如何覆盖OAuth2AuthorizationServerSecurity的配置？

vlju58qv 于 2023-06-23 发布在 Spring

关注(0)|答案(1)|浏览(113)

对于this project，我想在单独的前端和后端架构上构建一个OAuth2服务器。后端基于[spring-authorization-server]，前端基于VUE。
在OAuth2登录流中，它重定向到/login页面，但我需要重定向到vue前端的登录页面，例如“http：//front-end ip：port/loginPage”。
如何在org.springframework.security.config.annotation.web.configuration.OAuth2AuthorizationServerSecurity中自定义authenticationEntryPoint，如下所示：

.formLogin(withDefaults()).exceptionHandling().authenticationEntryPoint(xxx)

你知道吗？

spring-security

来源：https://stackoverflow.com/questions/64907129/how-to-override-the-oauth2authorizationserversecuritys-config

1条答案

按热度按时间

ukxgm1gy1#

注：OAuth2AuthorizationServerSecurity已删除。最新的master代码

sample authorization server应用程序具有以下默认配置：

@Configuration(proxyBeanMethods = false)
@Import(OAuth2AuthorizationServerConfiguration.class)
public class AuthorizationServerConfig {

    @Bean
    public RegisteredClientRepository registeredClientRepository() {
        RegisteredClient registeredClient = RegisteredClient.withId(UUID.randomUUID().toString())
                .clientId("messaging-client")
                .clientSecret("secret")
                .clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
                .authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
                .authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS)
                .redirectUri("http://localhost:8080/authorized")
                .scope("message.read")
                .scope("message.write")
                .clientSettings(clientSettings -> clientSettings.requireUserConsent(true))
                .build();
        return new InMemoryRegisteredClientRepository(registeredClient);
    }

    @Bean
    public CryptoKeySource keySource() {
        return new StaticKeyGeneratingCryptoKeySource();
    }
}

为了自定义默认配置，请勿@Import(OAuth2AuthorizationServerConfiguration.class)，而是提供以下内容：

@Configuration(proxyBeanMethods = false)
public class AuthorizationServerConfig {

    @Bean
    @Order(Ordered.HIGHEST_PRECEDENCE)
    public SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception {
        OAuth2AuthorizationServerConfiguration.applyDefaultSecurity(http);

        // TODO Customize http

        return http.build();
    }

    @Bean
    public RegisteredClientRepository registeredClientRepository() {
        RegisteredClient registeredClient = RegisteredClient.withId(UUID.randomUUID().toString())
                .clientId("messaging-client")
                .clientSecret("secret")
                .clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
                .authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
                .authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS)
                .redirectUri("http://localhost:8080/authorized")
                .scope("message.read")
                .scope("message.write")
.clientSettings(ClientSettings.builder().requireAuthorizationConsent(true).build())
                .build();
        return new InMemoryRegisteredClientRepository(registeredClient);
    }

    @Bean
    public CryptoKeySource keySource() {
        return new StaticKeyGeneratingCryptoKeySource();
    }
}

这使您可以访问HttpSecurity，以便您可以自定义所需的任何内容。

赞(0）回复(0）举报 2023-06-23

我来回答

如何覆盖OAuth2AuthorizationServerSecurity的配置？

1条答案

相关问题

热门标签

最新问答