将多个客户端添加到Spring OAuth2身份验证服务器

我有Spring OAuth授权服务器,我想添加对多个客户端(id)的支持。我像这样配置客户端:

clients
            .inMemory().withClient(client).secret(clientSecret)
            .resourceIds(resourceId)
            .authorizedGrantTypes("client_credentials", "password", "refresh_token", "implicit", "authorization_code")
            .authorities("ROLE_USER")
            .scopes("read", "write")
            .autoApprove(true)
            .and()
            .inMemory().withClient("acme").secret("acmesecret")
            .resourceIds(resourceId)
            .authorizedGrantTypes("client_credentials", "password", "refresh_token", "implicit", "authorization_code")
            .authorities("ROLE_USER_ACME")
            .scopes("read", "write")
            .autoApprove(true); 

我可以使用第一个客户端获取访问令牌,但是当尝试使用第二个客户端获取访问令牌时,我收到此错误:

{
  "timestamp": 1456822249638,
  "status": 401,
  "error": "Unauthorized",
  "message": "Bad credentials",
  "path": "/oauth/token"
}

是否可以添加多个客户端以及如何执行此操作?Allso,如何从数据库中读取客户端?


答案 1

不要使用多个构建器,而是将多个 s 连接在一个构建器中:inMemorywithClientinMemory

@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
    clients.inMemory()
                .withClient("first")
                .secret("secret")
                .scopes("read")
                .authorizedGrantTypes("password")
            .and()
                .withClient("sec")
                .secret("secret")
                .scopes("read")
                .authorizedGrantTypes("password");
}

答案 2

对于具有配置的构建器(您必须定义自己的配置):inMemory

 @Override
    public void configure ( ClientDetailsServiceConfigurer clients ) throws Exception {
        // @formatter:off
        InMemoryClientDetailsServiceBuilder inMemoryBuilder = clients.inMemory ();
        for (String clientKey: authServerProperties.getClient ().keySet ()) {
            OAuthClientProperties client = authServerProperties.getClient ().get ( clientKey );
            inMemoryBuilder
                .withClient ( client.getClientId () )
                .secret ( client.getClientSecret () )
                .scopes ( client.getScopes () == null ? new String[] {"openid"} : client.getScopes () )
                .authorizedGrantTypes ( client.getAuthorizedGrandTypes () == null ? "client_credentials" : client.getAuthorizedGrandTypes () );
        }

        // @formatter:on
    }

加上两个附加类:

@ConfigurationProperties ( prefix = "my-authorization-server" )
public class AuthServerProperties 

    private final Map<String, OAuthClientProperties> client = new HashMap<> ();

    ...

    public Map<String, OAuthClientProperties> getClient () {
        return client;
    }

    ...

}


public class OAuthClientProperties {

    private String clientId;

    private String clientSecret;

    private String[] scopes;

    private String authorizedGrandTypes;

    public String getClientId () {
        return clientId;
    }

    public void setClientId ( String clientId ) {
        this.clientId = clientId;
    }

    public String getClientSecret () {
        return clientSecret;
    }

    public void setClientSecret ( String clientSecret ) {
        this.clientSecret = clientSecret;
    }

    public String[] getScopes () {
        return scopes;
    }

    public void setScopes ( String[]  scopes ) {
        this.scopes = scopes;
    }

    public String getAuthorizedGrandTypes () {
        return authorizedGrandTypes;
    }

    public void setAuthorizedGrandTypes ( String authorizedGrandTypes ) {
        this.authorizedGrandTypes = authorizedGrandTypes;
    }

}

最后,在属性中,您将具有如下内容:

my-authorization-server.client.foo.client-id=foo-client
my-authorization-server.client.foo.client-secret=foo-client-supersecret
my-authorization-server.client.foo.scopes=read

my-authorization-server.client.bar.client-id=bar-client
my-authorization-server.client.bar.client-secret=bar-client-verysupersecret
my-authorization-server.client.bar.scopes=read,write

推荐