gpt4 book ai didi

spring - 具有 spring boot 和 jHipster 的多个资源服务器的 OAuth2 SSO

转载 作者:行者123 更新时间:2023-12-04 07:21:23 27 4
gpt4 key购买 nike

所以,我有一个 oAuth2 应用程序,它是 jHipster 应用程序(使用 mongodb)。我想将 3 个资源应用程序连接到该应用程序,但它们都应该共享相同的用户群,以便用户只能登录一次。

有没有办法用 jHipster 在 Spring Boot 中配置多个资源,这样它就不会作为一个单独的客户端,在访问资源之前需要用户名和密码?

以及如何为每个资源服务器指定用户角色?

所有的应用程序都基于 spring-boot。

下图是我试图完成的工作的简单 View 。

enter image description here

所以 OAuth2 应用有授权服务器配置:

@Configuration
@EnableAuthorizationServer
protected static class AuthorizationServerConfiguration extends
AuthorizationServerConfigurerAdapter implements EnvironmentAware {

private static final String ENV_OAUTH = "authentication.oauth.";
private static final String PROP_CLIENTID = "clientid";
private static final String PROP_SECRET = "secret";
private static final String PROP_TOKEN_VALIDITY_SECONDS = "tokenValidityInSeconds";

private RelaxedPropertyResolver propertyResolver;

@Inject
private OAuth2AccessTokenRepository oAuth2AccessTokenRepository;

@Inject
private OAuth2RefreshTokenRepository oAuth2RefreshTokenRepository;

@Bean
public TokenStore tokenStore() {
return new MongoDBTokenStore(oAuth2AccessTokenRepository,
oAuth2RefreshTokenRepository);
}

@Inject
@Qualifier("authenticationManagerBean")
private AuthenticationManager authenticationManager;

@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints)
throws Exception {

endpoints.tokenStore(tokenStore()).authenticationManager(
authenticationManager);
}

@Override
public void configure(ClientDetailsServiceConfigurer clients)
throws Exception {
clients.inMemory()
.withClient("app-auth")
.scopes("read", "write")
.authorities(AuthoritiesConstants.ADMIN, AuthoritiesConstants.USER)
.authorizedGrantTypes("password", "refresh_token")
.secret(propertyResolver.getProperty(PROP_SECRET))
.accessTokenValiditySeconds(propertyResolver.getProperty(PROP_TOKEN_VALIDITY_SECONDS, Integer.class, 1800))

.and()

.withClient("app-A")
.scopes("read", "write")
.authorities(AuthoritiesConstants.ADMIN,AuthoritiesConstants.USER)
.authorizedGrantTypes("password", "refresh_token")
.secret(propertyResolver.getProperty(PROP_SECRET))
.accessTokenValiditySeconds(propertyResolver.getProperty(PROP_TOKEN_VALIDITY_SECONDS, Integer.class, 1800))

.and()

.withClient("app-A")
.scopes("read", "write")
.authorities(AuthoritiesConstants.ADMIN,AuthoritiesConstants.USER)
.authorizedGrantTypes("password", "refresh_token")
.secret(propertyResolver.getProperty(PROP_SECRET))
.accessTokenValiditySeconds(propertyResolver.getProperty(PROP_TOKEN_VALIDITY_SECONDS, Integer.class, 1800))

.and()

.withClient("app-C")
.scopes("read", "write")
.authorities(AuthoritiesConstants.ADMIN,AuthoritiesConstants.USER)
.authorizedGrantTypes("password", "refresh_token")
.secret(propertyResolver.getProperty(PROP_SECRET))
.accessTokenValiditySeconds(propertyResolver.getProperty(PROP_TOKEN_VALIDITY_SECONDS, Integer.class, 1800));


}

@Override
public void setEnvironment(Environment environment) {
this.propertyResolver = new RelaxedPropertyResolver(environment,
ENV_OAUTH);
}
}

OAuth2 应用程序还具有资源服务器配置:
@Configuration
@EnableResourceServer
protected static class ResourceServerConfiguration extends
ResourceServerConfigurerAdapter {

@Inject
private Http401UnauthorizedEntryPoint authenticationEntryPoint;

@Inject
private AjaxLogoutSuccessHandler ajaxLogoutSuccessHandler;

