版本
spring-cloud:4.1.0
spring-security:6.2.1
依赖
添加oauth2客户端依赖
<dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-oauth2-client</artifactId>
</dependency>
配置
spring:cloud:openfeign:oauth2:# 启用oauth2 拦截器enabled: true# 拦截器使用的客户端注册ID(注意yml配置此处不可以写为小写字母连字符格式)clientRegistrationId: oauth2-clientsecurity:oauth2:client:registration:# 客户端注册ID与feign配置一致oauth2-client:client-id: client-idclient-secret: client-secret# 使用客户端证书authorization-grant-type: client_credentialsscope:- myscopeprovider:oauth2-client:# 授权服务令牌端点token-uri: http://authorization-server/oauth2/token
- 注意:如果是非WEB/REACTIVE项目需要手动注册下面两个Bean
如果是WEB/REACTIVE项目会自动注册
@Bean
@ConditionalOnMissingBean(ClientRegistrationRepository.class)
ClientRegistrationRepository repository(OAuth2ClientProperties properties) {List<ClientRegistration> registrations = new ArrayList<>(new OAuth2ClientPropertiesMapper(properties).asClientRegistrations().values());return new InMemoryClientRegistrationRepository(registrations);
}@Bean
@ConditionalOnMissingBean(OAuth2AuthorizedClientService.class)
OAuth2AuthorizedClientService service(ClientRegistrationRepository clientRegistrationRepository) {return new InMemoryOAuth2AuthorizedClientService(clientRegistrationRepository);
}
源码
- 拦截器自动配置
spring-cloud-openfeign-core
org.springframework.cloud.openfeign.FeignAutoConfiguration
@Configuration(proxyBeanMethods = false)
@ConditionalOnClass(Feign.class)
@EnableConfigurationProperties({ FeignClientProperties.class, FeignHttpClientProperties.class,FeignEncoderProperties.class })
public class FeignAutoConfiguration {...@Configuration(proxyBeanMethods = false)@ConditionalOnClass(OAuth2AuthorizedClientManager.class)// 检查配置是否开启@ConditionalOnProperty("spring.cloud.openfeign.oauth2.enabled")protected static class Oauth2FeignConfiguration {// 已经注册 OAuth2AuthorizedClientService ClientRegistrationRepository Bean 的情况下注册 feignOAuth2AuthorizedClientManager@Bean@ConditionalOnBean({ OAuth2AuthorizedClientService.class, ClientRegistrationRepository.class })@ConditionalOnMissingBeanOAuth2AuthorizedClientManager feignOAuth2AuthorizedClientManager(ClientRegistrationRepository clientRegistrationRepository,OAuth2AuthorizedClientService oAuth2AuthorizedClientService) {return new AuthorizedClientServiceOAuth2AuthorizedClientManager(clientRegistrationRepository,oAuth2AuthorizedClientService);}// 注册拦截器@Bean@ConditionalOnBean(OAuth2AuthorizedClientManager.class)public OAuth2AccessTokenInterceptor defaultOAuth2AccessTokenInterceptor(@Value("${spring.cloud.openfeign.oauth2.clientRegistrationId:}") String clientRegistrationId,OAuth2AuthorizedClientManager oAuth2AuthorizedClientManager) {return new OAuth2AccessTokenInterceptor(clientRegistrationId, oAuth2AuthorizedClientManager);}}...
}
- Web应用 oauth2客户端自动配置
spring-boot-autoconfigure
org.springframework.boot.autoconfigure.security.oauth2.client.servlet.OAuth2ClientAutoConfiguration
@AutoConfiguration(before = SecurityAutoConfiguration.class)
@ConditionalOnClass({ EnableWebSecurity.class, ClientRegistration.class })
// 需要Web应用
@ConditionalOnWebApplication(type = ConditionalOnWebApplication.Type.SERVLET)
@Import({ // 注册OAuth2ClientRegistrationRepositoryOAuth2ClientRegistrationRepositoryConfiguration.class, // 注册OAuth2AuthorizedClientServiceOAuth2WebSecurityConfiguration.class
})
public class OAuth2ClientAutoConfiguration {}
)
)
