oAuth2 feign 授權模式

客戶端模式

bootstrap.yml

security:
  oauth2:
    client:
      clientId: paascloud-browser
      clientSecret: paascloudClientSecret
      access-token-uri: http://localhost:7979/uac/oauth/token
      user-authorization-uri: http://localhost:7979/uac/oauth/authorize
    resource:
      id: browser-service
      user-info-uri: http://localhost:7979/uac/user
paascloud:
  oauth2:
    client:
      id: ${security.oauth2.resource.id}
      accessTokenUrl: http://localhost:7979/uac/oauth/token
      clientId: ${security.oauth2.client.clientId}
      clientSecret: ${security.oauth2.client.clientSecret}
      clientAuthenticationScheme: header

Oauth2ClientConfig.java

@Configuration
@EnableConfigurationProperties(Oauth2ClientProperties.class)
public class Oauth2ClientConfig {

    @Autowired
    private Oauth2ClientProperties oauth2ClientProperties;

    @Bean("paascloudClientCredentialsResourceDetails")
    public ClientCredentialsResourceDetails resourceDetails() {
        ClientCredentialsResourceDetails details = new ClientCredentialsResourceDetails();
        details.setId(oauth2ClientProperties.getId());
        details.setAccessTokenUri(oauth2ClientProperties.getAccessTokenUrl());
        details.setClientId(oauth2ClientProperties.getClientId());
        details.setClientSecret(oauth2ClientProperties.getClientSecret());
        details.setAuthenticationScheme(AuthenticationScheme.valueOf(oauth2ClientProperties.getClientAuthenticationScheme()));
        return details;
    }

    @Bean("paascloudOAuth2RestTemplate")
    public OAuth2RestTemplate oAuth2RestTemplate() {
        final OAuth2RestTemplate oAuth2RestTemplate = new OAuth2RestTemplate(resourceDetails(), new DefaultOAuth2ClientContext());
        oAuth2RestTemplate.setRequestFactory(new Netty4ClientHttpRequestFactory());

        return oAuth2RestTemplate;

    }
}

Oauth2ClientProperties.java

@ConfigurationProperties(prefix = "paascloud.oauth2.client")
@Data
public class Oauth2ClientProperties {
    private String id;
    private String accessTokenUrl;
    private String clientId;
    private String clientSecret;
    private String clientAuthenticationScheme;
}

OAuth2FeignAutoConfiguration.java

@Configuration
public class OAuth2FeignAutoConfiguration {

    @Bean
    public RequestInterceptor oauth2FeignRequestInterceptor(@Qualifier("paascloudOAuth2RestTemplate") OAuth2RestTemplate oAuth2RestTemplate) {
        return new OAuth2FeignRequestInterceptor(oAuth2RestTemplate);
    }

    @Bean
    public RestClientErrorDecoder errorDecoder() {
        return new RestClientErrorDecoder();
    }

    @Bean
    public Contract feignContract() {
        return new feign.Contract.Default();
    }

    @Bean
    Logger.Level feignLoggerLevel() {
        return Logger.Level.FULL;
    }
}

OAuth2FeignRequestInterceptor.java

public class OAuth2FeignRequestInterceptor implements RequestInterceptor {

    private final Logger LOGGER = LoggerFactory.getLogger(getClass());

    private static final String AUTHORIZATION_HEADER = "Authorization";

    private static final String BEARER_TOKEN_TYPE = "Bearer";

    private final OAuth2RestTemplate oAuth2RestTemplate;


    public OAuth2FeignRequestInterceptor(OAuth2RestTemplate oAuth2RestTemplate) {
        Assert.notNull(oAuth2RestTemplate, "Context can not be null");
        this.oAuth2RestTemplate = oAuth2RestTemplate;
    }

    @Override
    public void apply(RequestTemplate template) {
        LOGGER.debug("Constructing Header {} for Token {}", AUTHORIZATION_HEADER, BEARER_TOKEN_TYPE);
        template.header(AUTHORIZATION_HEADER,
                String.format("%s %s",
                        BEARER_TOKEN_TYPE,
                        oAuth2RestTemplate.getAccessToken().toString()));

    }
}

密碼模式

@Configuration
public class ConfigurationForRestClient {

    @Bean(name = "paascloudOAuth2ProtectedResourceDetails")
    protected OAuth2ProtectedResourceDetails resource() {

        ResourceOwnerPasswordResourceDetails resource = new ResourceOwnerPasswordResourceDetails();
        resource.setAccessTokenUri("http://localhost:7979/uac/oauth/token");

        resource.setClientAuthenticationScheme(AuthenticationScheme.header);
        resource.setClientId("paascloud-browser");
        resource.setClientSecret("paascloudClientSecret");

        resource.setGrantType("password");
        resource.setScope(Arrays.asList("all"));

        resource.setUsername("admin");
        resource.setPassword("123456");

        return resource;
    }

    @Bean(name = "paascloudOauth2ClientContext")
    public OAuth2ClientContext oauth2ClientContext() {

        return new DefaultOAuth2ClientContext(new DefaultAccessTokenRequest());
    }

    @Bean
    public RestClientErrorDecoder errorDecoder() {

        return new RestClientErrorDecoder();
    }

    @Bean
    protected RequestInterceptor oauth2FeignRequestInterceptor(
            @Qualifier("paascloudOauth2ClientContext") OAuth2ClientContext context,
            @Qualifier("paascloudOAuth2ProtectedResourceDetails") OAuth2ProtectedResourceDetails resourceDetails) {

        return new OAuth2FeignRequestInterceptor(context, resourceDetails);
    }

    @Bean
    @Primary
    public OAuth2RestTemplate oauth2RestTemplate(
            @Qualifier("paascloudOauth2ClientContext") OAuth2ClientContext context,
            @Qualifier("paascloudOAuth2ProtectedResourceDetails") OAuth2ProtectedResourceDetails resourceDetails) {

        OAuth2RestTemplate template = new OAuth2RestTemplate(resourceDetails,
                context);

        return template;
    }

    @Bean
    public Contract feignContract() {
        return new feign.Contract.Default();
    }

    @Bean
    Logger.Level feignLoggerLevel() {
        return Logger.Level.FULL;
    }
}

簡單記錄一下日後有時間再整理