当前位置: 文江博客话题详情

是否有关于 Spring Security 的 Oauth 非命名空间配置的示例?

发布于 2024-10-24 09:40:39 字数 92 浏览 2 评论 0原文

由于种种原因,我们无法使用Spring的命名空间配置。是否有不使用命名空间配置机制的 OAuth 2.0 配置示例?大多数情况下,我试图找出过滤器链中需要包含哪个过滤器。

原文

For a variety of reasons, we cannot use Spring's namespace configuration. Is there an example of the OAuth 2.0 configuration that doesn't use the namespace configuration mechanism? Mostly I am trying to figure out which filter need to be included in the filter chain.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(2

梦魇绽荼蘼 2024-10-31 09:40:39

以下是我为使基本 OAuth 2.0 流程正常工作而设置的内容(与 Tonr/Sparklr 演示中的基本相同)。我们的安全设置很复杂,所以我只会在下面重现相关的片段。

首先,过滤器链顺序:

BasicUserApprovalFilter, SecurityContextPersistenceFilter, LogoutFilter, UsernamePasswordAuthenticationFilter, BasicAuthenticationFilter, RequestCacheAwareFilter, SecurityContextHolderAwareRequestFilter, AnonymousAuthenticationFilter, SessionManagementFilter, ExceptionTranslationFilter, OAuth2ExceptionHandlerFilter, VerificationCodeFilter, OAuth2AuthorizationFilter, OAuth2ProtectedResourceFilter, FilterSecurityInterceptor

请注意,AnonymousAuthenticationFilter绝对必需的,即使您不在其他地方使用它。

现在是支持豆:

<bean id="oauth2ExceptionTranslationFilter" class="org.springframework.security.oauth2.provider.OAuth2ExceptionHandlerFilter"/>

<bean id="oauth2VerificationCodeFilter" class="org.springframework.security.oauth2.provider.verification.VerificationCodeFilter">
    <property name="clientDetailsService" ref="clientDetailsService"/>
    <property name="verificationServices" ref="verificationCodeServices"/>
    <property name="userApprovalHandler" ref="oauth2UserApprovalFilter"/>

    <property name="unapprovedAuthenticationHandler">
        <bean class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
            <!-- This is where you define your confirmation page -->
            <property name="defaultFailureUrl" value="/oauth/confirm.action"/>
        </bean>
    </property>
</bean>

<bean id="oauth2AuthorizationFilter" class="org.springframework.security.oauth2.provider.OAuth2AuthorizationFilter">
    <property name="authenticationManager" ref="authenticationManager"/>
    <property name="authenticationSuccessHandler">
        <bean class="org.springframework.security.oauth2.provider.OAuth2AuthorizationSuccessHandler">
            <property name="tokenServices" ref="tokenServices"/>
        </bean>
    </property>
</bean>

<bean id="oauth2ProtectedResourceFilter" class="org.springframework.security.oauth2.provider.OAuth2ProtectedResourceFilter">
    <property name="tokenServices" ref="tokenServices"/>
</bean>

<bean id="tokenServices" class="org.springframework.security.oauth2.provider.token.InMemoryOAuth2ProviderTokenServices">
    <property name="supportRefreshToken" value="true"/>
</bean>

<bean id="clientDetailsService" class="org.springframework.security.oauth2.provider.InMemoryClientDetailsService">
    <property name="clientDetailsStore">
        <map>
            <entry key="tonr">
                <bean class="org.springframework.security.oauth2.provider.BaseClientDetails">
                    <property name="clientId" value="tonr"/>
                    <property name="authorizedGrantTypes">
                        <list>
                            <value>authorization_code</value>
                            <value>refresh_token</value>
                        </list>
                    </property>
                </bean>
            </entry>
        </map>
    </property>
</bean>

<bean id="verificationCodeServices" class="org.springframework.security.oauth2.provider.verification.InMemoryVerificationCodeServices"/>

<bean id="oauth2VerificationAuthenticationProvider" class="org.springframework.security.oauth2.provider.verification.VerificationCodeAuthenticationProvider">
    <property name="verificationServices" ref="verificationCodeServices"/>
</bean>

