了解 Spring Boot 的 Oauth2 启动程序
Understanding Spring Boot's Oauth2 starter
我开始查看 Oauth2 入门项目和最小配置。
所有示例要么在内存配置中使用,要么在jdbc配置中用于存储客户端角色(例如 ClientDetailsServiceConfigurer)。在我的例子中,详细信息应该在 LDAP 中。所以我有两个问题。
- 如何覆盖默认值以转到 ldap 而不是内存或 jdbc。
- 一般来说,如何解开 Spring 引导线程并阅读起始源代码以及如何更改默认配置?我所看到的只是一个高级注释。
org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer
Spring Boot 中的这种间接寻址使得它极其难以遵循,而且很少的文档也无济于事。或者我可能遗漏了什么?
谢谢!!!这一直困扰着我一段时间。
要使用 LDAP 实现 Oauth2,您可以按照本教程进行操作:https://raymondhlee.wordpress.com/2015/12/05/oauth2-authorization-server-with-spring-security。
您也可以看看另一个问题:
关于你的另一个问题"I want to follow the request and see what components get invoked and when":我建议你添加日志。
(1)在每个方法中添加日志记录
(2) 在application.properties中设置安全包的日志级别:
logging.level.org.springframework.security=DEBUG
(3) 添加CommonsRequestLoggingFilter:
@Bean
public CommonsRequestLoggingFilter requestLoggingFilter() {
LOGGER.info("Creating CommonsRequestLoggingFilter");
CommonsRequestLoggingFilter crlf = new CommonsRequestLoggingFilter();
crlf.setIncludeClientInfo(true);
crlf.setIncludeQueryString(true);
crlf.setIncludePayload(true);
return crlf;
}
(4) 为 CommonsRequestLoggingFilter 添加日志级别(在 application.properties 中):
logging.level.org.springframework.web.filter.CommonsRequestLoggingFilter=DEBUG
对于 OAuth/LDAP 教程,以下是值得注意的部分(引自 https://raymondhlee.wordpress.com/2015/12/05/oauth2-authorization-server-with-spring-security):
Authorization Server Configuration Below is my implementation of the
AuthorizationServerConfigurerAdapter. The database schema for JDBC
client details and token services can be found in here.
@Configuration
@EnableAuthorizationServer
public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {
@Autowired
private AuthenticationManager authenticationManager;
@Autowired
private DataSource dataSource;
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
endpoints.tokenStore(new JdbcTokenStore(dataSource)).authenticationManager(authenticationManager);
}
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients.jdbc(dataSource);
}
}
Login Security Configuration Below is the security configuration
handling user authorization.
@Configuration
@Order(Ordered.HIGHEST_PRECEDENCE) // note 1
public class LoginConfig extends WebSecurityConfigurerAdapter {
@Value("${ldap.domain}")
private String DOMAIN;
@Value("${ldap.url}")
private String URL;
@Override
protected void configure(HttpSecurity http) throws Exception {
http.requiresChannel().anyRequest().requiresSecure();
// Only requests matching regex are handled by this security configurer
http.requestMatchers().regexMatchers("/login", "/login.+", "/oauth/.+", "/j_spring_security_check", "/logout"); //
AuthenticationEntryPoint entryPoint = entryPoint();
http.exceptionHandling().authenticationEntryPoint(entryPoint);
http.formLogin(); // note 3i
http.addFilter(usernamePasswordAuthenticationFilter());
http.authorizeRequests().antMatchers("/login").permitAll();
http.authorizeRequests().antMatchers("/oauth/**").authenticated();
http.authorizeRequests().antMatchers("/j_spring_security_check").anonymous().and().csrf().disable();
}
@Override
protected void configure(AuthenticationManagerBuilder authManagerBuilder) throws Exception { // note 4
authManagerBuilder.parentAuthenticationManager(authenticationManager());
}
protected AuthenticationManager authenticationManager() {
return new ProviderManager(Arrays.asList(activeDirectoryLdapAuthenticationProvider()));
}
public AuthenticationProvider activeDirectoryLdapAuthenticationProvider() {
ActiveDirectoryLdapAuthenticationProvider provider = new ActiveDirectoryLdapAuthenticationProvider(DOMAIN, URL);
provider.setConvertSubErrorCodesToExceptions(true);
provider.setUseAuthenticationRequestCredentials(true);
return provider;
}
private AuthenticationEntryPoint entryPoint() {
return new LoginUrlAuthenticationEntryPoint("/login");
}
private UsernamePasswordAuthenticationFilter usernamePasswordAuthenticationFilter() {
UsernamePasswordAuthenticationFilter filter = new UsernamePasswordAuthenticationFilter();
filter.setAuthenticationManager(authenticationManager();
AuthenticationFailureHandler failureHandler = new SimpleUrlAuthenticationFailureHandler("/login?login_error=true");
filter.setAuthenticationFailureHandler(failureHandler);
return filter;
}
}
我开始查看 Oauth2 入门项目和最小配置。
所有示例要么在内存配置中使用,要么在jdbc配置中用于存储客户端角色(例如 ClientDetailsServiceConfigurer)。在我的例子中,详细信息应该在 LDAP 中。所以我有两个问题。
- 如何覆盖默认值以转到 ldap 而不是内存或 jdbc。
- 一般来说,如何解开 Spring 引导线程并阅读起始源代码以及如何更改默认配置?我所看到的只是一个高级注释。
org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer
Spring Boot 中的这种间接寻址使得它极其难以遵循,而且很少的文档也无济于事。或者我可能遗漏了什么?
