客户端模式
bootstrap.yml
security:
oauth2:
client:
clientId: paascloud-browser
clientSecret: paascloudClientSecret
access-token-uri: http://localhost:7979/uac/oauth/token
user-authorization-uri: http://localhost:7979/uac/oauth/authorize
resource:
id: browser-service
user-info-uri: http://localhost:7979/uac/user
paascloud:
oauth2:
client:
id: ${security.oauth2.resource.id}
accessTokenUrl: http://localhost:7979/uac/oauth/token
clientId: ${security.oauth2.client.clientId}
clientSecret: ${security.oauth2.client.clientSecret}
clientAuthenticationScheme: headerOauth2ClientConfig.java
@Configuration
@EnableConfigurationProperties(Oauth2ClientProperties.class)
public class Oauth2ClientConfig {
@Autowired
private Oauth2ClientProperties oauth2ClientProperties;
@Bean("paascloudClientCredentialsResourceDetails")
public ClientCredentialsResourceDetails resourceDetails() {
ClientCredentialsResourceDetails details = new ClientCredentialsResourceDetails();
details.setId(oauth2ClientProperties.getId());
details.setAccessTokenUri(oauth2ClientProperties.getAccessTokenUrl());
details.setClientId(oauth2ClientProperties.getClientId());
details.setClientSecret(oauth2ClientProperties.getClientSecret());
details.setAuthenticationScheme(AuthenticationScheme.valueOf(oauth2ClientProperties.getClientAuthenticationScheme()));
return details;
}
@Bean("paascloudOAuth2RestTemplate")
public OAuth2RestTemplate oAuth2RestTemplate() {
final OAuth2RestTemplate oAuth2RestTemplate = new OAuth2RestTemplate(resourceDetails(), new DefaultOAuth2ClientContext());
oAuth2RestTemplate.setRequestFactory(new Netty4ClientHttpRequestFactory());
return oAuth2RestTemplate;
}
}
Oauth2ClientProperties.java
@ConfigurationProperties(prefix = "paascloud.oauth2.client")
@Data
public class Oauth2ClientProperties {
private String id;
private String accessTokenUrl;
private String clientId;
private String clientSecret;
private String clientAuthenticationScheme;
}OAuth2FeignAutoConfiguration.java
@Configuration
public class OAuth2FeignAutoConfiguration {
@Bean
public RequestInterceptor oauth2FeignRequestInterceptor(@Qualifier("paascloudOAuth2RestTemplate") OAuth2RestTemplate oAuth2RestTemplate) {
return new OAuth2FeignRequestInterceptor(oAuth2RestTemplate);
}
@Bean
public RestClientErrorDecoder errorDecoder() {
return new RestClientErrorDecoder();
}
@Bean
public Contract feignContract() {
return new feign.Contract.Default();
}
@Bean
Logger.Level feignLoggerLevel() {
return Logger.Level.FULL;
}
}OAuth2FeignRequestInterceptor.java
public class OAuth2FeignRequestInterceptor implements RequestInterceptor {
private final Logger LOGGER = LoggerFactory.getLogger(getClass());
private static final String AUTHORIZATION_HEADER = "Authorization";
private static final String BEARER_TOKEN_TYPE = "Bearer";
private final OAuth2RestTemplate oAuth2RestTemplate;
public OAuth2FeignRequestInterceptor(OAuth2RestTemplate oAuth2RestTemplate) {
Assert.notNull(oAuth2RestTemplate, "Context can not be null");
this.oAuth2RestTemplate = oAuth2RestTemplate;
}
@Override
public void apply(RequestTemplate template) {
LOGGER.debug("Constructing Header {} for Token {}", AUTHORIZATION_HEADER, BEARER_TOKEN_TYPE);
template.header(AUTHORIZATION_HEADER,
String.format("%s %s",
BEARER_TOKEN_TYPE,
oAuth2RestTemplate.getAccessToken().toString()));
}
}密码模式
@Configuration
public class ConfigurationForRestClient {
@Bean(name = "paascloudOAuth2ProtectedResourceDetails")
protected OAuth2ProtectedResourceDetails resource() {
ResourceOwnerPasswordResourceDetails resource = new ResourceOwnerPasswordResourceDetails();
resource.setAccessTokenUri("http://localhost:7979/uac/oauth/token");
resource.setClientAuthenticationScheme(AuthenticationScheme.header);
resource.setClientId("paascloud-browser");
resource.setClientSecret("paascloudClientSecret");
resource.setGrantType("password");
resource.setScope(Arrays.asList("all"));
resource.setUsername("admin");
resource.setPassword("123456");
return resource;
}
@Bean(name = "paascloudOauth2ClientContext")
public OAuth2ClientContext oauth2ClientContext() {
return new DefaultOAuth2ClientContext(new DefaultAccessTokenRequest());
}
@Bean
public RestClientErrorDecoder errorDecoder() {
return new RestClientErrorDecoder();
}
@Bean
protected RequestInterceptor oauth2FeignRequestInterceptor(
@Qualifier("paascloudOauth2ClientContext") OAuth2ClientContext context,
@Qualifier("paascloudOAuth2ProtectedResourceDetails") OAuth2ProtectedResourceDetails resourceDetails) {
return new OAuth2FeignRequestInterceptor(context, resourceDetails);
}
@Bean
@Primary
public OAuth2RestTemplate oauth2RestTemplate(
@Qualifier("paascloudOauth2ClientContext") OAuth2ClientContext context,
@Qualifier("paascloudOAuth2ProtectedResourceDetails") OAuth2ProtectedResourceDetails resourceDetails) {
OAuth2RestTemplate template = new OAuth2RestTemplate(resourceDetails,
context);
return template;
}
@Bean
public Contract feignContract() {
return new feign.Contract.Default();
}
@Bean
Logger.Level feignLoggerLevel() {
return Logger.Level.FULL;
}
}简单记录一下日后有时间再整理
