devbox
AllinToyou
这个屌丝很懒,什么也没留下!
关注作者
热门标签
热门文章
当前位置:   article > 正文

Spring Security OAuth2_spring-security-oauth2-autoconfigure

作者:AllinToyou | 2024-02-15 09:57:04

spring-security-oauth2-autoconfigure

依赖

  1.         <dependency>
  2.             <groupId>io.jsonwebtoken</groupId>
  3.             <artifactId>jjwt</artifactId>
  4.             <version>0.9.0</version>
  5.         </dependency>
  6.         <dependency>
  7.             <groupId>org.springframework.security</groupId>
  8.             <artifactId>spring-security-data</artifactId>
  9.         </dependency>
  10.         <dependency>
  11.             <groupId>org.springframework.cloud</groupId>
  12.             <artifactId>spring-cloud-starter-oauth2</artifactId>
  13.             <exclusions>
  14.                 <exclusion>
  15.                     <groupId>org.springframework.security.oauth.boot</groupId>
  16.                     <artifactId>spring-security-oauth2-autoconfigure</artifactId>
  17.                 </exclusion>
  18.             </exclusions>
  19.         </dependency>
  20.         <dependency>
  21.             <groupId>org.springframework.security.oauth.boot</groupId>
  22.             <artifactId>spring-security-oauth2-autoconfigure</artifactId>
  23.             <version>2.1.3.RELEASE</version>
  24.         </dependency>
  25.         <dependency>
  26.             <groupId>org.springframework.cloud</groupId>
  27.             <artifactId>spring-cloud-starter-security</artifactId>
  28.         </dependency>
  29.         <dependency>
  30.             <groupId>org.springframework.boot</groupId>
  31.             <artifactId>spring-boot-starter-actuator</artifactId>
  32.         </dependency>
  33.         <dependency>
  34.             <groupId>com.alibaba</groupId>
  35.             <artifactId>fastjson</artifactId>
  36.             <version>1.2.31</version>
  37.         </dependency>

