热门标签
热门文章
- 1基于Kylin Server V10制作Kylin 4.0.2 server sp2虚拟机镜像_guest disabled display
- 2vue UI 框架
- 3[C#]opencvsharp进行图像拼接普通拼接stitch算法拼接_c# opencvsharp 拼接图片
- 496核的AMD锐龙Threadripper PRO 7995WX性能如何?
- 5国产航顺HK32F030M: 超声波测距模块串口通信数据接收与处理
- 6【C语言】利用指针实现a,b数值交换(swap),指针程序易错改正(程序注释详细)_c语言指针交换变量a和b的值
- 7Splatting-抛雪球法_体素能否做splatting
- 8bios sgx需要开启吗_惠普HP笔记本预装win8改装成win7系统BIOS设置与安装方法
- 9【北邮鲁鹏老师计算机视觉课程笔记】05 Hough 霍夫变换
- 10Arduino IDE的编译执行过程解读_void initarduino()
当前位置: article > 正文
spring security oauth2 常用授权方式配置详细教程(一)_tokenkeyaccess
作者:笔触狂放9 | 2024-02-15 11:53:22
赞
踩
tokenkeyaccess
1 spring security oauth2 简单配置说明(一)
配套源码:https://download.csdn.net/download/tiancxz/12902941
1.1 工程说明:
授权服务端口10101
资源服务端口10201
- <modules>
- <!-- 项目依赖-->
- <module>spring-security-oauth2-dependencies</module>
- <!-- 认证服务器-->
- <module>spring-security-oauth2-server</module>
- <!--资源服务器-->
- <module>spring-security-oauth2-resource</module>
- </modules>
2 spring-security-oauth2-server认证服务器配置
2.1 项目结构
OAuth2简单集成使用只需要继承配置两个适配器就行。
AuthorizationServerConfigurerAdapter授权服务配置适配器
WebSecurityConfigurerAdapter网站安全配置适配器
2.2 pom.xml引入
- <dependency>
- <groupId>org.springframework.cloud</groupId>
- <artifactId>spring-cloud-starter-oauth2</artifactId>
- </dependency>
2.3 AuthorizationServerConfiguration授权服务配置适配器
- @Configuration
- //标注为授权服务
- @EnableAuthorizationServer
- public class AuthorizationServerConfiguration extends AuthorizationServerConfigurerAdapter {
-
- //使用内存存储令牌(普通令牌)
- @Bean
- public TokenStore tokenStore() {
- return new InMemoryTokenStore();
- }
-
- //设置授权码模式的授权码如何存取,暂时采用内存方式
- @Bean
- public AuthorizationCodeServices authorizationCodeServices() {
- return new InMemoryAuthorizationCodeServices();
- }
-
- //配置服务端点信息
- @Override
- public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
- endpoints
- .authorizationCodeServices(authorizationCodeServices())//授权码服务
- .tokenStore(tokenStore())//令牌管理服务
- .allowedTokenEndpointRequestMethods(HttpMethod.POST);
- }
-
-
- //客户端详情服务
- @Override
- public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
- clients.inMemory()// 使用in-memory存储
- .withClient("client")// client_id
- .secret(new BCryptPasswordEncoder().encode("secret"))//客户端密钥
- .authorizedGrantTypes("authorization_code", "password","client_credentials","implicit","refresh_token")// 该client允许的授权类型authorization_code,password,refresh_token,implicit,client_credentials
- .scopes("all")// 允许的授权范围
- .autoApprove(true)//false跳转到授权页面
- //加上验证回调地址
- .redirectUris("http://www.baidu.com")
- ;
- }
-
- //设置认证令牌放行
- @Override
- public void configure(AuthorizationServerSecurityConfigurer security){
- security
- .tokenKeyAccess("permitAll()") //oauth/token_key是公开
- .checkTokenAccess("permitAll()") //oauth/check_token公开
- .allowFormAuthenticationForClients() //表单认证(申请令牌)
- ;
- }
-
- }
2.4 WebSecurityConfiguration Security网站安配置全适配器
- @Configuration
- @EnableWebSecurity
- @EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true, jsr250Enabled = true)
- public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {
-
- //密码编码器
- @Bean
- public PasswordEncoder passwordEncoder() {
- return new BCryptPasswordEncoder();
- }
-
- //认证服务器 配置用户认证
- @Override
- protected void configure(AuthenticationManagerBuilder auth) throws Exception {
- auth.inMemoryAuthentication()
- //注意roles authorities 在后面的才会生效。
- //.roles("r1","r2").authorities("r3","r4") roles无效 authorities有效
- //两种选一种