<bean id="oauth2AccessGrantAuthenticationProvider" class="org.springframework.security.oauth2.provider.AccessGrantAuthenticationProvider">
    <property name="clientDetailsService" ref="clientDetailsService"/>
</bean>

<bean id="oauth2RefreshAuthenticationProvider" class="org.springframework.security.oauth2.provider.refresh.RefreshAuthenticationProvider"/>

请注意,服务(客户端、令牌、验证码)仅在内存版本中提供。您需要创建自己的版本才能持久存在。

最后,您需要将提供程序绑定到您的身份验证管理器中:

<bean id="authenticationManager" class="org.springframework.security.authentication.ProviderManager">
        <property name="providers">
            <list>
                <ref local="daoAuthenticationProvider"/>
                <ref local="oauth2AccessGrantAuthenticationProvider"/>
                <ref local="oauth2VerificationAuthenticationProvider"/>
                <ref local="oauth2RefreshAuthenticationProvider"/>
                <bean class="org.springframework.security.authentication.AnonymousAuthenticationProvider">
                    <property name="key" value="mykey"/>
                </bean>
            </list>
        </property>
    </bean>

The following is what I set up to get the basic OAuth 2.0 flow working (essentially the same as in the Tonr/Sparklr demo). Our security setup is complicated, so I'll only reproduce the relevant snippets below.

First, the filter chain order:

BasicUserApprovalFilter, SecurityContextPersistenceFilter, LogoutFilter, UsernamePasswordAuthenticationFilter, BasicAuthenticationFilter, RequestCacheAwareFilter, SecurityContextHolderAwareRequestFilter, AnonymousAuthenticationFilter, SessionManagementFilter, ExceptionTranslationFilter, OAuth2ExceptionHandlerFilter, VerificationCodeFilter, OAuth2AuthorizationFilter, OAuth2ProtectedResourceFilter, FilterSecurityInterceptor

Note that the AnonymousAuthenticationFilter is absolutely required even if you don't use it anywhere else.

Now the supporting beans:

<bean id="oauth2ExceptionTranslationFilter" class="org.springframework.security.oauth2.provider.OAuth2ExceptionHandlerFilter"/>

<bean id="oauth2VerificationCodeFilter" class="org.springframework.security.oauth2.provider.verification.VerificationCodeFilter">
    <property name="clientDetailsService" ref="clientDetailsService"/>
    <property name="verificationServices" ref="verificationCodeServices"/>
    <property name="userApprovalHandler" ref="oauth2UserApprovalFilter"/>

    <property name="unapprovedAuthenticationHandler">
        <bean class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
            <!-- This is where you define your confirmation page -->
            <property name="defaultFailureUrl" value="/oauth/confirm.action"/>
        </bean>
    </property>
</bean>

<bean id="oauth2AuthorizationFilter" class="org.springframework.security.oauth2.provider.OAuth2AuthorizationFilter">
    <property name="authenticationManager" ref="authenticationManager"/>
    <property name="authenticationSuccessHandler">
        <bean class="org.springframework.security.oauth2.provider.OAuth2AuthorizationSuccessHandler">
            <property name="tokenServices" ref="tokenServices"/>
        </bean>
    </property>
</bean>

<bean id="oauth2ProtectedResourceFilter" class="org.springframework.security.oauth2.provider.OAuth2ProtectedResourceFilter">
    <property name="tokenServices" ref="tokenServices"/>
</bean>

<bean id="tokenServices" class="org.springframework.security.oauth2.provider.token.InMemoryOAuth2ProviderTokenServices">
    <property name="supportRefreshToken" value="true"/>
</bean>

<bean id="clientDetailsService" class="org.springframework.security.oauth2.provider.InMemoryClientDetailsService">
    <property name="clientDetailsStore">
        <map>
            <entry key="tonr">
                <bean class="org.springframework.security.oauth2.provider.BaseClientDetails">
                    <property name="clientId" value="tonr"/>
                    <property name="authorizedGrantTypes">
                        <list>
                            <value>authorization_code</value>
                            <value>refresh_token</value>
                        </list>
                    </property>
                </bean>
            </entry>
        </map>
    </property>
</bean>

