将oauth2客户机id和客户机机密从spring引导bean传递到yaml文件

h5qlskok  于 2021-07-03  发布在  Java
关注(0)|答案(1)|浏览(364)

我想将oauth2客户机id和客户机机密从springbootbean传递给yaml,而不是直接硬编码yaml文件中的值。我的客户id和客户机密从harshicorp保险库安全检索,我想将它们安全地传递给yaml。我该怎么做?我试过下面这样的方法

@Configuration
@ConfigurationProperties(prefix = "spring.security.oauth2.registration.custom-client")
@Slf4j
public class SSOConfig {

    private String client_id;

    private String client_secret;

    public void setClient_secret(String client_secret) {
        this.client_secret = "xxxxxxxxxxxxx";
    }

    public String getClient_secret() {
        return client_secret;
    }

    public void setClient_id(String client_id) {
        this.client_id = "xxxxxxxxxxxx";
    }

    public String getClient_id() {
        return client_id;
    }

亚马尔

spring:
  thymeleaf:
    cache: false
  security:
    oauth2:
      client:
        registration:
          custom-client:
            client-id: (this line is removed completely)
            client-secret: (this line is removed completely)
            scope: ["openid", "profile", "email", "address", "phone", "groups"]
            provider: custom-provider
            state: xoxoxo
            redirect-uri: http://localhost:8080/login
            client-authentication-method: basic
            authorization-grant-type: authorization_code

在添加这段代码之后,我从yaml中删除了client id和client secret,但是仍然抛出错误,比如client id不能为空

rbpvctlc

rbpvctlc1#

很抱歉我发晚了。我浏览了spring文档,发现使用最新的spring security oauth2,默认实现将自动配置所有内容,但是如果您想覆盖默认配置,如果您想自己提供客户机详细信息,可以通过创建 @Bean 命名 ClientRegistrationRepository 这种方式,

@Bean
    public ClientRegistrationRepository clientRegistrationRepository() {
        return new InMemoryClientRegistrationRepository(this.googleClientRegistration());
    }

    private ClientRegistration googleClientRegistration() {
        return ClientRegistration.withRegistrationId("google")
            .clientId("google-client-id")
            .clientSecret("google-client-secret")
            .clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
            .authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
            .redirectUri("{baseUrl}/login/oauth2/code/{registrationId}")
            .scope("openid", "profile", "email", "address", "phone")
            .authorizationUri("https://accounts.google.com/o/oauth2/v2/auth")
            .tokenUri("https://www.googleapis.com/oauth2/v4/token")
            .userInfoUri("https://www.googleapis.com/oauth2/v3/userinfo")
            .userNameAttributeName(IdTokenClaimNames.SUB)
            .jwkSetUri("https://www.googleapis.com/oauth2/v3/certs")
            .clientName("Google")
            .build();
    }

了解有关覆盖自动配置的详细信息。链接

相关问题