devbox
小小林熬夜学编程
这个屌丝很懒,什么也没留下!
关注作者
热门标签
热门文章
当前位置:   article > 正文

oauth2密码授权模式_/oauth2/token

作者:小小林熬夜学编程 | 2024-02-15 11:28:40

/oauth2/token

Oauth2提供的默认端点

  • /oauth/authorize:授权端点
  • /oauth/token:令牌端点
  • /oauth/confirm_access:用户确认授权提交端点
  • /oauth/error:授权服务错误信息端点
  • /oauth/check_token:用于资源服务访问的令牌解析端点
  • /oauth/token_key:提供公有密匙的端点,如果使用JWT令牌的话

===============================================================================================

注:grant_type、scope、client_id需要和AuthorizationServerConfig中配置的一样

1.模式获取access_token

http://localhost:8080/oauth/token?username=user&password=123456&grant_type=password&scope=select&client_id=client_2&client_secret=123456

2.刷新access_token

http://localhost:8080/oauth/token?grant_type=refresh_token&refresh_token=8495d597-0560-4598-95ef-143c0855363c&client_id=client_2&client_secret=123456

3.访问受保护的资源

http://localhost:8080/order/1?access_token=b3d2c131-1225-45b4-9ff5-51ec17511cee

===============================================================================================

security oauth2 整合的3个核心配置类

  • 1.资源服务配置 ResourceServerConfiguration  (配置需要认证的接口)
  • 2.授权认证服务配置 AuthorizationServerConfiguration (配置认证方式和token的存储)
  • 3.security 配置 WebSecurityConfig (配置oauth2的过滤请求,如/oauth)

===============================================================================================

pom.xml

  1.  <dependencies>
  2.         <dependency>
  3.             <groupId>org.springframework.boot</groupId>
  4.             <artifactId>spring-boot-starter-security</artifactId>
  5.         </dependency>
  6.  
  7.         <dependency>
  8.             <groupId>org.springframework.security.oauth</groupId>
  9.             <artifactId>spring-security-oauth2</artifactId>
  10.             <version>2.3.6.RELEASE</version>
  11.         </dependency>
  12.  
  13.         <dependency>
  14.             <groupId>org.springframework.boot</groupId>
  15.             <artifactId>spring-boot-starter-web</artifactId>
  16.         </dependency>
  17.  
  18.         <dependency>
  19.             <groupId>org.springframework.boot</groupId>
  20.             <artifactId>spring-boot-starter-data-redis</artifactId>
  21.         </dependency>
  22.  
  23.         <dependency>
  24.             <groupId>org.springframework.boot</groupId>
  25.             <artifactId>spring-boot-starter-thymeleaf</artifactId>
  26.         </dependency>
  27.  
  28.         <dependency>
  29.             <groupId>org.springframework.boot</groupId>
  30.             <artifactId>spring-boot-starter-test</artifactId>
  31.             <scope>test</scope>
  32.         </dependency>
  33.  
  34.         <dependency>
  35.             <groupId>mysql</groupId>
  36.             <artifactId>mysql-connector-java</artifactId>
  37.             <version>8.0.17</version>
  38.         </dependency>
  39.  
  40.         <dependency>
  41.             <groupId>com.baomidou</groupId>
  42.             <artifactId>mybatis-plus-boot-starter</artifactId>
  43.             <version>3.1.2</version>
  44.         </dependency>
  45.  
  46.         <dependency>
  47.             <groupId>org.projectlombok</groupId>
  48.             <artifactId>lombok</artifactId>
  49.             <optional>true</optional>
  50.         </dependency>
  51.  
  52.         <dependency>
  53.             <groupId>cn.hutool</groupId>
  54.             <artifactId>hutool-all</artifactId>
  55.             <version>4.6.1</version>
  56.             <scope>test</scope>
  57.         </dependency>
  58. </dependencies>

===============================================================================================

