Webflux - Spring Boot - 支持 http 代理的 oAuth2 客户端
Webflux - Spring Boot - oAuth2 client with http proxy support
我正在努力正确设置代理后面带有 oauth2 的 webflux-weblient。
ServerOAuth2AuthorizedClientExchangeFilterFunction 似乎使用了一个新的 webclient 实例,它不包含我的代理配置。
OAuth2-配置
ServerOAuth2AuthorizedClientExchangeFilterFunction oauth2ClientFilter = new ServerOAuth2AuthorizedClientExchangeFilterFunction(
clientRegistrations,
new UnAuthenticatedServerOAuth2AuthorizedClientRepository());
oauth2ClientFilter.setDefaultClientRegistrationId("azure");
OAuth2AuthorizedClientResolver.class 包含:
private ReactiveOAuth2AccessTokenResponseClient<OAuth2ClientCredentialsGrantRequest> clientCredentialsTokenResponseClient = new WebClientReactiveClientCredentialsTokenResponseClient();
WebClientReactiveClientCredentialsTokenResponseClient.java
创建一个新的 webclient 如下:
private WebClient webClient = WebClient.builder().build();
有人有关于如何为 oauth2 客户端正确设置 http 代理的示例吗?
对于 OAuth2.0 客户端凭据流程,在网络安全配置中,您需要如下内容:
@EnableWebFluxSecurity
public class WebSecurityConfiguration {
@Bean
public ReactiveOAuth2AuthorizedClientManager authorizedClientManager(
ReactiveClientRegistrationRepository clientRegistrationRepository,
ReactiveOAuth2AuthorizedClientService authorizedClientService) {
ReactiveOAuth2AuthorizedClientProvider authorizedClientProvider =
ReactiveOAuth2AuthorizedClientProviderBuilder.builder()
.clientCredentials()
.build();
AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager authorizedClientManager =
new AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager(
clientRegistrationRepository, authorizedClientService);
authorizedClientManager.setAuthorizedClientProvider(authorizedClientProvider);
return authorizedClientManager;
}
@Bean
public WebClient webClient(ReactiveOAuth2AuthorizedClientManager authorizedClientManager) {
ServerOAuth2AuthorizedClientExchangeFilterFunction oauth =new ServerOAuth2AuthorizedClientExchangeFilterFunction(authorizedClientManager);
return WebClient.builder().filter(oauth).build();
}
}
现在进行实际的 API 调用:
webClient.get()
.uri(<protected resource uri which you want to access>)
.attributes(clientRegistrationId(<The Provider name specified under registration in app yaml>))
.retrieve()
.bodyToMono(String.class)
.map(string
-> "Retrieved using Client Credentials Grant Type: " + string)
.subscribe(LOGGER::info);
供您参考,我使用的是 Spring 引导版本 2.3。1.RELEASE
我的 application.yaml 看起来像这样:
spring:
security:
oauth2:
client:
provider:
<provider-name>:
issuer-uri: <issuer-uri implementing OIDC>
registration:
<provider-name>:
client-id: <client-id>
client-secret: <client-secret>
scope: <comma separated scopes>
authorization-grant-type: client_credentials
感谢@abhinaba-chakraborty 的不完整回答,我设法根据 WebClient
内的 JVM 参数为 WebClientReactiveClientCredentialsTokenResponseClient
.
