Spring Security——OAuth 2.0 Client自动配置源代码分析

基本概念

OAuth2.0：OAuth2.0是OAuth协议的延续版本，但不向前兼容OAuth 1.0(即完全废止了OAuth1.0)。 OAuth 2.0关注客户端开发者的简易性。要么通过组织在资源拥有者和HTTP服务商之间的被批准的交互动作代表用户，要么允许第三方应用代表用户获得访问的权限。同时为Web应用，桌面应用和手机，和起居室设备提供专门的认证流程。 

官方文档

https://docs.spring.io/spring-security/site/docs/5.2.3.RELEASE/reference/html5/#oauth2

Maven

        
            org.springframework.boot
            spring-boot-starter-oauth2-client
        
        
            org.springframework.boot
            spring-boot-starter-security
        
        
            org.springframework.boot
            spring-boot-starter-web
        

源代码分析

 用于OAuth客户端支持的Spring Boot 2.x自动配置类为OAuth2ClientAutoConfiguration。

功能： 

• 从配置的OAuth客户端属性中注册ClientRegistrationRepository @Bean由组成的ClientRegistration。
• 提供WebSecurityConfigurerAdapter @Configuration并通过启用OAuth 2.0登录httpSecurity.oauth2Login()。

 OAuth2ClientAutoConfiguration类中导入OAuth2ClientRegistrationRepositoryConfiguration类 和OAuth2WebSecurityConfiguration类。

OAuth2ClientRegistrationRepositoryConfiguration类  

OAuth2ClientProperties类

封装application.properties中spring.security.oauth2.client的配置信息

OAuth2ClientPropertiesRegistrationAdapter

整合预定义配置和自定义配置

 OAuth2WebSecurityConfiguration类 

自定义配置DEMO 

@Configuration
public class OAuth2LoginConfig {

    @EnableWebSecurity
    public static class OAuth2LoginSecurityConfig extends WebSecurityConfigurerAdapter {

        @Override
        protected void configure(HttpSecurity http) throws Exception {
            http
                .authorizeRequests(authorizeRequests ->
                    authorizeRequests
                        .anyRequest().authenticated()
                )
                .oauth2Login(withDefaults());
        }
    }

    @Bean
    public ClientRegistrationRepository clientRegistrationRepository() {
        return new InMemoryClientRegistrationRepository(this.googleClientRegistration());
    }

    private ClientRegistration googleClientRegistration() {
        return ClientRegistration.withRegistrationId("google")
            .clientId("google-client-id")
            .clientSecret("google-client-secret")
            .clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
            .authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
            .redirectUriTemplate("{baseUrl}/login/oauth2/code/{registrationId}")
            .scope("openid", "profile", "email", "address", "phone")
            .authorizationUri("https://accounts.google.com/o/oauth2/v2/auth")
            .tokenUri("https://www.googleapis.com/oauth2/v4/token")
            .userInfoUri("https://www.googleapis.com/oauth2/v3/userinfo")
            .userNameAttributeName(IdTokenClaimNames.SUB)
            .jwkSetUri("https://www.googleapis.com/oauth2/v3/certs")
            .clientName("Google")
            .build();
    }
}

 

参考文章

https://shentuzhigang.blog.csdn.net/article/details/105641709