认证授权配置AuthorizationServerConfigurerAdapter.java

  1. package com.kejin.oauth2test.config;
  2.  
  3. import org.springframework.beans.factory.annotation.Autowired;
  4. import org.springframework.context.annotation.Configuration;
  5. import org.springframework.data.redis.connection.RedisConnectionFactory;
  6. import org.springframework.http.HttpMethod;
  7. import org.springframework.security.authentication.AuthenticationManager;
  8. import org.springframework.security.core.userdetails.UserDetailsService;
  9. import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
  10. import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
  11. import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
  12. import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
  13. import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
  14. import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;
  15. import org.springframework.security.oauth2.provider.token.store.redis.RedisTokenStore;
  16.  
  17. @Configuration
  18. @EnableAuthorizationServer
  19. public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {
  20.  
  21.     private static final String RESOURCE_IDS = "order";
  22.  
  23.     @Autowired
  24.     AuthenticationManager authenticationManager;
  25.  
  26.     @Autowired
  27.     RedisConnectionFactory redisConnectionFactory;
  28.  
  29.     @Autowired
  30.     private UserDetailsService userDetailsService;
  31.  
  32.     @Override
  33.     public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
  34.  
  35.         String finalSecret = "{bcrypt}" + new BCryptPasswordEncoder().encode("123456");
  36.         //配置两个客户端,一个用于password认证一个用于client认证
  37.         clients.inMemory()
  38.  
  39.                 //client模式
  40.                 .withClient("client_1")
  41.                 .authorizedGrantTypes("client_credentials", "refresh_token")
  42.                 .scopes("select")
  43.                 .authorities("oauth2")
  44.                 .secret(finalSecret)
  45.  
  46.                 .and()
  47.  
  48.                 //密码模式
  49.                 .withClient("client_2")
  50.                 .authorizedGrantTypes("password", "refresh_token")
  51.                 .scopes("select")
  52.                 .authorities("oauth2")
  53.                 .secret(finalSecret);
  54.     }
  55.  
  56.     /**
  57.      * 认证服务端点配置
  58.      */
  59.     @Override
  60.     public void configure(AuthorizationServerEndpointsConfigurer endpoints) {
  61.         endpoints
  62.                 //用户管理
  63.                 .userDetailsService(userDetailsService)
  64.                 //token存到redis
  65.                 .tokenStore(new RedisTokenStore(redisConnectionFactory))
  66.                 //启用oauth2管理
  67.                 .authenticationManager(authenticationManager)
  68.                 //接收GET和POST
  69.                 .allowedTokenEndpointRequestMethods(HttpMethod.GET, HttpMethod.POST);
  70.     }
  71.  
  72.     @Override
  73.     public void configure(AuthorizationServerSecurityConfigurer oauthServer) {
  74.         oauthServer.allowFormAuthenticationForClients();
  75.     }
  76.  
  77. }

===============================================================================================

security 配置 WebSecurityConfig

  1. package com.kejin.oauth2test.config;
  2.  
  3. import org.springframework.context.annotation.Bean;
  4. import org.springframework.context.annotation.Configuration;
  5. import org.springframework.security.authentication.AuthenticationManager;
  6. import org.springframework.security.config.annotation.web.builders.HttpSecurity;
  7. import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
  8. import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
  9. import org.springframework.security.crypto.factory.PasswordEncoderFactories;
  10. import org.springframework.security.crypto.password.PasswordEncoder;
  11.  
  12. @Configuration
  13. @EnableWebSecurity
  14. public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
  15.  
  16.     @Bean
  17.     PasswordEncoder passwordEncoder() {
  18.         return PasswordEncoderFactories.createDelegatingPasswordEncoder();
  19.     }
  20.  
  21.     /**
  22.      * 注入AuthenticationManager接口,启用OAuth2密码模式
  23.      *
  24.      * @return
  25.      * @throws Exception
  26.      */
  27.     @Bean
  28.     @Override
  29.     public AuthenticationManager authenticationManagerBean() throws Exception {
  30.         AuthenticationManager manager = super.authenticationManagerBean();
  31.         return manager;
  32.     }
  33.  
  34.     /**
  35.      * 通过HttpSecurity实现Security的自定义过滤配置
  36.      *
  37.      * @param httpSecurity
  38.      * @throws Exception
  39.      */
  40.     @Override
  41.     protected void configure(HttpSecurity httpSecurity) throws Exception {
  42.         httpSecurity
  43.                 .requestMatchers().anyRequest()
  44.                 .and()
  45.                 .authorizeRequests()
  46.                 .antMatchers("/oauth/**").permitAll();
  47.     }
  48. }

