gpt4 book ai didi

spring - 在 Spring Security OAuth 中,您如何将 passwordEncoder 用于客户端 secret ?

转载 作者:行者123 更新时间:2023-12-04 14:57:57 30 4
gpt4 key购买 nike

使用 Spring Security Oauth2 时,我正在尝试对存储在数据库中的客户端 secret 进行 BCrypt 加密。我可以看到 JdbcClientDetailsService有一个 setPasswordEncoder方法(如 mentioned in this question )。然而,ClientDetailsServiceConfigurerAuthorizationServerConfigurerAdapter没有显示任何明显的设置密码编码器的方法。有谁知道如何做到这一点?我已经包含了授权服务器配置:

@Configuration
@EnableAuthorizationServer
public static class AuthorizationServerConfiguration extends AuthorizationServerConfigurerAdapter {

@Autowired
private DataSource dataSource;
@Autowired
private PasswordEncoder passwordEncoder;
@Autowired
private TokenStore tokenStore;
@Autowired
private UserApprovalHandler userApprovalHandler;
@Autowired
private ClientDetailsService clientDetailsService;
@Autowired
private AuthenticationManager authenticationManager;

@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients.jdbc(dataSource);
}

@Bean
public TokenStore tokenStore() {
return new JdbcTokenStore(dataSource);
}

@Bean
public TokenApprovalStore tokenApprovalStore() {
TokenApprovalStore tokenApprovalStore = new TokenApprovalStore();
tokenApprovalStore.setTokenStore(tokenStore);
return tokenApprovalStore;
}

@Bean
public UserApprovalHandler userApprovalHandler() {
LocalUserApprovalHandler handler = new LocalUserApprovalHandler();
handler.setApprovalStore(tokenApprovalStore());
handler.setRequestFactory(new DefaultOAuth2RequestFactory(clientDetailsService));
handler.setClientDetailsService(clientDetailsService);
handler.setUseApprovalStore(true);
return handler;
}

@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) {
endpoints.tokenStore(tokenStore)
.userApprovalHandler(userApprovalHandler)
.authenticationManager(authenticationManager);
}


@Override
public void configure(AuthorizationServerSecurityConfigurer oauthServer) {
oauthServer.realm("abcdefgh/client");
}

}

最佳答案

从 2.0.5 版开始,passwordEncoder(...)方法现在可用于 ClientDetailsServiceConfigurerAuthorizationServerSecurityConfigurer , 在扩展 AuthorizationServerConfigurerAdapter 时可用.使用相同的 PasswordEncoder两者的实现和配置都相对容易。

关于spring - 在 Spring Security OAuth 中,您如何将 passwordEncoder 用于客户端 secret ?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/26862444/

30 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com