Spring Security OAuth2 授权码模式使用 PKCE

Spring Security OAuth2 Spring Boot About 1,485 words

主要代码

拓展DefaultOAuth2AuthorizationRequestResolver,设置AuthorizationRequestCustomizerOAuth2AuthorizationRequestCustomizers.withPkce()

完整代码

@Slf4j
@Configuration
@EnableWebSecurity(debug = true)
public class WebConfig {

    @Bean
    @Order(0)
    SecurityFilterChain securityFilterChain0(HttpSecurity http, ClientRegistrationRepository clientRegistrationRepository) throws Exception {
        http
                .securityMatcher( "/web/**", "/oauth2/authorization/keycloak", "/login/oauth2/code/keycloak")
                .formLogin(AbstractHttpConfigurer::disable)
                .csrf(AbstractHttpConfigurer::disable)
                .anonymous(AbstractHttpConfigurer::disable)
                .authorizeHttpRequests(authorizeHttpRequests -> {
                    authorizeHttpRequests.anyRequest().authenticated();
                })
                .oauth2Login(login -> {
                    login.authorizationEndpoint(authorizationEndpoint -> {
                        DefaultOAuth2AuthorizationRequestResolver resolver = new DefaultOAuth2AuthorizationRequestResolver(clientRegistrationRepository, OAuth2AuthorizationRequestRedirectFilter.DEFAULT_AUTHORIZATION_REQUEST_BASE_URI);
                        resolver.setAuthorizationRequestCustomizer(OAuth2AuthorizationRequestCustomizers.withPkce());
                        authorizationEndpoint.authorizationRequestResolver(resolver);
                    });
                })

        ;

        return http.build();
    }

}
Views: 860 · Posted: 2024-05-11

————        END        ————

Give me a Star, Thanks:)

https://github.com/fendoudebb/LiteNote

扫描下方二维码关注公众号和小程序↓↓↓

扫描下方二维码关注公众号和小程序↓↓↓


Today On History
Browsing Refresh