Spring OAuth2 ResourceServer 外部 AuthorizationServer [英] Spring OAuth2 ResourceServer external AuthorizationServer

问题描述

你如何只设置一个单独的 Spring OAuth2 ResourceServer，它使用 3rd 方 AuthorizationServer

How do you setup a separate Spring OAuth2 ResourceServer only, that uses and 3rd party AuthorizationServer

我看到的所有示例总是在同一个应用程序中实现 ResourceServer 和 AuthorizationServer.

All examples I see always implement the ResourceServer and AuthorizationServer in same application.

我不想实现 AuthorizationServer，因为其他人会提供它.

I don't want to implement the AuthorizationServer as someone else is going to provide this.

尝试过但没有运气

@Configuration
   @EnableResourceServer
   public class OAuth2ResourceServerConfig extends ResourceServerConfigurerAdapter

和 application.yml 包含

And application.yml includes

security:
  oauth2:
    resource:
      userInfoUri: https://...../userinfo

<小时>

向我的问题添加一些进一步的细节::

据我所知 - 使用 OAuth 有 4 个玩家:

---

Adding to my question some further details::

In my understanding - with OAuth there are 4 players:

• 资源所有者:一个人
• 资源服务器:服务器公开受保护的 API(由身份验证服务器保护)
• 身份验证服务器:处理向客户端发出访问令牌的服务器
• 客户端:在资源所有者同意后访问资源服务器 API 的应用程序(比如网站)

我尝试了各种教程，但似乎都实现了自己的授权服务器

I have tried various tutorials, but all seem to implement their own Authorisation server

http://www.swisspush.org/security/2016/10/17/oauth2-in-depth-introduction-for-enterpriseshttps://gigsterous.github.io/engineering/2017/03/01/spring-boot-4.html

或者是实现客户端播放器的示例

or are examples of implementing the client player

• http://www.baeldung.com/spring-security-openid-connect
• https://spring.io/guides/tutorials/spring-boot-oauth2/

我的问题是:我如何通过 3rd 方身份验证服务器仅实现保护我的 REST API 的资源服务器，仅此而已.

My Question is: How do I implement just the Resource Server which secures my REST API, via a 3rd party authentication server, nothing more.

推荐答案

我已经解决了 - 你只需要:

I have work this out - all you need is:

@SpringBootApplication
@EnableResourceServer
public class ResourceServer {

    public static void main(String[] args) {
        SpringApplication.run(ResourceServer.class, args);
    }
}

使用 application.yml 作为原始问题中发布的:

With the application.yml as posted in the original question of:

security:
 oauth2:
   resource:
     userInfoUri: https://........userinfo

这篇关于Spring OAuth2 ResourceServer 外部 AuthorizationServer的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！