config包

AuthorizationServerConfig类

  1. package com.zb.oauth.cofig;
  2.  
  3. import org.springframework.beans.factory.annotation.Autowired;
  4. import org.springframework.cloud.bootstrap.encrypt.KeyProperties;
  5. import org.springframework.context.annotation.Bean;
  6. import org.springframework.context.annotation.Configuration;
  7. import org.springframework.security.authentication.AuthenticationManager;
  8. import org.springframework.security.core.userdetails.UserDetailsService;
  9. import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
  10. import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
  11. import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
  12. import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
  13. import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
  14. import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;
  15. import org.springframework.security.oauth2.provider.ClientDetailsService;
  16. import org.springframework.security.oauth2.provider.client.JdbcClientDetailsService;
  17. import org.springframework.security.oauth2.provider.token.DefaultAccessTokenConverter;
  18. import org.springframework.security.oauth2.provider.token.TokenStore;
  19. import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter;
  20. import org.springframework.security.oauth2.provider.token.store.JwtTokenStore;
  21. import org.springframework.security.oauth2.provider.token.store.KeyStoreKeyFactory;
  22.  
  23. import javax.annotation.Resource;
  24. import javax.sql.DataSource;
  25. import java.security.KeyPair;
  26.  
  27.  
  28. @Configuration
  29. @EnableAuthorizationServer
  30. class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {
  31.     //SpringSecurity 用户自定义授权认证类
  32.     @Autowired
  33.     UserDetailsService userDetailsService;
  34.     //授权认证管理器
  35.     @Autowired
  36.     AuthenticationManager authenticationManager;
  37.     //令牌持久化存储接口
  38.     @Autowired
  39.     TokenStore tokenStore;
  40.     //数据源,用于从数据库获取数据进行认证操作,测试可以从内存中获取
  41.     @Autowired
  42.     private DataSource dataSource;
  43.     //jwt令牌转换器
  44.     @Autowired
  45.     private JwtAccessTokenConverter jwtAccessTokenConverter;
  46.     @Autowired
  47.     private CustomUserAuthenticationConverter customUserAuthenticationConverter;
  48.     @Resource(name = "keyProp")
  49.     private KeyProperties keyProperties;
  50.  
  51.     /***
  52.      * 客户端信息配置
  53.      * @param clients
  54.      * @throws Exception
  55.      */
  56.     @Override
  57.     public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
  58.         clients.jdbc(dataSource).clients(this.clientDetails());
  59. //        clients.inMemory()
  60. //                .withClient("changgou")          //客户端id
  61. //                .secret("changgou")                      //秘钥
  62. //                .redirectUris("http://localhost")       //重定向地址
  63. //                .accessTokenValiditySeconds(3600)          //访问令牌有效期
  64. //                .refreshTokenValiditySeconds(3600)         //刷新令牌有效期
  65. //                .authorizedGrantTypes(
  66. //                        "authorization_code",          //根据授权码生成令牌
  67. //                        "client_credentials",          //客户端认证
  68. //                        "refresh_token",                //刷新令牌
  69. //                        "password")                     //密码方式认证
  70. //                .scopes("app");                         //客户端范围,名称自定义,必填
  71.     }
  72.  
  73.     /***
  74.      * 授权服务器端点配置
  75.      * @param endpoints
  76.      * @throws Exception
  77.      */
  78.     @Override
  79.     public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
  80.         endpoints.accessTokenConverter(jwtAccessTokenConverter)
  81.                 .authenticationManager(authenticationManager)//认证管理器
  82.                 .tokenStore(tokenStore)                       //令牌存储
  83.                 .userDetailsService(userDetailsService);     //用户信息service
  84.     }
  85.  
  86.     /***
  87.      * 授权服务器的安全配置
  88.      * @param oauthServer
  89.      * @throws Exception
  90.      */
  91.     @Override
  92.     public void configure(AuthorizationServerSecurityConfigurer oauthServer) throws Exception {
  93.         oauthServer.allowFormAuthenticationForClients()
  94.                 .passwordEncoder(new BCryptPasswordEncoder())
  95.                 .tokenKeyAccess("permitAll()")
  96.                 .checkTokenAccess("isAuthenticated()");
  97.     }
  98.  
  99.     //读取密钥的配置
  100.     @Bean("keyProp")
  101.     public KeyProperties keyProperties() {
  102.         return new KeyProperties();
  103.     }
  104.  
  105.     //客户端配置
  106.     @Bean
  107.     public ClientDetailsService clientDetails() {
  108.         return new JdbcClientDetailsService(dataSource);
  109.     }
  110.  
  111.     @Bean
  112.     @Autowired
  113.     public TokenStore tokenStore(JwtAccessTokenConverter jwtAccessTokenConverter) {
  114.         return new JwtTokenStore(jwtAccessTokenConverter);
  115.     }
  116.  
  117.     /****
  118.      * JWT令牌转换器
  119.      * @param customUserAuthenticationConverter
  120.      * @return
  121.      */
  122.     @Bean
  123.     public JwtAccessTokenConverter jwtAccessTokenConverter(CustomUserAuthenticationConverter customUserAuthenticationConverter) {
  124.         JwtAccessTokenConverter converter = new JwtAccessTokenConverter();
  125.         KeyPair keyPair = new KeyStoreKeyFactory(
  126.                 keyProperties.getKeyStore().getLocation(),                          //证书路径 changgou.jks
  127.                 keyProperties.getKeyStore().getSecret().toCharArray())              //证书秘钥 changgouapp
  128.                 .getKeyPair(
  129.                         keyProperties.getKeyStore().getAlias(),                     //证书别名 changgou
  130.                         keyProperties.getKeyStore().getPassword().toCharArray());   //证书密码 changgou
  131.         converter.setKeyPair(keyPair);
  132.         //配置自定义的CustomUserAuthenticationConverter
  133.         DefaultAccessTokenConverter accessTokenConverter = (DefaultAccessTokenConverter) converter.getAccessTokenConverter();
  134.         accessTokenConverter.setUserTokenConverter(customUserAuthenticationConverter);
  135.         return converter;
  136.     }
  137. }
  138.

