代码之家 › 专栏 › 技术社区 › JavaHead

了解Spring Boot的Oauth2启动器

spring-security-oauth2 spring-boot spring

JavaHead · 技术社区 · 9 年前

我首先查看了Oauth2启动程序项目和最小配置。

https://github.com/spring-projects/spring-security-oauth/blob/master/tests/annotation/jdbc/src/main/java/demo/Application.java

所有示例都使用内存配置或jdbc配置来存储客户端角色(例如ClientDetailsServiceConfigurer)。所以我有两个问题。

如何覆盖默认值以转到ldap而不是内存或jdbc。
一般来说,我应该如何解开Spring引导线程并读取启动程序源代码,以及如何更改默认配置?我看到的只是一个高级注释。

org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer

Spring Boot中的这种间接性使其极难遵循,而且缺乏文档也没有帮助。或者我错过了什么?

谢谢这已经困扰我一段时间了。

1 回复 | 直到 9 年前

Community Mohan Dere 8 年前

要使用LDAP实现Oauth2,您可以遵循本教程: https://raymondhlee.wordpress.com/2015/12/05/oauth2-authorization-server-with-spring-security . 你也可以看看这个问题: spring-security-oauth2 2.0.7 refresh token UserDetailsService Configuration - UserDetailsService is required

至于您的另一个问题“我想跟踪请求并查看何时调用哪些组件”:我建议您添加日志记录。

(1) 在每个方法中添加日志记录

(2) 为中的安全包设置日志级别 application.properties :

logging.level.org.springframework.security=DEBUG

(3) 添加 CommonsRequestLoggingFilter :

@Bean
public CommonsRequestLoggingFilter requestLoggingFilter() {
    LOGGER.info("Creating CommonsRequestLoggingFilter");
    CommonsRequestLoggingFilter crlf = new CommonsRequestLoggingFilter();
    crlf.setIncludeClientInfo(true);
    crlf.setIncludeQueryString(true);
    crlf.setIncludePayload(true);
    return crlf;
}

(4) 为CommonRequestLoggingFilter添加日志级别(在application.properties中):

logging.level.org.springframework.web.filter.CommonsRequestLoggingFilter=DEBUG

对于OAuth/LDAP教程,以下是值得注意的部分(引用自 https://raymondhlee.wordpress.com/2015/12/05/oauth2-authorization-server-with-spring-security ):

下面的授权服务器配置是我对授权服务器配置雷达。JDBC的数据库模式客户端详细信息和令牌服务可在此处找到。

@Configuration
@EnableAuthorizationServer
public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {
     @Autowired
     private AuthenticationManager authenticationManager;
     @Autowired
     private DataSource dataSource;
     @Override
     public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
          endpoints.tokenStore(new JdbcTokenStore(dataSource)).authenticationManager(authenticationManager);
     }
     @Override
     public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
          clients.jdbc(dataSource);
      }
 }

登录安全配置。下面是安全配置处理用户授权。

@Configuration
@Order(Ordered.HIGHEST_PRECEDENCE) // note 1
public class LoginConfig extends WebSecurityConfigurerAdapter {

      @Value("${ldap.domain}")
      private String DOMAIN;

      @Value("${ldap.url}")
      private String URL;

      @Override
      protected void configure(HttpSecurity http) throws Exception {
           http.requiresChannel().anyRequest().requiresSecure();

           // Only requests matching regex are handled by this security configurer
           http.requestMatchers().regexMatchers("/login", "/login.+", "/oauth/.+", "/j_spring_security_check", "/logout"); //

           AuthenticationEntryPoint entryPoint = entryPoint();
           http.exceptionHandling().authenticationEntryPoint(entryPoint);
           http.formLogin(); // note 3i
           http.addFilter(usernamePasswordAuthenticationFilter());
           http.authorizeRequests().antMatchers("/login").permitAll();
           http.authorizeRequests().antMatchers("/oauth/**").authenticated();
           http.authorizeRequests().antMatchers("/j_spring_security_check").anonymous().and().csrf().disable();

      }

      @Override
      protected void configure(AuthenticationManagerBuilder authManagerBuilder) throws Exception { // note 4
           authManagerBuilder.parentAuthenticationManager(authenticationManager());
      }

      protected AuthenticationManager authenticationManager() {
           return new ProviderManager(Arrays.asList(activeDirectoryLdapAuthenticationProvider()));
      }

      public AuthenticationProvider activeDirectoryLdapAuthenticationProvider() {
           ActiveDirectoryLdapAuthenticationProvider provider = new ActiveDirectoryLdapAuthenticationProvider(DOMAIN, URL);
           provider.setConvertSubErrorCodesToExceptions(true);
           provider.setUseAuthenticationRequestCredentials(true);
           return provider;
      }

      private AuthenticationEntryPoint entryPoint() {
           return new LoginUrlAuthenticationEntryPoint("/login"); 
      }

      private UsernamePasswordAuthenticationFilter usernamePasswordAuthenticationFilter() {
           UsernamePasswordAuthenticationFilter filter = new UsernamePasswordAuthenticationFilter();
           filter.setAuthenticationManager(authenticationManager();
           AuthenticationFailureHandler failureHandler = new SimpleUrlAuthenticationFailureHandler("/login?login_error=true");
           filter.setAuthenticationFailureHandler(failureHandler);
           return filter;
      }
}