谢谢!!!这一直困扰着我一段时间。
要使用 LDAP 实现 Oauth2,您可以按照本教程进行操作:https://raymondhlee.wordpress.com/2015/12/05/oauth2-authorization-server-with-spring-security。
您也可以看看另一个问题:
关于你的另一个问题"I want to follow the request and see what components get invoked and when":我建议你添加日志。
(1)在每个方法中添加日志记录
(2) 在application.properties中设置安全包的日志级别:
logging.level.org.springframework.security=DEBUG
(3) 添加CommonsRequestLoggingFilter:
@Bean
public CommonsRequestLoggingFilter requestLoggingFilter() {
LOGGER.info("Creating CommonsRequestLoggingFilter");
CommonsRequestLoggingFilter crlf = new CommonsRequestLoggingFilter();
crlf.setIncludeClientInfo(true);
crlf.setIncludeQueryString(true);
crlf.setIncludePayload(true);
return crlf;
}
(4) 为 CommonsRequestLoggingFilter 添加日志级别(在 application.properties 中):
logging.level.org.springframework.web.filter.CommonsRequestLoggingFilter=DEBUG
对于 OAuth/LDAP 教程,以下是值得注意的部分(引自 https://raymondhlee.wordpress.com/2015/12/05/oauth2-authorization-server-with-spring-security):
Authorization Server Configuration Below is my implementation of the AuthorizationServerConfigurerAdapter. The database schema for JDBC client details and token services can be found in here.
@Configuration @EnableAuthorizationServer public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter { @Autowired private AuthenticationManager authenticationManager; @Autowired private DataSource dataSource; @Override public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception { endpoints.tokenStore(new JdbcTokenStore(dataSource)).authenticationManager(authenticationManager); } @Override public void configure(ClientDetailsServiceConfigurer clients) throws Exception { clients.jdbc(dataSource); } }Login Security Configuration Below is the security configuration handling user authorization.
@Configuration @Order(Ordered.HIGHEST_PRECEDENCE) // note 1 public class LoginConfig extends WebSecurityConfigurerAdapter { @Value("${ldap.domain}") private String DOMAIN; @Value("${ldap.url}") private String URL; @Override protected void configure(HttpSecurity http) throws Exception { http.requiresChannel().anyRequest().requiresSecure(); // Only requests matching regex are handled by this security configurer http.requestMatchers().regexMatchers("/login", "/login.+", "/oauth/.+", "/j_spring_security_check", "/logout"); // AuthenticationEntryPoint entryPoint = entryPoint(); http.exceptionHandling().authenticationEntryPoint(entryPoint); http.formLogin(); // note 3i http.addFilter(usernamePasswordAuthenticationFilter()); http.authorizeRequests().antMatchers("/login").permitAll(); http.authorizeRequests().antMatchers("/oauth/**").authenticated(); http.authorizeRequests().antMatchers("/j_spring_security_check").anonymous().and().csrf().disable(); } @Override protected void configure(AuthenticationManagerBuilder authManagerBuilder) throws Exception { // note 4 authManagerBuilder.parentAuthenticationManager(authenticationManager()); } protected AuthenticationManager authenticationManager() { return new ProviderManager(Arrays.asList(activeDirectoryLdapAuthenticationProvider())); } public AuthenticationProvider activeDirectoryLdapAuthenticationProvider() { ActiveDirectoryLdapAuthenticationProvider provider = new ActiveDirectoryLdapAuthenticationProvider(DOMAIN, URL); provider.setConvertSubErrorCodesToExceptions(true); provider.setUseAuthenticationRequestCredentials(true); return provider; } private AuthenticationEntryPoint entryPoint() { return new LoginUrlAuthenticationEntryPoint("/login"); } private UsernamePasswordAuthenticationFilter usernamePasswordAuthenticationFilter() { UsernamePasswordAuthenticationFilter filter = new UsernamePasswordAuthenticationFilter(); filter.setAuthenticationManager(authenticationManager(); AuthenticationFailureHandler failureHandler = new SimpleUrlAuthenticationFailureHandler("/login?login_error=true"); filter.setAuthenticationFailureHandler(failureHandler); return filter; } }