- //一般我们简单系统只需根据authorities权限配置就行
- .withUser("admin").password(passwordEncoder().encode("123456")).roles("r1","r2").authorities("r3","r4")
- .and()
- .withUser("user").password(passwordEncoder().encode("123456")).authorities("r3","r4").roles("r1","r2")
- ;
- }
-
- //安全拦截机制(最重要)
- @Override
- protected void configure(HttpSecurity http) throws Exception {
- http.csrf().disable()
- .authorizeRequests()
- .antMatchers("/login*").permitAll()
- .anyRequest().authenticated()
- .and()
- .formLogin()
- .and()
- .csrf().disable() //打开的csrf保护
- // .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)//禁用session 默认授权页面将失效
- ;
- ;
- }
-
- }
3 spring-security-oauth2-resource 资源服务器配置
3.1 pom.xml引入
- <!-- Spring Security -->
- <dependency>
- <groupId>org.springframework.cloud</groupId>
- <artifactId>spring-cloud-starter-oauth2</artifactId>
- </dependency>
3.2 ResourceServerConfiguration 资源服务适配器配置
- @Configuration
- @EnableResourceServer
- //方法拦截器
- @EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true, jsr250Enabled = true)
- public class ResourceServerConfiguration extends ResourceServerConfigurerAdapter {
- @Override
- public void configure(HttpSecurity http) throws Exception {
- http.authorizeRequests()
- // 此处r1 r2 使用角色 r3 r4 使用权限
- // 验证WebSecurityConfiguration roles authorities 在后面的才会生效。
- // roles("r1","r2").authorities("r3","r4") roles无效 authorities有效
- .antMatchers("/r1").hasAnyRole("r1")
- .antMatchers("/r2").hasAnyRole("r2")
- .antMatchers("/r3").hasAnyAuthority("r3")
- .antMatchers("/r4").hasAnyAuthority("r4")
- .antMatchers("/**").permitAll()
- ;
- }
-
- //资源服务令牌解析服务 配置远程ResourceServerTokenServices后,可不用设置yml远程security.oauth2配置
- @Bean
- public ResourceServerTokenServices tokenService() {
- //使用远程服务请求授权服务器校验token,必须指定校验token 的url、client_id,client_secret
- RemoteTokenServices service=new RemoteTokenServices();
- service.setCheckTokenEndpointUrl("http://localhost:10101/oauth/check_token");
- service.setClientId("client");
- service.setClientSecret("secret");
- return service;
- }
- }
3.3 application.yml配置认证服务器地址、id、密钥
- security:
- oauth2:
- client:
- client-id: client
- client-secret: secret
- access-token-uri: http://localhost:10101/oauth/token
- user-authorization-uri: http://localhost:10101/oauth/authorize
- resource:
- token-info-uri: http://localhost:10101/oauth/check_token
4 authorization_code授权码模式
4.1 启动测试
4.2 访问获取授权码
打开浏览器,输入地址:
http://localhost:10101/oauth/authorize?client_id=client&response_type=code第一次访问会跳转到登录页面,输入用户名密码admin 123456,获取授权码
4.3 通过授权码向服务器申请令牌
http://client:secret@localhost:10101/oauth/token也可以将client:secret@放置在请求参数里面
4.4 测试令牌
通过POSTMAN测试发现admin可以访问r3,r4。不能访问r1,r2
4.5 校验令牌
http://localhost:10101/oauth/check_token
5 password密码授权模式
对于我们内部网站或客户端,授权码模式过于复杂。可用密码模式做为自由传统网站。
在未对现有代码改动时,我们直接用PostMan调用会报错。
我们需要对现有代码进行改造。
5.1 WebSecurityConfiguration改造
- //将认证管理器实例 注入到Spring
- @Bean
- public AuthenticationManager authenticationManagerBean() throws Exception {
- return super.authenticationManagerBean();
- }
5.2 AuthorizationServerConfiguration改造
- //从spring获取认证管理器实例 支持密码授权模式
- @Autowired
- public AuthenticationManager authenticationManager;
-
- //配置服务端点信息 通过authenticationManager绑定指定认证管理器实例
- @Override
- public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
- endpoints
- .authenticationManager(authenticationManager)//认证管理器 支持密码授权模式
- .authorizationCodeServices(authorizationCodeServices())//授权码服务
