java - spring-oauth2 中的不同授权端点
问题描述
我有以下两个端点的配置,一个用于 /client,另一个用于 /admin。通过 oauth2 进行身份验证。每个都有自己的 userdetails 服务。由于请求的授权服务器答案来自/oauth/token,默认情况下,我如何为每个配置设置不同的授权端点?
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class MultiSecurityConfig {
@Configuration
public static class ClientSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private CustomUserDetailsService userDetailsService;
@Override
public void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService);
}
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring().antMatchers("/data-sync/**", "/favicon.ico", "/error");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.requestMatchers()
.antMatchers("/client/**");
}
@Bean
@Override
protected AuthenticationManager authenticationManager() throws Exception {
return super.authenticationManager();
}
}
@Configuration
public static class AdminSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private CustomAdminUserDetailsService userDetailsService;
@Override
public void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService);
}
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring().antMatchers("/favicon.ico", "/error");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.requestMatchers()
.antMatchers("/admin/**");
}
}
@Configuration
@EnableAuthorizationServer
public static class OAuth2AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {
@Autowired
PasswordEncoder passwordEncoder;
@Autowired
DataSource dataSource;
@Value("classpath:schema.sql")
private Resource schemaScript;
@Autowired
private AuthenticationManager authenticationManager;
@Override
public void configure(final AuthorizationServerSecurityConfigurer oauthServer) throws Exception {
oauthServer//
.tokenKeyAccess("permitAll()")//
.checkTokenAccess("isAuthenticated()");
}
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients//
.jdbc(dataSource)//
.withClient("trusted-client")//
.secret(passwordEncoder.encode("secret"))//
.authorizedGrantTypes("password", "authorization_code", "refresh_token")//
.scopes("read");
}
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
final TokenEnhancerChain tokenEnhancerChain = new TokenEnhancerChain();
tokenEnhancerChain.setTokenEnhancers(Collections.singletonList(tokenEnhancer()));
endpoints
.tokenStore(tokenStore())
.tokenEnhancer(tokenEnhancerChain)
.authenticationManager(authenticationManager);
}
@Bean
@Primary
public DefaultTokenServices tokenServices() {
final DefaultTokenServices defaultTokenServices = new DefaultTokenServices();
defaultTokenServices.setTokenStore(tokenStore());
defaultTokenServices.setSupportRefreshToken(true);
return defaultTokenServices;
}
@Bean
public TokenEnhancer tokenEnhancer() {
return new CustomTokenEnhancer();
}
// JDBC token store configuration
@Bean
public DataSourceInitializer dataSourceInitializer(final DataSource dataSource) {
final DataSourceInitializer initializer = new DataSourceInitializer();
initializer.setDataSource(dataSource);
initializer.setDatabasePopulator(databasePopulator());
return initializer;
}
private DatabasePopulator databasePopulator() {
final ResourceDatabasePopulator populator = new ResourceDatabasePopulator();
populator.addScript(schemaScript);
return populator;
}
@Bean
public TokenStore tokenStore() {
return new JdbcTokenStore(dataSource);
}
}
@Configuration
@EnableResourceServer
public static class ResourceServerConfig extends ResourceServerConfigurerAdapter {
@Override
public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
resources.stateless(true);
}
@Bean
public MethodSecurityExpressionHandler createExpressionHandler() {
return new OAuth2MethodSecurityExpressionHandler();
}
}
}
解决方案
推荐阅读
- c# - JSON反序列化输出到文本框
- python - 如何在不询问两次输入的情况下将函数的输入传递给另一个函数?
- android - 如何为 Android 编译和运行一个简单的 C 代码?
- c# - Umoja.Models.Subject 在 lambda_method(Closure , CreateDto , Subject , ResolutionContext )
- ip - 准确检测用户IP地址的问题
- r - ggplot2:如何动态包装/调整大小/重新缩放 x 轴标签,使它们不会重叠
- datastage - 将字符串格式与月份转换为数据阶段中的时间戳
- gluon-mobile - 显示特殊字符
- javascript - 如何在 express 中使用调试器进行异步函数?
- rust - 在 RUST 中让哈希器处于脏状态意味着什么