版本
spring-cloud:4.1.0 spring-security:6.2.1
依赖
添加oauth2客户端依赖
代码语言:javascript复制<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-oauth2-client</artifactId>
</dependency>配置
代码语言:javascript复制spring:
cloud:
openfeign:
oauth2:
# 启用oauth2 拦截器
enabled: true
# 拦截器使用的客户端注册ID(注意yml配置此处不可以写为小写字母连字符格式)
clientRegistrationId: oauth2-client
security:
oauth2:
client:
registration:
# 客户端注册ID与feign配置一致
oauth2-client:
client-id: client-id
client-secret: client-secret
# 使用客户端证书
authorization-grant-type: client_credentials
scope:
- myscope
provider:
oauth2-client:
# 授权服务令牌端点
token-uri: http://authorization-server/oauth2/token- 注意:如果是非WEB/REACTIVE项目需要手动注册下面两个Bean 如果是WEB/REACTIVE项目会自动注册
@Bean
@ConditionalOnMissingBean(ClientRegistrationRepository.class)
ClientRegistrationRepository repository(OAuth2ClientProperties properties) {
List<ClientRegistration> registrations = new ArrayList<>(
new OAuth2ClientPropertiesMapper(properties).asClientRegistrations().values());
return new InMemoryClientRegistrationRepository(registrations);
}
@Bean
@ConditionalOnMissingBean(OAuth2AuthorizedClientService.class)
OAuth2AuthorizedClientService service(ClientRegistrationRepository clientRegistrationRepository) {
return new InMemoryOAuth2AuthorizedClientService(clientRegistrationRepository);
}源码
- 拦截器自动配置
spring-cloud-openfeign-core org.springframework.cloud.openfeign.FeignAutoConfiguration
代码语言:javascript复制@Configuration(proxyBeanMethods = false)
@ConditionalOnClass(Feign.class)
@EnableConfigurationProperties({ FeignClientProperties.class, FeignHttpClientProperties.class,
FeignEncoderProperties.class })
public class FeignAutoConfiguration {
...
@Configuration(proxyBeanMethods = false)
@ConditionalOnClass(OAuth2AuthorizedClientManager.class)
// 检查配置是否开启
@ConditionalOnProperty("spring.cloud.openfeign.oauth2.enabled")
protected static class Oauth2FeignConfiguration {
// 已经注册 OAuth2AuthorizedClientService ClientRegistrationRepository Bean 的情况下注册 feignOAuth2AuthorizedClientManager
@Bean
@ConditionalOnBean({ OAuth2AuthorizedClientService.class, ClientRegistrationRepository.class })
@ConditionalOnMissingBean
OAuth2AuthorizedClientManager feignOAuth2AuthorizedClientManager(
ClientRegistrationRepository clientRegistrationRepository,
OAuth2AuthorizedClientService oAuth2AuthorizedClientService) {
return new AuthorizedClientServiceOAuth2AuthorizedClientManager(clientRegistrationRepository,
oAuth2AuthorizedClientService);
}
// 注册拦截器
@Bean
@ConditionalOnBean(OAuth2AuthorizedClientManager.class)
public OAuth2AccessTokenInterceptor defaultOAuth2AccessTokenInterceptor(
@Value("${spring.cloud.openfeign.oauth2.clientRegistrationId:}") String clientRegistrationId,
OAuth2AuthorizedClientManager oAuth2AuthorizedClientManager) {
return new OAuth2AccessTokenInterceptor(clientRegistrationId, oAuth2AuthorizedClientManager);
}
}
...
}- Web应用 oauth2客户端自动配置
spring-boot-autoconfigure org.springframework.boot.autoconfigure.security.oauth2.client.servlet.OAuth2ClientAutoConfiguration
代码语言:javascript复制@AutoConfiguration(before = SecurityAutoConfiguration.class)
@ConditionalOnClass({ EnableWebSecurity.class, ClientRegistration.class })
// 需要Web应用
@ConditionalOnWebApplication(type = ConditionalOnWebApplication.Type.SERVLET)
@Import({
// 注册OAuth2ClientRegistrationRepository
OAuth2ClientRegistrationRepositoryConfiguration.class,
// 注册OAuth2AuthorizedClientService
OAuth2WebSecurityConfiguration.class
})
public class OAuth2ClientAutoConfiguration {}
