序
本文主要讲一下如何使用spring security oauth2作为一个client来使用
四种模式
OAuth 2.0定义了四种授权方式。
授权码模式(authorization code)
简化模式(implicit)(client为浏览器/前端应用)
密码模式(resource owner password credentials)(用户密码暴露给client端不安全)
客户端模式(client credentials)(主要用于api认证,跟用户无关)
这里以authorization code模式为例
实现client的主要思路
需要新建一个处理redirectUri的controller或者filter进行处理
根据authentication code去请求token
获取token之后将token与用户绑定
之后就可以使用token去获取授权的资源
OAuth2RestTemplate(封装获取token方法)
对rest template的封装,为获取token等提供便捷方法
DefaultUserInfoRestTemplateFactory实例了OAuth2RestTemplate
DefaultUserInfoRestTemplateFactory
spring-boot-autoconfigure-1.5.9.RELEASE-sources.jar!/org/springframework/boot/autoconfigure/security/oauth2/resource/DefaultUserInfoRestTemplateFactory.java
/**
* Factory used to create the {@link OAuth2RestTemplate} used for extracting user info
* during authentication if none is available.
*
* @author Dave Syer
* @author Stephane Nicoll
* @since 1.5.0
*/
public class DefaultUserInfoRestTemplateFactory implements UserInfoRestTemplateFactory {
private static final AuthorizationCodeResourceDetails DEFAULT_RESOURCE_DETAILS;
static {
AuthorizationCodeResourceDetails details = new AuthorizationCodeResourceDetails();
details.setClientId("");
details.setUserAuthorizationUri("Not a URI because there is no client");
details.setAccessTokenUri("Not a URI because there is no client");
DEFAULT_RESOURCE_DETAILS = details;
}
private final List customizers;
private final OAuth2ProtectedResourceDetails details;
private final OAuth2ClientContext oauth2ClientContext;
private OAuth2RestTemplate oauth2RestTemplate;
public DefaultUserInfoRestTemplateFactory(
ObjectProvider> customizers,
ObjectProvider details,
ObjectProvider oauth2ClientContext) {
this.customizers = customizers.getIfAvailable();
this.details = details.getIfAvailable();