oauth的客户端凭证校验是通过ClientDetailsService来实现的。oauth默认为我们提供了InMemoryClientDetailsService和JdbcClientDetailsService,当然我们也可以自己实现ClientDetailsService。
1、新建CustomClientDetailService实现ClientDetailsService接口。
ps:这里我们需要加上@Primary把该类当成是主类,因为在@EnableAuthorizationServer注解中会引入配置类ClientDetailsServiceConfiguration,该配置类会创建一个默认的ClientDetailsService,如果不加@Primary会导致循环
@Service
@Primary
public class CustomClientDetailService implements ClientDetailsService {
@Resource
private PasswordEncoder passwordEncoder;
@Override
public ClientDetails loadClientByClientId(String clientId) throws ClientRegistrationException {
BaseClientDetails clientDetails = new BaseClientDetails(clientId, "resource_id", "all,select", "authorization_code,client_credentials,refresh_token,password", "aut", "http://www.baidu.com");
clientDetails.setClientSecret(passwordEncoder.encode("secret_" + clientId));
return clientDetails;
}
}
2、在认证服务中配置ClientDetailsService
@Configuration
@EnableAuthorizationServer
public static class AuthorizationServerConfigurer extends AuthorizationServerConfigurerAdapter{
@Autowired
private PasswordEncoder passwordEncoder;
@Autowired
private AuthenticationManager authenticationManager;
@Autowired
private UserDetailsService userDetailsService;
@Resource
private ClientDetailsService clientDetailsService;
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
//设置clientDetailsService
clients.withClientDetails(clientDetailsService);
}
@Override
public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
security.passwordEncoder(passwordEncoder)
//开启表单认证。创建ClientCredentialsTokenEndpointFilter对请求auth/token拦截,并获取client_id和secret进行身份认证
.allowFormAuthenticationForClients();
}
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
endpoints.authenticationManager(authenticationManager).userDetailsService(userDetailsService);
}
}
3、启用服务验证。