我對Spring Oauth和Spring Security頗爲陌生。我正在嘗試在我的項目中使用client_credentials流程。現在我設法使用我自己的CustomDetailsService來從我的系統中已經存在的數據庫中獲取client_id和密碼(祕密)。唯一的問題是我無法更改AuthorizationServer使用的DaoAuthenticationProvider中的密碼編碼器 - 它默認設置爲PlaintextPasswordEncoder。我無法按照它的方式配置它,例如SHAPasswordEncoder。它總是使用明文編碼器。我可能不太瞭解這個流程,因爲我是Spring的新手。Spring Oauth2。在DaoAuthenticationProvider中未設置密碼編碼器
下面是我的一些代碼(與不工作DaoAuthenticationProvider的時候的配置):
SecurityConfig.java
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {
private static final String RESOURCE_ID = "restservice";
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring().antMatchers("/register/**");
}
@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.authenticationProvider(daoAuthenticationProvider());
}
@Bean
public DaoAuthenticationProvider daoAuthenticationProvider() {
DaoAuthenticationProvider daoAuthenticationProvider = new DaoAuthenticationProvider();
daoAuthenticationProvider.setUserDetailsService(userDetailsService());
daoAuthenticationProvider.setPasswordEncoder(passwordEncoder());
return daoAuthenticationProvider;
}
@Bean
public PasswordEncoder passwordEncoder() {
return new ShaPasswordEncoder();
}
@Configuration
@EnableAuthorizationServer
protected static class AuthorizationServerConfiguration extends AuthorizationServerConfigurerAdapter {
@Autowired
private MyCustomClientDetailsService myCustomClientDetailsService;
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints)
throws Exception {
endpoints.tokenStore(tokenStore());
}
@Bean
public ResourceServerTokenServices defaultTokenServices() {
final DefaultTokenServices defaultTokenServices = new DefaultTokenServices();
defaultTokenServices.setSupportRefreshToken(true);
defaultTokenServices.setTokenStore(tokenStore());
return defaultTokenServices;
}
@Bean
public TokenStore tokenStore() {
return new InMemoryTokenStore();
}
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients.withClientDetails(myCustomClientDetailsService);
}
@Bean
public MyCustomClientDetailsService detailsService() {
return new MyCustomClientDetailsService();
}
}
@Configuration
@EnableResourceServer
protected static class ResourceServerConfiguration extends ResourceServerConfigurerAdapter {
...
}
}
而定製ClientDetailsService類:
public class MyCustomClientDetailsService implements ClientDetailsService {
@Autowired
private UserService userService;
@Override
public ClientDetails loadClientByClientId(String clientId) throws ClientRegistrationException {
User fan = userService.getFan(clientId);
if (fan == null) {
throw new NoSuchClientException("No client with requested id: " + clientId);
}
BaseClientDetails details = new BaseClientDetails(clientId, restservice, "write", "client_credentials", "USER");
details.setClientSecret(fan.getEncodedPassword());
return details;
}
}
的encodedPassword即取從我的UserService始終是一個很差的證書,因爲DaoAuthenticationProvider默認設置了一個PlaintextPasswordEncoder。
我在那裏錯過了什麼? 是否可以在DaoAuthenticationProvider中設置用於檢查憑證的密碼編碼器?或者我必須編寫自己的AuthenticationProvider,它會按照我想要的方式進行檢查?
我有完全相同的問題你有沒有找到一個解決覆蓋
configure
? – Leon 2015-10-04 11:47:52