设置代理
这是我的代码片段,可以帮助遇到同样问题的其他人:
这是一个辅助函数,用于获取 JVM 参数并将它们设置为 HttpClient
public HttpClient proxyHttpClient() {
String proxyHost = System.getProperty("https.proxyHost");
String proxyPort = System.getProperty("https.proxyPort");
if (proxyHost == null && proxyPort == null) {
return HttpClient.create();
}
return HttpClient.create()
.tcpConfiguration(tcpClient ->
tcpClient.proxy(proxy ->
proxy.type(ProxyProvider.Proxy.HTTP).host(proxyHost).port(Integer.valueOf(proxyPort))
)
);
}
这是如何为用于调用外部系统的 WebClient
配置 OAuth2Client(基于@abhinaba-chakraborty 的响应)。注意名为 configureHttpProxy
:
的函数
@Bean
public ReactiveOAuth2AuthorizedClientManager authorizedClientManager(
ReactiveClientRegistrationRepository clientRegistrationRepository,
ReactiveOAuth2AuthorizedClientService authorizedClientService) {
return configureHttpProxy(
new AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager(
clientRegistrationRepository,
authorizedClientService
)
);
}
@Bean
WebClient webClient(ReactiveOAuth2AuthorizedClientManager authorizedClientManager) {
ServerOAuth2AuthorizedClientExchangeFilterFunction oauth2Client = new ServerOAuth2AuthorizedClientExchangeFilterFunction(authorizedClientManager);
oauth2Client.setDefaultClientRegistrationId("registration_id");
return WebClient.builder()
.filter(oauth2Client)
.clientConnector(new ReactorClientHttpConnector(HttpClient.create().wiretap(true)))
.baseUrl(rdoWebClientProperties.getBaseUrl())
.defaultHeader(rdoWebClientProperties.getApikeyName(), rdoWebClientProperties.getApikeyValue())
.build();
}
这里是 configureHttpProxy
函数:
private AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager configureHttpProxy(AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager authorizedClientManager) {
// set the webclient with proxy configuration in the ReactiveOAuth2AccessTokenResponseClient
WebClientReactiveClientCredentialsTokenResponseClient tokenResponseClient = new WebClientReactiveClientCredentialsTokenResponseClient();
tokenResponseClient.setWebClient(
WebClient.builder()
.clientConnector(new ReactorClientHttpConnector(proxyHttpClient()))
.build()
);
// set the ReactiveOAuth2AccessTokenResponseClient with webclient configuration in the ReactiveOAuth2AuthorizedClientProvider
ClientCredentialsReactiveOAuth2AuthorizedClientProvider authorizedClientProvider = new ClientCredentialsReactiveOAuth2AuthorizedClientProvider();
authorizedClientProvider.setAccessTokenResponseClient(tokenResponseClient);
// set the ReactiveOAuth2AuthorizedClientProvider in the ReactiveOAuth2AuthorizedClientManager
authorizedClientManager.setAuthorizedClientProvider(authorizedClientProvider);
return authorizedClientManager;
}
希望这会有所帮助。
我正在努力正确设置代理后面带有 oauth2 的 webflux-weblient。
ServerOAuth2AuthorizedClientExchangeFilterFunction 似乎使用了一个新的 webclient 实例,它不包含我的代理配置。
OAuth2-配置
ServerOAuth2AuthorizedClientExchangeFilterFunction oauth2ClientFilter = new ServerOAuth2AuthorizedClientExchangeFilterFunction(
clientRegistrations,
new UnAuthenticatedServerOAuth2AuthorizedClientRepository());
oauth2ClientFilter.setDefaultClientRegistrationId("azure");
OAuth2AuthorizedClientResolver.class 包含:
private ReactiveOAuth2AccessTokenResponseClient<OAuth2ClientCredentialsGrantRequest> clientCredentialsTokenResponseClient = new WebClientReactiveClientCredentialsTokenResponseClient();
WebClientReactiveClientCredentialsTokenResponseClient.java
创建一个新的 webclient 如下:
private WebClient webClient = WebClient.builder().build();
有人有关于如何为 oauth2 客户端正确设置 http 代理的示例吗?
