Java Spring Boot Oauth2客户端(反应式)相互TLS/SSL令牌uri
Spring boot2.3.x和Spring 5.x最近添加了对基于类配置反应式oauth2客户端的支持 我需要客户端凭据授予流配置 在没有相互TLS/SSL的情况下执行此调用是简单的 正常(无TLS/SSL)配置(Java Spring Boot Oauth2客户端(反应式)相互TLS/SSL令牌uri,java,spring,spring-boot,spring-webflux,spring-boot-starter-oauth2-client,Java,Spring,Spring Boot,Spring Webflux,Spring Boot Starter Oauth2 Client,Spring boot2.3.x和Spring 5.x最近添加了对基于类配置反应式oauth2客户端的支持 我需要客户端凭据授予流配置 在没有相互TLS/SSL的情况下执行此调用是简单的 正常(无TLS/SSL)配置(@configuration)代码提取如下:- @Bean public ReactiveOAuth2AuthorizedClientManager authorizedClientManager( ReactiveClientRegistrationReposit
@configuration
)代码提取如下:-
@Bean
public ReactiveOAuth2AuthorizedClientManager authorizedClientManager(
ReactiveClientRegistrationRepository clientRegistrationRepository,
ServerOAuth2AuthorizedClientRepository authorizedClientRepository){
ReactiveOAuth2AuthorizedClientProvider authorizedClientProvider = ReactiveOAuth2AuthorizedClientProviderBuilder.builder()
.clientCredentials()
.build();
DefaultReactiveOAuth2AuthorizedClientManager authorizedClientManager = new DefaultReactiveOAuth2AuthorizedClientManager(clientRegistrationRepository, authorizedClientRepository);
authorizedClientManager.setAuthorizedClientProvider(authorizedClientProvider);
return authorizedClientManager;
}
@Bean("testClient")
public WebClient webClient(ReactiveOAuth2AuthorizedClientManager authorizedClientManager,
@Value("${test.client.base.url}") String baseUrl) {
ServerOAuth2AuthorizedClientExchangeFilterFunction oauthFunction = new ServerOAuth2AuthorizedClientExchangeFilterFunction(authorizedClientManager);
oauthFunction.setDefaultClientRegistrationId("local");
return WebClient.builder()
.baseUrl(baseUrl)
.filter(oauthFunction)
.build();
}
@Bean
public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
http.oauth2Client();
return http.build();
}
属性文件
spring.security.oauth2.client.registration.local.authorization-grant-type=client_credentials
spring.security.oauth2.client.registration.local.client-id=client_id
spring.security.oauth2.client.registration.local.client-secret=client_secret
spring.security.oauth2.client.provider.local.token-uri=http://hostname:port/oauth/token
test.client.base.url=http://protected-resource/v1/apis
但是通过相互TLS(客户端证书)调用oauth2授权服务器是一件大事
怎么做?我希望与社区分享这一点,并在下面回答相同的问题。对该要求的回答和主要更改将在bean
authorizedClientManager
答案的范围是仅客户端凭据授权流,尽管其他oauth2授权流的更改应该类似,这也会有所帮助
@Bean
public ReactiveOAuth2AuthorizedClientManager authorizedClientManager(
ReactiveClientRegistrationRepository clientRegistrationRepository,
ServerOAuth2AuthorizedClientRepository authorizedClientRepository){
// construct client credential token response client yourself
WebClientReactiveClientCredentialsTokenResponseClient accessTokenResponseClient = new WebClientReactiveClientCredentialsTokenResponseClient();
// construct the sslContext as per your needs and inject in below
// and create httpClient by injecting your sslContext here
HttpClient httpClient = HttpClient.create()
.tcpConfiguration(client -> client.option(ChannelOption.CONNECT_TIMEOUT_MILLIS, 10000))
.secure(sslContextSpec -> sslContextSpec.sslContext(sslContext));
ClientHttpConnector httpConnector = new ReactorClientHttpConnector(httpClient);
accessTokenResponseClient.setWebClient(WebClient.builder().clientConnector(httpConnector).build());
ReactiveOAuth2AuthorizedClientProvider authorizedClientProvider = ReactiveOAuth2AuthorizedClientProviderBuilder
.builder()
.clientCredentials(c -> {
c.accessTokenResponseClient(accessTokenResponseClient);
}).build();
DefaultReactiveOAuth2AuthorizedClientManager authorizedClientManager = new DefaultReactiveOAuth2AuthorizedClientManager(clientRegistrationRepository, authorizedClientRepository);
authorizedClientManager.setAuthorizedClientProvider(authorizedClientProvider);
return authorizedClientManager;
}
在这里,如果您看到行.secure(sslContextSpec->sslContextSpec.sslContext(sslContext))代码>
您需要构造sslContext并注入相同的内容,这完全取决于您的代码设置
有关详细的代码和说明,请转到链接