【问题标题】:How do I configure a client Java application which must request a token from an authorization server using a 'password' grant type?如何配置必须使用“密码”授权类型从授权服务器请求令牌的客户端 Java 应用程序?
【发布时间】:2021-05-23 19:49:35
【问题描述】:

我需要使用 Maven 实现客户端 Java 应用程序,该应用程序从资源服务器发出请求。为了授权请求,必须在请求的标头中提供不记名令牌。要获得令牌,必须先完成另一个请求。服务器为我提供了发出令牌请求所需的所有参数:client_id、client_secret、用户名、密码等。令牌请求的 grant_type 是“密码”。

服务器基于 GraphQL,因此我使用以下 Maven 插件来生成执行 GraphQL 查询的 Java 类: https://github.com/graphql-java-generator/graphql-maven-plugin-project

他们提供了有关如何“访问 OAuth2 GraphQL 服务器”的教程: https://graphql-maven-plugin-project.graphql-java-generator.com/client_oauth2.html

正如他们在教程中提到的,为了连接到 OAuth 服务器,我必须使用 Spring。本教程解释了如何访问使用“client_credentials”授权类型的服务器。我不熟悉spring和spring-security,所以我没有设法将我的Spring客户端配置为'password'授权类型(我所做的只是在application.properties中将grant_type从'client_credentials'更改为'password') .需要在哪里配置用户名和密码?我需要做哪些额外的配置?没有春天有没有办法做到这一点?我想要获得的是从授权服务器请求令牌并(在后台)将令牌添加到资源请求的方式。

以下是我遵循教程的一段代码:

@SpringBootApplication(scanBasePackageClasses = { MinimalSpringApp.class, GraphQLConfiguration.class})
public class MinimalSpringApp implements CommandLineRunner
{
   /**
    * The executor, that allows to execute GraphQL queries. The class name is the one defined in the GraphQL schema.
    */
   @Autowired
   QueryExecutor queryExecutor;


   public static void main( String[] args )
   {
      SpringApplication.run( MinimalSpringApp.class, args );
   }


   /**
    * This method is started by Spring, once the Spring context has been loaded. This is run, as this class implements
    * {@link CommandLineRunner}
    */
   @Override
   public void run( String... args ) throws Exception
   {
// Create query
      GraphQLRequest softwareTechnologyRequest = queryExecutor.getSoftwareTechnologyGraphQLRequest( "{ id name }" );
      SoftwareTechnologyFilter filter = new SoftwareTechnologyFilter();

// Execute query
      List<SoftwareTechnology> technologies =
            queryExecutor.softwareTechnology( softwareTechnologyRequest, filter, 0, "", 1000, "", 0,
                  Collections.emptyList() );

      System.out.println( technologies );
   }

   @Bean
   ServerOAuth2AuthorizedClientExchangeFilterFunction serverOAuth2AuthorizedClientExchangeFilterFunction(
         ReactiveClientRegistrationRepository clientRegistrations) {
      ServerOAuth2AuthorizedClientExchangeFilterFunction oauth = new ServerOAuth2AuthorizedClientExchangeFilterFunction(
            clientRegistrations, new UnAuthenticatedServerOAuth2AuthorizedClientRepository());
      oauth.setDefaultClientRegistrationId("provider_test");
      return oauth;
   }

当我运行应用程序时,它会抛出由“401 Unauthorized from POST”引起的 IllegalStateException。

【问题讨论】:

    标签: java spring-boot maven oauth-2.0 graphql


    【解决方案1】:

    已解决

    我需要创建自己的客户端管理器 bean,其中设置了用户名和密码。 Spring 官方文档的“资源所有者密码凭据”部分有一个示例: https://docs.spring.io/spring-security/site/docs/5.2.0.RELEASE/reference/htmlsingle/#oauth2client

       @Bean
       public ReactiveOAuth2AuthorizedClientManager authorizedClientManager( ReactiveClientRegistrationRepository clientRegistrationRepository,
             ReactiveOAuth2AuthorizedClientService authorizedClientService)
       {
          ReactiveOAuth2AuthorizedClientProvider authorizedClientProvider =
                ReactiveOAuth2AuthorizedClientProviderBuilder.builder().password().refreshToken().build();
          AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager authorizedClientManager =
                new AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager( clientRegistrationRepository, authorizedClientService );
          authorizedClientManager.setAuthorizedClientProvider( authorizedClientProvider );
          authorizedClientManager.setContextAttributesMapper( contextAttributesMapper() );
          return authorizedClientManager;
       }
    
       private Function<OAuth2AuthorizeRequest, Mono<Map<String, Object>>> contextAttributesMapper()
       {
          return authorizeRequest -> {
             Map<String, Object> contextAttributes = new HashMap<>();
             contextAttributes.put( OAuth2AuthorizationContext.USERNAME_ATTRIBUTE_NAME, "username" );
             contextAttributes.put( OAuth2AuthorizationContext.PASSWORD_ATTRIBUTE_NAME, "password" );
             return Mono.just(contextAttributes);
          };
       }
    

    然后需要调整 graphql java generator plugin tutorial 中的 bean 才能使用提供的客户端管理器:

       @Bean
       ServerOAuth2AuthorizedClientExchangeFilterFunction serverOAuth2AuthorizedClientExchangeFilterFunction(
             ReactiveOAuth2AuthorizedClientManager authorizedClientManager) {
          ServerOAuth2AuthorizedClientExchangeFilterFunction oauth = new ServerOAuth2AuthorizedClientExchangeFilterFunction(
                authorizedClientManager);
          oauth.setDefaultClientRegistrationId("provider_test");
          return oauth;
       }
    

    【讨论】:

      猜你喜欢
      • 2020-06-24
      • 2021-04-07
      • 1970-01-01
      • 1970-01-01
      • 2013-08-23
      • 2020-01-24
      • 2018-05-28
      • 1970-01-01
      • 2017-02-22
      相关资源
      最近更新 更多