CustomUserAuthenticationConverter类

  1. package com.zb.oauth.cofig;
  2.  
  3. import com.zb.oauth.util.UserJwt;
  4. import org.springframework.beans.factory.annotation.Autowired;
  5. import org.springframework.security.core.Authentication;
  6. import org.springframework.security.core.authority.AuthorityUtils;
  7. import org.springframework.security.core.userdetails.UserDetails;
  8. import org.springframework.security.core.userdetails.UserDetailsService;
  9. import org.springframework.security.oauth2.provider.token.DefaultUserAuthenticationConverter;
  10. import org.springframework.stereotype.Component;
  11.  
  12. import java.util.LinkedHashMap;
  13. import java.util.Map;
  14.  
  15. @Component
  16. public class CustomUserAuthenticationConverter extends DefaultUserAuthenticationConverter {
  17.  
  18.     @Autowired
  19.     UserDetailsService userDetailsService;
  20.  
  21.     @Override
  22.     public Map<String, ?> convertUserAuthentication(Authentication authentication) {
  23.         LinkedHashMap response = new LinkedHashMap();
  24.         String name = authentication.getName();
  25.         response.put("username", name);
  26.  
  27.         Object principal = authentication.getPrincipal();
  28.         UserJwt userJwt = null;
  29.         if (principal instanceof UserJwt) {
  30.             userJwt = (UserJwt) principal;
  31.         } else {
  32.             //refresh_token默认不去调用userdetailService获取用户信息,这里我们手动去调用,得到 UserJwt
  33.             UserDetails userDetails = userDetailsService.loadUserByUsername(name);
  34.             userJwt = (UserJwt) userDetails;
  35.         }
  36.         response.put("name", userJwt.getName());
  37.         response.put("id", userJwt.getId());
  38.         //公司 response.put("compy", "songsi");
  39.         if (authentication.getAuthorities() != null && !authentication.getAuthorities().isEmpty()) {
  40.             response.put("authorities", AuthorityUtils.authorityListToSet(authentication.getAuthorities()));
  41.         }
  42.         return response;
  43.     }
  44.  
  45. }

