spring-security-auth2
原创大约 2 分钟
引入包
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-oauth2</artifactId>
</dependency>
基于内存的使用
认证服务器
ServerConfig.class
/**
* @ClassName ServerConfig
* @Description
* @Author yilongwu
* @DATE 2020-04-07 10:09
* @Version 1.0.0
**/
@EnableAuthorizationServer
@Configuration
public class ServerConfig extends AuthorizationServerConfigurerAdapter {
@Autowired
private PasswordEncoder passwordEncoder;
@Override
public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
// 需要允许和客户端认证,要不访问/oauth/token时会出现401
security.allowFormAuthenticationForClients();
}
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients.inMemory()
.withClient("client")
.secret(passwordEncoder.encode("123456"))
.authorizedGrantTypes("authorization_code")
.scopes("app")
.redirectUris("http://wuyilong.cc")
.resourceIds("wyl");
}
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
super.configure(endpoints);
}
}
SecurityConfig.class
**
* @ClassName SecurityConfig
* @Description
* @Author yilongwu
* @DATE 2020-04-07 10:57
* @Version 1.0.0
**/
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Bean
@Override
public UserDetailsService userDetailsServiceBean() throws Exception {
UserDetails details = User.withUsername("admin").password("$2a$10$p1eNmA1Ypwi1CygeA3l8I.qG.sWuPgpAnTRkWBaiNmVcA0EFNZqGK").authorities("p1").build();
return new InMemoryUserDetailsManager(details);
}
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
@Override
public void configure(WebSecurity web) throws Exception {
// 需要忽略,要不访问资源服务器的时候会出现403
web.ignoring().antMatchers("/oauth/check_token");
}
}
资源服务器
ResourceConfig.java
/**
* @ClassName ResourceServerConfigurer
* @Description
* @Author yilongwu
* @DATE 2020-04-07 14:29
* @Version 1.0.0
**/
@EnableResourceServer
@EnableGlobalMethodSecurity(prePostEnabled = true)
@Configuration
public class ResourceConfig extends ResourceServerConfigurerAdapter {
@Override
public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
// 不能在yml中配置资源id
resources.resourceId("wyl");
}
@Override
public void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/").permitAll()
.antMatchers("/view").hasAuthority("p1");
}
}
application.yml
server:
port: 8081
security:
oauth2:
client:
client-id: client
client-secret: 123456
scope: app
resource:
token-info-uri: http://localhost:8080/oauth/check_token
项目github地址
springboot-spring-secuity-auth2-inMemory
基于jdbc的使用
认证服务器
SecurityConfig.class
/**
* @ClassName SecurityConfig
* @Description
* @Author yilongwu
* @DATE 2020-04-07 10:57
* @Version 1.0.0
**/
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Bean
@Override
public UserDetailsService userDetailsServiceBean() throws Exception {
UserDetails details = User.withUsername("admin").password("$2a$10$p1eNmA1Ypwi1CygeA3l8I.qG.sWuPgpAnTRkWBaiNmVcA0EFNZqGK").authorities("p1").build();
return new InMemoryUserDetailsManager(details);
}
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
@Override
public void configure(WebSecurity web) throws Exception {
// 需要忽略,要不访问资源服务器的时候会出现403
web.ignoring().antMatchers("/oauth/check_token");
}
}
ServerConfig.class
/**
* @ClassName ServerConfig
* @Description
* @Author yilongwu
* @DATE 2020-04-07 10:09
* @Version 1.0.0
**/
@EnableAuthorizationServer
@Configuration
public class ServerConfig extends AuthorizationServerConfigurerAdapter {
@Autowired
private PasswordEncoder passwordEncoder;
@Autowired
private DataSource dataSource;
@Autowired
private UserDetailsService userDetailsServiceBean;
@Bean
public TokenStore tokenStore() {
return new JdbcTokenStore(dataSource);
}
@Bean
public AuthorizationCodeServices authorizationCodeServices() {
return new JdbcAuthorizationCodeServices(dataSource);
}
@Bean
public ApprovalStore approvalStore() {
return new JdbcApprovalStore(dataSource);
}
// @Bean
// public ClientDetailsService clientDetailsService() {
// return new JdbcClientDetailsService(dataSource);
// }
@Override
public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
// 需要允许和客户端认证,要不访问/oauth/token时会出现401
// security.allowFormAuthenticationForClients();
security
.checkTokenAccess("isAuthenticated()")
.allowFormAuthenticationForClients();
}
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
//
clients.inMemory()
.withClient("client")
.secret(passwordEncoder.encode("123456"))
.authorizedGrantTypes("authorization_code","refresh_token")
.scopes("app")
.redirectUris("http://wuyilong.cc")
.resourceIds("wyl");
// 保存oauth_client_details
// clients.withClientDetails(clientDetailsService());
}
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
endpoints// 保存oauth_access_token,oauth_refresh_token
.tokenStore(tokenStore()).userDetailsService(userDetailsServiceBean)
// 保存auth_code
.authorizationCodeServices(authorizationCodeServices())
// 保存oauth_approvals
.approvalStore(approvalStore());
}
}
application.yml
server:
port: 8080
spring:
datasource:
username: root
password: mysqlpwd
url: jdbc:mysql://localhost:3306/oauth2?serverTimezone=UTC&useUnicode=true&characterEncoding=utf-8&useSSL=false
driver-class-name: com.mysql.cj.jdbc.Driver
资源服务器
同上面的内存一样不变
项目地址
springboot-spring-security-auth2-jdbc
- 上面使用的是官网的数据库 sql.db