OAuth2四种授权登录之简化模式、客户端模式获取TOKEN

迷南。 2024-04-18 16:34 62阅读 0赞

学习地址:

https://www.majiaxueyuan.com/uc/play/65

Oauth2.0的一些简单介绍：

https://blog.csdn.net/qq\_28198181/article/details/100523474

# 1.简化模式 #

授权类型implicit

放到了configure方法中

import org.springframework.context.annotation.Bean;
    import org.springframework.context.annotation.Configuration;
    import org.springframework.http.HttpMethod;
    import org.springframework.security.authentication.AuthenticationManager;
    import org.springframework.security.authentication.AuthenticationProvider;
    import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
    import org.springframework.security.core.Authentication;
    import org.springframework.security.core.AuthenticationException;
    import org.springframework.security.core.userdetails.User;
    import org.springframework.security.core.userdetails.UserDetailsService;
    import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
    import org.springframework.security.crypto.password.PasswordEncoder;
    import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
    import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
    import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
    import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
    import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;
    import org.springframework.security.provisioning.InMemoryUserDetailsManager;
     
    /**
     * @author : HYXT_ZouQiJun
     * @createTime : 2019/9/3 15:33
     * @descrption :
     */
    @Configuration
    @EnableAuthorizationServer
    public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {
     
        //accessToken 过期
        private int accessTokenValiditySecond = 60 * 60 * 2; //2小时
        private int refreshTokenValiditySecond = 60 * 60 * 24 * 7; // 7 天
     
     
        //添加商户信息
        public void configure(ClientDetailsServiceConfigurer configurer) throws Exception {
     
            //withClient Appid
            configurer.inMemory().withClient("yyy_client").secret(passwordEncoder().encode("yyy_secret")) //设置用户 和密码
                    
                                                                      //这里放入了简化模式 implicit
               .authorizedGrantTypes("password","authorization_code","implicit","client_credentials","refresh_token").scopes("all") //设置权限类型,用密码，客户端,刷新的token  权限为所有人
                    .accessTokenValiditySeconds(accessTokenValiditySecond)
                    .refreshTokenValiditySeconds(refreshTokenValiditySecond);
        }
     
        //定义授权和令牌端点和令牌服务
        public void configure(AuthorizationServerEndpointsConfigurer endpointsConfigurer){
     
            //刷新令牌时需要的认证管理和用户信息来源
            endpointsConfigurer.authenticationManager(authenticationManager()).allowedTokenEndpointRequestMethods(HttpMethod.GET,HttpMethod.POST);
            endpointsConfigurer.authenticationManager(authenticationManager());
            endpointsConfigurer.userDetailsService(userDetailsService());
        }
     
        @Override
        public void configure(AuthorizationServerSecurityConfigurer oauthServer) throws Exception {
     
            //允许表单认证
            oauthServer.allowFormAuthenticationForClients();
     
            //允许 check_token 访问
            oauthServer.checkTokenAccess("permitAll()");
        }
     
        @Bean
        AuthenticationManager authenticationManager() {
            AuthenticationManager authenticationManager = new AuthenticationManager() {
                public Authentication authenticate(Authentication authentication) throws AuthenticationException {
                    return daoAuhthenticationProvider().authenticate(authentication);
                }
            };
            return authenticationManager;
        }
     
        @Bean
        public AuthenticationProvider daoAuhthenticationProvider() {
            DaoAuthenticationProvider daoAuthenticationProvider = new DaoAuthenticationProvider();
            daoAuthenticationProvider.setUserDetailsService(userDetailsService());
            daoAuthenticationProvider.setHideUserNotFoundExceptions(false);
            daoAuthenticationProvider.setPasswordEncoder(passwordEncoder());
            return daoAuthenticationProvider;
        }
     
        // 设置添加用户信息,正常应该从数据库中读取
        @Bean
        UserDetailsService userDetailsService() {
            InMemoryUserDetailsManager userDetailsService = new InMemoryUserDetailsManager();
            userDetailsService.createUser(User.withUsername("user_1").password(passwordEncoder().encode("123456"))
                    .authorities("ROLE_USER").build());
            userDetailsService.createUser(User.withUsername("user_2").password(passwordEncoder().encode("123456"))
                    .authorities("ROLE_USER").build());
            return userDetailsService;
        }
     
        @Bean
        PasswordEncoder passwordEncoder() {
            // 加密方式
            PasswordEncoder passwordEncoder = new BCryptPasswordEncoder();
            return passwordEncoder;
        }
     
    }

然后直接访问URL （回调的URL可以自己做）

http://localhost:8080/oauth/authorize?response_type=token&client_id=yyy_client&redirect_uri=http://www.4399.com

