Spring security Spring安全性-OAuth 2.0客户端-客户端凭据授予
我想使用客户端凭据授权生成访问令牌 我们使用的是SpringSecurity 5.4.6 我已导入这些依赖项:Spring security Spring安全性-OAuth 2.0客户端-客户端凭据授予,spring-security,spring-security-oauth2,Spring Security,Spring Security Oauth2,我想使用客户端凭据授权生成访问令牌 我们使用的是SpringSecurity 5.4.6 我已导入这些依赖项: <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-security</artifactId> </depende
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-oauth2-resource-server</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-oauth2-client</artifactId>
</dependency>
我得到了这个错误:
java.lang.IllegalArgumentException:servletRequest不能为null
位于org.springframework.util.Assert.notNull(Assert.java:201)
位于org.springframework.security.oauth2.client.web.DefaultOAuth2AuthorizedClientManager.authorize(DefaultOAuth2AuthorizedClientManager.java:144)
位于com.edlogics.heathrow.api.scheduling.jobs.AbstractSchedulerJob.setSecurityContext(AbstractSchedulerJob.java:42)
在com.edlogics.heathrow.api.scheduling.jobs.CheckFormisingCacheEntriesJob.execute(CheckFormisingCacheEntriesJob.java:32)
位于org.quartz.core.JobRunShell.run(JobRunShell.java:202)
位于org.quartz.siml.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:573)
如何在web请求之外使用客户端凭据授权?您是否考虑过使用带有ServletOAuth2AuthorizedClientExchangeFilterFunction的WebClient,这样它可以为您做一切,获取访问令牌,甚至在到期时获得一个新令牌。@WojciechLesniak谢谢。我找到了一个这样的例子,它看起来可能对我有用。您知道是否有方法更新发起呼叫的客户端的安全上下文吗?您能否提供有关此用例的更多信息,您希望如何更新安全上下文?@WojciechLesniak我感谢您的帮助。我尝试使用ServletOAuth2AuthorizedClientExchangeFilterFunction沿着WebClient的路径前进。为了做到这一点,您必须将所有webflux和reactive内容引入到您的项目中,而springboot希望自动配置它们。我最终发现我的问题在于我使用的是DefaultOAuth2AuthorizedClientManager,而不是AuthorizedClientManager。后者用于没有web请求(服务器到服务器)的服务。
spring:
security:
oauth2:
resourceserver:
jwt:
jwk-set-uri: https://auth.pingone.com/...
client:
provider:
pingidentity:
token-uri: https://auth.pingone.com/.../as/token
registration:
pingidentity:
client-id: "69bxxxxx..."
client-secret: "Xxxxx"
scope: openid
authorization-grant-type: "client_credentials"
@Bean
public OAuth2AuthorizedClientManager authorizedClientManager(
ClientRegistrationRepository clientRegistrationRepository,
OAuth2AuthorizedClientRepository authorizedClientRepository ) {
OAuth2AuthorizedClientProvider authorizedClientProvider =
OAuth2AuthorizedClientProviderBuilder.builder()
.clientCredentials()
.build();
DefaultOAuth2AuthorizedClientManager authorizedClientManager =
new DefaultOAuth2AuthorizedClientManager(
clientRegistrationRepository, authorizedClientRepository );
authorizedClientManager.setAuthorizedClientProvider( authorizedClientProvider );
return authorizedClientManager;
}
protected void setSecurityContext() {
OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest.withClientRegistrationId( "pingidentity" )
.principal( "69bbfc70-8fcf-4740-a11a-b86562d1c9f8" )
// .attributes( attrs -> {
// attrs.put( HttpServletRequest.class.getName(), servletRequest );
// attrs.put( HttpServletResponse.class.getName(), servletResponse );
// } )
.build();
OAuth2AuthorizedClient authorizedClient = this.authorizedClientManager.authorize( authorizeRequest );
OAuth2AccessToken accessToken = authorizedClient.getAccessToken();
}