springcloud Oauth2授权,四种授权类型

叁歲伎倆 2022-12-21 04:45 306阅读 0赞

db4a039f80624659e92b7244870a0228.png

创建认证服务器:

pom依赖:

  1. <?xml version=”1.0” encoding=”UTF-8”?>
  2. <project xmlns=”http://maven.apache.org/POM/4.0.0“
  3. xmlns:xsi=”http://www.w3.org/2001/XMLSchema-instance“
  4. xsi:schemaLocation=”http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
  6. springcloud1
  7. org.example
  8. 1.0-SNAPSHOT
  10. 4.0.0
  12. springcloud-oauth-uaa-8003
  18. org.springframework.cloud
  19. spring-cloud-dependencies
  20. Finchley.RELEASE
  21. pom
  22. import
  26. org.springframework.boot
  27. spring-boot-starter-web
  28. 2.1.4.RELEASE
  32. org.springframework.boot
  33. spring-boot-test
  37. org.springframework.cloud
  38. spring-cloud-netflix-eureka-client
  43. org.springframework.boot
  44. spring-boot-starter-security
  49. org.springframework.cloud
  50. spring-cloud-starter-oauth2
  55. org.springframework.security
  56. spring-security-jwt

创建认证服务器配置类AuthorizationServerConfigurerAdapter:

  1. package com.shen.config;
  3. import jdk.nashorn.internal.parser.Token;
  4. import org.springframework.beans.factory.annotation.Autowired;
  5. import org.springframework.context.annotation.Bean;
  6. import org.springframework.context.annotation.Configuration;
  7. import org.springframework.http.HttpMethod;
  8. import org.springframework.security.authentication.AuthenticationManager;
  9. import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
  10. import org.springframework.security.crypto.factory.PasswordEncoderFactories;
  11. import org.springframework.security.crypto.password.PasswordEncoder;
  12. import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
  13. import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
  14. import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
  15. import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
  16. import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;
  17. import org.springframework.security.oauth2.provider.ClientDetailsService;
  18. import org.springframework.security.oauth2.provider.code.AuthorizationCodeServices;
  19. import org.springframework.security.oauth2.provider.code.InMemoryAuthorizationCodeServices;
  20. import org.springframework.security.oauth2.provider.token.AuthorizationServerTokenServices;
  21. import org.springframework.security.oauth2.provider.token.DefaultTokenServices;
  22. import org.springframework.security.oauth2.provider.token.TokenStore;
  23. import org.springframework.security.oauth2.provider.token.store.InMemoryTokenStore;
  25. @Configuration
  26. @EnableAuthorizationServer
  27. public class AuthorizationServer extends AuthorizationServerConfigurerAdapter {
  29. @Bean
  30. public PasswordEncoder passwordEncoder() {
  31. return new BCryptPasswordEncoder();
  32. }
  34. @Bean
  35. public AuthorizationCodeServices authorizationCodeServices(){
  36. // 配置授权码服务
  37. return new InMemoryAuthorizationCodeServices();
  38. }
  40. @Bean
  41. public TokenStore tokenStore(){
  42. return new InMemoryTokenStore();
  43. }
  45. @Autowired
  46. private TokenStore tokenStore;
  48. @Autowired
  49. private AuthorizationCodeServices authorizationCodeServices;
  51. @Autowired
  52. private AuthenticationManager authenticationManager;
  54. @Override
  55. public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
  56. clients.inMemory()
  57. .withClient(“client1”)
  58. .secret(new BCryptPasswordEncoder().encode(“secret”))
  59. .authorizedGrantTypes(“client_credentials”, “password”, “refresh_token”, “authorization_code”)
  60. .scopes(“all”)
  61. .resourceIds(“all”)
  62. .autoApprove(false)
  63. .redirectUris(“http://www.baidu.com“)
  64. .accessTokenValiditySeconds(1200)
  65. .refreshTokenValiditySeconds(50000);
  66. }
  68. @Autowired
  69. private ClientDetailsService clientDetailsService;
  71. @Bean
  72. public AuthorizationServerTokenServices tokenServices(){
  73. DefaultTokenServices services = new DefaultTokenServices();
  74. services.setClientDetailsService(clientDetailsService);
  75. services.setSupportRefreshToken(true);
  76. services.setTokenStore(tokenStore);
  77. services.setAccessTokenValiditySeconds(7200);
  78. services.setRefreshTokenValiditySeconds(36000);
  79. return services;
  80. }
  82. @Override
  83. public void configure(AuthorizationServerSecurityConfigurer oauthServer) throws Exception {
  84. oauthServer
  85. .tokenKeyAccess(“permitAll()”)
  86. //allow check token
  87. .checkTokenAccess(“permitAll()”)
  88. .allowFormAuthenticationForClients();
  89. }
  92. @Override
  93. public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
  94. endpoints.
  95. authenticationManager(authenticationManager)
  96. .authorizationCodeServices(authorizationCodeServices)
  97. .tokenServices(tokenServices())
  98. .allowedTokenEndpointRequestMethods(HttpMethod.POST);
  99. }
  102. }