可以看到token会在地址上显示

# 2.客户端模式 #

import org.springframework.context.annotation.Bean;
    import org.springframework.context.annotation.Configuration;
    import org.springframework.http.HttpMethod;
    import org.springframework.security.authentication.AuthenticationManager;
    import org.springframework.security.authentication.AuthenticationProvider;
    import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
    import org.springframework.security.core.Authentication;
    import org.springframework.security.core.AuthenticationException;
    import org.springframework.security.core.userdetails.User;
    import org.springframework.security.core.userdetails.UserDetailsService;
    import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
    import org.springframework.security.crypto.password.PasswordEncoder;
    import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
    import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
    import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
    import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
    import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;
    import org.springframework.security.provisioning.InMemoryUserDetailsManager;
     
    /**
     * @author : HYXT_ZouQiJun
     * @createTime : 2019/9/3 15:33
     * @descrption :
     */
    @Configuration
    @EnableAuthorizationServer
    public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {
     
        //accessToken 过期
        private int accessTokenValiditySecond = 60 * 60 * 2; //2小时
        private int refreshTokenValiditySecond = 60 * 60 * 24 * 7; // 7 天
     
     
        //添加商户信息
        public void configure(ClientDetailsServiceConfigurer configurer) throws Exception {
     
            //withClient Appid
            configurer.inMemory().withClient("yyy_client").secret(passwordEncoder().encode("yyy_secret")) //设置用户 和密码
                    
                                                                      //这里放入了客户端模式 client_credentials
               .authorizedGrantTypes("password","authorization_code","implicit","client_credentials","refresh_token").scopes("all") //设置权限类型,用密码，客户端,刷新的token  权限为所有人
                    .accessTokenValiditySeconds(accessTokenValiditySecond)
                    .refreshTokenValiditySeconds(refreshTokenValiditySecond);
        }
     
        //定义授权和令牌端点和令牌服务
        public void configure(AuthorizationServerEndpointsConfigurer endpointsConfigurer){
     
            //刷新令牌时需要的认证管理和用户信息来源
            endpointsConfigurer.authenticationManager(authenticationManager()).allowedTokenEndpointRequestMethods(HttpMethod.GET,HttpMethod.POST);
            endpointsConfigurer.authenticationManager(authenticationManager());
            endpointsConfigurer.userDetailsService(userDetailsService());
        }
     
        @Override
        public void configure(AuthorizationServerSecurityConfigurer oauthServer) throws Exception {
     
            //允许表单认证
            oauthServer.allowFormAuthenticationForClients();
     
            //允许 check_token 访问
            oauthServer.checkTokenAccess("permitAll()");
        }
     
        @Bean
        AuthenticationManager authenticationManager() {
            AuthenticationManager authenticationManager = new AuthenticationManager() {
                public Authentication authenticate(Authentication authentication) throws AuthenticationException {
                    return daoAuhthenticationProvider().authenticate(authentication);
                }
            };
            return authenticationManager;
        }
     
        @Bean
        public AuthenticationProvider daoAuhthenticationProvider() {
            DaoAuthenticationProvider daoAuthenticationProvider = new DaoAuthenticationProvider();
            daoAuthenticationProvider.setUserDetailsService(userDetailsService());
            daoAuthenticationProvider.setHideUserNotFoundExceptions(false);
            daoAuthenticationProvider.setPasswordEncoder(passwordEncoder());
            return daoAuthenticationProvider;
        }
     
        // 设置添加用户信息,正常应该从数据库中读取
        @Bean
        UserDetailsService userDetailsService() {
            InMemoryUserDetailsManager userDetailsService = new InMemoryUserDetailsManager();
            userDetailsService.createUser(User.withUsername("user_1").password(passwordEncoder().encode("123456"))
                    .authorities("ROLE_USER").build());
            userDetailsService.createUser(User.withUsername("user_2").password(passwordEncoder().encode("123456"))
                    .authorities("ROLE_USER").build());
            return userDetailsService;
        }
     
        @Bean
        PasswordEncoder passwordEncoder() {
            // 加密方式
            PasswordEncoder passwordEncoder = new BCryptPasswordEncoder();
            return passwordEncoder;
        }
     
    }

使用postman发送数据，客户端模式不需要密码和帐号

![watermark_type_ZmFuZ3poZW5naGVpdGk_shadow_10_text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L3FxXzI4MTk4MTgx_size_16_color_FFFFFF_t_70][]

[watermark_type_ZmFuZ3poZW5naGVpdGk_shadow_10_text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L3FxXzI4MTk4MTgx_size_16_color_FFFFFF_t_70]: https://image.dandelioncloud.cn/pgy_files/images/2024/04/18/0e91371ff96c4418b85b4d3873174220.png