我正在尝试从Spring Boot 2.0 M3升级到当前的M6里程碑。在Milestone M5中,他们更改了Spring Security 5中的oAuth2 Client行为。
现在我很困惑如何使用Microsoft Botframework oAuth2 REST API重新配置我的应用程序以适应更改的oAuth2实现。我正在使用当前版本5.0 RC1中的依赖项:org.springframework.security:spring-security-oauth2-client。
我目前的猜测是这样的:
application.yml
spring:
security:
oauth2:
client:
registration:
botframework:
client-id: myClientId
client-secret: myClientSecret
scope: https://api.botframework.com/.default
authorization-grant-type: client_credentials
client-authentication-method: form
provider:
botframework:
token-uri: https://login.microsoftonline.com/botframework.com/oauth2/v2.0/token
配置允许oAuth2登录
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/**").permitAll()
.and()
.oauth2Login();
}
现在我需要获取访问令牌以针对Botframework REST API发出请求。在版本升级之前,这是通过使用oAuth2 REST模板完成的。我还需要这个,如果是的话,怎么样?
目前Spring Boot 2.0 M6自动配置对我不起作用。关于这个主题的任何想法?
我的解决方案现在是:
security:
oauth2:
client:
client-id: ************
client-secret: *************
access-token-uri: https://login.microsoftonline.com/botframework.com/oauth2/v2.0/token
scope: https://api.botframework.com/.default
grant-type: client_credentials
client-authentication-scheme: form
和
@Bean
@Primary
@ConfigurationProperties(prefix = "security.oauth2.client")
public OAuth2ProtectedResourceDetails oauth2RemoteResource() {
return new ClientCredentialsResourceDetails();
}
现在一切都被允许了
@Configuration
@EnableWebSecurity
public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring().antMatchers("/**");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().antMatchers("/**").permitAll();
}
}