spring-cloud-openfeign oauth2拦截器默认配置

2024-05-24 12:23:38 浏览数 (3)

版本

spring-cloud:4.1.0 spring-security:6.2.1

依赖

添加oauth2客户端依赖

代码语言:javascript复制
<dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-oauth2-client</artifactId>
</dependency>

配置

代码语言:javascript复制
spring:
  cloud:
    openfeign:
      oauth2:
      	# 启用oauth2 拦截器
        enabled: true
        # 拦截器使用的客户端注册ID(注意yml配置此处不可以写为小写字母连字符格式)
        clientRegistrationId: oauth2-client
  security:
    oauth2:
      client:
        registration:
          # 客户端注册ID与feign配置一致
          oauth2-client:
            client-id: client-id
            client-secret: client-secret
            # 使用客户端证书
            authorization-grant-type: client_credentials
            scope:
              - myscope
        provider:
          oauth2-client:
            # 授权服务令牌端点
            token-uri: http://authorization-server/oauth2/token
  • 注意:如果是非WEB/REACTIVE项目需要手动注册下面两个Bean 如果是WEB/REACTIVE项目会自动注册
代码语言:javascript复制
@Bean
@ConditionalOnMissingBean(ClientRegistrationRepository.class)
ClientRegistrationRepository repository(OAuth2ClientProperties properties) {
    List<ClientRegistration> registrations = new ArrayList<>(
            new OAuth2ClientPropertiesMapper(properties).asClientRegistrations().values());
    return new InMemoryClientRegistrationRepository(registrations);
}

@Bean
@ConditionalOnMissingBean(OAuth2AuthorizedClientService.class)
OAuth2AuthorizedClientService service(ClientRegistrationRepository clientRegistrationRepository) {
    return new InMemoryOAuth2AuthorizedClientService(clientRegistrationRepository);
}

源码

  • 拦截器自动配置

spring-cloud-openfeign-core org.springframework.cloud.openfeign.FeignAutoConfiguration

代码语言:javascript复制
@Configuration(proxyBeanMethods = false)
@ConditionalOnClass(Feign.class)
@EnableConfigurationProperties({ FeignClientProperties.class, FeignHttpClientProperties.class,
		FeignEncoderProperties.class })
public class FeignAutoConfiguration {
	...
	@Configuration(proxyBeanMethods = false)
	@ConditionalOnClass(OAuth2AuthorizedClientManager.class)
	// 检查配置是否开启
	@ConditionalOnProperty("spring.cloud.openfeign.oauth2.enabled")
	protected static class Oauth2FeignConfiguration {
		// 已经注册 OAuth2AuthorizedClientService ClientRegistrationRepository Bean 的情况下注册 feignOAuth2AuthorizedClientManager
		@Bean
		@ConditionalOnBean({ OAuth2AuthorizedClientService.class, ClientRegistrationRepository.class })
		@ConditionalOnMissingBean
		OAuth2AuthorizedClientManager feignOAuth2AuthorizedClientManager(
				ClientRegistrationRepository clientRegistrationRepository,
				OAuth2AuthorizedClientService oAuth2AuthorizedClientService) {
			return new AuthorizedClientServiceOAuth2AuthorizedClientManager(clientRegistrationRepository,
					oAuth2AuthorizedClientService);

		}
		// 注册拦截器
		@Bean
		@ConditionalOnBean(OAuth2AuthorizedClientManager.class)
		public OAuth2AccessTokenInterceptor defaultOAuth2AccessTokenInterceptor(
				@Value("${spring.cloud.openfeign.oauth2.clientRegistrationId:}") String clientRegistrationId,
				OAuth2AuthorizedClientManager oAuth2AuthorizedClientManager) {
			return new OAuth2AccessTokenInterceptor(clientRegistrationId, oAuth2AuthorizedClientManager);
		}

	}
	...
}
  • Web应用 oauth2客户端自动配置

spring-boot-autoconfigure org.springframework.boot.autoconfigure.security.oauth2.client.servlet.OAuth2ClientAutoConfiguration

代码语言:javascript复制
@AutoConfiguration(before = SecurityAutoConfiguration.class)
@ConditionalOnClass({ EnableWebSecurity.class, ClientRegistration.class })
// 需要Web应用
@ConditionalOnWebApplication(type = ConditionalOnWebApplication.Type.SERVLET)
@Import({ 
	// 注册OAuth2ClientRegistrationRepository
	OAuth2ClientRegistrationRepositoryConfiguration.class, 
	// 注册OAuth2AuthorizedClientService
	OAuth2WebSecurityConfiguration.class 
})
public class OAuth2ClientAutoConfiguration {}

0 人点赞