对于 OAuth2.0 客户端凭据流程,在网络安全配置中,您需要如下内容:
@EnableWebFluxSecurity
public class WebSecurityConfiguration {
@Bean
public ReactiveOAuth2AuthorizedClientManager authorizedClientManager(
ReactiveClientRegistrationRepository clientRegistrationRepository,
ReactiveOAuth2AuthorizedClientService authorizedClientService) {
ReactiveOAuth2AuthorizedClientProvider authorizedClientProvider =
ReactiveOAuth2AuthorizedClientProviderBuilder.builder()
.clientCredentials()
.build();
AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager authorizedClientManager =
new AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager(
clientRegistrationRepository, authorizedClientService);
authorizedClientManager.setAuthorizedClientProvider(authorizedClientProvider);
return authorizedClientManager;
}
@Bean
public WebClient webClient(ReactiveOAuth2AuthorizedClientManager authorizedClientManager) {
ServerOAuth2AuthorizedClientExchangeFilterFunction oauth =new ServerOAuth2AuthorizedClientExchangeFilterFunction(authorizedClientManager);
return WebClient.builder().filter(oauth).build();
}
}
现在进行实际的 API 调用:
webClient.get()
.uri(<protected resource uri which you want to access>)
.attributes(clientRegistrationId(<The Provider name specified under registration in app yaml>))
.retrieve()
.bodyToMono(String.class)
.map(string
-> "Retrieved using Client Credentials Grant Type: " + string)
.subscribe(LOGGER::info);
供您参考,我使用的是 Spring 引导版本 2.3。1.RELEASE 我的 application.yaml 看起来像这样:
spring:
security:
oauth2:
client:
provider:
<provider-name>:
issuer-uri: <issuer-uri implementing OIDC>
registration:
<provider-name>:
client-id: <client-id>
client-secret: <client-secret>
scope: <comma separated scopes>
authorization-grant-type: client_credentials
感谢@abhinaba-chakraborty 的不完整回答,我设法根据 WebClient
内的 JVM 参数为 WebClientReactiveClientCredentialsTokenResponseClient
.
这是我的代码片段,可以帮助遇到同样问题的其他人:
这是一个辅助函数,用于获取 JVM 参数并将它们设置为 HttpClient
public HttpClient proxyHttpClient() {
String proxyHost = System.getProperty("https.proxyHost");
String proxyPort = System.getProperty("https.proxyPort");
if (proxyHost == null && proxyPort == null) {
return HttpClient.create();
}
return HttpClient.create()
.tcpConfiguration(tcpClient ->
tcpClient.proxy(proxy ->
proxy.type(ProxyProvider.Proxy.HTTP).host(proxyHost).port(Integer.valueOf(proxyPort))
)
);
}
这是如何为用于调用外部系统的 WebClient
配置 OAuth2Client(基于@abhinaba-chakraborty 的响应)。注意名为 configureHttpProxy
:
@Bean
public ReactiveOAuth2AuthorizedClientManager authorizedClientManager(
ReactiveClientRegistrationRepository clientRegistrationRepository,
ReactiveOAuth2AuthorizedClientService authorizedClientService) {
return configureHttpProxy(
new AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager(
clientRegistrationRepository,
authorizedClientService
)
);
}
@Bean
WebClient webClient(ReactiveOAuth2AuthorizedClientManager authorizedClientManager) {
ServerOAuth2AuthorizedClientExchangeFilterFunction oauth2Client = new ServerOAuth2AuthorizedClientExchangeFilterFunction(authorizedClientManager);
oauth2Client.setDefaultClientRegistrationId("registration_id");
return WebClient.builder()
.filter(oauth2Client)
.clientConnector(new ReactorClientHttpConnector(HttpClient.create().wiretap(true)))
.baseUrl(rdoWebClientProperties.getBaseUrl())
.defaultHeader(rdoWebClientProperties.getApikeyName(), rdoWebClientProperties.getApikeyValue())
.build();
}
这里是 configureHttpProxy
函数:
private AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager configureHttpProxy(AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager authorizedClientManager) {
// set the webclient with proxy configuration in the ReactiveOAuth2AccessTokenResponseClient
WebClientReactiveClientCredentialsTokenResponseClient tokenResponseClient = new WebClientReactiveClientCredentialsTokenResponseClient();
tokenResponseClient.setWebClient(
WebClient.builder()
.clientConnector(new ReactorClientHttpConnector(proxyHttpClient()))
.build()
);
// set the ReactiveOAuth2AccessTokenResponseClient with webclient configuration in the ReactiveOAuth2AuthorizedClientProvider
ClientCredentialsReactiveOAuth2AuthorizedClientProvider authorizedClientProvider = new ClientCredentialsReactiveOAuth2AuthorizedClientProvider();
authorizedClientProvider.setAccessTokenResponseClient(tokenResponseClient);
// set the ReactiveOAuth2AuthorizedClientProvider in the ReactiveOAuth2AuthorizedClientManager
authorizedClientManager.setAuthorizedClientProvider(authorizedClientProvider);
return authorizedClientManager;
}
希望这会有所帮助。