支持超文本传输协议的Spring Boot oAuth2客户端
我正在努力使用oauth2代理正确设置webflux WebClient。
似乎serveroauth 2 authorizedclientexchangefilterfunction使用了一个新的webclient实例,它不包含我的代理配置。
OAuth2配置
ServerOAuth2AuthorizedClientExchangeFilterFunction oauth2ClientFilter = new ServerOAuth2AuthorizedClientExchangeFilterFunction(
clientRegistrations,
new UnAuthenticatedServerOAuth2AuthorizedClientRepository());
oauth2ClientFilter.setDefaultClientRegistrationId("azure");
OAuth2AuthorizedClientResolver。类包含:
private ReactiveOAuth2AccessTokenResponseClient<OAuth2ClientCredentialsGrantRequest> clientCredentialsTokenResponseClient = new WebClientReactiveClientCredentialsTokenResponseClient();
WebClientReactiveClientCredentialsTokenResponseClient.java创建了一个新的WebClient,如下所示:
private WebClient webClient = WebClient.builder().build();
有没有人有一个如何为oauth2客户机正确设置http-proxy的例子?
共有2个答案
对于OAuth2.0客户端凭据流,在websecurity配置中,您需要类似以下的内容:
@EnableWebFluxSecurity
public class WebSecurityConfiguration {
@Bean
public ReactiveOAuth2AuthorizedClientManager authorizedClientManager(
ReactiveClientRegistrationRepository clientRegistrationRepository,
ReactiveOAuth2AuthorizedClientService authorizedClientService) {
ReactiveOAuth2AuthorizedClientProvider authorizedClientProvider =
ReactiveOAuth2AuthorizedClientProviderBuilder.builder()
.clientCredentials()
.build();
AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager authorizedClientManager =
new AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager(
clientRegistrationRepository, authorizedClientService);
authorizedClientManager.setAuthorizedClientProvider(authorizedClientProvider);
return authorizedClientManager;
}
@Bean
public WebClient webClient(ReactiveOAuth2AuthorizedClientManager authorizedClientManager) {
ServerOAuth2AuthorizedClientExchangeFilterFunction oauth =new ServerOAuth2AuthorizedClientExchangeFilterFunction(authorizedClientManager);
return WebClient.builder().filter(oauth).build();
}
}
现在进行实际的API调用:
webClient.get()
.uri(<protected resource uri which you want to access>)
.attributes(clientRegistrationId(<The Provider name specified under registration in app yaml>))
.retrieve()
.bodyToMono(String.class)
.map(string
-> "Retrieved using Client Credentials Grant Type: " + string)
.subscribe(LOGGER::info);
供您参考,我使用的是Spring Boot版本2.3.1.RELEASE和我的application.yaml,如下所示:
spring:
security:
oauth2:
client:
provider:
<provider-name>:
issuer-uri: <issuer-uri implementing OIDC>
registration:
<provider-name>:
client-id: <client-id>
client-secret: <client-secret>
scope: <comma separated scopes>
authorization-grant-type: client_credentials
由于@abhinaba-chakraborty的不完整答案,我设法基于WebClient中的JVM参数为WebClientReactiveClientCredentialsTokenResponseClient设置代理。
以下是我的代码片段,以帮助其他人解决同样的问题:
这是一个帮助函数,用于获取JVM参数并将其设置为HttpClient
public HttpClient proxyHttpClient() {
String proxyHost = System.getProperty("https.proxyHost");
String proxyPort = System.getProperty("https.proxyPort");
if (proxyHost == null && proxyPort == null) {
return HttpClient.create();
}
return HttpClient.create()
.tcpConfiguration(tcpClient ->
tcpClient.proxy(proxy ->
proxy.type(ProxyProvider.Proxy.HTTP).host(proxyHost).port(Integer.valueOf(proxyPort))
)
);
}
