Spring Boot:动态OAuth2客户端配置

问题描述 投票:0回答:1

我正在尝试使用keycloak配置Spring Boot OAuth2。当我使用application.properties文件中的属性时,代码工作正常。当前配置如下:

rest.security.issuer-uri=http://172.30.30.172:8080/auth/realms/<REALM_NAME>
security.oauth2.resource.id=test
security.oauth2.resource.token-info-uri=${rest.security.issuer-uri}/protocol/openid-connect/token/introspect
security.oauth2.resource.user-info-uri=${rest.security.issuer-uri}/protocol/openid-connect/userinfo
security.oauth2.resource.jwt.key-value=<PUBLIC KEY>

security.oauth2.client.client-id=<CLIENT ID>
security.oauth2.client.client-secret=<CLIENT SECRET>
security.oauth2.client.user-authorization-uri=${rest.security.issuer-uri}/protocol/openid-connect/auth
security.oauth2.client.access-token-uri=${rest.security.issuer-uri}/protocol/openid-connect/token
security.oauth2.client.scope=openid
security.oauth2.client.grant-type=client_credentials

我想以动态方式配置客户端配置设置,方法是从数据库中为每个客户端(自己的领域)请求获取客户端配置。以动态方式设置客户端属性的Java Spring Boot Security配置应该是什么。

当前安全性配置如下:

@Configuration
@EnableWebSecurity
@EnableResourceServer
@EnableGlobalMethodSecurity(prePostEnabled = true)
@ConditionalOnProperty(prefix = "rest.security", value = "enabled", havingValue = "true")
@Import({SecurityProperties.class})
public class SecurityConfigurer extends ResourceServerConfigurerAdapter{

    private ResourceServerProperties resourceServerProperties;

    private SecurityProperties securityProperties;

    /* Using spring constructor injection, @Autowired is implicit */
    public SecurityConfigurer(ResourceServerProperties resourceServerProperties, SecurityProperties securityProperties) {
        this.resourceServerProperties = resourceServerProperties;
        this.securityProperties = securityProperties;
    }

    @Override
    public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
        resources.resourceId(resourceServerProperties.getResourceId());
    }


    @Override
    public void configure(final HttpSecurity http) throws Exception {

        http.cors()
                .configurationSource(corsConfigurationSource())
                .and()
                .headers()
                .frameOptions()
                .disable()
                .and()
                .csrf()
                .disable()
                .authorizeRequests()
                .antMatchers(securityProperties.getApiMatcher())
                .authenticated();

    }

    @Bean
    public CorsConfigurationSource corsConfigurationSource() {
        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
        if (null != securityProperties.getCorsConfiguration()) {
            source.registerCorsConfiguration("/**", securityProperties.getCorsConfiguration());
        }
        return source;
    }

    @Bean
    public JwtAccessTokenCustomizer jwtAccessTokenCustomizer(ObjectMapper mapper) {
        return new JwtAccessTokenCustomizer(mapper);
    }

}

我尝试使用以下代码重写bean ResourceServerProperties。但是,它会抛出NoUniqueBeanDefinitionException异常。

@Configuration
@Import({ResourceServerProperties.class})
public class ResourceSecurityProperties {

    @Primary
    @Bean
    ResourceServerProperties resourceServerProperties(){
        ResourceServerProperties resourceServerProperties= new ResourceServerProperties("<CLIENT-ID>", "<CLIENT-SECRET>");
        ResourceServerProperties.Jwt jwt= resourceServerProperties.new Jwt();
        resourceServerProperties.setId("test001001");
        resourceServerProperties.setTokenInfoUri("http://172.30.30.172:8080/auth/realms/conf/protocol/openid-connect/token/introspect");
        resourceServerProperties.setUserInfoUri("http://172.30.30.172:8080/auth/realms/conf/protocol/openid-connect/userinfo");
        jwt.setKeyValue("<PUBLIC KEY>");
        resourceServerProperties.setJwt(jwt);
        return resourceServerProperties;
    }
}
java spring spring-boot spring-security spring-security-oauth2
1个回答
0
投票

您是否找到了解决此问题的方法,并遇到了同样的问题。如果您可以分享您的发现,那就太好了。

对于覆盖OAuth2ProtectedResourceDetails bean的安全的模块间通信来说,这个技巧可以解决,但是对于动态资源属性,我还没有发现任何东西。

© www.soinside.com 2019 - 2024. All rights reserved.