使用spring security使用oauth2client自定义状态参数

klr1opcd  于 2021-07-23  发布在  Java
关注(0)|答案(1)|浏览(653)

我想使用spring security oidc自定义oauth2client的状态参数。我用的是Spring。问题是我无法在客户端注册中添加自定义状态。下面是我的安全配置。

@Bean
    SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
        return http
                .authorizeExchange()
                .pathMatchers("/","/jwt").permitAll()
                .anyExchange().authenticated().and()
                .oauth2Client()
                .build();
    }

@Bean
    public ReactiveClientRegistrationRepository reactiveClientRegistrationRepository(RegisteredClients clients) {
        List<ClientRegistration> clientRegistrations = clients.getClients()
                .entrySet().stream()
                .map(clientRegistration -> {
                    String registrationId = clientRegistration.getKey();
                    RegisteredClients.OAuthClient client = clientRegistration.getValue();

                    return ClientRegistration.withRegistrationId(registrationId)
                            .clientId(client.getClientId())
                            .clientSecret(client.getClientSecret())
                            .redirectUriTemplate(client.getRedirectUri())
                            .authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
                            .tokenUri(client.getTokenUri())
                            .authorizationUri(client.getAuthorizationUri())
                            .scope("openid")
                            .build();
                })
                .collect(toList());
        return new InMemoryReactiveClientRegistrationRepository(clientRegistrations);
    }
springspring-securityopenid-connect

1条答案

按热度按时间
nwwlzxa7

nwwlzxa71#

要自定义授权请求,您应该 ServerAuthorizationRequestResolver :

@Bean
SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
    return http
        // ...
        .oauth2Client((oauth2) -> oauth2
            .authorizationEndpoint((authorization) -> authorization
                .authorizationRequestResolver(authorizationRequestResolver)
            )
        )
        .build();
}

@Bean
OAuth2ServerAuthorizationRequestResolver authorizationRequestResolver
    (ReactiveClientRegistrationRepository registrations) {

    DefaultServerOAuth2AuthorizationRequestResolver resolver = 
        new DefaultServerOAuth2AuthorizationRequestResolver(registrations);
    resolver.setAuthorizationRequestCustomizer((request) -> request.state(...));
    return resolver;
}

springsecurity有一些相关的servlet文档,可能也很有用。

赞(0)分享  回复(0)举报  2021-07-23
我来回答

相关问题

    查看更多

    热门标签

    更多
    JavaquerypythonNode开发语言requestUtil数据库Table后端算法LoggerMessageElementParser

    最新问答

    更多
    • 蜀ICP备13028337号-1 大数据知识库 https://www.saoniuhuo.com © All rights reserved
    • 本站内容来源互联网,如果侵犯您的权益请联系我们删除, 联系方式:448109455@qq.com