- .tokenStore(tokenStore())//令牌管理服务
- .allowedTokenEndpointRequestMethods(HttpMethod.POST);
- }
5.3 测试密码授权模式
6 client_credentials客户端授权模式
不需要改动代码,直接上PostMan测试。合适微服务服务后台相互调用。
项目中单独使用安全度不高。需要配合网关gateway进行authorization_code、password授权模式对外部请求资源拦截。
7 implicit授权模式
已过时。只合适某些静态资源。无需额外配置。
http://localhost:10101/oauth/authorize?client_id=client&response_type=token登陆后返回的地址直接加上了token
https://www.baidu.com/#access_token=29cb038d-2b05-4288-9d5d-ab4486a4ed2b&token_type=bearer&expires_in=3599&scope=all
8 刷新令牌
8.1 AuthorizationServerConfiguration修改支持令牌刷新
- //令牌管理服务
- public AuthorizationServerTokenServices tokenService() {
- //刷新refresh_token模式支持
- DefaultTokenServices tokenServices = new DefaultTokenServices();
- //配置令牌
- tokenServices.setTokenStore(tokenStore());
- // access token有效期2个小时
- tokenServices.setAccessTokenValiditySeconds(60*60*1);
- // refresh token有效期30天
- tokenServices.setRefreshTokenValiditySeconds(60*60*24*30);
- // 支持使用refresh token刷新access token
- tokenServices.setSupportRefreshToken(true);
- // 允许重复使用refresh token
- tokenServices.setReuseRefreshToken(false);
- return tokenServices;
- }
-
-
- //配置服务端点信息
- @Override
- public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
- endpoints
- .authorizationCodeServices(authorizationCodeServices())//授权码服务
- .authenticationManager(authenticationManager)//认证管理器 支持密码授权模式
- // .tokenStore(tokenStore())//令牌 配置令牌管理服务后可以注释
- .tokenServices(tokenService())//令牌管理服务
- .allowedTokenEndpointRequestMethods(HttpMethod.POST)
- ;
- }
8.2 测试刷新令牌
9 自定义获取数据库用户权限实现
9.1 UserDetailsService实现
根据用户名获取用户的权限
- @Service
- public class UserDetailsServiceImpl implements UserDetailsService {
-
- @Autowired
- private TbUserService tbUserService;
-
- @Autowired
- private TbPermissionService tbPermissionService;
-
- @Override
- public UserDetails loadUserByUsername(String userName) throws UsernameNotFoundException {
-
- TbUser tbUser = tbUserService.getByUserName(userName);
- //框架存放权限的地方
- List<GrantedAuthority> grantedAuthorities = Lists.newArrayList();
- if (tbUser != null){
- List<TbPermission> tbPermissions = tbPermissionService.selectByUserId(tbUser.getId());
- tbPermissions.forEach(tbPermission -> {
- GrantedAuthority grantedAuthority = new SimpleGrantedAuthority(tbPermission.getEnname());
- grantedAuthorities.add(grantedAuthority);
- });
- }
- //认证是交给框架完成的 这边直接返回框架User
- return new User(tbUser.getUsername(),tbUser.getPassword(),grantedAuthorities);
- }
- }
相关数据库表数据
9.2 WebSecurityConfiguration修改
WebSecurityConfiguration加载自定义UserDetailsService
- //返回一个自定义数据库获取用户权限的实现
- @Autowired
- public UserDetailsServiceImpl userDetailsService;
-
- //认证服务器 配置用户认证
- @Override
- protected void configure(AuthenticationManagerBuilder auth) throws Exception {
- auth.userDetailsService(userDetailsService);
- // auth.inMemoryAuthentication()
- // //注意roles authorities 在后面的才会生效。
- // //.roles("r1","r2").authorities("r3","r4") roles无效 authorities有效
- // //两种选一种
- // //一般我们简单系统只需根据authorities权限配置就行
- // .withUser("admin").password(passwordEncoder().encode("123456")).roles("r1","r2").authorities("r3","r4")
- // .and()
- // .withUser("user").password(passwordEncoder().encode("123456")).authorities("r3","r4").roles("r1","r2")
- // ;
- }
每次获取token时,都会进入自定义实现从数据库获取权限
http://client:secret@localhost:10101/oauth/token
10 @PreAuthorize开启注解
10.1 引入spring-boot-starter-aop或者aspectjweaver
项目中已经引入spring-boot-starter-web,不用再引入spring-boot-starter-aop或者aspectjweaver。只需修改yml。
