security.oauth2.resource.user-info-uri:配置userinfo的url地址
security.oauth2.resource.token-info-uri:配置check-token的url地址;
security.oauth2.resource.prefer-token-info=true,如果上面两个都配置了,更倾向于用哪个
security.oauth2.resource.filter-order :ResourceServer的Filter们的顺序
security.oauth2.resource.token-type:请求资源时,在token-type的地方,写什么内容
@EnableOAuth2Client将会创建OAuth2ClientContext 和OAuth2ProtectedResourceDetails,最终是要创建OAuth2RestOperations(OAuth2RestTemplate)
OAuth2ProtectedResourceDetails会绑定security.oauth2.client.的配置信息,也就是说所有用到OAuth2ProtectedResourceDetails这个Bean的地方都得配置security.oauth2.client.,也就是说,所有需要OAuth2RestTemplate这个bean的地方都得配置security.oauth2.client.*;
security.oauth2.client.*是用来创建OAuth2ProtectedResourceDetails的,OAuth2ProtectedResourceDetails是用来创建OAuth2RestOperations(OAuth2RestTemplate)的,feign也是用OAuth2ProtectedResourceDetails这个bean来获取client的信息的,Zuul和Resource Server中继的支持也是用的OAuth2RestTemplate这个Bean;
client 怎么知道Authorization Server的信息?
security.oauth2.client.clientId
security.oauth2.client.clientSecret
security.oauth2.client.accessTokenUri
security.oauth2.client.userAuthorizationUri
security.oauth2.client.clientAuthenticationScheme:header、form
security.oauth2.client.scope:限制获取的token的权限
proxy:
auth:
load-balanced: true
@Bean
public OAuth2RestTemplate restTemplate(UserInfoRestTemplateFactory factory) {
return factory.getUserInfoRestTemplate();
}
如果只是OauthClient或者OauthSSo标识的应用,用下面这个
@Bean
public OAuth2RestTemplate oauth2RestTemplate(OAuth2ClientContext oauth2ClientContext,
OAuth2ProtectedResourceDetails details) {
return new OAuth2RestTemplate(details, oauth2ClientContext);
}