Spring Security 如何通过客户端凭据流中的OAuth2AuthorizedClientService获取访问令牌?

bfrts1fy  于 2023-04-30  发布在  Spring
关注(0)|答案(2)|浏览(170)

我用Spring Security创建了客户端。作为授权服务器,我使用Keycloak。现在我想访问访问令牌,使用参数注解@RegisteredOAuth2AuthorizedClient(registrationId = "keycloak")我可以访问令牌,但是当我通过OAuth2AuthorizedClientService时,我只得到NULL,我不明白为什么。
下面是我的实现:
application.properties:

spring.security.oauth2.client.registration.keycloak.client-id=test-client
spring.security.oauth2.client.registration.keycloak.client-secret=b466bd4e-8dec-4af2-b90a-ab3fc06009b6
spring.security.oauth2.client.registration.keycloak.authorization-grant-type=client_credentials

spring.security.oauth2.client.provider.keycloak.issuer-uri=http://localhost:8081/auth/realms/master

SecurityConfiguration.class

@Configuration
public class SecurityConfiguration extends WebSecurityConfigurerAdapter
{
    @Override
    public void configure(HttpSecurity http) throws Exception
    {
        http.oauth2Client();
    }
}

RestController:

@RestController
@RequestMapping("client")
public class ExampleRestController
{
    @Autowired
    private OAuth2AuthorizedClientService authorizedClientService;

    @GetMapping("resource")
    public void runSecure(@RegisteredOAuth2AuthorizedClient(registrationId = "keycloak") OAuth2AuthorizedClient client)
    {
        var serviceClient = authorizedClientService.loadAuthorizedClient("keycloak", "anonymousUser");
        System.out.println(serviceClient.getAccessToken()); // NULL

        System.out.println((client.getAccessToken())); // NOT NULL
    }
}

希望有帮助,谢谢:)

编辑:

以下是我的解决方案,使用服务灵活访问访问令牌:
application.properties:

spring.security.oauth2.client.registration.keycloak.client-id=test-client
spring.security.oauth2.client.registration.keycloak.client-secret=b466bd4e-8dec-4af2-b90a-ab3fc06009b6
spring.security.oauth2.client.provider.keycloak.token-uri=http://localhost:8081/auth/realms/master/protocol/openid-connect/token

客户注册:

@Configuration
public class ClientRegistrationConfiguration
{
    private static final String KEYCLOAK = "keycloak";

    @Bean
    public ClientRegistration clientRegistration(OAuth2ClientProperties properties)
    {
        return withRegistrationId(KEYCLOAK)
                .tokenUri(properties.getProvider().get(KEYCLOAK).getTokenUri())
                .clientId(properties.getRegistration().get(KEYCLOAK).getClientId())
                .clientSecret(properties.getRegistration().get(KEYCLOAK).getClientSecret())
                .authorizationGrantType(CLIENT_CREDENTIALS)
                .build();
    }

    @Bean
    public ClientRegistrationRepository clientRegistrationRepository(ClientRegistration clientRegistration)
    {
        return new InMemoryClientRegistrationRepository(clientRegistration);
    }

    @Bean
    public OAuth2AuthorizedClientService oAuth2AuthorizedClientService(ClientRegistrationRepository clientRegistrationRepository)
    {
        return new InMemoryOAuth2AuthorizedClientService(clientRegistrationRepository);
    }

    @Bean
    public AuthorizedClientServiceOAuth2AuthorizedClientManager authorizedClientServiceOAuth2AuthorizedClientManager(
            ClientRegistrationRepository clientRegistrationRepository,
            OAuth2AuthorizedClientService authorizedClientService)
    {
        var authorizedClientProvider = builder().clientCredentials().build();
        var authorizedClientManager = new AuthorizedClientServiceOAuth2AuthorizedClientManager(clientRegistrationRepository, authorizedClientService);
        authorizedClientManager.setAuthorizedClientProvider(authorizedClientProvider);
        return authorizedClientManager;
    }
}

我的自定义令牌服务:

@Service
public class DefaultTokenService implements TokenService
{
    @Autowired
    private AuthorizedClientServiceOAuth2AuthorizedClientManager clientManager;

    @Override
    public OAuth2AccessToken getOAuth2AccessToken()
    {
        return Objects.requireNonNull(clientManager.authorize(withClientRegistrationId("keycloak").principal("Keycloak").build())).getAccessToken();
    }
}
kiz8lqtg

kiz8lqtg1#

您需要自动连接OAuth2AuthorizedClientManager bean并显式发送令牌请求:

authorizedClientManager.authorize(request)

参见https://docs.spring.io/spring-security/reference/servlet/oauth2/client/authorization-grants.html

nue99wik

nue99wik2#

在应用程序中设置infor。yml

配置安全性

获取访问令牌

相关问题