我目前正在开发用于 Oauth2 身份验证的 spring 应用程序,但在实现自定义 ClientDetailsService 时遇到了一些问题。
我不能使用常见的 inMemory ou jdbc clientDetailsService 因为客户端信息没有存储在我的应用程序中,我从外部网络服务中获取它们。但是当我设置自定义 ClientDetailService 时,我不再获得 access_confirmation 页面(我得到一个空白页面)。
为了向您展示我的问题,我不使用我的应用程序,而是使用官方 spring--security-oauth 项目中的 vanilla 测试 spring-security-oauth
这是应用程序代码:
@SpringBootApplication
@EnableResourceServer
@RestController
public class Application {
public static void main(String[] args) {
SpringApplication.run(Application.class, args);
}
@RequestMapping("/")
public String home() {
return "Hello World";
}
@RequestMapping(value = "/", method = RequestMethod.POST)
@ResponseStatus(HttpStatus.CREATED)
public String create(@RequestBody MultiValueMap<String, String> map) {
return "OK";
}
@Configuration
@EnableAuthorizationServer
protected static class OAuth2Config extends AuthorizationServerConfigurerAdapter {
@Autowired
private AuthenticationManager authenticationManager;
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
endpoints.authenticationManager(authenticationManager);
}
@Override
public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
security.checkTokenAccess("isAuthenticated()");
}
public ClientDetailsService clientDetailsService() {
return new ClientDetailsService() {
@Override
public ClientDetails loadClientByClientId(String clientId) throws ClientRegistrationException {
BaseClientDetails details = new BaseClientDetails();
details.setClientId(clientId);
details.setAuthorizedGrantTypes(Arrays.asList("authorization_code") );
details.setScope(Arrays.asList("read, trust"));
details.setResourceIds(Arrays.asList("oauth2-resource"));
Set<GrantedAuthority> authorities = new HashSet<GrantedAuthority>();
authorities.add(new SimpleGrantedAuthority("ROLE_CLIENT"));
details.setAuthorities(authorities);
return details;
}
};
} //*/
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
// @formatter:off
clients.withClientDetails(clientDetailsService());
/*clients.inMemory()
.withClient("test")
.authorizedGrantTypes("authorization_code")
.authorities("ROLE_CLIENT")
.scopes("read", "trust")
.resourceIds("oauth2-resource");
//*/
// @formatter:on
}
}
}
如您所见,我添加了我的自定义 clientDetailsService 并更改 ClientDetailsServiceconfigurer 配置以设置它而不是内存中的 clientDetailsService。
我的问题是,当我尝试获取我的 token 时,我在登录用户后不再获得我的 access_confirmation 页面。
我发现了我的问题,我在 clientDetails 中对范围的定义是错误的。我有 Arrays.asList("read, trust") 而不是 Arrays.asList("read", "trust")
我错过了什么吗?我必须在其他地方设置我的自定义 clientDetailsService 吗?
请您参考如下方法:
尝试像这样更改您的 ClientDetails impl:
public ClientDetailsService clientDetailsService() {
return new ClientDetailsService() {
@Override
public ClientDetails loadClientByClientId(String clientId) throws ClientRegistrationException {
BaseClientDetails details = new BaseClientDetails();
details.setClientId(clientId);
details.setAuthorizedGrantTypes(Arrays.asList("authorization_code") );
details.setScope(Arrays.asList("read, trust"));
details.setRegisteredRedirectUri(Collections.singleton("http://anywhere.com"));
details.setResourceIds(Arrays.asList("oauth2-resource"));
Set<GrantedAuthority> authorities = new HashSet<GrantedAuthority>();
authorities.add(new SimpleGrantedAuthority("ROLE_CLIENT"));
details.setAuthorities(authorities);
return details;
}
};
} //*/