spring security 5.x Provider
阿新 • • 發佈:2020-12-27
Provider
spring-security-config模組下
org.springframework.security.config.oauth2.client.CommonOAuth2Provider.class
包括google、github等
public enum CommonOAuth2Provider { GOOGLE { public Builder getBuilder(String registrationId) { Builder builder = this.getBuilder(registrationId, ClientAuthenticationMethod.BASIC, "{baseUrl}/{action}/oauth2/code/{registrationId}"); builder.scope(new String[]{"openid", "profile", "email"}); builder.authorizationUri("https://accounts.google.com/o/oauth2/v2/auth"); builder.tokenUri("https://www.googleapis.com/oauth2/v4/token"); builder.jwkSetUri("https://www.googleapis.com/oauth2/v3/certs"); builder.userInfoUri("https://www.googleapis.com/oauth2/v3/userinfo"); builder.userNameAttributeName("sub"); builder.clientName("Google"); return builder; } }, GITHUB { public Builder getBuilder(String registrationId) { Builder builder = this.getBuilder(registrationId, ClientAuthenticationMethod.BASIC, "{baseUrl}/{action}/oauth2/code/{registrationId}"); builder.scope(new String[]{"read:user"}); builder.authorizationUri("https://github.com/login/oauth/authorize"); builder.tokenUri("https://github.com/login/oauth/access_token"); builder.userInfoUri("https://api.github.com/user"); builder.userNameAttributeName("id"); builder.clientName("GitHub"); return builder; } }, FACEBOOK { public Builder getBuilder(String registrationId) { Builder builder = this.getBuilder(registrationId, ClientAuthenticationMethod.POST, "{baseUrl}/{action}/oauth2/code/{registrationId}"); builder.scope(new String[]{"public_profile", "email"}); builder.authorizationUri("https://www.facebook.com/v2.8/dialog/oauth"); builder.tokenUri("https://graph.facebook.com/v2.8/oauth/access_token"); builder.userInfoUri("https://graph.facebook.com/me?fields=id,name,email"); builder.userNameAttributeName("id"); builder.clientName("Facebook"); return builder; } }, OKTA { public Builder getBuilder(String registrationId) { Builder builder = this.getBuilder(registrationId, ClientAuthenticationMethod.BASIC, "{baseUrl}/{action}/oauth2/code/{registrationId}"); builder.scope(new String[]{"openid", "profile", "email"}); builder.userNameAttributeName("sub"); builder.clientName("Okta"); return builder; } }; private static final String DEFAULT_REDIRECT_URL = "{baseUrl}/{action}/oauth2/code/{registrationId}"; private CommonOAuth2Provider() { } protected final Builder getBuilder(String registrationId, ClientAuthenticationMethod method, String redirectUri) { Builder builder = ClientRegistration.withRegistrationId(registrationId); builder.clientAuthenticationMethod(method); builder.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE); builder.redirectUriTemplate(redirectUri); return builder; } public abstract Builder getBuilder(String var1); }
AuthorizationEndpoint
spring-security-oauth2模組
org\springframework\security\oauth2\provider\endpoint
包下定義了各種預設的處理器,即controller
org.springframework.security.oauth2.provider.endpoint.AuthorizationEndpoint #授權邏輯 org.springframework.security.oauth2.provider.endpoint.TokenEndpoint #獲取令牌 org.springframework.security.oauth2.provider.endpoint.CheckTokenEndpoint#checkToken #檢查令牌 org.springframework.security.oauth2.provider.endpoint.WhitelabelApprovalEndpoint #白名單