10.2 修改yml
如果已经引入spring-boot-starter-web或spring-boot-starter-aop,需要配置aop.auto = true。aspectjweaver不需要修改。
- spring:
- aop:
- auto: true
10.3 ResourceServerConfiguration修改
添加@EnableGlobalMethodSecurity(prePostEnabled = true),注释http安全里面权限验证。
- @Configuration
- @EnableResourceServer
- @EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true, jsr250Enabled = true)
- public class ResourceServerConfiguration extends ResourceServerConfigurerAdapter {
-
- @Override
- public void configure(HttpSecurity http) throws Exception {
- http
- .exceptionHandling()
- .and()
- .csrf().disable() //打开的csrf保护
- .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)//禁用session
- .and()
- .authorizeRequests()
- // 以下为配置所需保护的资源路径及权限,需要与认证服务器配置的授权部分对应
- // 此处r1 r2 使用角色 r3 r4 使用权限
- // 验证WebSecurityConfiguration roles authorities 在后面的才会生效。
- // roles("r1","r2").authorities("r3","r4") roles无效 authorities有效
- // .antMatchers("/r1").hasAnyRole("r1")
- // .antMatchers("/r2").hasAnyRole("r2")
- // .antMatchers("/r3").hasAnyAuthority("r3")
- // .antMatchers("/r4").hasAnyAuthority("r4")
- .antMatchers("/**").permitAll()
- ;
- }
10.4 TbContentController修改
在具体方法添加@PreAuthorize("hasAnyAuthority('r5')")注解
10.5 测试
r4可以访问,r5不能访问
11 JWT令牌配置
11.1 pom.xml修改
资源服务器必须引入
- <dependency>
- <groupId>org.springframework.boot</groupId>
- <artifactId>spring-boot-starter-aop</artifactId>
- </dependency>
11.2 添加tokenConfig
认证服务器和资源服务器都需要
- @Configuration
- public class TokenConfig {
-
- //密钥
- private String SIGNING_KEY = "hlcloud";
-
- @Bean
- public TokenStore tokenStore() {
- //JWT令牌存储方案
- return new JwtTokenStore(accessTokenConverter());
- }
-
- @Bean
- public JwtAccessTokenConverter accessTokenConverter() {
- JwtAccessTokenConverter converter = new JwtAccessTokenConverter();
- converter.setSigningKey(SIGNING_KEY); //对称秘钥,资源服务器使用该秘钥来验证
- return converter;
- }
-
- /* @Bean
- public TokenStore tokenStore() {
- //使用内存存储令牌(普通令牌)
- return new InMemoryTokenStore();
- }*/
- }
11.3 认证服务器修改
AuthorizationServerConfiguration- // //使用内存存储令牌(普通令牌)
- // @Bean
- // public TokenStore tokenStore() {
- // return new InMemoryTokenStore();
- // }
-
- //使用JWT令牌存储方案
- @Autowired
- public TokenStore tokenStore;
-
- //使用jwt令牌转换加密
- @Autowired
- private JwtAccessTokenConverter accessTokenConverter;
-
- //令牌管理服务
- public AuthorizationServerTokenServices tokenService() {
- //刷新refresh_token模式支持
- DefaultTokenServices tokenServices = new DefaultTokenServices();
- //配置令牌
- tokenServices.setTokenStore(tokenStore);
- // access token有效期24个小时
- tokenServices.setAccessTokenValiditySeconds(60*60*24);
- // refresh token有效期3天
- tokenServices.setRefreshTokenValiditySeconds(60*60*24*3);
- // 支持使用refresh token刷新access token
- tokenServices.setSupportRefreshToken(true);
- // 允许重复使用refresh token
- tokenServices.setReuseRefreshToken(false);
-
- //令牌增强 jwt转换
- TokenEnhancerChain tokenEnhancerChain = new TokenEnhancerChain();
- tokenEnhancerChain.setTokenEnhancers(Arrays.asList(accessTokenConverter));
- tokenServices.setTokenEnhancer(tokenEnhancerChain);
-
- return tokenServices;
- }
11.4 资源服务器修改
ResourceServerConfiguration注释远程调用验证token,jwt本地解密验证。- // //资源服务令牌解析服务 配置远程ResourceServerTokenServices后,可不用设置yml远程auth配置
- // @Bean
- // public ResourceServerTokenServices tokenService() {
- // //使用远程服务请求授权服务器校验token,必须指定校验token 的url、client_id,client_secret
- // RemoteTokenServices service=new RemoteTokenServices();
