自定义 URI Oauth2 + Spring 安全性 - REST API

【问题标题】:Custom URI Oauth2 + Spring security - REST API自定义 URI Oauth2 + Spring 安全性 - REST API
【发布时间】:2016-03-29 11:53:30
【问题描述】:

我需要帮助来使用 Oauth2 制作自定义 URI,我使用类似的东西实现了一个。

oauth/token?grant_type=password&client_id=restapp&client_secret=restapp&username=user123&password=pass123

但我想使用标头传递所有数据,但我没有找到任何示例来说明如何做到这一点。

有可能吗?还是值得推荐的? 非常感谢。

编辑:添加我的 spring-security.xml

<import resource="/spring-config.xml" />    

<!-- This is default url to get a token from OAuth -->
<http pattern="/oauth/token" create-session="stateless"
      authentication-manager-ref="clientAuthenticationManager"
      xmlns="http://www.springframework.org/schema/security">
    <intercept-url pattern="/token" access="IS_AUTHENTICATED_FULLY" />
    <anonymous enabled="false" />
    <http-basic entry-point-ref="clientAuthenticationEntryPoint" />
    <!-- include this only if you need to authenticate clients via request 
    parameters -->
    <custom-filter ref="clientCredentialsTokenEndpointFilter"
                   after="BASIC_AUTH_FILTER" />
    <access-denied-handler ref="oauthAccessDeniedHandler" />
</http>

<!-- This is where we tells spring security what URL should be protected 
and what roles have access to them -->
<http pattern="/api/prod/**" create-session="never"
      entry-point-ref="oauthAuthenticationEntryPoint"
      access-decision-manager-ref="accessDecisionManager"
      xmlns="http://www.springframework.org/schema/security">
    <anonymous enabled="false" />
    <intercept-url pattern="/api/prod/**" access="ROLE_APP" />
    <custom-filter ref="resourceServerFilter" before="PRE_AUTH_FILTER" />
    <access-denied-handler ref="oauthAccessDeniedHandler" />
</http>


<bean id="oauthAuthenticationEntryPoint"
      class="org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint">
    <property name="realmName" value="test" />
</bean>

<bean id="clientAuthenticationEntryPoint"
      class="org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint">
    <property name="realmName" value="test/client" />
    <property name="typeName" value="Basic" />
</bean>

<bean id="oauthAccessDeniedHandler"
      class="org.springframework.security.oauth2.provider.error.OAuth2AccessDeniedHandler" />

<bean id="clientCredentialsTokenEndpointFilter"
      class="org.springframework.security.oauth2.provider.client.ClientCredentialsTokenEndpointFilter">
    <property name="authenticationManager" ref="clientAuthenticationManager" />
</bean>


<!-- Custom User details service which is provide the user data -->
<bean id="customAuthenticationProvider"
      class="com.system.rest.natura.resources.security.CustomAuthenticationProvider" />


<bean id="accessDecisionManager" class="org.springframework.security.access.vote.UnanimousBased"
      xmlns="http://www.springframework.org/schema/beans">
    <constructor-arg>
        <list>
            <bean class="org.springframework.security.oauth2.provider.vote.ScopeVoter" />
            <bean class="org.springframework.security.access.vote.RoleVoter" />
            <bean class="org.springframework.security.access.vote.AuthenticatedVoter" />
        </list>
    </constructor-arg>
</bean>

<authentication-manager id="clientAuthenticationManager"
                        xmlns="http://www.springframework.org/schema/security">
    <authentication-provider user-service-ref="clientDetailsUserService" /> 

</authentication-manager>

<authentication-manager alias="authenticationManager"
                        xmlns="http://www.springframework.org/schema/security">
    <authentication-provider ref="customAuthenticationProvider" />  

</authentication-manager>


<bean id="clientDetailsUserService"
      class="org.springframework.security.oauth2.provider.client.ClientDetailsUserDetailsService">
    <constructor-arg ref="clientDetails" />
</bean>

<bean id="tokenStore"
      class="org.springframework.security.oauth2.provider.token.InMemoryTokenStore" />

<bean id="tokenServices"
      class="org.springframework.security.oauth2.provider.token.DefaultTokenServices">
    <property name="tokenStore" ref="tokenStore" />
    <property name="supportRefreshToken" value="true" />
    <property name="accessTokenValiditySeconds" value="1200" />
    <property name="clientDetailsService" ref="clientDetails" />
</bean>

<bean id="userApprovalHandler"
      class="org.springframework.security.oauth2.provider.approval.TokenServicesUserApprovalHandler">
    <property name="tokenServices" ref="tokenServices" />
</bean>

<oauth:authorization-server
    client-details-service-ref="clientDetails" token-services-ref="tokenServices"
    user-approval-handler-ref="userApprovalHandler">
    <oauth:authorization-code />
    <oauth:implicit />
    <oauth:refresh-token />
    <oauth:client-credentials />
    <oauth:password />
</oauth:authorization-server>

<oauth:resource-server id="resourceServerFilter"
                       resource-id="test" token-services-ref="tokenServices" />

<oauth:client-details-service id="clientDetails">
    <!-- client -->
    <clientAuthenticationScheme>

    </clientAuthenticationScheme>
    <oauth:client client-id="restapp"
                  authorized-grant-types="authorization_code,client_credentials"
                  authorities="ROLE_APP" scope="read,write,trust" secret="secret" />

    <oauth:client client-id="restapp"
                  authorized-grant-types="password,authorization_code,refresh_token,implicit"
                  secret="restapp" authorities="ROLE_APP" />

</oauth:client-details-service>

<sec:global-method-security
    pre-post-annotations="enabled" proxy-target-class="true">
    <sec:expression-handler ref="oauthExpressionHandler" />
</sec:global-method-security>

<oauth:expression-handler id="oauthExpressionHandler" />
<oauth:web-expression-handler id="oauthWebExpressionHandler" />

【问题讨论】:

    标签: rest spring-security spring-security-oauth2


    【解决方案1】:

    您是否尝试将这一行放在 src/main/application.yml 中?

    security:
  oauth2:
    client:
       clientAuthenticationScheme: header

    编辑 1:

    根据https://github.com/jirutka/spring-security-oauth-samples/blob/master/tonr/src/main/webapp/WEB-INF/spring/security.xml,在 XML 中你必须有这样的东西:

    <oauth:resource id="facebook"
                type="authorization_code"
                client-id="233668646673605"
                client-secret="33b17e044ee6a4fa383f46ec6e28ea1d"
                authentication-scheme="query" 
                access-token-uri="https://graph.facebook.com/oauth/access_token"
                user-authorization-uri="https://www.facebook.com/dialog/oauth"
                token-name="oauth_token"
                client-authentication-scheme="form" />

    其中client-authentication-scheme 的值为header

    【讨论】:

    • 你能说得更具体些吗?我是新来的。你的意思是添加一些这样的吗?
    • 我在 XML 中添加了一个示例。您必须编辑您的 spring 安全文件(如果不存在则创建它)@PauloGaldoSandoval
    猜你喜欢
    • 2015-05-22
    • 1970-01-01
    • 2020-09-29
    • 1970-01-01
    • 2017-12-05
    • 2019-07-06
    • 2014-04-27
    • 2016-01-24
    • 2015-04-16
    相关资源
    最近更新 更多
    热门标签
    Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode