我用Spring Security创建了客户端。作为授权服务器,我使用Keycloak。现在我想访问访问令牌,使用参数注解@RegisteredOAuth2AuthorizedClient(registrationId = "keycloak")我可以访问令牌,但是当我通过OAuth2AuthorizedClientService时,我只得到NULL,我不明白为什么。
下面是我的实现:
application.properties:
spring.security.oauth2.client.registration.keycloak.client-id=test-client
spring.security.oauth2.client.registration.keycloak.client-secret=b466bd4e-8dec-4af2-b90a-ab3fc06009b6
spring.security.oauth2.client.registration.keycloak.authorization-grant-type=client_credentials
spring.security.oauth2.client.provider.keycloak.issuer-uri=http://localhost:8081/auth/realms/masterSecurityConfiguration.class
@Configuration
public class SecurityConfiguration extends WebSecurityConfigurerAdapter
{
@Override
public void configure(HttpSecurity http) throws Exception
{
http.oauth2Client();
}
}RestController:
@RestController
@RequestMapping("client")
public class ExampleRestController
{
@Autowired
private OAuth2AuthorizedClientService authorizedClientService;
@GetMapping("resource")
public void runSecure(@RegisteredOAuth2AuthorizedClient(registrationId = "keycloak") OAuth2AuthorizedClient client)
{
var serviceClient = authorizedClientService.loadAuthorizedClient("keycloak", "anonymousUser");
System.out.println(serviceClient.getAccessToken()); // NULL
System.out.println((client.getAccessToken())); // NOT NULL
}
}希望有帮助,谢谢:)
编辑:
以下是我的解决方案,使用服务灵活访问访问令牌:
application.properties:
spring.security.oauth2.client.registration.keycloak.client-id=test-client
spring.security.oauth2.client.registration.keycloak.client-secret=b466bd4e-8dec-4af2-b90a-ab3fc06009b6
spring.security.oauth2.client.provider.keycloak.token-uri=http://localhost:8081/auth/realms/master/protocol/openid-connect/token客户注册:
@Configuration
public class ClientRegistrationConfiguration
{
private static final String KEYCLOAK = "keycloak";
@Bean
public ClientRegistration clientRegistration(OAuth2ClientProperties properties)
{
return withRegistrationId(KEYCLOAK)
.tokenUri(properties.getProvider().get(KEYCLOAK).getTokenUri())
.clientId(properties.getRegistration().get(KEYCLOAK).getClientId())
.clientSecret(properties.getRegistration().get(KEYCLOAK).getClientSecret())
.authorizationGrantType(CLIENT_CREDENTIALS)
.build();
}
@Bean
public ClientRegistrationRepository clientRegistrationRepository(ClientRegistration clientRegistration)
{
return new InMemoryClientRegistrationRepository(clientRegistration);
}
@Bean
public OAuth2AuthorizedClientService oAuth2AuthorizedClientService(ClientRegistrationRepository clientRegistrationRepository)
{
return new InMemoryOAuth2AuthorizedClientService(clientRegistrationRepository);
}
@Bean
public AuthorizedClientServiceOAuth2AuthorizedClientManager authorizedClientServiceOAuth2AuthorizedClientManager(
ClientRegistrationRepository clientRegistrationRepository,
OAuth2AuthorizedClientService authorizedClientService)
{
var authorizedClientProvider = builder().clientCredentials().build();
var authorizedClientManager = new AuthorizedClientServiceOAuth2AuthorizedClientManager(clientRegistrationRepository, authorizedClientService);
authorizedClientManager.setAuthorizedClientProvider(authorizedClientProvider);
return authorizedClientManager;
}
}我的自定义令牌服务:
@Service
public class DefaultTokenService implements TokenService
{
@Autowired
private AuthorizedClientServiceOAuth2AuthorizedClientManager clientManager;
@Override
public OAuth2AccessToken getOAuth2AccessToken()
{
return Objects.requireNonNull(clientManager.authorize(withClientRegistrationId("keycloak").principal("Keycloak").build())).getAccessToken();
}
}
2条答案
按热度按时间kiz8lqtg1#
您需要自动连接OAuth2AuthorizedClientManager bean并显式发送令牌请求:
参见https://docs.spring.io/spring-security/reference/servlet/oauth2/client/authorization-grants.html
nue99wik2#
在应用程序中设置infor。yml
配置安全性
获取访问令牌
