java—如何使用spring boot动态更改spring security中的客户机密钥

3zwtqj6y  于 2021-07-23  发布在  Java
关注(0)|答案(2)|浏览(335)

现在我有了这个配置:

spring:
  security:
    oauth2:
      client:
        registration:
          sbbol:
            client-id: zdcffffff
            client-secret: ffffffffff
            scope:
              - openid
            client-authentication-method: post
            authorization-grant-type: authorization_code
            redirect-uri: '{baseUrl}/login/oauth2/code/{registrationId}'
            client-authentication-scheme: form
        provider:
          sbbol:
            authorization-uri: ${SBBOL_AUTH_URI}
            token-uri: ${SBBOL_AUTH_URI}
            user-info-uri: ${SBBOL_AUTH_URI}
            user-name-attribute: sub
@Configuration
public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.httpBasic().disable();
        http.cors().disable();
        http.csrf().disable();
        http.requestMatchers()
            .antMatchers("/login", "/oauth2/authorization/sbbol", "/login/oauth2/code/sbbol")
            .and()
            .authorizeRequests().anyRequest().authenticated();
        http.oauth2Login()
            .defaultSuccessUrl("/user")
            .permitAll();
    }
}

这是可行的,但是我的提供者要求我每30天通过restapi调用更改一次客户机机密。我有一个问题,如何在spring security中设置新的客户机机密?也许我可以把配置存储在数据库里?

Javaspringspring-bootspring-security

2条答案

按热度按时间
jdgnovmf

jdgnovmf1#

我有这个可能是工作,它不是动态的,但你可以工作

@Value("${security.oauth.client.id}")
private String clientId;

@Value("${security.oauth.client.password}")
private String clientPassword;

@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {

    clients.inMemory()
    .withClient(clientId)
    .authorizedGrantTypes("password", "authorization_code", "refresh_token", "implicit")
    .authorities("ROLE_CLIENT", "ROLE_TRUSTED_CLIENT")
    .scopes("read", "write", "trust")
    .secret(clientPassword)
    .resourceIds("resource_id")
    .accessTokenValiditySeconds(accessTokenTimeOut)
    .refreshTokenValiditySeconds(refreshTokenTimeOut)
   ;

}
赞(0)分享  回复(0)举报  2021-07-23
nle07wnf

nle07wnf2#

我为org.springframework.security.oauth2.client.registration.clientregistrationrepository创建了自己的实现。我可以将设置存储在数据库中并进行更改。

@Component
@RequiredArgsConstructor
public class JdbcClientRegistrationRepository implements ClientRegistrationRepository {

    private final SsoProviderConfigurationRepository ssoProviderConfigurationRepository;

    @Override
    public ClientRegistration findByRegistrationId(String registrationId) {
        Assert.hasText(registrationId, "registrationId cannot be empty");
        SsoProviderConfiguration providerConfiguration = ssoProviderConfigurationRepository.findByRegistrationId(registrationId)
            .orElseThrow(() -> new RuntimeException("ClientRegistration not found by id=" + registrationId));

        String[] scopes = providerConfiguration.getScope().split(",");
        return ClientRegistration.withRegistrationId(providerConfiguration.getRegistrationId())
            .clientId(providerConfiguration.getClientId())
            .clientSecret(providerConfiguration.getClientSecret())
            .clientName(providerConfiguration.getClientName())
            .authorizationGrantType(new AuthorizationGrantType(providerConfiguration.getAuthorizationGrantType()))
            .authorizationUri(providerConfiguration.getAuthorizationUri())
            .clientAuthenticationMethod(new ClientAuthenticationMethod(providerConfiguration.getClientAuthenticationMethod()))
            .scope(scopes)
            .tokenUri(providerConfiguration.getTokenUri())
            .userInfoAuthenticationMethod(new AuthenticationMethod(providerConfiguration.getAuthenticationMethod()))
            .userInfoUri(providerConfiguration.getUserInfoUri())
            .userNameAttributeName(providerConfiguration.getUserNameAttributeName())
            .redirectUri(providerConfiguration.getRedirectUri())
            .build();
    }
}

我的实体

@Entity
@Table(name = "sso_provider_configuration")
@Getter
@Setter
@NoArgsConstructor
public class SsoProviderConfiguration implements Serializable {

    private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID;

    @Id
    @GeneratedValue(strategy = GenerationType.IDENTITY)
    @Column(name = "id", unique = true, nullable = false)
    private Long id;

    private String registrationId;

    private String clientId;

    private String clientSecret;

    private String clientAuthenticationMethod;

    private String authorizationGrantType;

    private String redirectUri;

    private String scope;

    private String clientName;

    private String authorizationUri;

    private String tokenUri;

    private String jwkSetUri;

    private String issuerUri;

    private String authenticationMethod;

    private String userNameAttributeName;

    private String UserInfoUri;
}

存储库

public interface SsoProviderConfigurationRepository extends JpaRepository<SsoProviderConfiguration, Long> {

    Optional<SsoProviderConfiguration> findByRegistrationId(String code);
}
赞(0)分享  回复(0)举报  2021-07-23
我来回答

相关问题

    查看更多

    热门标签

    更多
    JavaquerypythonNode开发语言requestUtil数据库Table后端算法LoggerMessageElementParser

    最新问答

    更多
    • 蜀ICP备13028337号-1 大数据知识库 https://www.saoniuhuo.com © All rights reserved
    • 本站内容来源互联网,如果侵犯您的权益请联系我们删除, 联系方式:448109455@qq.com