SpringCloud整合OAuth2认证服务器搭建笔记_springcloud 认证

<dependency>
    <groupId>org.springframework.cloud</groupId>
    <artifactId>spring-cloud-starter-oauth2</artifactId>
</dependency>
1
2
3
4

2.1 配置客户端应用的详情信息（获取令牌、验令牌时使用）
2.2 配置authenticationManager，让认证服务器能识别登录的用户
2.3 配置验令牌需要的条件配置
1
2
3

@Configuration
@EnableAuthorizationServer
public class OAuth2AuthServerConfig extends AuthorizationServerConfigurerAdapter {
    @Autowired
    private AuthenticationManager authenticationManager ;
    @Bean
    public PasswordEncoder passwordEncoder(){
        return new BCryptPasswordEncoder() ;
    }
    //1.  配置客户端应用的详情信息（获取令牌、验令牌时使用）
    @Override
    public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
        clients.inMemory()
                .withClient("orderApp")
                .secret(passwordEncoder().encode("123456"))
                .scopes("read","write")
                .accessTokenValiditySeconds(3600)
                .resourceIds("order-server")
                .authorizedGrantTypes("password")
                .and()
                .withClient("orderService")
                .secret(passwordEncoder().encode("123456"))
                .scopes("read")
                .accessTokenValiditySeconds(3600)
                .resourceIds("order-server")
                .authorizedGrantTypes("password")
        ;
    }
    //2. 配置authenticationManager，让认证服务器能识别登录的用户
    @Override
    public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
        // WebSecurityConfigurerAdapter 中配置AuthenticationManager
        // 1. 配置AuthenticationManagerBuilder
        // 2. 将AuthenticationManager暴露成spring容器中的bean
        endpoints.authenticationManager(authenticationManager) ;
    }
    //3. 配置验令牌需要的条件配置
    @Override
    public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
        // 验令牌的请求一定要经过身份认证
        security.checkTokenAccess("isAuthenticated()") ;
    }
}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43

@Configuration
@EnableWebSecurity
public class OAuth2WebSecurityConfig extends WebSecurityConfigurerAdapter {
    @Autowired
    @Qualifier("userDetailServiceImpl")
    private UserDetailsService userDetailsService ;
    @Autowired
    private PasswordEncoder passwordEncoder ;
    // WebSecurityConfigurerAdapter 中配置AuthenticationManager
    // >> 1. 配置AuthenticationManagerBuilder
    // 2. 将AuthenticationManager暴露成spring容器中的bean
    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(userDetailsService)
                .passwordEncoder(passwordEncoder) ;
    }
    // WebSecurityConfigurerAdapter 中配置AuthenticationManager
    // 1. 配置AuthenticationManagerBuilder
    // >> 2. 将AuthenticationManager暴露成spring容器中的bean
    @Bean
    @Override
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }
}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25

@Service("userDetailServiceImpl")
public class UserDetailServiceImpl implements UserDetailsService {
    @Autowired
    private PasswordEncoder passwordEncoder ;
    @Override
    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
        // 模拟根据用户名，从数据库查询用户信息
        String password = passwordEncoder.encode("123456");
        return User.withUsername(username).password(password).authorities("ROLE_ADMIN").build();
    }
}
1
2
3
4
5
6
7
8
9
10
11

6.1 获取token是否正常: http://localhost:7777/oauth/token
    header参数 -> Authorization : Basic clientId clientSecret
    form参数 -> username: admin, password:secret, grand_type:password, scope: read write
6.2 检验token是否正常：http://localhost:7777/oauth/check_token
    header参数 -> Authorization: Basic clientId clientSecret
    form参数 -> token: token (无需添加bearer前缀)
1
2
3
4
5
6