【发布时间】:2021-03-02 01:00:48
【问题描述】:
我创建了一个 Spring Boot 应用程序并使用 oauth2 进行身份验证。我找到了这个教程,它可以工作,但我不确定所提到的属性是什么。
https://medium.com/@bcarunmail/securing-rest-api-using-keycloak-and-spring-oauth2-6ddf3a1efcc2
这是我的属性文件:
rest.security.issuer-uri=http://localhost:8180/auth/realms/dev
security.oauth2.resource.id=employee-service
security.oauth2.resource.token-info-uri=${rest.security.issuer-uri}/protocol/openid-connect/token/introspect
security.oauth2.resource.user-info-uri=${rest.security.issuer-uri}/protocol/openid-connect/userinfo
security.oauth2.resource.jwt.key-value=-----BEGIN PUBLIC KEY-----MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtLXaZjNl+vVB58mjJUkNH4noJieFAWn8ny+ONkqD4Y/EDrx+6pEZynZjNxNcOylI9KU2YqiFVzbVJLsQ35+qWaxO1f0w3XLTnzZ78mV1fLRK8oOX5IpLdQip+VuuUvcwGGs9UfnCEhLc/Tq+AuRxuvT3xIBHAMG/P1ZlhAww9A6hqyYiLy5YBrrZQeFCqYKT/hCpoebeR8M0/iAjOaJ7+qV44Mp6xtYN0f8Xk5jy2k4fbXBgr/1yqsUDJjJuOeJDSRSPwu18NeR70ldbB0lLcpW15d7GTkGLTCTDUia9JbxRuI7tXX93md3LxEpJq224qKxiPTY/7cyxx/AKbEEnywIDAQAB-----END PUBLIC KEY-----
security.oauth2.client.client-id=employee-service
security.oauth2.client.client-secret=b0ea9376-778a-4dc9-b400-90118f32958c
security.oauth2.client.user-authorization-uri=${rest.security.issuer-uri}/protocol/openid-connect/auth
security.oauth2.client.access-token-uri=${rest.security.issuer-uri}/protocol/openid-connect/token
security.oauth2.client.scope=openid
security.oauth2.client.grant-type=client_credentials
(不要担心秘密,这个keycloak在我的本地主机上运行只是为了测试目的)
“客户端”是干什么用的?
“资源”是用来做什么的?
提前致谢。
【问题讨论】:
-
您能用您自己的话解释一下什么是 OAuth2 资源服务器,什么是 OAuth2 客户端吗?
标签: java spring-boot spring-security oauth-2.0