Spring Security OAuth2 授权码模式使用 PKCE
Spring Security OAuth2 Spring Boot About 1,485 words主要代码
拓展DefaultOAuth2AuthorizationRequestResolver
,设置AuthorizationRequestCustomizer
为OAuth2AuthorizationRequestCustomizers.withPkce()
。
完整代码
@Slf4j
@Configuration
@EnableWebSecurity(debug = true)
public class WebConfig {
@Bean
@Order(0)
SecurityFilterChain securityFilterChain0(HttpSecurity http, ClientRegistrationRepository clientRegistrationRepository) throws Exception {
http
.securityMatcher( "/web/**", "/oauth2/authorization/keycloak", "/login/oauth2/code/keycloak")
.formLogin(AbstractHttpConfigurer::disable)
.csrf(AbstractHttpConfigurer::disable)
.anonymous(AbstractHttpConfigurer::disable)
.authorizeHttpRequests(authorizeHttpRequests -> {
authorizeHttpRequests.anyRequest().authenticated();
})
.oauth2Login(login -> {
login.authorizationEndpoint(authorizationEndpoint -> {
DefaultOAuth2AuthorizationRequestResolver resolver = new DefaultOAuth2AuthorizationRequestResolver(clientRegistrationRepository, OAuth2AuthorizationRequestRedirectFilter.DEFAULT_AUTHORIZATION_REQUEST_BASE_URI);
resolver.setAuthorizationRequestCustomizer(OAuth2AuthorizationRequestCustomizers.withPkce());
authorizationEndpoint.authorizationRequestResolver(resolver);
});
})
;
return http.build();
}
}
Views: 860 · Posted: 2024-05-11
————        END        ————
Give me a Star, Thanks:)
https://github.com/fendoudebb/LiteNote扫描下方二维码关注公众号和小程序↓↓↓
Loading...