- // service.setCheckTokenEndpointUrl("http://localhost:10101/oauth/check_token");
- // service.setClientId("client");
- // service.setClientSecret("secret");
- // return service;
- // }
11.5 测试
此时看到返回的令牌已经变长
测试资源服务器
12 认证服务JDBC改造
12.1 授权码JDBC改造
- // //设置授权码模式的授权码如何存取,暂时采用内存方式
- // @Bean
- // public AuthorizationCodeServices authorizationCodeServices() {
- // return new InMemoryAuthorizationCodeServices();
- // }
-
- //设置授权码模式的授权码如何存取,暂时采用内存方式
- @Bean
- public AuthorizationCodeServices authorizationCodeServices(DataSource dataSource) {
- return new JdbcAuthorizationCodeServices(dataSource);
- }
-
- @Autowired
- public AuthorizationCodeServices authorizationCodeServices;
12.2 客户端详情JDBC改造
- //将客户端信息存储到数据库
- @Bean
- public JdbcClientDetailsService jdbcClientDetailsService(DataSource dataSource) {
- return new JdbcClientDetailsService(dataSource);
- }
-
- @Autowired
- private JdbcClientDetailsService jdbcClientDetailsService;
-
- //客户端详情服务
- @Override
- public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
- clients.withClientDetails(jdbcClientDetailsService);
- // clients.inMemory()// 使用in-memory存储
- // .withClient("client")// client_id
- // .secret(new BCryptPasswordEncoder().encode("secret"))//客户端密钥
- // .authorizedGrantTypes("authorization_code", "password","client_credentials","implicit","refresh_token")// 该client允许的授权类型authorization_code,password,refresh_token,implicit,client_credentials
- // .scopes("all")// 允许的授权范围
- // .autoApprove(true)//false跳转到授权页面
- // //加上验证回调地址
- // .redirectUris("http://www.baidu.com")
- // ;
- }
12.3 资源服务器ResourceServerConfiguration修改
如果不想使用使用resource_ids,可不用做这一步。添加了resid则需要在数据库里面修改响应字段。
- @Override
- public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
- resources.resourceId("res_id")
- .stateless(true);
- ;
- super.configure(resources);
- }
12.4 相关表结构
oauth_client_details:存储客户端详情
oauth_code:存储授权码
- /*
- Navicat Premium Data Transfer
- Source Server : 127.0.0.1-test
- Source Server Type : MySQL
- Source Server Version : 50731
- Source Host : 127.0.0.1:3306
- Source Schema : oauth2
- Target Server Type : MySQL
- Target Server Version : 50731
- File Encoding : 65001
- Date: 30/09/2020 13:46:39
- */
-
- SET NAMES utf8mb4;
- SET FOREIGN_KEY_CHECKS = 0;
-
- -- ----------------------------
- -- Table structure for oauth_access_token
- -- ----------------------------
- DROP TABLE IF EXISTS `oauth_access_token`;
- CREATE TABLE `oauth_access_token` (
- `token_id` varchar(256) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL,
- `token` blob NULL,
- `authentication_id` varchar(128) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL,
- `user_name` varchar(256) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL,
- `client_id` varchar(256) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL,
- `authentication` blob NULL,
- `refresh_token` varchar(256) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL,
- PRIMARY KEY (`authentication_id`) USING BTREE
- ) ENGINE = InnoDB CHARACTER SET = utf8 COLLATE = utf8_general_ci ROW_FORMAT = Dynamic;
-
- -- ----------------------------
- -- Records of oauth_access_token
- -- ----------------------------
-
- -- ----------------------------
- -- Table structure for oauth_approvals
- -- ----------------------------
- DROP TABLE IF EXISTS `oauth_approvals`;
- CREATE TABLE `oauth_approvals` (
- `userId` varchar(256) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL,
