Spring-Security oauth2 创建自定义 oauth_client_details 表
Posted
技术标签:
【中文标题】Spring-Security oauth2 创建自定义 oauth_client_details 表【英文标题】:Spring-Security oauth2 create custom oauth_client_details table 【发布时间】:2018-07-05 19:01:28 【问题描述】:我想在我的 Spring REST 应用程序中实现 oauth2。首先,我已经实现了我的自定义身份验证和用户详细信息(使用我自己的角色和权限)。这适用于基本身份验证。
表格:
用户: user_id、姓名、电子邮件、密码(散列)、活动
作用: role_id,角色
user_to_role(将用户与其角色联系起来): 角色id,用户id
现在,我正在尝试实现 oauth2。
我的资源服务器类看起来:
@Configuration
@EnableResourceServer
public class ResourceServerConfiguration extends ResourceServerConfigurerAdapter
private static final String RESOURCE_ID = "my_rest_api";
@Override
public void configure(ResourceServerSecurityConfigurer resources)
resources.resourceId(RESOURCE_ID).stateless(false);
@Override
public void configure(HttpSecurity http) throws Exception
http.anonymous().disable()
.cors().and()
.csrf().disable()
.authorizeRequests().antMatchers("/" + Constants.VERSION + "/**").authenticated().and()
.httpBasic().and()
.headers().frameOptions().sameOrigin().and()
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and().exceptionHandling().accessDeniedHandler(new OAuth2AccessDeniedHandler());
授权服务器:
@Configuration
@EnableAuthorizationServer
public class AuthorizationServerConfiguration extends
AuthorizationServerConfigurerAdapter
@Autowired
private AuthenticationManager authenticationManager;
@Autowired
private org.apache.tomcat.jdbc.pool.DataSource dataSource;
@Autowired
private ClientDetailsService clientDetailsService;
@Override
public void configure(
AuthorizationServerSecurityConfigurer oauthServer)
throws Exception
oauthServer
.tokenKeyAccess("permitAll()")
.checkTokenAccess("isAuthenticated()")
.allowFormAuthenticationForClients();
@Override
public void configure(ClientDetailsServiceConfigurer clients)
throws Exception
clients.jdbc(dataSource).clients(clientDetailsService);
@Override
public void configure(
AuthorizationServerEndpointsConfigurer endpoints)
throws Exception
endpoints
.tokenStore(tokenStore())
.authenticationManager(authenticationManager)
.allowedTokenEndpointRequestMethods(HttpMethod.GET, HttpMethod.POST);
@Bean
public TokenStore tokenStore()
return new JdbcTokenStore(dataSource);
还有我的安全配置:
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfiguration extends WebSecurityConfigurerAdapter
@Autowired
private ClientDetailsService clientDetailsService;
private UserDetailsService userDetailsService;
private PasswordEncoder passwordEncoder;
@Autowired
public SecurityConfiguration(UserDetailsService userDetailsService,
PasswordEncoder passwordEncoder)
this.userDetailsService = userDetailsService;
this.passwordEncoder = passwordEncoder;
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception
auth
.userDetailsService(userDetailsService)
.passwordEncoder(passwordEncoder);
@Override
protected void configure(HttpSecurity http) throws Exception
http
.csrf().disable()
.anonymous().disable()
.authorizeRequests()
.antMatchers("/oauth/token").permitAll();
@Bean
@Autowired
public TokenStoreUserApprovalHandler userApprovalHandler(TokenStore tokenStore)
TokenStoreUserApprovalHandler handler = new TokenStoreUserApprovalHandler();
handler.setTokenStore(tokenStore);
handler.setRequestFactory(new DefaultOAuth2RequestFactory(clientDetailsService));
handler.setClientDetailsService(clientDetailsService);
return handler;
@Bean
@Autowired
public ApprovalStore approvalStore(TokenStore tokenStore) throws Exception
TokenApprovalStore store = new TokenApprovalStore();
store.setTokenStore(tokenStore);
return store;
问题:我想创建自己的 OAUTH_CLIENT_DETAILS 表。该表必须看起来像带有额外列“token”的用户表。
我找不到任何教程如何创建自定义 oaut_client_details。
希望有人可以帮助我。
谢谢你们:)。
【问题讨论】:
【参考方案1】:您可以通过实现 ClientDetailsService 和 ClientDetails 接口来实现这一点。
【讨论】:
以上是关于Spring-Security oauth2 创建自定义 oauth_client_details 表的主要内容,如果未能解决你的问题,请参考以下文章
Spring-Security OAuth2 设置 - 无法找到 oauth2 命名空间处理程序
oauth2 spring-security 成功和失败处理程序
oauth2 spring-security 如果您在请求令牌或代码之前登录