spring-security oauth2.0简单集成
2021-01-26 19:15
标签:fastjson relative 获取用户信息 release local crypto redirect word autowired 需要2个服务,一个认证授权服务,一个资源服务 认证授权服务为客户端颁发令牌,资源服务用于客户端获取用户信息。 pom文件: AuthorizationConfig.java SecurityConfig.java 启动类 AuthServerApplication.java 配置文件 application.properties 到此认证授权服务配置完成,直接启动即可。 3.1 资源服务项目目录 UserController.java 启动类 ResourceServerApplication.java 配置文件 application.properties 到此资源服务配置完成,启动服务即可。 然后自动跳入登录地址,输入账号密码登录: admin/admin 登录成功提示用户是否允许授权,点Approve允许 登录成功,自动调转到回调地址,并在url中带有code参数 那着这个code用postman发请求获取令牌 成功拿到令牌access_token。 接着用这个令牌访问资源服务 请求成功。也可以这样请求 到此全部结束。!!!!! spring-security oauth2.0简单集成 标签:fastjson relative 获取用户信息 release local crypto redirect word autowired 原文地址:https://www.cnblogs.com/f-society/p/12850768.html1. 总体架构:
2.认证授权服务
2.1 项目目录:
2.2 代码
package com.intfish.authorization.config;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.factory.PasswordEncoderFactories;
import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;
import org.springframework.security.oauth2.provider.token.TokenStore;
import org.springframework.security.oauth2.provider.token.store.InMemoryTokenStore;
@Configuration
public class AuthorizationConfig extends AuthorizationServerConfigurerAdapter {
@Autowired
private AuthenticationManager authenticationManager;
@Autowired
private UserDetailsService userDetailsService;
@Bean
public TokenStore memoryTokenStore(){
//token存在内存中
return new InMemoryTokenStore();
}
@Override
public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
//tokenKeyAccess("permitAll()")表示谁都可以获取令牌 checkTokenAccess("isAuthenticated()")表示只有认证之后才可以检查令牌
security.tokenKeyAccess("permitAll()").checkTokenAccess("isAuthenticated()").allowFormAuthenticationForClients();
}
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients.inMemory().withClient("client1") //客户端id
.authorizedGrantTypes("authorization_code", "refresh_token") //允许authorization_code和refresh_token授权
.scopes("test") //权限范围 可以是 read,write 自己填
.secret(PasswordEncoderFactories.createDelegatingPasswordEncoder().encode("123456")) //客户端secret
.redirectUris("http://www.baidu.com"); //回调地址,用于接收code和access_token
}
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
endpoints.authenticationManager(authenticationManager).tokenStore(memoryTokenStore()).userDetailsService(userDetailsService);
}
}
package com.intfish.authorization.config;
import org.springframework.context.annotation.Bean;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.factory.PasswordEncoderFactories;
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Bean
@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
@Bean
@Override
public UserDetailsService userDetailsService() {
//基于内存查询用户
InMemoryUserDetailsManager userDetailsManager = new InMemoryUserDetailsManager();
userDetailsManager.createUser(
User.withUsername("admin")
.password(
PasswordEncoderFactories.createDelegatingPasswordEncoder().encode("admin")
).authorities("USER").build()
);
return userDetailsManager;
}
@Override
public void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService());
}
}
package com.intfish.authorization;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
@SpringBootApplication
@EnableAuthorizationServer //启用认证授权服务
public class AuthServerApplication {
public static void main(String[] args) {
SpringApplication.run(AuthServerApplication.class, args);
}
}
//默认配置即可 什么都不用配置
3. 资源服务(用于根据access_token查询用户信息)
pom文件
3.2 代码
package com.intfish.resourceserver.controller;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.core.Authentication;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
@RestController
@RequestMapping("/user")
public class UserController {
private Logger log = LoggerFactory.getLogger(this.getClass());
@PostMapping("getUserInfo")
public Object getUserInfo(Authentication authentication){
log.info("获取用户信息;"+ authentication);
return authentication;
}
}
package com.intfish.resourceserver;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
@SpringBootApplication
@EnableResourceServer //开启资源服务
public class ResourceServerApplication {
public static void main(String[] args) {
SpringApplication.run(ResourceServerApplication.class, args);
}
}
server.port=9090
auth-server-url=http://localhost:8080
security.oauth2.client.client-id=client1
security.oauth2.client.client-secret=123456
security.oauth2.client.scope=test
security.oauth2.client.access-token-uri=${auth-server-url}/oauth/token
security.oauth2.client.user-authorization-uri=${auth-server-url}/oauth/authorize
security.oauth2.resource.token-info-uri=${auth-server-url}/oauth/check_token
4. 认证授权+获取令牌(access_token)
4.1 用浏览器访问 认证授权服务
http://localhost:8080/oauth/authorize?response_type=code&client_id=client1&redirect_uri=http://www.baidu.com
http://localhost:9090/user/getUserInfo?access_token=2f3c1803-dbb8-4f95-acf6-88a298309ecd
文章标题:spring-security oauth2.0简单集成
文章链接:http://soscw.com/index.php/essay/47407.html