UserDetailsServiceImpl类

需要用户微服务的接口进行远程调用

  1. package com.zb.oauth.cofig;
  2.  
  3. import com.zb.client.UserModelFeignClient;
  4. import com.zb.oauth.util.UserJwt;
  5. import com.zb.dto.UserModelDto;
  6. import org.springframework.beans.factory.annotation.Autowired;
  7. import org.springframework.security.core.Authentication;
  8. import org.springframework.security.core.authority.AuthorityUtils;
  9. import org.springframework.security.core.context.SecurityContextHolder;
  10. import org.springframework.security.core.userdetails.User;
  11. import org.springframework.security.core.userdetails.UserDetails;
  12. import org.springframework.security.core.userdetails.UserDetailsService;
  13. import org.springframework.security.core.userdetails.UsernameNotFoundException;
  14. import org.springframework.security.oauth2.provider.ClientDetails;
  15. import org.springframework.security.oauth2.provider.ClientDetailsService;
  16. import org.springframework.stereotype.Service;
  17. import org.springframework.util.ObjectUtils;
  18. import org.springframework.util.StringUtils;
  19.  
  20. /*****
  21.  * 自定义授权认证类
  22.  */
  23. @Service
  24. public class UserDetailsServiceImpl implements UserDetailsService {
  25.  
  26.     @Autowired
  27.     ClientDetailsService clientDetailsService;
  28.  
  29.     @Autowired
  30.     private UserModelFeignClient userModelFeignClient;
  31.  
  32.     /****
  33.      * 自定义授权认证
  34.      * @param username
  35.      * @return
  36.      * @throws UsernameNotFoundException
  37.      */
  38.     @Override
  39.     public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
  40.         //取出身份,如果身份为空说明没有认证
  41.         Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
  42.         //没有认证统一采用httpbasic认证,httpbasic中存储了client_id和client_secret,开始认证client_id和client_secret
  43.         if (authentication == null) {
  44.             ClientDetails clientDetails = clientDetailsService.loadClientByClientId(username);
  45.             if (clientDetails != null) {
  46.                 //秘钥
  47.                 String clientSecret = clientDetails.getClientSecret();
  48.                 //静态方式
  49. //                return new User(username,new BCryptPasswordEncoder().encode(clientSecret), AuthorityUtils.commaSeparatedStringToAuthorityList(""));
  50.                 //数据库查找方式
  51.                 return new User(username, clientSecret, AuthorityUtils.commaSeparatedStringToAuthorityList(""));
  52.             }
  53.         }
  54.  
  55.         if (StringUtils.isEmpty(username)) {
  56.             return null;
  57.         }
  58.         //feign远程调用用户微服务的登录放法,获取用户dto对象
  59.         UserModelDto info = userModelFeignClient.info(username);
  60.  
  61.         if (ObjectUtils.isEmpty(info)) {
  62.             return null;
  63.         }
  64.  
  65.         //根据用户名查询用户信息
  66.         String pwd = info.getPassword();
  67.         //创建User对象
  68.         //用户权力
  69.         String permissions = "";
  70.  
  71.  
  72.         UserJwt userDetails = new UserJwt(username, pwd, AuthorityUtils.commaSeparatedStringToAuthorityList(permissions));
  73.  
  74.  
  75.         return userDetails;
  76.     }
  77. }

WebSecurityConfig类

configure()方法给登录退出接口放行

  1. package com.zb.oauth.cofig;
  2.  
  3. import org.springframework.context.annotation.Bean;
  4. import org.springframework.context.annotation.Configuration;
  5. import org.springframework.core.annotation.Order;
  6. import org.springframework.security.authentication.AuthenticationManager;
  7. import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
  8. import org.springframework.security.config.annotation.web.builders.HttpSecurity;
  9. import org.springframework.security.config.annotation.web.builders.WebSecurity;
  10. import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
  11. import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
  12. import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
  13. import org.springframework.security.crypto.password.PasswordEncoder;
  14.  
  15. @Configuration
  16. @EnableWebSecurity
  17. @Order(-1)
  18. class WebSecurityConfig extends WebSecurityConfigurerAdapter {
  19.  
  20.     /***
  21.      * 忽略安全拦截的URL
  22.      * @param web
  23.      * @throws Exception
  24.      */
  25.     @Override
  26.     public void configure(WebSecurity web) throws Exception {
  27.         web.ignoring().antMatchers(
  28.                 "/my-auth/login/**",
  29.                 "/user/logout");
  30.     }
  31.  
  32.     /***
  33.      * 创建授权管理认证对象
  34.      * @return
  35.      * @throws Exception
  36.      */
  37.     @Bean
  38.     @Override
  39.     public AuthenticationManager authenticationManagerBean() throws Exception {
  40.         AuthenticationManager manager = super.authenticationManagerBean();
  41.         return manager;
  42.     }
  43.  
  44.     @Override
  45.     protected void configure(AuthenticationManagerBuilder auth) throws Exception {
  46.         super.configure(auth);
  47.     }
  48.  
  49.     /***
  50.      * 采用BCryptPasswordEncoder对密码进行编码
  51.      * @return
  52.      */
  53.     @Bean
  54.     public PasswordEncoder passwordEncoder() {
  55.         return new BCryptPasswordEncoder();
  56.     }
  57.  
  58.     /****
  59.      *
  60.      * @param http
  61.      * @throws Exception
  62.      */
  63.     @Override
  64.     public void configure(HttpSecurity http) throws Exception {
  65.         http.csrf().disable()
  66.                 .httpBasic()        //启用Http基本身份验证
  67.                 .and()
  68.                 .formLogin()       //启用表单身份验证
  69.                 .and()
  70.                 .authorizeRequests()    //限制基于Request请求访问
  71.                 .anyRequest()
  72.                 .authenticated();       //其他请求都需要经过验证
  73.  
  74.     }
  75. }