@Override
public void configure(HttpSecurity http) throws Exception {
http.exceptionHandling()
.authenticationEntryPoint(authenticationEntryPoint)
.and()
.logout()
.logoutUrl("/api/logout")
.logoutSuccessHandler(ajaxLogoutSuccessHandler)
.and()
.csrf()
.requireCsrfProtectionMatcher(
new AntPathRequestMatcher("/oauth/authorize"))
.disable().headers().frameOptions().disable()
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and().authorizeRequests().antMatchers("/api/authenticate")
.permitAll().antMatchers("/api/register").permitAll()
.antMatchers("/api/logs/**")
.hasAnyAuthority(AuthoritiesConstants.ADMIN)
.antMatchers("/api/**").authenticated()
.antMatchers("/metrics/**")
.hasAuthority(AuthoritiesConstants.ADMIN)
.antMatchers("/health/**")
.hasAuthority(AuthoritiesConstants.ADMIN)
.antMatchers("/trace/**")
.hasAuthority(AuthoritiesConstants.ADMIN)
.antMatchers("/dump/**")
.hasAuthority(AuthoritiesConstants.ADMIN)
.antMatchers("/shutdown/**")
.hasAuthority(AuthoritiesConstants.ADMIN)
.antMatchers("/beans/**")
.hasAuthority(AuthoritiesConstants.ADMIN)
.antMatchers("/configprops/**")
.hasAuthority(AuthoritiesConstants.ADMIN)
.antMatchers("/info/**")
.hasAuthority(AuthoritiesConstants.ADMIN)
.antMatchers("/autoconfig/**")
.hasAuthority(AuthoritiesConstants.ADMIN)
.antMatchers("/env/**")
.hasAuthority(AuthoritiesConstants.ADMIN)
.antMatchers("/trace/**")
.hasAuthority(AuthoritiesConstants.ADMIN)
.antMatchers("/api-docs/**")
.hasAuthority(AuthoritiesConstants.ADMIN)
.antMatchers("/protected/**").authenticated();
}
}

以及 App A 上的资源服务器(B 和 C 几乎相同):
@Configuration
@EnableResourceServer
protected static class ResourceServer extends ResourceServerConfigurerAdapter {

@Override
public void configure(HttpSecurity http) throws Exception {
http.requestMatchers().antMatchers("/api/**")
.and()
.authorizeRequests()
.antMatchers(HttpMethod.OPTIONS, "/**").permitAll()
.antMatchers(HttpMethod.GET, "/**").access("#oauth2.hasScope('read')")
.antMatchers(HttpMethod.PATCH, "/**").access("#oauth2.hasScope('write')")
.antMatchers(HttpMethod.POST, "/**").access("#oauth2.hasScope('write')")
.antMatchers(HttpMethod.PUT, "/**").access("#oauth2.hasScope('write')")
.antMatchers(HttpMethod.DELETE, "/**").access("#oauth2.hasScope('write')");
}

@Override
public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
resources.resourceId("app-A");
}

}

最佳答案

@EnableResourceServer默认情况下,注释会保护您的所有资源(如果同一应用程序中有授权服务器,则 AuthorizationEndpoint 显式忽略或公开的资源除外)。

如果你想在同一个应用程序中设置多个资源服务器,你可以这样做:

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfiguration;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;

import java.util.Collections;
import java.util.List;

@Configuration
public class ResourceServersConfig {

@Bean
protected ResourceServerConfiguration adminResources() {
ResourceServerConfiguration resource = new ResourceServerConfiguration() {
public void setConfigurers(List<ResourceServerConfigurer> configurers) {
super.setConfigurers(configurers);
}
};
resource.setConfigurers(Collections.<ResourceServerConfigurer>singletonList(new ResourceServerConfigurerAdapter() {
@Override
public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
resources.resourceId("admin-resources");
}

@Override
public void configure(HttpSecurity http) throws Exception {
http.antMatcher("/rest/admin/**").authorizeRequests().anyRequest()
.access("#oauth2.hasScope('administration') and #oauth2.clientHasRole('admin')");
}
}));
resource.setOrder(3);
return resource;
}

@Bean
protected ResourceServerConfiguration userResources() {
ResourceServerConfiguration resource = new ResourceServerConfiguration() {
public void setConfigurers(List<ResourceServerConfigurer> configurers) {
super.setConfigurers(configurers);
}
};
resource.setConfigurers(Collections.<ResourceServerConfigurer>singletonList(new ResourceServerConfigurerAdapter() {
@Override
public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
resources.resourceId("user-resources");
}

@Override
public void configure(HttpSecurity http) throws Exception {
http.antMatcher("/rest/user/**").authorizeRequests().anyRequest()
.access("#oauth2.hasAnyScope('offer','order') and #oauth2.clientHasRole('user')");
}
}));
resource.setOrder(4);
return resource;
}

}

请看 Dave Syer's example .

关于spring - 具有 spring boot 和 jHipster 的多个资源服务器的 OAuth2 SSO,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/28861189/

27 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com