- `clientId` varchar(256) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL,
- `scope` varchar(256) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL,
- `status` varchar(10) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL,
- `expiresAt` timestamp(0) NULL DEFAULT NULL,
- `lastModifiedAt` timestamp(0) NULL DEFAULT NULL
- ) ENGINE = InnoDB CHARACTER SET = utf8 COLLATE = utf8_general_ci ROW_FORMAT = Dynamic;
-
- -- ----------------------------
- -- Records of oauth_approvals
- -- ----------------------------
-
- -- ----------------------------
- -- Table structure for oauth_client_details
- -- ----------------------------
- DROP TABLE IF EXISTS `oauth_client_details`;
- CREATE TABLE `oauth_client_details` (
- `client_id` varchar(128) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL,
- `resource_ids` varchar(256) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL,
- `client_secret` varchar(256) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL,
- `scope` varchar(256) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL,
- `authorized_grant_types` varchar(256) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL,
- `web_server_redirect_uri` varchar(256) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL,
- `authorities` varchar(256) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL,
- `access_token_validity` int(11) NULL DEFAULT NULL,
- `refresh_token_validity` int(11) NULL DEFAULT NULL,
- `additional_information` varchar(4096) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL,
- `autoapprove` varchar(256) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL,
- PRIMARY KEY (`client_id`) USING BTREE
- ) ENGINE = InnoDB CHARACTER SET = utf8 COLLATE = utf8_general_ci ROW_FORMAT = Dynamic;
-
- -- ----------------------------
- -- Records of oauth_client_details
- -- ----------------------------
- INSERT INTO `oauth_client_details` VALUES ('client', 'res_id', '$2a$10$/Sm77HZ5AFy.ZhwnjoIxn.VC7TNrr9/RaXZeYVf7V8mqG9VLrF8jK', 'all', 'authorization_code,password,client_credentials,implicit,refresh_token', 'http://www.baidu.com', NULL, NULL, NULL, NULL, 'true');
-
- -- ----------------------------
- -- Table structure for oauth_client_token
- -- ----------------------------
- DROP TABLE IF EXISTS `oauth_client_token`;
- CREATE TABLE `oauth_client_token` (
- `token_id` varchar(256) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL,
- `token` blob NULL,
- `authentication_id` varchar(128) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL,
- `user_name` varchar(256) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL,
- `client_id` varchar(256) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL,
- PRIMARY KEY (`authentication_id`) USING BTREE
- ) ENGINE = InnoDB CHARACTER SET = utf8 COLLATE = utf8_general_ci ROW_FORMAT = Dynamic;
-
- -- ----------------------------
- -- Records of oauth_client_token
- -- ----------------------------
-
- -- ----------------------------
- -- Table structure for oauth_code
- -- ----------------------------
- DROP TABLE IF EXISTS `oauth_code`;
- CREATE TABLE `oauth_code` (
- `code` varchar(256) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL,
- `authentication` blob NULL
- ) ENGINE = InnoDB CHARACTER SET = utf8 COLLATE = utf8_general_ci ROW_FORMAT = Dynamic;
-
-
- -- ----------------------------
- -- Table structure for oauth_refresh_token
