This topic describes the related configurations of some commonly used SDKs of Open Authorization (OAuth). In this topic, configurations by using Spring Boot and OAuth2 and configurations by using Spring Boot and Pac4J are provided.
Configuration by using Spring Boot and OAuth2
To configure the OAuth SDK by modifying the configurations of Spring Boot and OAuth2, see Spring Boot and OAuth2. Examples:
- Enter the Alibaba Cloud configuration information in the configuration file.
alibabacloud: client: clientId: 415195082384692**** clientSecret: 6EwN4qutnZuchG6n677Ie33SsjAhwyTpcOMSoIo6v0gqJtw4QcHhERVXfqzc**** accessTokenUri: https://oauth.alibabacloud.com/v1/token userAuthorizationUri: https://signin.alibabacloud.com/oauth2/v1/auth tokenName: access_token authenticationScheme: query clientAuthenticationScheme: form resource: userInfoUri: https://oauth.alibabacloud.com/v1/userinfo
- Modify the redirect URI.
Replace the callback URL in
OAuth2ClientAuthenticationProcessingFilter
with the URL of the required application. Ifhttp://localhost:8080/login/alibabacloud
is configured for the application, you can replace the callback URL with/login/alibabacloud
.The following code provides an example:
public class WebApplication extends WebSecurityConfigurerAdapter { @Autowired OAuth2ClientContext oauth2ClientContext; @RequestMapping("/user") public Principal user(Principal principal) { return principal; } @Override protected void configure(HttpSecurity http) throws Exception { // @formatter:off http.antMatcher("/**").authorizeRequests().antMatchers("/", "/login**", "/webjars/**").permitAll().anyRequest() .authenticated().and().exceptionHandling() .authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/")).and().logout() .logoutSuccessUrl("/").permitAll().and().csrf() .csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse()).and() .addFilterBefore(ssoFilter(), BasicAuthenticationFilter.class); // @formatter:on } public static void main(String[] args) { SpringApplication.run(WebApplication.class, args); } @Bean public FilterRegistrationBean oauth2ClientFilterRegistration(OAuth2ClientContextFilter filter) { FilterRegistrationBean registration = new FilterRegistrationBean(); registration.setFilter(filter); registration.setOrder(-100); return registration; } private Filter ssoFilter() { OAuth2ClientAuthenticationProcessingFilter alibabacloudFilter= new OAuth2ClientAuthenticationProcessingFilter( "/login/alibabacloud"); OAuth2RestTemplate alibabacloudTemplate = new OAuth2RestTemplate(alibabacloud(), oauth2ClientContext); alibabacloudFilter.setRestTemplate(alibabacloudTemplate); UserInfoTokenServices tokenServices = new UserInfoTokenServices(alibabacloudResource().getUserInfoUri(), alibabacloud().getClientId()); tokenServices.setRestTemplate(alibabacloudTemplate); alibabacloudFilter.setTokenServices(tokenServices); return alibabacloudFilter; } @Bean @ConfigurationProperties("alibabacloud.client") public AuthorizationCodeResourceDetails alibabacloud() { return new AuthorizationCodeResourceDetails(); } @Bean @ConfigurationProperties("alibabacloud.resource") public ResourceServerProperties alibabacloudResource() { return new ResourceServerProperties(); } }
Pac4J configuration sample
To configure the OAuth SDK by modifying the configurations of the spring-webmvc-pac4j project in Pac4J, see Pac4J. Examples:
- Create an
AlibabaCloudOidcClient
client.public class AlibabaCloudOidcClient extends OidcClient<OidcProfile, OidcConfiguration> { public AlibabaCloudOidcClient() { } public AlibabaCloudOidcClient(OidcConfiguration configuration) { super(configuration); } @Override protected void clientInit() { CommonHelper.assertNotNull("configuration", this.getConfiguration()); this.getConfiguration().defaultDiscoveryURI("https://oauth.alibabacloud.com/.well-known/openid-configuration"); OidcProfileCreator<OidcProfile> profileCreator = new OidcProfileCreator(this.getConfiguration()); profileCreator.setProfileDefinition(new OidcProfileDefinition((x) -> { return new OidcProfile(); })); this.defaultProfileCreator(profileCreator); super.clientInit(); } }
- Add the bean configuration to
oidcConfig
.<bean id="oidcConfiguration" class="org.pac4j.oidc.config.OidcConfiguration"> <property name="clientId" value=your application id /> <property name="secret" value=your application secret /> <property name="useNonce" value="false" /> <property name="scope" value="openid profile aliuid" /> <property name="clientAuthenticationMethod" value="client_secret_post" /> </bean>
- Add the bean configuration to
AlibabaCloudOidcClient
.<bean id="AlibabaCloudOidClient" class="org.pac4j.demo.spring.AlibabaCloudOidcClient"> <constructor-arg name="configuration" ref="oidcConfiguration" /> <property name="authorizationGenerator"> <bean class="org.pac4j.demo.spring.RoleAdminAuthGenerator" /> </property> </bean>
- Configure the callbackUrl and client attributes of
bean clients
.Note You must configure the callbackUri attribute in the Callback URL field in the Alibaba Cloud Management Console.<bean id="clients" class="org.pac4j.core.client.Clients"> <constructor-arg name="callbackUrl" value="http://127.0.0.1:8080/callback" /> <constructor-arg name="clients"> <list> <ref bean="AlibabaCloudOidClient" /> </list> </constructor-arg> </bean>
- Add the
oidc
interceptor.<mvc:interceptor> <mvc:mapping path="/oidc/*" /> <bean class="org.pac4j.springframework.web.SecurityInterceptor"> <constructor-arg name="config" ref="config" /> <constructor-arg name="clients" value="AlibabaCloudOidcClient" /> </bean> </mvc:interceptor>
- Access
http://localhost:8080/oidc/index.html
.