spring-security-oauth2-authorization-serverSpringBoot3.1.3整合
warning:
这篇文章距离上次修改已过421天,其中的内容可能已经有所变动。
在Spring Boot 3.1.3中整合Spring Security OAuth 2.x Authorization Server,你需要做以下几步:
添加依赖:
确保你的
pom.xml包含Spring Security和Spring Security OAuth 2.x Authorization Server的依赖。
<dependencies>
<!-- Spring Security -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<!-- Spring Security OAuth 2.x Authorization Server -->
<dependency>
<groupId>org.springframework.security.oauth.boot</groupId>
<artifactId>spring-security-oauth2-authorization-server</artifactId>
</dependency>
</dependencies>配置OAuth 2.0 Authorization Server:
在你的
application.properties或application.yml中配置OAuth 2.0服务器。
spring:
security:
oauth2:
client:
registration:
my-client:
client-id: client-id
client-secret: client-secret
authorization-grant-type: authorization_code
redirect-uri: "{baseUrl}/login/oauth2/code/{registrationId}"
scope: openid, profile, email
provider:
my-provider:
authorization-uri: https://authorization-server/oauth2/authorize
token-uri: https://authorization-server/oauth2/token
user-info-uri: https://authorization-server/oauth2/userinfo
user-name-attribute: sub
authorization:
server:
authorization-code-grant-type:
token-time-to-live: 10m
authorization-code-time-to-live: 5m配置Security:
创建一个
SecurityConfig类来配置你的安全设置。
@EnableWebSecurity
public class SecurityConfig {
@Bean
SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
http
.authorizeHttpRequests(authorize -> authorize
.anyRequest().authenticated()
)
.oauth2Login();
return http.build();
}
}配置Client Registration:
在
application.properties或application.yml中配置客户端注册信息。
@Configuration
public class ClientRegistrationConfig {
@Bean
ClientRegistration clientRegistration() {
return ClientRegistration.withRegistrationId("my-client")
.clientId("client-id")
.clientSecret("client-secret")
.clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_BASIC)
.authorizationGrantType(
评论已关闭