spring-boot - OAuth2 | ClientCredentialsResourceDetails |弃用

Question

我是 spring security 的新手，我遇到过使用 client_credentials 作为授权类型来实现 OAuth2。我正在使用下面的代码，但我得到的建议是 ClientCredentialsResourceDetails、OAuth2RestTemplate 和 OAuth2AccessToken 已被弃用。

有人可以帮忙解决这个问题吗？

 private String getAuthTocken(){
     final ClientCredentialsResourceDetails resourceDetails = new ClientCredentialsResourceDetails();
     resourceDetails.setClientId("ceapiClientId");
     resourceDetails.setClientSecret("ceapiClientSecret");
     resourceDetails.setGrantType("client_credentials");
     resourceDetails.setAccessTokenUri("https://auth.abcdcommerce.com/oauth-server/oauth/token");

     final OAuth2RestTemplate oAuth2RestTemplate = new OAuth2RestTemplate(resourceDetails);
     final OAuth2AccessToken accessToken = oAuth2RestTemplate.getAccessToken();

     final String accessTokenAsString = accessToken.getValue();
     return accessTokenAsString;
 } 

Answer 1

另一种方法是使用新的非阻塞 WebClient 或带有拦截器的 RestTemplate 来覆盖已弃用的 OAuthRestTemplate。 spring-security-oauth 工件中的所有内容都有生命终结路线图。

https://spring.io/blog/2019/11/14/spring-security-oauth-2-0-roadmap-update

https://github.com/spring-projects/spring-security/wiki/OAuth-2.0-Features-Matrix

迁移指南可以在这里找到，

https://github.com/spring-projects/spring-security/wiki/OAuth-2.0-Migration-Guide

来自迁移指南，

Spring Security chooses to favor composition and instead exposes an OAuth2AuthorizedClientService, which is useful for creating RestTemplateinterceptors or WebClient exchange filter functions. Spring Security provides ExchangeFilterFunction s for both Servlet- and WebFlux-based applications that both leverage this service.

这里有一个迁移示例，

https://github.com/jgrandja/spring-security-oauth-5-2-migrate