使用 Oauth2 配置 OpenFeign

问题描述 投票:0回答:0

Spring 授权服务器配置设置

@Bean
    public RegisteredClientRepository registeredClientRepository() {
        RegisteredClient registeredClient = RegisteredClient.withId(UUID.randomUUID().toString())
                .clientId("user-client")
                .clientSecret("{noop}12345")
                .clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_BASIC)
                .authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
                .authorizationGrantType(AuthorizationGrantType.REFRESH_TOKEN)
                .authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS)
                .redirectUri("http://127.0.0.1:8085/login/oauth2/code/user-service-client")
                .redirectUri("http://127.0.0.1:8085/authorized")
                .scope(OidcScopes.OPENID)
                .scope("read")
                .scope("write")
                .clientSettings(ClientSettings.builder().requireAuthorizationConsent(true).build())
                .build();

        return new InMemoryRegisteredClientRepository(registeredClient);
    }

用户服务属性

spring:
  security:
    oauth2:
      resource-server:
        jwt:
          issuer-uri: http://127.0.0.1:8085
      client:
        registration:
          user-service-client:
            provider: spring
            client-id: user-client
            client-secret: 12345
            authorization-grant-type: authorization_code
            redirect-uri: "http://127.0.0.1:8081/authorized"
            scope: read
            client-name: user-service-client
        provider:
          spring:
            issuer-uri: http://127.0.0.1:8085

  cloud:
    openfeign:
      oauth2:
        enabled: true
        clientRegistrationId: user-service-client

用户服务安全配置

@EnableWebSecurity
public class SecurityConfig {

    @Bean
    public BCryptPasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }

    @Bean
    SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
        http.authorizeHttpRequests(auth -> {
            try {
                auth
                        .requestMatchers("/authorized", "/login").permitAll()
                        .requestMatchers(HttpMethod.GET, "/users", "/users/{userId}").hasAnyAuthority("SCOPE_read", "SCOPE_write")
                        .requestMatchers(HttpMethod.POST, "/users").hasAuthority("SCOPE_write")
                        .anyRequest().authenticated()
                        .and()
                        .sessionManagement(session -> {
                            try {
                                session.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
                                .and()
                                .oauth2Login(oauth2Login -> oauth2Login.loginPage("/oauth2/authorization/user-service-client"))
                                .oauth2Client(withDefaults())
                                .oauth2ResourceServer().jwt();
                            } catch (Exception e) {
                                throw new RuntimeException(e);
                            }
                        });
            } catch (Exception e) {
                throw new RuntimeException(e);
            }
        });

        return http.build();
    }
}

和用户服务中的OpenFeign

@FeignClient(name = "provider-service")
public interface ProviderService {

    @GetMapping("/providers/{providerId}")
    Provider getProvider(@PathVariable Long providerId);

}

运行用户服务时出错

通过构造函数参数 0 表示的不满足依赖关系:创建名称为“feignOAuth2AuthorizedClientManager”的 bean 时出错

通过方法 'feignOAuth2AuthorizedClientManager' 参数 0 表达的不满足依赖关系:创建名称为 'clientRegistrationRepository' 的 bean 时出错 实例化失败 [org.springframework.security.oauth2.client.registration.InMemoryClientRegistrationRepository]:工厂方法'clientRegistrationRepository'抛出异常消息:无法使用提供的“http://127.0.0.1:8085”发行者解析配置

使用 Spring Boot 3 并且已经完成了 documentation 所以添加到属性但是我想我还需要在用户服务中为 Feign Client 添加一个配置类但是没有用。有什么建议吗?我怎样才能通过 Oauth2 for Feign Client?

spring-boot spring-security spring-cloud spring-cloud-feign
© www.soinside.com 2019 - 2024. All rights reserved.