util包

AuthToken类

  1. package com.zb.oauth.util;
  2.  
  3. import java.io.Serializable;
  4.  
  5.  
  6. public class AuthToken implements Serializable {
  7.  
  8.     //令牌信息
  9.     String accessToken;
  10.     //刷新token(refresh_token)
  11.     String refreshToken;
  12.     //jwt短令牌
  13.     String jti;
  14.  
  15.     public String getAccessToken() {
  16.         return accessToken;
  17.     }
  18.  
  19.     public void setAccessToken(String accessToken) {
  20.         this.accessToken = accessToken;
  21.     }
  22.  
  23.     public String getRefreshToken() {
  24.         return refreshToken;
  25.     }
  26.  
  27.     public void setRefreshToken(String refreshToken) {
  28.         this.refreshToken = refreshToken;
  29.     }
  30.  
  31.     public String getJti() {
  32.         return jti;
  33.     }
  34.  
  35.     public void setJti(String jti) {
  36.         this.jti = jti;
  37.     }
  38. }

UserJwt类

  1. package com.zb.oauth.util;
  2.  
  3.  
  4. import org.springframework.security.core.GrantedAuthority;
  5. import org.springframework.security.core.userdetails.User;
  6.  
  7. import java.util.Collection;
  8.  
  9.  
  10. public class UserJwt extends User {
  11.     private String id;    //用户ID
  12.     private String name;  //用户名字
  13.  
  14.     private String comny;//设置公司
  15.  
  16.     public UserJwt(String username, String password, Collection<? extends GrantedAuthority> authorities) {
  17.         super(username, password, authorities);
  18.     }
  19.  
  20.     public String getId() {
  21.         return id;
  22.     }
  23.  
  24.     public void setId(String id) {
  25.         this.id = id;
  26.     }
  27.  
  28.     public String getName() {
  29.         return name;
  30.     }
  31.  
  32.     public void setName(String name) {
  33.         this.name = name;
  34.     }
  35. }

