我正在尝试在 Spring Boot 5 中的 oAuth 客户端上启用 PKCE。我可以找到的示例适用于反应式客户端,如下所示:
SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http, ReactiveClientRegistrationRepository clientRegistrationRepository) {
DefaultServerOAuth2AuthorizationRequestResolver pkceResolver = new DefaultServerOAuth2AuthorizationRequestResolver(clientRegistrationRepository);
pkceResolver.setAuthorizationRequestCustomizer(OAuth2AuthorizationRequestCustomizers.withPkce());
http.oauth2Login(login -> login
.authorizationRequestResolver(pkceResolver)
我尝试将其转换为等效的 servlet,但是 oAuthLoginConfigurer 没有
authorizationRequestResolver这就是我要去的地方:
@Bean
public SecurityFilterChain filterChain(HttpSecurity http
,ClientRegistrationRepository repo
)
throws Exception {
var resolver = new DefaultOAuth2AuthorizationRequestResolver(repo,"https://myoauthserver.com");
resolver.setAuthorizationRequestCustomizer(OAuth2AuthorizationRequestCustomizers.withPkce());
http
.authorizeRequests(a -> a
.antMatchers("/").permitAll()
.anyRequest().authenticated())
.oauth2Login(); // doesn't have the authorizationRequestResolver method like reactive
return http.build();
}
有什么想法可以让 servlet 工作吗?
好吧,我已经想通了,我想我最好不要把这个问题留给将来可怜的灵魂(即当我忘记它是如何工作的时候的我)。
这是魔豆:
@Configuration
public class SecurityConfiguration {
@Bean
public SecurityFilterChain filterChain(HttpSecurity http, ClientRegistrationRepository repo)
throws Exception {
var base_uri = OAuth2AuthorizationRequestRedirectFilter.DEFAULT_AUTHORIZATION_REQUEST_BASE_URI;
var resolver = new DefaultOAuth2AuthorizationRequestResolver(repo, base_uri);
resolver.setAuthorizationRequestCustomizer(OAuth2AuthorizationRequestCustomizers.withPkce());
http
.authorizeRequests(a -> a
.antMatchers("/").permitAll()
.anyRequest().authenticated())
.oauth2Login(login -> login.authorizationEndpoint().authorizationRequestResolver(resolver));
http.logout(logout -> logout
.logoutSuccessUrl("/"));
return http.build();
}
}
要解决与
authorizationEndpoint().authorizationEndpoint(authorizationEndpointConfig -> authorizationEndpointConfig.authorizationRequestResolver(resolver))