不使用HttpSecurity，使用Spring Boot访问OAuth2受保护资源的方法是什么？_编程开发

不使用HttpSecurity，使用Spring Boot访问OAuth2受保护资源的方法是什么？

创始人
2024-12-28 20:01:04
0次
使用Spring Boot访问OAuth2受保护资源的方法是通过使用OAuth2RestTemplate来发送OAuth2认证请求和访问受保护资源。
下面是一个使用OAuth2RestTemplate的代码示例：
import org.springframework.boot.autoconfigure.security.oauth2.client.OAuth2ClientProperties;
import org.springframework.boot.autoconfigure.security.oauth2.client.OAuth2ClientProperties.Provider;
import org.springframework.boot.autoconfigure.security.oauth2.client.OAuth2ClientProperties.Registration;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpMethod;
import org.springframework.http.RequestEntity;
import org.springframework.http.ResponseEntity;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.oauth2.client.OAuth2RestTemplate;
import org.springframework.security.oauth2.common.OAuth2AccessToken;
import org.springframework.security.oauth2.provider.authentication.OAuth2AuthenticationDetails;
import org.springframework.security.oauth2.provider.authentication.OAuth2AuthenticationToken;
import org.springframework.security.oauth2.provider.token.ResourceServerTokenServices;
import org.springframework.util.LinkedMultiValueMap;
import org.springframework.util.MultiValueMap;
import org.springframework.web.client.RestClientException;

import java.net.URI;
import java.util.Base64;

public class OAuth2ResourceClient {

    private final OAuth2RestTemplate restTemplate;
    private final ResourceServerTokenServices tokenServices;
    private final OAuth2ClientProperties clientProperties;

    public OAuth2ResourceClient(OAuth2RestTemplate restTemplate, ResourceServerTokenServices tokenServices, OAuth2ClientProperties clientProperties) {
        this.restTemplate = restTemplate;
        this.tokenServices = tokenServices;
        this.clientProperties = clientProperties;
    }

    public ResponseEntity getResource(String url) {
        HttpHeaders headers = new HttpHeaders();
        headers.add("Authorization", "Bearer " + getAccessToken());

        RequestEntity requestEntity = new RequestEntity<>(headers, HttpMethod.GET, URI.create(url));

        try {
            return restTemplate.exchange(requestEntity, String.class);
        } catch (RestClientException e) {
            throw new RuntimeException("Error accessing resource", e);
        }
    }

    private String getAccessToken() {
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        if (authentication instanceof OAuth2AuthenticationToken) {
            OAuth2AuthenticationToken oauthToken = (OAuth2AuthenticationToken) authentication;
            OAuth2AccessToken token = tokenServices.readAccessToken(oauthToken.getAccessToken().getTokenValue());
            if (token.isExpired()) {
                token = tokenServices.refreshAccessToken(token.getRefreshToken().getValue());
            }
            return token.getValue();
        }
        throw new IllegalStateException("No OAuth2 authentication found");
    }

    public static OAuth2RestTemplate createOAuth2RestTemplate(OAuth2ClientProperties clientProperties, ResourceServerTokenServices tokenServices) {
        Registration registration = clientProperties.getRegistration().values().iterator().next();
        Provider provider = clientProperties.getProvider().get(registration.getProvider());

        String clientId = registration.getClientId();
        String clientSecret = registration.getClientSecret();
        String accessTokenUri = provider.getTokenUri();

        OAuth2RestTemplate restTemplate = new OAuth2RestTemplate(clientId, clientSecret);
        restTemplate.setAccessTokenProvider(new CustomAccessTokenProvider(accessTokenUri));
        restTemplate.setAccessTokenConverter(new CustomAccessTokenConverter());
        restTemplate.setAuthenticator(new CustomOAuth2RequestAuthenticator());

        return restTemplate;
    }

    private static class CustomAccessTokenProvider extends OAuth2AccessTokenProviderChain {
        public CustomAccessTokenProvider(String accessTokenUri) {
            super(Arrays.asList(new CustomAuthorizationCodeAccessTokenProvider(accessTokenUri),
                    new CustomImplicitAccessTokenProvider(accessTokenUri),
                    new CustomClientCredentialsAccessTokenProvider(accessTokenUri)));
        }
    }

    private static class CustomAuthorizationCodeAccessTokenProvider extends AuthorizationCodeAccessTokenProvider {
        public CustomAuthorizationCodeAccessTokenProvider(String accessTokenUri) {
            this.setTokenRequestEnhancer(new CustomTokenRequestEnhancer(accessTokenUri));
        }
    }

    private static class CustomImplicitAccessTokenProvider extends ImplicitAccessTokenProvider {
        public CustomImplicitAccessTokenProvider(String accessTokenUri) {
            this.setTokenRequestEnhancer(new CustomTokenRequestEnhancer(accessTokenUri));
        }
    }

    private static class CustomClientCredentialsAccessTokenProvider extends ClientCredentialsAccessTokenProvider {
        public CustomClientCredentialsAccessTokenProvider(String accessTokenUri) {
            this.setTokenRequestEnhancer(new CustomTokenRequestEnhancer(accessTokenUri));
        }
    }

    private static class CustomTokenRequestEnhancer implements RequestEnhancer {

        private final String accessTokenUri;

        public CustomTokenRequestEnhancer(String accessTokenUri) {
            this.accessTokenUri = accessTokenUri;
        }

        @Override
        public void enhance(AccessTokenRequest request, OAuth2ProtectedResourceDetails resource,
                            MultiValueMap form, HttpHeaders headers) {
            headers.setBasicAuth(resource.getClientId(), resource.getClientSecret());
            form.set("grant_type", "client_credentials");
            form.set("scope", "read");
        }
上一篇：不使用HTTP端点运行服务
下一篇：不使用https注册GitLab runner
不使用HttpSecurity，使用Spring Boot访问OAuth2受保护资源的方法是什么？

相关内容

热门资讯
