SpringSecurity OAuth2 Authorization Server Gerçekleştirimi

Gradle

Şu satırı dahil ederiz

implementation 'org.springframework.security:spring-security-oauth2-authorization-server:1.0.0'
implementation 'org.springframework.boot:spring-boot-starter-security'
implementation 'org.springframework.boot:spring-boot-starter-web'

testImplementation 'org.springframework.boot:spring-boot-starter-test'
testImplementation 'org.springframework.security:spring-security-test'

1. OAuth2AuthorizationServerConfiguration Bean tanımla

Şöyle yaparız

import org.springframework.security.oauth2.server.authorization.config.annotation
.web.configuration.OAuth2AuthorizationServerConfiguration;

@Bean
@Order(Ordered.HIGHEST_PRECEDENCE)
public SecurityFilterChain authServerSecurityFilterChain(HttpSecurity http) throws Exception {
  OAuth2AuthorizationServerConfiguration.applyDefaultSecurity(http);
  return http.build();
}

2. RegisteredClientRepository Bean Tanımla

Şöyle yaparız

import org.springframework.security.oauth2.server.authorization.client
  .InMemoryRegisteredClientRepository;
import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;


@Bean
public RegisteredClientRepository registeredClientRepository() {
  RegisteredClient registeredClient 
    = RegisteredClient.withId(UUID.randomUUID().toString())
    .clientId("oauth-client")
    .clientSecret("{noop}oauth-secret")
    .clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_BASIC)
    .authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS)
    .scope(OidcScopes.OPENID)
    .scope("articles.read")
    .build();
  return new InMemoryRegisteredClientRepository(registeredClient);
}

3. JWT Decoder Tanımla

Şöyle yaparız

@Bean
public JwtDecoder jwtDecoder(JWKSource<SecurityContext> jwkSource) {
    return OAuth2AuthorizationServerConfiguration.jwtDecoder(jwkSource);
}

Public ve private key yaratmak şöyle

@Bean
public JWKSource<SecurityContext> jwkSource() throws NoSuchAlgorithmException {
    RSAKey rsaKey = generateRsa();
    JWKSet jwkSet = new JWKSet(rsaKey);
    return (jwkSelector, securityContext) -> jwkSelector.select(jwkSet);
}

private static RSAKey generateRsa() throws NoSuchAlgorithmException {
    KeyPair keyPair = generateRsaKey();
    RSAPublicKey publicKey = (RSAPublicKey) keyPair.getPublic();
    RSAPrivateKey privateKey = (RSAPrivateKey) keyPair.getPrivate();
    return new RSAKey.Builder(publicKey)
      .privateKey(privateKey)
      .keyID(UUID.randomUUID().toString())
      .build();
}

private static KeyPair generateRsaKey() throws NoSuchAlgorithmException {
    KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
    keyPairGenerator.initialize(2048);
    return keyPairGenerator.generateKeyPair();
}

4. AuthorizationServerSettings Bean Tanımla

Şöyle yaparız

@Bean
public AuthorizationServerSettings authorizationServerSettings() {
    return AuthorizationServerSettings.builder().build();
}

Token almak için şöyle yaparız

curl -X POST 'http://localhost:9090/oauth2/token?grant_type=client_credentials' \
  --header 'Authorization: Basic b2F1dGgtY2xpZW50Om9hdXRoLXNlY3JldA=='

Burada Basic'ten gelen string base64 encoded. Açılmış hali şöyle

oauth-client:oauth-secret

Gelen cevap şöyle

{
  "access_token": "...",
  "token_type": "Bearer",
  "expires_in": 299
}