时间戳

首页 > 解决方案 > 在 Spring Cloud Gateway 的 oauth2 客户端流中禁用重定向到 oauth2/authorization/{registrationId}

spring-security - 在 Spring Cloud Gateway 的 oauth2 客户端流中禁用重定向到 oauth2/authorization/{registrationId}

问题描述

是否可以在 oauth2 客户端流程中禁用重定向到 oauth2/authorization/{registrationId}?我在 Spring Cloud Gateway 中具有以下 oauth2 流属性,但我没有指定 url oauth2/authorization/{registrationId}:

  security:
    oauth2:
      client:
        registration:
          smart_hub_client:
            provider: wso2is
            client-id: someid
            client-secret: somesecret
            authorization-grant-type: authorization_code
            redirect-uri: "{baseUrl}/redirect_uri"
            scope: sso,openid
        provider:
          wso2is:
            authorization-uri: https://authserver/oauth2/authorize?loginPage=login.jsp
            token-uri: https://authserver.com/oauth2/token
            user-info-uri: https://authserver/oauth2/userinfo
            user-name-attribute: sub
            jwk-set-uri: https://authserver.com/oauth2/jwks

在此处输入图像描述

屏幕截图中的请求 URL 在这里:https://myscgapp/oauth2/authorization/smart_hub_client

更新:我已将上面的 conf 更新为我的示例。主要问题 - 我有重定向循环。也许禁用 https://myscgapp/oauth2/authorization/smart_hub_client 可以提供帮助?或者根本原因是另一个?

我有这样的重定向循环: 在此处输入图像描述

标签: spring-securityoauth-2.0spring-security-oauth2spring-cloud-gatewayspring-boot-starter-oauth2-client

解决方案

The OAuth2AuthorizationRequestRedirectFilter uses an OAuth2AuthorizationRequestResolver to initiate the Authorization Code grant flow by redirecting the end-user’s user-agent to the Authorization Server’s authorization endpoint.
The default implementation DefaultOAuth2AuthorizationRequestResolver matches on the (default) path /oauth2/authorization/{registrationId}.

You can customize this by providing a custom ServerOAuth2AuthorizationRequestResolver.

In the example below, the resolver will match on the path /auth/custom/sso/{registrationId} instead of /oauth2/authorization/{registrationId}.

@EnableWebFluxSecurity
public class SecurityConfig {

    @Autowired
    private ReactiveClientRegistrationRepository clientRegistrationRepository;

    @Bean
    SecurityWebFilterChain configure(ServerHttpSecurity http) {
        http
            .authorizeExchange(exchanges ->
                exchanges
                    .anyExchange().authenticated()
            )
            .oauth2Login(oauth2Login ->
                oauth2Login
                    .authorizationRequestResolver(getAuthorizationRequestResolver()));
        return http.build();
    }

    private ServerOAuth2AuthorizationRequestResolver getAuthorizationRequestResolver() {
        return new DefaultServerOAuth2AuthorizationRequestResolver(
                this.clientRegistrationRepository,
                new PathPatternParserServerWebExchangeMatcher(
                        "/auth/custom/sso/{registrationId}"));

    }
}

推荐阅读