I'm trying to implement an authorization service which is similar with oauth2 just that it doesn't need a username and a password to generate the key and the refresh token.But from what i've found it looks like you have to give it an user and a password also. Are there any workarounds for this?
My code is:
@Configuration
public class AuthorizationServerConfiguration implements AuthorizationServerConfigurer {
@Autowired
private PasswordEncoder passwordEncoder;
@Autowired
private DataSource dataSource;
@Autowired
private AuthenticationManager authenticationManager;
@Override
public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
security.checkTokenAccess("isAuthenticated()").tokenKeyAccess("permitAll()");
}
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients.jdbc(dataSource).passwordEncoder(passwordEncoder);
}
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
endpoints.authenticationManager(authenticationManager);
}
}
@Configuration
public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {
@Autowired
private UserDetailsService userDetailsService;
@Bean
public AuthenticationManager getAuthenticationManager() throws Exception {
return super.authenticationManagerBean();
}
@Bean
public PasswordEncoder passwordEncoder() {
return PasswordEncoderFactories.createDelegatingPasswordEncoder();
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder());
}
}
As per your requirement you can use JWT Token. It supports various algorithm like RS256
, HS256
I will take HS256
as reference.
In your Authorization server, you need to generate Token based on some Secret key. In Client side. You need to validate token with same secret key.
承認サーバーとクライアントサーバーの間で秘密鍵を共有したくない場合
RS256
公開鍵と秘密鍵の概念を使用できます。
実装ではFilter
、各呼び出しのヘッダーでトークンをチェックするを追加する必要があります。
実装に関する詳細については、この投稿を参照してください。
この記事はインターネットから収集されたものであり、転載の際にはソースを示してください。
侵害の場合は、連絡してください[email protected]
コメントを追加