Spring 安全性:.oauth2Client(withDefaults()) 的目的;在 HttpSecurity
Spring Security: Purpose of .oauth2Client(withDefaults()); in HttpSecurity
这是来自doc
public HttpSecurity
oauth2Client(Customizer<OAuth2ClientConfigurer>
oauth2ClientCustomizer) throws java.lang.Exception
Configures OAuth 2.0 Client support.
Example Configuration
The following example demonstrates how to enable OAuth 2.0 Client
support for all endpoints.
@Configuration
@EnableWebSecurity
public class OAuth2ClientSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests((authorizeRequests) ->
authorizeRequests
.anyRequest().authenticated()
)
.oauth2Client(withDefaults());
}
}
Parameters: auth2ClientCustomizer - the Customizer to provide more
options for the OAuth2ClientConfigurer
Returns: the HttpSecurity for further customizations
据我所知,任何到达此服务器的请求都应该经过身份验证。
如何
.oauth2Client(withDefaults());
在这种情况下有帮助吗?
如果我没记错的话,oAuth2 客户端就是发送请求的客户端,我们实际上可以对此进行哪些配置?文档并没有真正解释太多。
HttpSecurity 的 http 实例是“bean 设置 server/application 端”。
它的方法 oauth2Client 与客户端配置无关,但 server/application 应该如何以及在何处处理它们。
示例:
- 哪些客户端已授权
- 在哪里存储授权客户
- 如何授权客户端
- 如何删除旧的授权客户端
我认为 here,您可以找到有关 oauth2Client 默认值的更多详细信息。
@EnableWebSecurity
public class OAuth2ClientSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.oauth2Client(oauth2Client ->
oauth2Client
.clientRegistrationRepository(this.clientRegistrationRepository())
.authorizedClientRepository(this.authorizedClientRepository())
.authorizedClientService(this.authorizedClientService())
.authorizationCodeGrant(authorizationCodeGrant ->
authorizationCodeGrant
.authorizationRequestRepository(this.authorizationRequestRepository())
.authorizationRequestResolver(this.authorizationRequestResolver())
.accessTokenResponseClient(this.accessTokenResponseClient())
)
);
}
}
这是来自doc
public HttpSecurity oauth2Client(Customizer<OAuth2ClientConfigurer> oauth2ClientCustomizer) throws java.lang.Exception
Configures OAuth 2.0 Client support.
Example Configuration
The following example demonstrates how to enable OAuth 2.0 Client support for all endpoints.
@Configuration @EnableWebSecurity public class OAuth2ClientSecurityConfig extends WebSecurityConfigurerAdapter { @Override protected void configure(HttpSecurity http) throws Exception { http .authorizeRequests((authorizeRequests) -> authorizeRequests .anyRequest().authenticated() ) .oauth2Client(withDefaults()); } }
Parameters: auth2ClientCustomizer - the Customizer to provide more options for the OAuth2ClientConfigurer
Returns: the HttpSecurity for further customizations
据我所知,任何到达此服务器的请求都应该经过身份验证。
如何
.oauth2Client(withDefaults());
在这种情况下有帮助吗?
如果我没记错的话,oAuth2 客户端就是发送请求的客户端,我们实际上可以对此进行哪些配置?文档并没有真正解释太多。
HttpSecurity 的 http 实例是“bean 设置 server/application 端”。
它的方法 oauth2Client 与客户端配置无关,但 server/application 应该如何以及在何处处理它们。
示例:
- 哪些客户端已授权
- 在哪里存储授权客户
- 如何授权客户端
- 如何删除旧的授权客户端
我认为 here,您可以找到有关 oauth2Client 默认值的更多详细信息。
@EnableWebSecurity
public class OAuth2ClientSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.oauth2Client(oauth2Client ->
oauth2Client
.clientRegistrationRepository(this.clientRegistrationRepository())
.authorizedClientRepository(this.authorizedClientRepository())
.authorizedClientService(this.authorizedClientService())
.authorizationCodeGrant(authorizationCodeGrant ->
authorizationCodeGrant
.authorizationRequestRepository(this.authorizationRequestRepository())
.authorizationRequestResolver(this.authorizationRequestResolver())
.accessTokenResponseClient(this.accessTokenResponseClient())
)
);
}
}