authenticationEntryPoint" access-decision-manager-ref="accessDecisionManager">
    <security:anonymous enabled="false" />
    <security:intercept-url pattern="/**" access="SCOPE_READ" method="GET" />
    <security:intercept-url pattern="/**" access="SCOPE_READ" method="HEAD" />
    <security:intercept-url pattern="/**" access="SCOPE_READ" method="OPTIONS" />
    <security:intercept-url pattern="/**" access="SCOPE_WRITE" method="PUT" />
    <security:intercept-url pattern="/**" access="SCOPE_WRITE" method="POST" />
    <security:intercept-url pattern="/**" access="SCOPE_WRITE" method="DELETE" />
    <security:custom-filter ref="myResource" before="PRE_AUTH_FILTER" />
    <security:access-denied-handler ref="oauthAccessDeniedHandler" />
    <security:expression-handler ref="oauthWebExpressionHandler" />
</security:http>
</beans>



是的,这是可能的。正如您在问题中已经提到的,
RemoteTokenServices
是解决方案

我创建了一个示例,它有单独的auth和资源服务器。这只是一个简单的例子,可以让你对这个概念有一个快速的了解,并且可以扩展


是的!谢谢你,@chris-h。Plug-n快速播放了40分钟,然后是nerf h-o-r-s-e的庆祝游戏。我们没有任何可以配置的属性来实现这一点吗?@Rites在您的示例中,RemoteTokenServices使用de/oauth/check_令牌端点。使用/oauth/token\u id端点进行令牌验证怎么样?你知道这是如何实现的吗?你有没有facebook graph RemoteTokenServices的例子?@所有人都知道: