Spring 安全性:.oauth2Client(withDefaults()) 的目的;在 HttpSecurity

Spring Security: Purpose of .oauth2Client(withDefaults()); in HttpSecurity

这是来自doc

public HttpSecurity oauth2Client​(Customizer<OAuth2ClientConfigurer> oauth2ClientCustomizer) throws java.lang.Exception

Configures OAuth 2.0 Client support.

Example Configuration

The following example demonstrates how to enable OAuth 2.0 Client support for all endpoints.

 @Configuration
 @EnableWebSecurity
 public class OAuth2ClientSecurityConfig extends WebSecurityConfigurerAdapter {
        @Override
        protected void configure(HttpSecurity http) throws Exception {
                http
                        .authorizeRequests((authorizeRequests) ->
                                authorizeRequests
                                        .anyRequest().authenticated()
                        )
                        .oauth2Client(withDefaults());
        }
 }
 

Parameters: auth2ClientCustomizer - the Customizer to provide more options for the OAuth2ClientConfigurer

Returns: the HttpSecurity for further customizations

据我所知,任何到达此服务器的请求都应该经过身份验证。

如何 .oauth2Client(withDefaults()); 在这种情况下有帮助吗?

如果我没记错的话,oAuth2 客户端就是发送请求的客户端,我们实际上可以对此进行哪些配置?文档并没有真正解释太多。

HttpSecurity 的 http 实例是“bean 设置 server/application 端”。

它的方法 oauth2Client 与客户端配置无关,但 server/application 应该如何以及在何处处理它们。

示例:

  • 哪些客户端已授权
  • 在哪里存储授权客户
  • 如何授权客户端
  • 如何删除旧的授权客户端

我认为 here,您可以找到有关 oauth2Client 默认值的更多详细信息。

@EnableWebSecurity
public class OAuth2ClientSecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
            .oauth2Client(oauth2Client ->
                oauth2Client
                    .clientRegistrationRepository(this.clientRegistrationRepository())
                    .authorizedClientRepository(this.authorizedClientRepository())
                    .authorizedClientService(this.authorizedClientService())
                    .authorizationCodeGrant(authorizationCodeGrant ->
                        authorizationCodeGrant
                            .authorizationRequestRepository(this.authorizationRequestRepository())
                            .authorizationRequestResolver(this.authorizationRequestResolver())
                            .accessTokenResponseClient(this.accessTokenResponseClient())
                    )
            );
    }
}