这是如何为用于调用外部系统的网络客户端配置OAuth2Client的方法(基于@abhinaba chakraborty的响应)。注意名为的函数configureHttpProxy:
@Bean
public ReactiveOAuth2AuthorizedClientManager authorizedClientManager(
ReactiveClientRegistrationRepository clientRegistrationRepository,
ReactiveOAuth2AuthorizedClientService authorizedClientService) {
return configureHttpProxy(
new AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager(
clientRegistrationRepository,
authorizedClientService
)
);
}
@Bean
WebClient webClient(ReactiveOAuth2AuthorizedClientManager authorizedClientManager) {
ServerOAuth2AuthorizedClientExchangeFilterFunction oauth2Client = new ServerOAuth2AuthorizedClientExchangeFilterFunction(authorizedClientManager);
oauth2Client.setDefaultClientRegistrationId("registration_id");
return WebClient.builder()
.filter(oauth2Client)
.clientConnector(new ReactorClientHttpConnector(HttpClient.create().wiretap(true)))
.baseUrl(rdoWebClientProperties.getBaseUrl())
.defaultHeader(rdoWebClientProperties.getApikeyName(), rdoWebClientProperties.getApikeyValue())
.build();
}
下面是< code>configureHttpProxy函数:
private AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager configureHttpProxy(AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager authorizedClientManager) {
// set the webclient with proxy configuration in the ReactiveOAuth2AccessTokenResponseClient
WebClientReactiveClientCredentialsTokenResponseClient tokenResponseClient = new WebClientReactiveClientCredentialsTokenResponseClient();
tokenResponseClient.setWebClient(
WebClient.builder()
.clientConnector(new ReactorClientHttpConnector(proxyHttpClient()))
.build()
);
// set the ReactiveOAuth2AccessTokenResponseClient with webclient configuration in the ReactiveOAuth2AuthorizedClientProvider
ClientCredentialsReactiveOAuth2AuthorizedClientProvider authorizedClientProvider = new ClientCredentialsReactiveOAuth2AuthorizedClientProvider();
authorizedClientProvider.setAccessTokenResponseClient(tokenResponseClient);
// set the ReactiveOAuth2AuthorizedClientProvider in the ReactiveOAuth2AuthorizedClientManager
authorizedClientManager.setAuthorizedClientProvider(authorizedClientProvider);
return authorizedClientManager;
}
希望这会有所帮助。
-
我无法使用sun.net.www.protocol.http。HttpURLConnection(JDK v6和v7)尝试发送修补程序请求时。它发生在getOutputStream()methid中,其中有一个验证检查,只允许验证POST或PUT方法。但是PATCH呢?它也应该有效。 有人能告诉我什么时候可以用吗? 有人能告诉我我能做什么吗?还有其他类型的Java图书馆吗? 谢谢 M
-
我正在使用GWT和Spring controller来管理http流量。有些请求可能需要很长时间,但我希望在超过给定时间时终止请求。 我如何配置超时Spring。我也使用Apache Tomcat 7.0。我试图在tomcat上inrease最大线程,但有一段时间tomcat工作缓慢,因为请求线程不会死。
-
在owncloud相关网站和stackoverflow自身的以下链接中,所有相关信息都以不完整的形式呈现: 用户配置Api-Owncloud 我试着做一些非常简单的事情: > 我得到这样的输出: 开始处理凭据,首先它将存储在本地变量中 Hello Frank 您的密码是frankspassword failure 997未经授权 在owncloud中创建了一个新用户 我还尝试使用以下php脚本登录
-
我只是有一个关于服务中http请求的结构和处理响应的问题。我正在使用Angular2。alpha46 Typescript(刚刚开始测试-我喜欢它…Ps…。感谢所有一直致力于它并通过github作出贡献的人) 因此,采取以下措施: 登录表单。组成部分ts 从这个组件中,我导入了我的userService,它将容纳我的超文本传输协议请求,以登录用户。 使用者服务ts 我想做的是能够处理http请求之
-
我的LogCat: 签名密钥(sw)为https://api.dropbox.com/1/shares/dropbox/a.jpg?oauth_consumer_key=2f2y1dyuqhp58ek 我对http没有太多经验。。 因为httpPost=新的httpPost(sw);工作正常,这是否意味着基本字符串签名正确? 还是我错过了什么?
-
我试图禁用我的AngularJS应用程序中的缓存,但它无法使用以下代码: 当我使用