英文:
How can I use an Angular login instead of Spring Security's login for my OAuth2 server?
问题
我有一个使用Spring Boot 3和Spring Security 6、Java 17的微服务架构。
我已经实现了一个OAuth2服务器,用于应用程序的身份验证和授权,并将其连接到API网关。
集成已准备好,但现在我遇到了一个问题,我不知道如何解耦服务器的登录。我的意思是,我有一个带有自己登录功能的Angular客户端,我希望使用它来替代Spring Security提供的登录功能。然而,我不知道如何生成相应的代码等等。
我也不知道在哪里进行POST请求以传递用户名、密码等信息。
我如何使其独立于Spring Security的登录,并解耦登录以使用Angular创建的登录功能?
非常感谢您的帮助。
谢谢。
英文:
I have a microservices architecture with Spring Boot 3 and Spring Security 6, Java 17.
I have implemented an OAuth2 server for authentication and authorization of the application, which I have hooked up to the API gateway.
The integration is ready, but now I have encountered the problem that I don't know how to decouple the server's login. What I mean is, I have an Angular client with its own login, and I want to use that instead of the one provided by Spring Security. However, I don't see a possible way to generate the code, etc.
Nor do I know where to make a POST request for the username, password, etc.
How can I make it independent of Spring Security's login and decouple the login to use one made with Angular?
Thank you very much in advance.
Regards.
答案1
得分: 0
What you request would use OAuth2 flows which were deprecated for good reasons.
You should not be trying to do that: Angular app should not have access to user credentials, because of OAuth2 standard evolution, not of Spring Security limitation.
One of the points in the decoupling you are referring to, is to remove everything related to authentication mechanisms from OAuth2 clients and resource servers (only authorization server is concerned).
To go even further, if you have a gateway configured as an OAuth2 client, the Angular app isn't involved in OAuth2 at all! (it is secured with a session on the gateway, and doesn't communicate with authorization server nor accesses authorization-code or tokens).
If the concern is look & feel, style your authorization server login screens instead (almost every authorization server on the market has features to customize its appearance).
英文:
What you request would use OAuth2 flows which were deprecated for good reasons.
You should not be trying to do that: Angular app should not have access to user credentials, because of OAuth2 standard evolution, not of Spring Security limitation.
One of the points in the decoupling you are referring to, is to remove everything related to authentication mechanisms from OAuth2 clients and resource servers (only authorization server is concerned).
To go even further, if you have a gateway configured as an OAuth2 client, the Angular app isn't involved in OAuth2 at all! (it is secured with a session on the gateway, and doesn't communicate with authorization server nor accesses authorization-code or tokens).
If the concern is look & feel, style your authorisation server login screens instead (almost every authorization server on the market has features to customize its appearance).
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论