<bean id="verificationCodeServices" class="org.springframework.security.oauth2.provider.verification.InMemoryVerificationCodeServices"/>

<bean id="oauth2VerificationAuthenticationProvider" class="org.springframework.security.oauth2.provider.verification.VerificationCodeAuthenticationProvider">
    <property name="verificationServices" ref="verificationCodeServices"/>
</bean>

<bean id="oauth2AccessGrantAuthenticationProvider" class="org.springframework.security.oauth2.provider.AccessGrantAuthenticationProvider">
    <property name="clientDetailsService" ref="clientDetailsService"/>
</bean>

<bean id="oauth2RefreshAuthenticationProvider" class="org.springframework.security.oauth2.provider.refresh.RefreshAuthenticationProvider"/>

Note that the services (client, token, verification code) are just the supplied in memory versions. You'll need to create your own versions to be persistent.

Finally, you need to tie the providers into your authentication manager:

<bean id="authenticationManager" class="org.springframework.security.authentication.ProviderManager">
        <property name="providers">
            <list>
                <ref local="daoAuthenticationProvider"/>
                <ref local="oauth2AccessGrantAuthenticationProvider"/>
                <ref local="oauth2VerificationAuthenticationProvider"/>
                <ref local="oauth2RefreshAuthenticationProvider"/>
                <bean class="org.springframework.security.authentication.AnonymousAuthenticationProvider">
                    <property name="key" value="mykey"/>
                </bean>
            </list>
        </property>
    </bean>
回复 原文
情释 2024-10-31 09:40:39

以下是在我的基于命名空间的 OAuth 2.0 提供程序配置中为我触发的过滤器。您可以通过设置命名空间并在 Spring Security 上打开调试日志记录来获取它们。

firing Filter: 'BasicUserApprovalFilter'
firing Filter: 'SecurityContextPersistenceFilter'
firing Filter: 'LogoutFilter'
firing Filter: 'UsernamePasswordAuthenticationFilter'
firing Filter: 'BasicAuthenticationFilter'
firing Filter: 'RequestCacheAwareFilter'
firing Filter: 'SecurityContextHolderAwareRequestFilter'
firing Filter: 'AnonymousAuthenticationFilter'
firing Filter: 'SessionManagementFilter'
firing Filter: 'ExceptionTranslationFilter'
firing Filter: 'OAuth2ExceptionHandlerFilter'
firing Filter: 'VerificationCodeFilter'
firing Filter: 'OAuth2AuthorizationFilter'
firing Filter: 'OAuth2ProtectedResourceFilter'
firing Filter: 'FilterSecurityInterceptor'

Here are the filters that are firing for me in my namespace-based OAuth 2.0 provider config. You can get them by setting up namespace and turning on debug logging on spring security.

firing Filter: 'BasicUserApprovalFilter'
firing Filter: 'SecurityContextPersistenceFilter'
firing Filter: 'LogoutFilter'
firing Filter: 'UsernamePasswordAuthenticationFilter'
firing Filter: 'BasicAuthenticationFilter'
firing Filter: 'RequestCacheAwareFilter'
firing Filter: 'SecurityContextHolderAwareRequestFilter'
firing Filter: 'AnonymousAuthenticationFilter'
firing Filter: 'SessionManagementFilter'
firing Filter: 'ExceptionTranslationFilter'
firing Filter: 'OAuth2ExceptionHandlerFilter'
firing Filter: 'VerificationCodeFilter'
firing Filter: 'OAuth2AuthorizationFilter'
firing Filter: 'OAuth2ProtectedResourceFilter'
firing Filter: 'FilterSecurityInterceptor'
回复 原文
~没有更多了~

关于作者

゛时过境迁

暂无简介

0 文章
0 评论
21 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

烙印

文章 0 评论 0

singlesman

文章 0 评论 0

给自己一个微笑

文章 0 评论 0

独孤求败

文章 0 评论 0

晨钟暮鼓

文章 0 评论 0

我是自愿种绣球花的

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文