创建security配置实现类WebSecurityConfigurerAdapter:

  1. package com.shen.config;
  3. import org.springframework.context.annotation.Bean;
  4. import org.springframework.context.annotation.Configuration;
  5. import org.springframework.security.authentication.AuthenticationManager;
  6. import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
  7. import org.springframework.security.config.annotation.web.builders.HttpSecurity;
  8. import org.springframework.security.config.annotation.web.builders.WebSecurity;
  9. import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
  10. import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
  11. import org.springframework.security.crypto.password.PasswordEncoder;
  13. @Configuration
  14. public class MySecurityConfig extends WebSecurityConfigurerAdapter {
  16. private PasswordEncoder passwordEncoder() {
  17. return new BCryptPasswordEncoder();
  18. }
  20. @Override
  21. @Bean
  22. public AuthenticationManager authenticationManagerBean() throws Exception {
  23. return super.authenticationManagerBean();
  24. }
  26. @Override
  27. protected void configure(AuthenticationManagerBuilder auth) throws Exception {
  28. // Spring Security提供了一套基于内存的验证
  29. auth.inMemoryAuthentication()
  30. .passwordEncoder(new BCryptPasswordEncoder())
  31. .withUser(“admin”).password(new BCryptPasswordEncoder()
  32. .encode(“123456”)).roles(“r1”);
  33. }
  35. @Override
  36. protected void configure(HttpSecurity http) throws Exception {
  37. // 决定那些请求被拦截
  38. http
  39. .authorizeRequests()
  40. .antMatchers(“/css/**“, “/js/**“, “/fonts/**“, “/index”).permitAll() //都可以访问
  41. // .antMatchers(“”).permitAll()// 主路径放行
  42. .anyRequest().permitAll()// 其他请求需经过验证
  43. .and()
  44. .formLogin()
  45. .loginProcessingUrl(“/login”)
  46. .permitAll()// 表单登录允许任意权限访问
  47. .and()
  48. .logout().permitAll();// 注销操作允许任意权限访问
  49. http.csrf().disable();// 关闭默认的csrf认证
  50. }
  52. // @Override
  53. // public void configure(WebSecurity web) throws Exception {
  54. // web.ignoring().antMatchers(“/js’/**“, “/css/**“, “/images/**“);// 对js、css、images不做拦截
  55. // }
  56. }

获取授权码方式:

授权码模式:

访问此链接获取授权码:http://localhost:8003/oauth/authorize?response\_type=code&client\_id=client1&redirect\_uri=http://www.baidu.com

bd17f620320d094ac15393c98792793b.png

这个就是授权码:
7310a3a497de9cb6c0aa909fee19f60a.png

然后通过授权码获取token:

0513c06d744cf510cdf8a65cfda2aa67.png

密码模式(直接通过账号密码获取token):

28ce1e0a87af842e003a4a5a45942038.png

发表评论

表情:
评论列表 (有 0 条评论,306人围观)

还没有评论,来说两句吧...

相关阅读

    相关 OAuth2授权方式

    最近在做第三方接入的,初步定下使用OAuth2协议,花了些时间对OAuth2的授权方式做了些了解。   我还记得一两年前,跟一位同事聊起互联网时,当时我说过一个想法:   

    深碍√TFBOYSˉ_深碍√TFBOYSˉ_/ 0/ 289 阅读