Spring security Spring安全性-OAuth 2.0客户端-客户端凭据授予_Spring Security_Spring Security Oauth2

Spring security Spring安全性-OAuth 2.0客户端-客户端凭据授予

spring-security

Spring security Spring安全性-OAuth 2.0客户端-客户端凭据授予,spring-security,spring-security-oauth2,Spring Security,Spring Security Oauth2,我想使用客户端凭据授权生成访问令牌我们使用的是SpringSecurity 5.4.6 我已导入这些依赖项： <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-security</artifactId> </depende

我想使用客户端凭据授权生成访问令牌

我们使用的是SpringSecurity 5.4.6

我已导入这些依赖项：

        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-security</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-oauth2-resource-server</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-oauth2-client</artifactId>
        </dependency>

我得到了这个错误： java.lang.IllegalArgumentException:servletRequest不能为null 位于org.springframework.util.Assert.notNull（Assert.java:201）位于org.springframework.security.oauth2.client.web.DefaultOAuth2AuthorizedClientManager.authorize（DefaultOAuth2AuthorizedClientManager.java:144）位于com.edlogics.heathrow.api.scheduling.jobs.AbstractSchedulerJob.setSecurityContext（AbstractSchedulerJob.java:42）在com.edlogics.heathrow.api.scheduling.jobs.CheckFormisingCacheEntriesJob.execute（CheckFormisingCacheEntriesJob.java:32）位于org.quartz.core.JobRunShell.run（JobRunShell.java:202）位于org.quartz.siml.SimpleThreadPool$WorkerThread.run（SimpleThreadPool.java:573）

如何在web请求之外使用客户端凭据授权？

您是否考虑过使用带有ServletOAuth2AuthorizedClientExchangeFilterFunction的WebClient，这样它可以为您做一切，获取访问令牌，甚至在到期时获得一个新令牌。@WojciechLesniak谢谢。我找到了一个这样的例子，它看起来可能对我有用。您知道是否有方法更新发起呼叫的客户端的安全上下文吗？您能否提供有关此用例的更多信息，您希望如何更新安全上下文？@WojciechLesniak我感谢您的帮助。我尝试使用ServletOAuth2AuthorizedClientExchangeFilterFunction沿着WebClient的路径前进。为了做到这一点，您必须将所有webflux和reactive内容引入到您的项目中，而springboot希望自动配置它们。我最终发现我的问题在于我使用的是DefaultOAuth2AuthorizedClientManager，而不是AuthorizedClientManager。后者用于没有web请求（服务器到服务器）的服务。

spring:
  security:
    oauth2:
      resourceserver:
        jwt:
          jwk-set-uri: https://auth.pingone.com/...
      client:
        provider:
          pingidentity:
            token-uri: https://auth.pingone.com/.../as/token
        registration:
          pingidentity:
            client-id: "69bxxxxx..."
            client-secret: "Xxxxx"
            scope: openid
            authorization-grant-type: "client_credentials"

    @Bean
    public OAuth2AuthorizedClientManager authorizedClientManager(
            ClientRegistrationRepository clientRegistrationRepository,
            OAuth2AuthorizedClientRepository authorizedClientRepository ) {

        OAuth2AuthorizedClientProvider authorizedClientProvider =
                OAuth2AuthorizedClientProviderBuilder.builder()
                        .clientCredentials()
                        .build();

        DefaultOAuth2AuthorizedClientManager authorizedClientManager =
                new DefaultOAuth2AuthorizedClientManager(
                        clientRegistrationRepository, authorizedClientRepository );
        authorizedClientManager.setAuthorizedClientProvider( authorizedClientProvider );

        return authorizedClientManager;
    }

    protected void setSecurityContext() {
        OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest.withClientRegistrationId( "pingidentity" )
                .principal( "69bbfc70-8fcf-4740-a11a-b86562d1c9f8" )
//              .attributes( attrs -> {
//                  attrs.put( HttpServletRequest.class.getName(), servletRequest );
//                  attrs.put( HttpServletResponse.class.getName(), servletResponse );
//              } )
                .build();
        OAuth2AuthorizedClient authorizedClient = this.authorizedClientManager.authorize( authorizeRequest );

        OAuth2AccessToken accessToken = authorizedClient.getAccessToken();
}