Spring Boot整合OAuth2，附详细注释

import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
import org.springframework.security.oauth2.core.AuthorizationGrantType;
import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
 
@Configuration
public class OAuth2ClientConfig {
 
    private final ClientRegistrationRepository clientRegistrationRepository;
 
    public OAuth2ClientConfig(ClientRegistrationRepository clientRegistrationRepository) {
        this.clientRegistrationRepository = clientRegistrationRepository;
    }
 
    // 使用WebSecurityConfigurerAdapter来自定义OAuth2客户端的安全配置
    @Configuration
    public static class OAuth2LoginSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {
 
        // 注册OAuth2客户端
        protected void configure(HttpSecurity http) throws Exception {
            http
              .authorizeRequests()
                // 允许对/login进行匿名访问，这是OAuth2登录流程的一部分
                .antMatchers("/login").permitAll()
                .anyRequest().authenticated()
              .and()
              .oauth2Login()
                // 自定义客户端配置，例如授权类型和认证方法
                .clientRegistrationRepository(clientRegistrationRepository)
                .authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
                .clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_BASIC);
        }
    }
}

这段代码定义了一个配置类OAuth2ClientConfig，其中包含一个静态嵌套配置类OAuth2LoginSecurityConfigurerAdapter，用于配置Spring Security和OAuth2客户端登录。它设置了允许对/login路径的匿名访问，并配置了OAuth2客户端的注册、授权类型和客户端认证方法。这是一个典型的Spring Boot整合OAuth2的例子，并且代码被详细的注释。