Spring 授权服务器配置设置
@Bean
public RegisteredClientRepository registeredClientRepository() {
RegisteredClient registeredClient = RegisteredClient.withId(UUID.randomUUID().toString())
.clientId("user-client")
.clientSecret("{noop}12345")
.clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_BASIC)
.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
.authorizationGrantType(AuthorizationGrantType.REFRESH_TOKEN)
.authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS)
.redirectUri("http://127.0.0.1:8085/login/oauth2/code/user-service-client")
.redirectUri("http://127.0.0.1:8085/authorized")
.scope(OidcScopes.OPENID)
.scope("read")
.scope("write")
.clientSettings(ClientSettings.builder().requireAuthorizationConsent(true).build())
.build();
return new InMemoryRegisteredClientRepository(registeredClient);
}
用户服务属性
spring:
security:
oauth2:
resource-server:
jwt:
issuer-uri: http://127.0.0.1:8085
client:
registration:
user-service-client:
provider: spring
client-id: user-client
client-secret: 12345
authorization-grant-type: authorization_code
redirect-uri: "http://127.0.0.1:8081/authorized"
scope: read
client-name: user-service-client
provider:
spring:
issuer-uri: http://127.0.0.1:8085
cloud:
openfeign:
oauth2:
enabled: true
clientRegistrationId: user-service-client
用户服务安全配置
@EnableWebSecurity
public class SecurityConfig {
@Bean
public BCryptPasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
@Bean
SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
http.authorizeHttpRequests(auth -> {
try {
auth
.requestMatchers("/authorized", "/login").permitAll()
.requestMatchers(HttpMethod.GET, "/users", "/users/{userId}").hasAnyAuthority("SCOPE_read", "SCOPE_write")
.requestMatchers(HttpMethod.POST, "/users").hasAuthority("SCOPE_write")
.anyRequest().authenticated()
.and()
.sessionManagement(session -> {
try {
session.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.oauth2Login(oauth2Login -> oauth2Login.loginPage("/oauth2/authorization/user-service-client"))
.oauth2Client(withDefaults())
.oauth2ResourceServer().jwt();
} catch (Exception e) {
throw new RuntimeException(e);
}
});
} catch (Exception e) {
throw new RuntimeException(e);
}
});
return http.build();
}
}
和用户服务中的OpenFeign
@FeignClient(name = "provider-service")
public interface ProviderService {
@GetMapping("/providers/{providerId}")
Provider getProvider(@PathVariable Long providerId);
}
运行用户服务时出错
通过构造函数参数 0 表示的不满足依赖关系:创建名称为“feignOAuth2AuthorizedClientManager”的 bean 时出错
通过方法 'feignOAuth2AuthorizedClientManager' 参数 0 表达的不满足依赖关系:创建名称为 'clientRegistrationRepository' 的 bean 时出错 实例化失败 [org.springframework.security.oauth2.client.registration.InMemoryClientRegistrationRepository]:工厂方法'clientRegistrationRepository'抛出异常消息:无法使用提供的“http://127.0.0.1:8085”发行者解析配置
使用 Spring Boot 3 并且已经完成了 documentation 所以添加到属性但是我想我还需要在用户服务中为 Feign Client 添加一个配置类但是没有用。有什么建议吗?我怎样才能通过 Oauth2 for Feign Client?