# OAuth2.0 客户端
OAuth2.0 客户机特性为OAuth2.0 授权框架 (opens new window)中定义的客户机角色提供支持。
在高层次上,可用的核心特性是:
授权赠款支助
客户端身份验证支持
HTTP 客户端支持
- [
WebClient
用于反应性环境的集成](#OAuth2client-webclient-webflux)(用于请求受保护的资源)
ServerHttpSecurity.oauth2Client()
DSL 为定制 OAuth2.0 客户端使用的核心组件提供了许多配置选项。
以下代码显示了ServerHttpSecurity.oauth2Client()
DSL 提供的完整配置选项:
例 1。OAuth2 客户端配置选项
爪哇
@EnableWebFluxSecurity
public class OAuth2ClientSecurityConfig {
@Bean
public SecurityWebFilterChain securityWebFilterChain(ServerHttpSecurity http) {
http
.oauth2Client(oauth2 -> oauth2
.clientRegistrationRepository(this.clientRegistrationRepository())
.authorizedClientRepository(this.authorizedClientRepository())
.authorizationRequestRepository(this.authorizationRequestRepository())
.authenticationConverter(this.authenticationConverter())
.authenticationManager(this.authenticationManager())
);
return http.build();
}
}
Kotlin
@EnableWebFluxSecurity
class OAuth2ClientSecurityConfig {
@Bean
fun securityFilterChain(http: ServerHttpSecurity): SecurityWebFilterChain {
return http {
oauth2Client {
clientRegistrationRepository = clientRegistrationRepository()
authorizedClientRepository = authorizedClientRepository()
authorizationRequestRepository = authorizedRequestRepository()
authenticationConverter = authenticationConverter()
authenticationManager = authenticationManager()
}
}
}
}
ReactiveOAuth2AuthorizedClientManager
负责与一个或多个ReactiveOAuth2AuthorizedClientProvider
协作管理 OAuth2.0 客户端的授权(或重新授权)。
下面的代码显示了如何注册ReactiveOAuth2AuthorizedClientManager``@Bean
并将其与ReactiveOAuth2AuthorizedClientProvider
复合相关联的示例,该复合提供对authorization_code
、refresh_token
、client_credentials
和password
授权授予类型的支持:
爪哇
@Bean
public ReactiveOAuth2AuthorizedClientManager authorizedClientManager(
ReactiveClientRegistrationRepository clientRegistrationRepository,
ServerOAuth2AuthorizedClientRepository authorizedClientRepository) {
ReactiveOAuth2AuthorizedClientProvider authorizedClientProvider =
ReactiveOAuth2AuthorizedClientProviderBuilder.builder()
.authorizationCode()
.refreshToken()
.clientCredentials()
.password()
.build();
DefaultReactiveOAuth2AuthorizedClientManager authorizedClientManager =
new DefaultReactiveOAuth2AuthorizedClientManager(
clientRegistrationRepository, authorizedClientRepository);
authorizedClientManager.setAuthorizedClientProvider(authorizedClientProvider);
return authorizedClientManager;
}
Kotlin
@Bean
fun authorizedClientManager(
clientRegistrationRepository: ReactiveClientRegistrationRepository,
authorizedClientRepository: ServerOAuth2AuthorizedClientRepository): ReactiveOAuth2AuthorizedClientManager {
val authorizedClientProvider: ReactiveOAuth2AuthorizedClientProvider = ReactiveOAuth2AuthorizedClientProviderBuilder.builder()
.authorizationCode()
.refreshToken()
.clientCredentials()
.password()
.build()
val authorizedClientManager = DefaultReactiveOAuth2AuthorizedClientManager(
clientRegistrationRepository, authorizedClientRepository)
authorizedClientManager.setAuthorizedClientProvider(authorizedClientProvider)
return authorizedClientManager
}