我在非Spring Boot应用程序中实现OIDC。以下是我的OIDC客户端的配置,我正在尝试从OAuth2AuthorizedClientService获取OAuth2AuthorizedClient,但我得到的是null。基本上,OAuth2AuthorizedClientService不会注册客户端主体(authorizedClient)。
我正在重定向到okta(身份验证服务器)登录页面,并在通过okta(身份验证服务器)进行身份验证后重定向到我的控制器方法…
@Configuration
@EnableWebSecurity
@EnableOAuth2Client
public class ClientSecurityConfigurer extends WebSecurityConfigurerAdapter{
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/index/4_0/**")
.authenticated()
.antMatchers("/okta_login")
.permitAll()
.anyRequest()
.authenticated()
.and()
.oauth2Login()
.loginPage("/okta_login")
.clientRegistrationRepository(oktaRegistrationRepository())
.authorizedClientService(authorizedClientService());
}
@Bean
public OAuth2AuthorizedClientService authorizedClientService() {
return new InMemoryOAuth2AuthorizedClientService(oktaRegistrationRepository());
}
@Bean
public ClientRegistrationRepository oktaRegistrationRepository() {
return new InMemoryClientRegistrationRepository(this.oktaClientRegistration());
}
private ClientRegistration oktaClientRegistration() {
return ClientRegistration.withRegistrationId("okta").clientId("client id *********")
.clientSecret("client secret ********")
.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
.redirectUriTemplate("http://localhost:9088/myApp/login/oauth2/code/okta")
.scope("openid", "profile", "email", "address", "phone")
.authorizationUri("https://myorg.oktapreview.com/oauth2/default/v1/authorize")
.tokenUri("https://myorg.oktapreview.com/oauth2/default/v1/token")
.userInfoUri("https://myorg.oktapreview.com/oauth2/default/v1/userinfo")
.userNameAttributeName(IdTokenClaimNames.SUB)
.jwkSetUri("https://myorg.oktapreview.com/oauth2/default/v1/keys").clientName("Okta")
.build();
}
}
初始值设定项:
public class ClientSecurityInitializer extends AbstractSecurityWebApplicationInitializer {
public ClientSecurityInitializer() {
super(ClientSecurityConfigurer.class);
}
}
自定义登录页面:
@Controller
public class LoginController {
@RequestMapping(value="/okta_login")
public String oktaLogin(){
return "redirect:/oauth2/authorization/okta";
}
}
我的应用控制器:
@Controller
@RequestMapping("/index/4_0")
public class ClientController_4_0 {
@Autowired
private OAuth2AuthorizedClientService authorizedClientService;
@RequestMapping(value = "/client", method = RequestMethod.GET)
private String getIndex(Model model, HttpServletRequest req, OAuth2AuthenticationToken authentication) {
OAuth2AuthorizedClient authorizedClient = this.getAuthorizedClient(authentication);
OAuth2AccessToken token = (OAuth2AccessToken) authorizedClient.getAccessToken();
String tokenValue = token.getValue();
return "v4_0/client";
}
private OAuth2AuthorizedClient getAuthorizedClient(OAuth2AuthenticationToken authentication) {
return this.authorizedClientService.loadAuthorizedClient(
authentication.getAuthorizedClientRegistrationId(), authentication.getName());
}
}
通话时为空
OAuth2AuthorizedClient authorizedClient = this.getAuthorizedClient(authentication);
我自动连接了OAuth2AuthorizedClientService,其中auhtorizedClients为null,但是由于正在从配置中加载它,因此将加载clientRegistrationRepository…猜测通过身份验证后,客户端主体不会作为authorizedClients加载...
不知道我在哪里做错了...任何建议都会不胜感激。
最佳答案
我知道了…问题与我的SecurityInitializer类有关。由于我的应用程序已经是Spring应用程序(不是spring boot),因此不需要在其中加载SecurityConfig类。因此,我的Security Initializer类将如下所示……
public class ClientSecurityInitializer extends AbstractSecurityWebApplicationInitializer {
}
关于java - Spring OAuth2/OIDC-OAuth2AuthorizedClientService未注册用户主体(authroizedClient),我们在Stack Overflow上找到一个类似的问题:https://stackoverflow.com/questions/52338056/