背景: 网上很多讲配置 oauth2 ,配置方法 复杂纷繁对于初学者很不友好,让人望而却步
欢迎关注本系列博客 基于 spring cloud 最新版本 hoxton 完成oauth2 的实践
Spring Cloud OAuth
]( http://www.ruanyifeng.com/blo...
名称 | 版本 |
---|---|
Spring Boot | 2.2.0.M5 |
Spring Cloud | Hoxton.M2 |
Spring Cloud OAuth2 | 2.2.0.M2 |
<dependencies> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-web</artifactId> </dependency> <dependency> <groupId>org.springframework.cloud</groupId> <artifactId>spring-cloud-starter-oauth2</artifactId> </dependency> </dependencies>
@Configuration @EnableWebSecurity @EnableGlobalMethodSecurity(prePostEnabled = true) public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter { /** * 必须注入 AuthenticationManager,不然oauth 无法处理四种授权方式 * * @return * @throws Exception */ @Bean @Override public AuthenticationManager authenticationManagerBean() throws Exception { return super.authenticationManagerBean(); } /** * 必须注入UserDetailsService ,不然oauth 密码模式等死循环问题 * * @return */ @Bean @Override protected UserDetailsService userDetailsService() { InMemoryUserDetailsManager userDetailsManager = new InMemoryUserDetailsManager(); userDetailsManager.createUser(User.withUsername("lengleng").password("{noop}lengleng").authorities("USER").build()); return userDetailsManager; } }
@Configuration @EnableAuthorizationServer public class BigAuthServerConfiguration extends AuthorizationServerConfigurerAdapter { @Autowired private AuthenticationManager authenticationManager; @Autowired private UserDetailsService userDetailsService; @Override public void configure(ClientDetailsServiceConfigurer clients) throws Exception { clients.inMemory() .withClient("appid") .secret("{noop}secret") .authorizedGrantTypes("password", "authorization_code", "client_credentials", "implicit", "refresh_token") .scopes("all"); } @Override public void configure(AuthorizationServerEndpointsConfigurer endpoints) { endpoints.authenticationManager(authenticationManager) .userDetailsService(userDetailsService); } }
以上完成了认证服务器的功能
curl -X POST -H "Content-Type: application/x-www-form-urlencoded" -d 'grant_type=password&username=lengleng&password=lengleng&scope=all' "http://appid:secret@localhost:8764/oauth/token"
<dependencies> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-web</artifactId> </dependency> <dependency> <groupId>org.springframework.cloud</groupId> <artifactId>spring-cloud-starter-oauth2</artifactId> </dependency> </dependencies>
security: oauth2: client: client-id: appid client-secret: secret scope: all resource: # 认证中心的check_token 接口地址 token-info-uri: http://127.0.0.1:8764/oauth/check_token
// 接入oauth2 ,声明为资源服务器 @EnableResourceServer @EnableDiscoveryClient @SpringBootApplication public class BigUpmsServerApplication { public static void main(String[] args) { SpringApplication.run(BigUpmsServerApplication.class, args); } }
public class BigAuthServerConfiguration extends AuthorizationServerConfigurerAdapter { /** * checkTokenAccess 权限设置为isAuthenticated,不然资源服务器 来请求403 * @param oauthServer */ @Override public void configure(AuthorizationServerSecurityConfigurer oauthServer) { oauthServer .allowFormAuthenticationForClients() .checkTokenAccess("isAuthenticated()"); } }
@RestController public class DemoController { @GetMapping("/info") public Authentication authentication(Authentication authentication) { return authentication; } }