14 Şubat 2023 Salı

SpringSecurity OAuth2 Authorization Server Gerçekleştirimi

Gradle
Şu satırı dahil ederiz
implementation 'org.springframework.security:spring-security-oauth2-authorization-server:1.0.0'
implementation 'org.springframework.boot:spring-boot-starter-security'
implementation 'org.springframework.boot:spring-boot-starter-web'

testImplementation 'org.springframework.boot:spring-boot-starter-test'
testImplementation 'org.springframework.security:spring-security-test'
1. OAuth2AuthorizationServerConfiguration Bean tanımla
Şöyle yaparız
import org.springframework.security.oauth2.server.authorization.config.annotation
.web.configuration.OAuth2AuthorizationServerConfiguration; @Bean @Order(Ordered.HIGHEST_PRECEDENCE) public SecurityFilterChain authServerSecurityFilterChain(HttpSecurity http) throws Exception { OAuth2AuthorizationServerConfiguration.applyDefaultSecurity(http); return http.build(); }
2. RegisteredClientRepository Bean Tanımla
Şöyle yaparız
import org.springframework.security.oauth2.server.authorization.client
  .InMemoryRegisteredClientRepository;
import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;


@Bean
public RegisteredClientRepository registeredClientRepository() {
  RegisteredClient registeredClient 
    = RegisteredClient.withId(UUID.randomUUID().toString())
    .clientId("oauth-client")
    .clientSecret("{noop}oauth-secret")
    .clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_BASIC)
    .authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS)
    .scope(OidcScopes.OPENID)
    .scope("articles.read")
    .build();
  return new InMemoryRegisteredClientRepository(registeredClient);
}
3. JWT Decoder Tanımla
Şöyle yaparız
@Bean
public JwtDecoder jwtDecoder(JWKSource<SecurityContext> jwkSource) {
    return OAuth2AuthorizationServerConfiguration.jwtDecoder(jwkSource);
}
Public ve private key yaratmak şöyle
@Bean
public JWKSource<SecurityContext> jwkSource() throws NoSuchAlgorithmException {
    RSAKey rsaKey = generateRsa();
    JWKSet jwkSet = new JWKSet(rsaKey);
    return (jwkSelector, securityContext) -> jwkSelector.select(jwkSet);
}

private static RSAKey generateRsa() throws NoSuchAlgorithmException {
    KeyPair keyPair = generateRsaKey();
    RSAPublicKey publicKey = (RSAPublicKey) keyPair.getPublic();
    RSAPrivateKey privateKey = (RSAPrivateKey) keyPair.getPrivate();
    return new RSAKey.Builder(publicKey)
      .privateKey(privateKey)
      .keyID(UUID.randomUUID().toString())
      .build();
}

private static KeyPair generateRsaKey() throws NoSuchAlgorithmException {
    KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
    keyPairGenerator.initialize(2048);
    return keyPairGenerator.generateKeyPair();
}
4. AuthorizationServerSettings Bean Tanımla
Şöyle yaparız
@Bean
public AuthorizationServerSettings authorizationServerSettings() {
    return AuthorizationServerSettings.builder().build();
}
Token almak için şöyle yaparız
curl -X POST 'http://localhost:9090/oauth2/token?grant_type=client_credentials' \
  --header 'Authorization: Basic b2F1dGgtY2xpZW50Om9hdXRoLXNlY3JldA=='
Burada Basic'ten gelen string base64 encoded. Açılmış hali şöyle
oauth-client:oauth-secret
Gelen cevap şöyle
{
  "access_token": "...",
  "token_type": "Bearer",
  "expires_in": 299
}



Hiç yorum yok:

Yorum Gönder