 ===============================================================================================

AuthUser

  1. package com.kejin.oauth2test.entity;
  2.  
  3. import lombok.Data;a
  4. import org.springframework.security.core.GrantedAuthority;
  5. import org.springframework.security.core.userdetails.User;
  6.  
  7. import java.util.Collection;
  8.  
  9. @Data
  10. public class AuthUser extends User {
  11.  
  12.     private Integer id;
  13.  
  14.     public AuthUser(Integer id,
  15.                     String username,
  16.                     String password,
  17.                     boolean enabled,
  18.                     boolean accountNonExpired,
  19.                     boolean credentialsNonExpired,
  20.                     boolean accountNonLocked, Collection<? extends GrantedAuthority> authorities) {
  21.         super(username, password, enabled, accountNonExpired, credentialsNonExpired, accountNonLocked, authorities);
  22.         this.id = id;
  23.     }
  24. }

 =============================================================================================== 

获取用户信息UserDetailsServiceImplement

  1. package com.kejin.oauth2test.service.impl;
  2.  
  3. import com.kejin.oauth2test.entity.AuthUser;
  4. import com.kejin.oauth2test.entity.User;
  5. import org.springframework.beans.factory.annotation.Autowired;
  6. import org.springframework.security.core.GrantedAuthority;
  7. import org.springframework.security.core.userdetails.UserDetails;
  8. import org.springframework.security.core.userdetails.UserDetailsService;
  9. import org.springframework.security.core.userdetails.UsernameNotFoundException;
  10. import org.springframework.stereotype.Service;
  11.  
  12. import java.util.Collection;
  13.  
  14. @Service
  15. public class UserDetailsServiceImpl implements UserDetailsService {
  16.  
  17.     @Autowired
  18.     private UserServiceImpl userService;
  19.  
  20.     /**
  21.      * 实现UserDetailsService中的loadUserByUsername方法,用于加载用户数据
  22.      */
  23.     @Override
  24.     public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
  25.         User user = userService.queryUserByUsername(username);
  26.         if (user == null) {
  27.             throw new UsernameNotFoundException("用户不存在");
  28.         }
  29.  
  30.         //用户权限列表
  31.         Collection<? extends GrantedAuthority> authorities = userService.queryUserAuthorities(user.getId());
  32.  
  33.         return new AuthUser(
  34.                 user.getId(),
  35.                 user.getUsername(),
  36.                 user.getPassword(),
  37.                 true,
  38.                 true,
  39.                 true,
  40.                 true,
  41.                 authorities);
  42.     }
  43. }

 ===============================================================================================

application.yml

  1. server:
  2.   port: 8080
  3.  
  4. spring:
  5.   thymeleaf:
  6.     encoding: UTF-8
  7.     cache: false
  8.  
  9.   datasource:
  10.     driver-class-name: com.mysql.cj.jdbc.Driver
  11.     url: jdbc:mysql://localhost:3306/test?useSSL=false&serverTimezone=UTC
  12.     username: root
  13.     password: root12
  14.  
  15.   redis:
  16.     host: 127.0.0.1
  17.     port: 6379
  18.     password:
  19.  
  20. logging.level.org.springframework.security: DEBUG

 

声明:本文内容由网友自发贡献,不代表【wpsshop博客】立场,版权归原作者所有,本站不承担相应法律责任。如您发现有侵权的内容,请联系我们。转载请注明出处:https://www.wpsshop.cn/w/小小林熬夜学编程/article/detail/84153
推荐阅读
相关标签

Copyright © 2003-2013 www.wpsshop.cn 版权所有,并保留所有权利。

  

闽ICP备14008679号