# OAuth2.0客户端

OAuth2.0客户机特性为OAuth2.0授权框架 (opens new window)中定义的客户机角色提供支持。

在高层次上,可用的核心特性是:

授权赠款支助

客户端身份验证支持

HTTP客户端支持

  • [WebClient Servlet 环境的集成](授权-clients.html#OAuth2client-Webclient- Servlet)(用于请求受保护的资源)

HttpSecurity.oauth2Client()DSL为定制OAuth2.0客户端使用的核心组件提供了许多配置选项。此外,HttpSecurity.oauth2Client().authorizationCodeGrant()实现了对授权代码授权的定制。

以下代码显示了HttpSecurity.oauth2Client()DSL提供的完整配置选项:

例1. OAuth2客户端配置选项

Java

@EnableWebSecurity
public class OAuth2ClientSecurityConfig extends WebSecurityConfigurerAdapter {

	@Override
	protected void configure(HttpSecurity http) throws Exception {
		http
			.oauth2Client(oauth2 -> oauth2
				.clientRegistrationRepository(this.clientRegistrationRepository())
				.authorizedClientRepository(this.authorizedClientRepository())
				.authorizedClientService(this.authorizedClientService())
				.authorizationCodeGrant(codeGrant -> codeGrant
					.authorizationRequestRepository(this.authorizationRequestRepository())
					.authorizationRequestResolver(this.authorizationRequestResolver())
					.accessTokenResponseClient(this.accessTokenResponseClient())
				)
			);
	}
}

Kotlin

@EnableWebSecurity
class OAuth2ClientSecurityConfig : WebSecurityConfigurerAdapter() {

    override fun configure(http: HttpSecurity) {
        http {
            oauth2Client {
                clientRegistrationRepository = clientRegistrationRepository()
                authorizedClientRepository = authorizedClientRepository()
                authorizedClientService = authorizedClientService()
                authorizationCodeGrant {
                    authorizationRequestRepository = authorizationRequestRepository()
                    authorizationRequestResolver = authorizationRequestResolver()
                    accessTokenResponseClient = accessTokenResponseClient()
                }
            }
        }
    }
}

除了HttpSecurity.oauth2Client()DSL之外,还支持XML配置。

以下代码显示了安全命名空间中可用的完整配置选项:

例2. OAuth2客户机XML配置选项

<http>
	<oauth2-client client-registration-repository-ref="clientRegistrationRepository"
				   authorized-client-repository-ref="authorizedClientRepository"
				   authorized-client-service-ref="authorizedClientService">
		<authorization-code-grant
				authorization-request-repository-ref="authorizationRequestRepository"
				authorization-request-resolver-ref="authorizationRequestResolver"
				access-token-response-client-ref="accessTokenResponseClient"/>
	</oauth2-client>
</http>

OAuth2AuthorizedClientManager负责与一个或多个OAuth2AuthorizedClientProvider协作管理OAuth2.0客户端的授权(或重新授权)。

下面的代码展示了如何注册OAuth2AuthorizedClientManager``@Bean并将其与OAuth2AuthorizedClientProvider复合相关联的示例,该复合提供对authorization_coderefresh_tokenclient_credentialspassword授权授予类型的支持:

Java

@Bean
public OAuth2AuthorizedClientManager authorizedClientManager(
		ClientRegistrationRepository clientRegistrationRepository,
		OAuth2AuthorizedClientRepository authorizedClientRepository) {

	OAuth2AuthorizedClientProvider authorizedClientProvider =
			OAuth2AuthorizedClientProviderBuilder.builder()
					.authorizationCode()
					.refreshToken()
					.clientCredentials()
					.password()
					.build();

	DefaultOAuth2AuthorizedClientManager authorizedClientManager =
			new DefaultOAuth2AuthorizedClientManager(
					clientRegistrationRepository, authorizedClientRepository);
	authorizedClientManager.setAuthorizedClientProvider(authorizedClientProvider);

	return authorizedClientManager;
}

Kotlin

@Bean
fun authorizedClientManager(
        clientRegistrationRepository: ClientRegistrationRepository,
        authorizedClientRepository: OAuth2AuthorizedClientRepository): OAuth2AuthorizedClientManager {
    val authorizedClientProvider: OAuth2AuthorizedClientProvider = OAuth2AuthorizedClientProviderBuilder.builder()
            .authorizationCode()
            .refreshToken()
            .clientCredentials()
            .password()
            .build()
    val authorizedClientManager = DefaultOAuth2AuthorizedClientManager(
            clientRegistrationRepository, authorizedClientRepository)
    authorizedClientManager.setAuthorizedClientProvider(authorizedClientProvider)
    return authorizedClientManager
}

# 章节摘要

高级配置核心接口和类