spring-security - 在 Spring Cloud Gateway 的 oauth2 客户端流中禁用重定向到 oauth2/authorization/{registrationId}
问题描述
是否可以在 oauth2 客户端流程中禁用重定向到 oauth2/authorization/{registrationId}?我在 Spring Cloud Gateway 中具有以下 oauth2 流属性,但我没有指定 url oauth2/authorization/{registrationId}:
security:
oauth2:
client:
registration:
smart_hub_client:
provider: wso2is
client-id: someid
client-secret: somesecret
authorization-grant-type: authorization_code
redirect-uri: "{baseUrl}/redirect_uri"
scope: sso,openid
provider:
wso2is:
authorization-uri: https://authserver/oauth2/authorize?loginPage=login.jsp
token-uri: https://authserver.com/oauth2/token
user-info-uri: https://authserver/oauth2/userinfo
user-name-attribute: sub
jwk-set-uri: https://authserver.com/oauth2/jwks
屏幕截图中的请求 URL 在这里:https://myscgapp/oauth2/authorization/smart_hub_client
更新:我已将上面的 conf 更新为我的示例。主要问题 - 我有重定向循环。也许禁用 https://myscgapp/oauth2/authorization/smart_hub_client 可以提供帮助?或者根本原因是另一个?
解决方案
The OAuth2AuthorizationRequestRedirectFilter
uses an OAuth2AuthorizationRequestResolver
to initiate the Authorization Code grant flow by redirecting the end-user’s user-agent to the Authorization Server’s authorization endpoint.
The default implementation DefaultOAuth2AuthorizationRequestResolver
matches on the (default) path /oauth2/authorization/{registrationId}.
You can customize this by providing a custom ServerOAuth2AuthorizationRequestResolver
.
In the example below, the resolver will match on the path /auth/custom/sso/{registrationId} instead of /oauth2/authorization/{registrationId}.
@EnableWebFluxSecurity
public class SecurityConfig {
@Autowired
private ReactiveClientRegistrationRepository clientRegistrationRepository;
@Bean
SecurityWebFilterChain configure(ServerHttpSecurity http) {
http
.authorizeExchange(exchanges ->
exchanges
.anyExchange().authenticated()
)
.oauth2Login(oauth2Login ->
oauth2Login
.authorizationRequestResolver(getAuthorizationRequestResolver()));
return http.build();
}
private ServerOAuth2AuthorizationRequestResolver getAuthorizationRequestResolver() {
return new DefaultServerOAuth2AuthorizationRequestResolver(
this.clientRegistrationRepository,
new PathPatternParserServerWebExchangeMatcher(
"/auth/custom/sso/{registrationId}"));
}
}
推荐阅读
- node.js - 通过表单数据正文类型上传文件时邮递员错误
- github - 如何在 github 操作中设置环境变量
- mysql - 如果值为 null 或为空,MySQL 将忽略 where 条件
- c# - Asp.net Core 5.0 在使用时似乎没有 httpContext.Session.GetString 作为方法
- go - json 上的嵌套结构返回 null
- python - 如何将常规字典转换为嵌套字典
- google-cloud-functions - 谷歌云功能:超过 SocketConnectNonbillable Quota
- android-tv - Android TV - Exoplayer 控件显示在模拟器上但不显示在电视上
- python-3.x - python tkinter / canvas / subplot中的交互式垂直线条绘制
- r - 根据时间范围创建列