service.impl包

AutoServiceImpl类

  1. package com.zb.oauth.service.impl;
  2.  
  3. import com.zb.oauth.service.AuthService;
  4. import com.zb.oauth.util.AuthToken;
  5. import org.springframework.beans.factory.annotation.Autowired;
  6. import org.springframework.cloud.client.ServiceInstance;
  7. import org.springframework.cloud.client.discovery.DiscoveryClient;
  8. import org.springframework.http.HttpEntity;
  9. import org.springframework.http.HttpMethod;
  10. import org.springframework.http.ResponseEntity;
  11. import org.springframework.http.client.HttpComponentsClientHttpRequestFactory;
  12. import org.springframework.stereotype.Service;
  13. import org.springframework.util.Base64Utils;
  14. import org.springframework.util.LinkedMultiValueMap;
  15. import org.springframework.web.client.RestTemplate;
  16.  
  17. import java.sql.ClientInfoStatus;
  18. import java.util.List;
  19. import java.util.Map;
  20.  
  21. @Service
  22. public class AutoServiceImpl implements AuthService {
  23.     @Autowired
  24.     private RestTemplate restTemplate;
  25.  
  26.     @Autowired
  27.     private DiscoveryClient discoveryClient;
  28.  
  29.     @Override
  30.     public AuthToken login(String username, String passwd, String clientId, String clientSecret) {
  31.         //根据微服务name获取接口类型list集合
  32.         List<ServiceInstance> instances = discoveryClient.getInstances("user-auth");
  33.         //取第一个接口获取ip和端口号生成url地址
  34.         ServiceInstance serviceInstance = instances.get(0);
  35.         String url = "http://" + serviceInstance.getHost() + ":" + serviceInstance.getPort() + "/oauth/token";
  36.         System.out.println(url);
  37.         //创建一个LinkedMultiValueMap的body
  38.         LinkedMultiValueMap<String, String> body = new LinkedMultiValueMap<String, String>();
  39.         //给body添加需要的参数
  40.         body.add("grant_type", "password");
  41.         body.add("username", username);
  42.         body.add("password", passwd);
  43.         //创建一个LinkedMultiValueMap的header
  44.         LinkedMultiValueMap<String, String> header = new LinkedMultiValueMap<String, String>();
  45.         //给请求头添加参数
  46.         //调用本类的myEncoder方法编译
  47.         header.add("Authorization", myEncoder(clientId, clientSecret));
  48.         try {
  49.             //用restTemplate.exchange()发起请求,
  50.             //方法参数:地址,请求方式,HttpEntity<>(请求体,请求头),返回数据的类型
  51.             //创建一个ResponseEntity<返回数据的类型>的response对象接收POST请求返回的数据
  52.             ResponseEntity<Map> response = restTemplate.exchange(url, HttpMethod.POST, new HttpEntity<>(body, header), Map.class);
  53.             //调用getBody()获取response对象中返回的map
  54.             Map map = response.getBody();
  55.             System.out.println(map);
  56.             //创建AuthToken对象并初始化
  57.             AuthToken authToken = new AuthToken();
  58.             authToken.setAccessToken(map.get("access_token").toString());
  59.             authToken.setJti(map.get("jti").toString());
  60.             authToken.setRefreshToken(map.get("refresh_token").toString());
  61.             return authToken;
  62.         } catch (Exception e) {
  63.             e.printStackTrace();
  64.         }
  65.         return null;
  66.     }
  67.     //clientId,clientId在application.yml配置文件中赋值
  68.     //在controller层使用@Value("${auth.clientId}"),@Value("${auth.clientSecret}")获取
  69.     private String myEncoder(String clientId, String clientSecret) {
  70.         String str = clientId + ":" + clientSecret;
  71.         byte[] encode = Base64Utils.encode(str.getBytes());
  72.         return "Basic " + new String(encode);
  73.     }
  74. }

controller层

  1. package com.zb.oauth.controller;
  2.  
  3. import com.zb.oauth.service.AuthService;
  4. import com.zb.oauth.util.AuthToken;
  5. import org.springframework.beans.factory.annotation.Autowired;
  6. import org.springframework.beans.factory.annotation.Value;
  7. import org.springframework.web.bind.annotation.PostMapping;
  8. import org.springframework.web.bind.annotation.RequestMapping;
  9. import org.springframework.web.bind.annotation.RequestParam;
  10. import org.springframework.web.bind.annotation.RestController;
  11.  
  12. @RestController
  13. @RequestMapping("my-auth")
  14. public class AuthController {
  15.     @Value("${auth.clientId}")
  16.     private String clientId;
  17.     @Value("${auth.clientSecret}")
  18.     private String clientSecret;
  19.     @Autowired
  20.     private AuthService authService;
  21.  
  22.     @PostMapping("login")
  23.     public AuthToken login(@RequestParam("username") String username, @RequestParam("passwd") String passwd) {
  24.         return authService.login(username, passwd, clientId, clientSecret);
  25.     }
  26. }

声明:本文内容由网友自发贡献,不代表【wpsshop博客】立场,版权归原作者所有,本站不承担相应法律责任。如您发现有侵权的内容,请联系我们。转载请注明出处:https://www.wpsshop.cn/w/AllinToyou/article/detail/83416
推荐阅读
相关标签

Copyright © 2003-2013 www.wpsshop.cn 版权所有,并保留所有权利。

  

闽ICP备14008679号