将自定义标头添加到 Spring Boot OAuth 2 客户端令牌请求

问题描述 投票:0回答:1

我正在努力使用 OAuth2 客户端功能自定义 Spring Boot 3.2.1 应用程序。我正在使用的 API 有一个非标准的必需标头作为令牌请求的一部分。

最终目标是构建一个 WebClient 来与 OAuth 保护的 API 交互。

我有以下application.yml:

spring:
  security:
    oauth2:
      client:
        registration:
          foobar:
            client-authentication-method: client_secret_basic
            authorization-grant-type: client_credentials
            client-id: xxxxxxxxxx
            client-secret: xxxxxxxxxx
        provider:
          foobar:
            token-uri: xxxxxx

到目前为止,我有以下用于构造 WebClient 的配置类:

@Configuration
public class foobarWebClientBeans {

    @Bean
    public AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager foobarOauth2AuthorizedClientManager(ReactiveClientRegistrationRepository clientRegistrations, ReactiveOAuth2AuthorizedClientService authorizedClientService) {
        return new AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager(clientRegistrations, authorizedClientService);
    }

    @Bean
    public ServerOAuth2AuthorizedClientExchangeFilterFunction foobarServerFilterFunction(AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager foobarOauth2AuthorizedClientManager) {
        ServerOAuth2AuthorizedClientExchangeFilterFunction foobarServerFilterFunction = new ServerOAuth2AuthorizedClientExchangeFilterFunction(foobarOauth2AuthorizedClientManager);
        foobarServerFilterFunction.setDefaultClientRegistrationId("foobar");
        return foobarServerFilterFunction;
    }

    @Bean
    public WebClient foobarWebClient(ServerOAuth2AuthorizedClientExchangeFilterFunction foobarServerFilterFunction) {

        return WebClient.builder()
                        .filter(foobarServerFilterFunction)
                        .baseUrl("https://foobar.com")
                        .build();
    }


}

foobar
API 需要以下标头来进行令牌请求:
FOOBAR UUID: xxxxx

我在 spring 文档中看到以下注释,似乎表明它可以完成,但实际上并没有详细说明:自定义访问令牌请求(文档描述了参数,但也有 headers 的方法)

java spring spring-boot spring-security spring-security-oauth2
1个回答
0
投票

经过一番挖掘(&反复试验),我找到了如何修改请求。

我必须创建一个新的

ReactiveOAuth2AuthorizedClientProvider
并将其添加到客户管理器中。

之前:

    @Bean
    public AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager foobarOauth2AuthorizedClientManager(ReactiveClientRegistrationRepository clientRegistrations, ReactiveOAuth2AuthorizedClientService authorizedClientService) {
        return new AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager(clientRegistrations, authorizedClientService);
    }

之后:

    @Bean
    public AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager foobarOauth2AuthorizedClientManager(ReactiveClientRegistrationRepository clientRegistrations, ReactiveOAuth2AuthorizedClientService authorizedClientService) {
        WebClientReactiveClientCredentialsTokenResponseClient tokenResponseClient = new WebClientReactiveClientCredentialsTokenResponseClient();
        tokenResponseClient.addHeadersConverter(source -> {
            HttpHeaders httpHeaders = new HttpHeaders();
            httpHeaders.add("FOOBAR UUID", UUID.randomUUID().toString());
            return httpHeaders;
        });


        ReactiveOAuth2AuthorizedClientProvider authorizedClientProvider = ReactiveOAuth2AuthorizedClientProviderBuilder.builder()
                                                                                                                       .clientCredentials(configurer -> configurer.accessTokenResponseClient(tokenResponseClient))
                                                                                                                       .build();


        AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager foobarOauth2AuthorizedClientManager = new AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager(clientRegistrations, authorizedClientService);
        foobarOauth2AuthorizedClientManager.setAuthorizedClientProvider(authorizedClientProvider);
        return foobarOauth2AuthorizedClientManager;
    }
© www.soinside.com 2019 - 2024. All rights reserved.