# OAuth2.0客户端
OAuth2.0客户机特性为OAuth2.0授权框架 (opens new window)中定义的客户机角色提供支持。
在高层次上,可用的核心特性是:
授权赠款支助
客户端身份验证支持
HTTP客户端支持
- [
WebClientServlet 环境的集成](授权-clients.html#OAuth2client-Webclient- Servlet)(用于请求受保护的资源)
HttpSecurity.oauth2Client()DSL为定制OAuth2.0客户端使用的核心组件提供了许多配置选项。此外,HttpSecurity.oauth2Client().authorizationCodeGrant()实现了对授权代码授权的定制。
以下代码显示了HttpSecurity.oauth2Client()DSL提供的完整配置选项:
例1. OAuth2客户端配置选项
Java
@EnableWebSecurity
public class OAuth2ClientSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.oauth2Client(oauth2 -> oauth2
.clientRegistrationRepository(this.clientRegistrationRepository())
.authorizedClientRepository(this.authorizedClientRepository())
.authorizedClientService(this.authorizedClientService())
.authorizationCodeGrant(codeGrant -> codeGrant
.authorizationRequestRepository(this.authorizationRequestRepository())
.authorizationRequestResolver(this.authorizationRequestResolver())
.accessTokenResponseClient(this.accessTokenResponseClient())
)
);
}
}
Kotlin
@EnableWebSecurity
class OAuth2ClientSecurityConfig : WebSecurityConfigurerAdapter() {
override fun configure(http: HttpSecurity) {
http {
oauth2Client {
clientRegistrationRepository = clientRegistrationRepository()
authorizedClientRepository = authorizedClientRepository()
authorizedClientService = authorizedClientService()
authorizationCodeGrant {
authorizationRequestRepository = authorizationRequestRepository()
authorizationRequestResolver = authorizationRequestResolver()
accessTokenResponseClient = accessTokenResponseClient()
}
}
}
}
}
除了HttpSecurity.oauth2Client()DSL之外,还支持XML配置。
以下代码显示了安全命名空间中可用的完整配置选项:
例2. OAuth2客户机XML配置选项
<http>
<oauth2-client client-registration-repository-ref="clientRegistrationRepository"
authorized-client-repository-ref="authorizedClientRepository"
authorized-client-service-ref="authorizedClientService">
<authorization-code-grant
authorization-request-repository-ref="authorizationRequestRepository"
authorization-request-resolver-ref="authorizationRequestResolver"
access-token-response-client-ref="accessTokenResponseClient"/>
</oauth2-client>
</http>
OAuth2AuthorizedClientManager负责与一个或多个OAuth2AuthorizedClientProvider协作管理OAuth2.0客户端的授权(或重新授权)。
下面的代码展示了如何注册OAuth2AuthorizedClientManager``@Bean并将其与OAuth2AuthorizedClientProvider复合相关联的示例,该复合提供对authorization_code、refresh_token、client_credentials和password授权授予类型的支持:
Java
@Bean
public OAuth2AuthorizedClientManager authorizedClientManager(
ClientRegistrationRepository clientRegistrationRepository,
OAuth2AuthorizedClientRepository authorizedClientRepository) {
OAuth2AuthorizedClientProvider authorizedClientProvider =
OAuth2AuthorizedClientProviderBuilder.builder()
.authorizationCode()
.refreshToken()
.clientCredentials()
.password()
.build();
DefaultOAuth2AuthorizedClientManager authorizedClientManager =
new DefaultOAuth2AuthorizedClientManager(
clientRegistrationRepository, authorizedClientRepository);
authorizedClientManager.setAuthorizedClientProvider(authorizedClientProvider);
return authorizedClientManager;
}
Kotlin
@Bean
fun authorizedClientManager(
clientRegistrationRepository: ClientRegistrationRepository,
authorizedClientRepository: OAuth2AuthorizedClientRepository): OAuth2AuthorizedClientManager {
val authorizedClientProvider: OAuth2AuthorizedClientProvider = OAuth2AuthorizedClientProviderBuilder.builder()
.authorizationCode()
.refreshToken()
.clientCredentials()
.password()
.build()
val authorizedClientManager = DefaultOAuth2AuthorizedClientManager(
clientRegistrationRepository, authorizedClientRepository)
authorizedClientManager.setAuthorizedClientProvider(authorizedClientProvider)
return authorizedClientManager
}