Fatal编程技术网
  • java/
  • Java 能否在一个应用程序中显示多个OAuth 2授权授予流?

Java 能否在一个应用程序中显示多个OAuth 2授权授予流?

java spring spring-security oauth-2.0

Java 能否在一个应用程序中显示多个OAuth 2授权授予流?,java,spring,spring-security,oauth-2.0,okta,Java,Spring,Spring Security,Oauth 2.0,Okta,我不熟悉Spring Security和Spring,目前正在尝试创建一个简单的Spring web应用程序,该应用程序使用Okta作为授权提供程序,在Spring Security OAuth2中演示客户端凭据和授权授予流 目前,应用程序有两个html按钮,每个按钮链接到一个流(oktaAuth和oktaClient)。当用户单击一个按钮时,它应该遵循适当的流程,并从授权服务器检索一个JWT,该服务器已经配置好了。一旦对应用程序和/或用户进行了身份验证,应用程序应使用授予的令牌从AWS Api

我不熟悉Spring Security和Spring,目前正在尝试创建一个简单的Spring web应用程序,该应用程序使用Okta作为授权提供程序,在Spring Security OAuth2中演示客户端凭据和授权授予流

目前,应用程序有两个html按钮,每个按钮链接到一个流(oktaAuth和oktaClient)。当用户单击一个按钮时,它应该遵循适当的流程,并从授权服务器检索一个JWT,该服务器已经配置好了。一旦对应用程序和/或用户进行了身份验证,应用程序应使用授予的令牌从AWS Api检索JSON信息

我的问题是,是否可以在一个应用程序中演示这两个流,如果可以,需要进行哪些更改以适应每个应用程序中的差异

以下是我的代码片段: 主要应用

@SpringBootApplication
@EnableOAuth2Client
@RestController
public class BootAndOAuthApplication extends WebSecurityConfigurerAdapter{

  public static void main(String[] args) {
      SpringApplication.run(BootAndOAuthApplication.class, args);
  }

  @Autowired
  OAuth2ClientContext oauth2ClientContext;  

  @RequestMapping("/user")
  public Principal user(Principal principal) {
      return principal;
  }

  @Override
  protected void configure(HttpSecurity http) throws Exception {
      http
        .antMatcher("/**")
        .authorizeRequests()
        .antMatchers("/", "/login**", "/webjars/**")
        .permitAll()
        .anyRequest()
        .authenticated()
        .and().logout().logoutSuccessUrl("/").permitAll()
.and().csrf().csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse())
      .and().addFilterBefore(ssoFilter(), BasicAuthenticationFilter.class);
  }

  private Filter ssoFilter() {
      CompositeFilter filter = new CompositeFilter();
      List<Filter> filters = new ArrayList<>();
      filters.add(ssoFilter(oktaAuth(), "/login/oktaAuth"));

      OAuth2ClientAuthenticationProcessingFilter oktaClientFilter = new OAuth2ClientAuthenticationProcessingFilter("/login/oktaClient");
      OAuth2RestTemplate oktaClientTemplate = new OAuth2RestTemplate(oktaClient(), oauth2ClientContext);

      oktaClientFilter.setRestTemplate(oktaClientTemplate);     
      UserInfoTokenServices tokenServices = new UserInfoTokenServices(oktaClientResource().getTokenInfoUri(), oktaClient().getClientId());
      tokenServices.setRestTemplate(oktaClientTemplate);

      oktaClientFilter.setTokenServices(tokenServices);
      filters.add(oktaClientFilter);
      filter.setFilters(filters);
      return filter;
  }

  private Filter ssoFilter(ClientResources client, String path) {
      OAuth2ClientAuthenticationProcessingFilter oAuth2ClientAuthenticationFilter = new OAuth2ClientAuthenticationProcessingFilter(path);
      OAuth2RestTemplate oAuth2RestTemplate = new OAuth2RestTemplate(client.getClient(), oauth2ClientContext);
      oAuth2ClientAuthenticationFilter.setRestTemplate(oAuth2RestTemplate);
      UserInfoTokenServices tokenServices = new UserInfoTokenServices(client.getResource().getUserInfoUri(),
      client.getClient().getClientId());
      tokenServices.setRestTemplate(oAuth2RestTemplate);
      oAuth2ClientAuthenticationFilter.setTokenServices(tokenServices);
      return oAuth2ClientAuthenticationFilter;
  }

  @Bean
  @ConfigurationProperties("oktaAuth")
  public ClientResources oktaAuth() {
      return new ClientResources();
  }

  @Bean
  @ConfigurationProperties("oktaClient.client")
  public ClientCredentialsResourceDetails oktaClient() {
      return new ClientCredentialsResourceDetails();
  }

  @Bean
  @ConfigurationProperties("oktaClient.resource")
  public ResourceServerProperties oktaClientResource() {
      return new ResourceServerProperties();
  }

  @Bean
  public FilterRegistrationBean oauth2ClientFilterRegistration(
OAuth2ClientContextFilter filter) {
      FilterRegistrationBean registration = new FilterRegistrationBean();
      registration.setFilter(filter);
      registration.setOrder(-100);
      return registration;
  }
}

class ClientResources {
  @NestedConfigurationProperty
  private AuthorizationCodeResourceDetails client = new AuthorizationCodeResourceDetails();

  @NestedConfigurationProperty
  private ResourceServerProperties resource = new ResourceServerProperties();

  public AuthorizationCodeResourceDetails getClient() {
      return client;
  }

  public ResourceServerProperties getResource() {
      return resource;
  }
}
正如我所说,这对我来说是新的,所以任何帮助都将不胜感激

如果您需要它作为演示,为什么不为每个流使用不同的客户端ID呢?编辑:查看application.yml,您可能已经在这样做了;-)我对Okta了解不多,所以我只有OAuth2透视图。是的,我使用两个不同的Okta“应用程序”,因此有两组客户端凭据。我只是不确定Spring是否允许在一个应用程序中使用多个流。您是否有在Spring应用程序中实现OAuth流的经验? 
oktaAuth:
  client:
    clientId: [redacted - credentials 1]
    clientSecret: [redacted - credentials 1]
    accessTokenUri: {Okta Token Url}
    userAuthorizationUri: {Okta Authorize Url}
    grant-type: authorization_code
    clientAuthenticationScheme: form
    scope: [redacted]
  resource:
    userInfoUri:  {Okta User Url}
    preferTokenInfo: false
oktaClient:
  client:
    clientId: [redacted - credentials 2]
    clientSecret: [redacted - credentials 2]
    accessTokenUri:{Okta Token Url}
    client-authentication-scheme: form
    grant-type: client_credentials
    scope:[redacted]
  resource:
    user-info-uri: {Okta User Url}
    preferTokenInfo: true