- -- ----------------------------
- DROP TABLE IF EXISTS `oauth_refresh_token`;
- CREATE TABLE `oauth_refresh_token` (
- `token_id` varchar(256) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL,
- `token` blob NULL,
- `authentication` blob NULL
- ) ENGINE = InnoDB CHARACTER SET = utf8 COLLATE = utf8_general_ci ROW_FORMAT = Dynamic;
-
- -- ----------------------------
- -- Records of oauth_refresh_token
- -- ----------------------------
-
- -- ----------------------------
- -- Table structure for tb_permission
- -- ----------------------------
- DROP TABLE IF EXISTS `tb_permission`;
- CREATE TABLE `tb_permission` (
- `id` bigint(20) NOT NULL AUTO_INCREMENT,
- `parent_id` bigint(20) NULL DEFAULT NULL COMMENT '父权限',
- `name` varchar(64) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL COMMENT '权限名称',
- `enname` varchar(64) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL COMMENT '权限英文名称',
- `url` varchar(255) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL COMMENT '授权路径',
- `description` varchar(200) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL COMMENT '备注',
- `created` datetime(0) NOT NULL,
- `updated` datetime(0) NOT NULL,
- PRIMARY KEY (`id`) USING BTREE
- ) ENGINE = InnoDB AUTO_INCREMENT = 49 CHARACTER SET = utf8 COLLATE = utf8_general_ci COMMENT = '权限表' ROW_FORMAT = Dynamic;
-
- -- ----------------------------
- -- Records of tb_permission
- -- ----------------------------
- INSERT INTO `tb_permission` VALUES (37, 0, '系统管理', 'System', '/', NULL, '2019-04-04 23:22:54', '2019-04-04 23:22:56');
- INSERT INTO `tb_permission` VALUES (38, 37, '用户管理', 'SystemUser', '/users/', NULL, '2019-04-04 23:25:31', '2019-04-04 23:25:33');
- INSERT INTO `tb_permission` VALUES (39, 38, '查看用户', 'SystemUserView', '/users/view/**', NULL, '2019-04-04 15:30:30', '2019-04-04 15:30:43');
- INSERT INTO `tb_permission` VALUES (40, 38, '新增用户', 'SystemUserInsert', '/users/insert/**', NULL, '2019-04-04 15:30:31', '2019-04-04 15:30:44');
- INSERT INTO `tb_permission` VALUES (41, 38, '编辑用户', 'SystemUserUpdate', '/users/update/**', NULL, '2019-04-04 15:30:32', '2019-04-04 15:30:45');
- INSERT INTO `tb_permission` VALUES (42, 38, '删除用户', 'SystemUserDelete', '/users/delete/**', NULL, '2019-04-04 15:30:48', '2019-04-04 15:30:45');
- INSERT INTO `tb_permission` VALUES (44, 37, '内容管理', 'resource', '/', NULL, '2019-04-06 18:23:58', '2019-04-06 18:24:00');
- INSERT INTO `tb_permission` VALUES (45, 44, '查看内容', 'r1', '/r1', NULL, '2019-04-06 23:49:39', '2019-04-06 23:49:41');
- INSERT INTO `tb_permission` VALUES (46, 44, '新增内容', 'r2', '/r2', NULL, '2019-04-06 23:51:00', '2019-04-06 23:51:02');
- INSERT INTO `tb_permission` VALUES (47, 44, '编辑内容', 'r3', '/r3', NULL, '2019-04-06 23:51:04', '2019-04-06 23:51:06');
- INSERT INTO `tb_permission` VALUES (48, 44, '删除内容', 'r4', '/r4', NULL, '2019-04-06 23:51:08', '2019-04-06 23:51:10');
-
- -- ----------------------------
- -- Table structure for tb_role
- -- ----------------------------
- DROP TABLE IF EXISTS `tb_role`;
- CREATE TABLE `tb_role` (
- `id` bigint(20) NOT NULL AUTO_INCREMENT,
- `parent_id` bigint(20) NULL DEFAULT NULL COMMENT '父角色',
- `name` varchar(64) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL COMMENT '角色名称',
- `enname` varchar(64) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL COMMENT '角色英文名称',
