# 授权客户功能
# 解决授权客户
@RegisteredOAuth2AuthorizedClient注释提供了将方法参数解析为OAuth2AuthorizedClient类型的参数值的功能。与使用OAuth2AuthorizedClientManager或OAuth2AuthorizedClientService访问OAuth2AuthorizedClient相比,这是一种方便的替代方法。
Java
@Controller
public class OAuth2ClientController {
@GetMapping("/")
public String index(@RegisteredOAuth2AuthorizedClient("okta") OAuth2AuthorizedClient authorizedClient) {
OAuth2AccessToken accessToken = authorizedClient.getAccessToken();
...
return "index";
}
}
Kotlin
@Controller
class OAuth2ClientController {
@GetMapping("/")
fun index(@RegisteredOAuth2AuthorizedClient("okta") authorizedClient: OAuth2AuthorizedClient): String {
val accessToken = authorizedClient.accessToken
...
return "index"
}
}
@RegisteredOAuth2AuthorizedClient注释由OAuth2AuthorizedClientArgumentResolver处理,它直接使用[OAuth2AuthorizedClientManager](core.html#oAuth2client-authorized-manager-provider),因此继承了它的功能。
# 用于 Servlet 环境的WebClient集成
OAuth2.0客户端支持使用ExchangeFilterFunction与WebClient集成。
ServletOAuth2AuthorizedClientExchangeFilterFunction提供了一种简单的机制,通过使用OAuth2AuthorizedClient请求受保护的资源,并将相关的OAuth2AccessToken作为承载令牌。它直接使用[OAuth2AuthorizedClientManager](core.html#OAuth2client-authorized-manager-provider),因此继承了以下功能:
如果客户端尚未获得授权,则将请求
OAuth2AccessToken。authorization_code-触发授权请求重定向以初始化流client_credentials-访问令牌是直接从令牌端点获得的password-访问令牌是直接从令牌端点获得的
如果
OAuth2AccessToken过期,如果OAuth2AuthorizedClientProvider可用于执行授权,则将刷新(或更新)该权限
下面的代码展示了如何使用OAuth2.0客户端支持配置WebClient的示例:
Java
@Bean
WebClient webClient(OAuth2AuthorizedClientManager authorizedClientManager) {
ServletOAuth2AuthorizedClientExchangeFilterFunction oauth2Client =
new ServletOAuth2AuthorizedClientExchangeFilterFunction(authorizedClientManager);
return WebClient.builder()
.apply(oauth2Client.oauth2Configuration())
.build();
}
Kotlin
@Bean
fun webClient(authorizedClientManager: OAuth2AuthorizedClientManager?): WebClient {
val oauth2Client = ServletOAuth2AuthorizedClientExchangeFilterFunction(authorizedClientManager)
return WebClient.builder()
.apply(oauth2Client.oauth2Configuration())
.build()
}
# 提供授权客户
通过解析ClientRequest.attributes()(请求属性)中的OAuth2AuthorizedClient,ServletOAuth2AuthorizedClientExchangeFilterFunction确定要使用的客户机(用于请求)。
下面的代码展示了如何将OAuth2AuthorizedClient设置为请求属性:
Java
@GetMapping("/")
public String index(@RegisteredOAuth2AuthorizedClient("okta") OAuth2AuthorizedClient authorizedClient) {
String resourceUri = ...
String body = webClient
.get()
.uri(resourceUri)
.attributes(oauth2AuthorizedClient(authorizedClient)) (1)
.retrieve()
.bodyToMono(String.class)
.block();
...
return "index";
}
Kotlin
@GetMapping("/")
fun index(@RegisteredOAuth2AuthorizedClient("okta") authorizedClient: OAuth2AuthorizedClient): String {
val resourceUri: String = ...
val body: String = webClient
.get()
.uri(resourceUri)
.attributes(oauth2AuthorizedClient(authorizedClient)) (1)
.retrieve()
.bodyToMono()
.block()
...
return "index"
}
| 1 | oauth2AuthorizedClient()是static中的一个static方法。 |
|---|
下面的代码展示了如何将ClientRegistration.getRegistrationId()设置为请求属性:
Java
@GetMapping("/")
public String index() {
String resourceUri = ...
String body = webClient
.get()
.uri(resourceUri)
.attributes(clientRegistrationId("okta")) (1)
.retrieve()
.bodyToMono(String.class)
.block();
...
return "index";
}
Kotlin
@GetMapping("/")
fun index(): String {
val resourceUri: String = ...
val body: String = webClient
.get()
.uri(resourceUri)
.attributes(clientRegistrationId("okta")) (1)
.retrieve()
.bodyToMono()
.block()
...
return "index"
}
| 1 | clientRegistrationId()是static中的一个static方法。 |
|---|
# 对授权客户违约
如果OAuth2AuthorizedClient或ClientRegistration.getRegistrationId()都不作为请求属性提供,则ServletOAuth2AuthorizedClientExchangeFilterFunction可以根据其配置来确定要使用的默认值客户端。
如果setDefaultOAuth2AuthorizedClient(true)被配置并且用户已经使用HttpSecurity.oauth2Login()进行了身份验证,则使用与当前OAuth2AccessToken关联的OAuth2AccessToken。
以下代码显示了具体的配置:
Java
@Bean
WebClient webClient(OAuth2AuthorizedClientManager authorizedClientManager) {
ServletOAuth2AuthorizedClientExchangeFilterFunction oauth2Client =
new ServletOAuth2AuthorizedClientExchangeFilterFunction(authorizedClientManager);
oauth2Client.setDefaultOAuth2AuthorizedClient(true);
return WebClient.builder()
.apply(oauth2Client.oauth2Configuration())
.build();
}
Kotlin
@Bean
fun webClient(authorizedClientManager: OAuth2AuthorizedClientManager?): WebClient {
val oauth2Client = ServletOAuth2AuthorizedClientExchangeFilterFunction(authorizedClientManager)
oauth2Client.setDefaultOAuth2AuthorizedClient(true)
return WebClient.builder()
.apply(oauth2Client.oauth2Configuration())
.build()
}
| 由于所有HTTP请求都将接收访问令牌,因此建议对此功能保持谨慎。 |
|---|
或者,如果setDefaultClientRegistrationId("okta")被配置为有效的ClientRegistration,则使用与OAuth2AuthorizedClient关联的OAuth2AccessToken。
以下代码显示了具体的配置:
Java
@Bean
WebClient webClient(OAuth2AuthorizedClientManager authorizedClientManager) {
ServletOAuth2AuthorizedClientExchangeFilterFunction oauth2Client =
new ServletOAuth2AuthorizedClientExchangeFilterFunction(authorizedClientManager);
oauth2Client.setDefaultClientRegistrationId("okta");
return WebClient.builder()
.apply(oauth2Client.oauth2Configuration())
.build();
}
Kotlin
@Bean
fun webClient(authorizedClientManager: OAuth2AuthorizedClientManager?): WebClient {
val oauth2Client = ServletOAuth2AuthorizedClientExchangeFilterFunction(authorizedClientManager)
oauth2Client.setDefaultClientRegistrationId("okta")
return WebClient.builder()
.apply(oauth2Client.oauth2Configuration())
.build()
}
| 由于所有HTTP请求都将接收访问令牌,因此建议对此功能保持谨慎。 |
|---|