- `description` varchar(200) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL COMMENT '备注',
- `created` datetime(0) NOT NULL,
- `updated` datetime(0) NOT NULL,
- PRIMARY KEY (`id`) USING BTREE
- ) ENGINE = InnoDB AUTO_INCREMENT = 38 CHARACTER SET = utf8 COLLATE = utf8_general_ci COMMENT = '角色表' ROW_FORMAT = Dynamic;
-
- -- ----------------------------
- -- Records of tb_role
- -- ----------------------------
- INSERT INTO `tb_role` VALUES (37, 0, '超级管理员', 'admin', NULL, '2019-04-04 23:22:03', '2019-04-04 23:22:05');
-
- -- ----------------------------
- -- Table structure for tb_role_permission
- -- ----------------------------
- DROP TABLE IF EXISTS `tb_role_permission`;
- CREATE TABLE `tb_role_permission` (
- `id` bigint(20) NOT NULL AUTO_INCREMENT,
- `role_id` bigint(20) NOT NULL COMMENT '角色 ID',
- `permission_id` bigint(20) NOT NULL COMMENT '权限 ID',
- PRIMARY KEY (`id`) USING BTREE
- ) ENGINE = InnoDB AUTO_INCREMENT = 48 CHARACTER SET = utf8 COLLATE = utf8_general_ci COMMENT = '角色权限表' ROW_FORMAT = Dynamic;
-
- -- ----------------------------
- -- Records of tb_role_permission
- -- ----------------------------
- INSERT INTO `tb_role_permission` VALUES (37, 37, 37);
- INSERT INTO `tb_role_permission` VALUES (38, 37, 38);
- INSERT INTO `tb_role_permission` VALUES (39, 37, 39);
- INSERT INTO `tb_role_permission` VALUES (40, 37, 40);
- INSERT INTO `tb_role_permission` VALUES (41, 37, 41);
- INSERT INTO `tb_role_permission` VALUES (42, 37, 42);
- INSERT INTO `tb_role_permission` VALUES (43, 37, 44);
- INSERT INTO `tb_role_permission` VALUES (44, 37, 45);
- INSERT INTO `tb_role_permission` VALUES (45, 37, 46);
- INSERT INTO `tb_role_permission` VALUES (46, 37, 47);
- INSERT INTO `tb_role_permission` VALUES (47, 37, 48);
-
- -- ----------------------------
- -- Table structure for tb_user
- -- ----------------------------
- DROP TABLE IF EXISTS `tb_user`;
- CREATE TABLE `tb_user` (
- `id` bigint(20) NOT NULL AUTO_INCREMENT,
- `username` varchar(50) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL COMMENT '用户名',
- `password` varchar(64) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL COMMENT '密码,加密存储',
- `phone` varchar(20) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL COMMENT '注册手机号',
- `email` varchar(50) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL COMMENT '注册邮箱',
- `created` datetime(0) NOT NULL,
- `updated` datetime(0) NOT NULL,
- PRIMARY KEY (`id`) USING BTREE,
- UNIQUE INDEX `username`(`username`) USING BTREE,
- UNIQUE INDEX `phone`(`phone`) USING BTREE,
- UNIQUE INDEX `email`(`email`) USING BTREE
- ) ENGINE = InnoDB AUTO_INCREMENT = 38 CHARACTER SET = utf8 COLLATE = utf8_general_ci COMMENT = '用户表' ROW_FORMAT = Dynamic;
-
- -- ----------------------------
- -- Records of tb_user
- -- ----------------------------
- INSERT INTO `tb_user` VALUES (37, 'admin', '$2a$10$9ZhDOBp.sRKat4l14ygu/.LscxrMUcDAfeVOEPiYwbcRkoB09gCmi', '15888888888', 'lee.lusifer@gmail.com', '2019-04-04 23:21:27', '2019-04-04 23:21:29');
-
- -- ----------------------------
- -- Table structure for tb_user_role
- -- ----------------------------
- DROP TABLE IF EXISTS `tb_user_role`;
- CREATE TABLE `tb_user_role` (
- `id` bigint(20) NOT NULL AUTO_INCREMENT,
- `user_id` bigint(20) NOT NULL COMMENT '用户 ID',
- `role_id` bigint(20) NOT NULL COMMENT '角色 ID',
- PRIMARY KEY (`id`) USING BTREE
- ) ENGINE = InnoDB AUTO_INCREMENT = 38 CHARACTER SET = utf8 COLLATE = utf8_general_ci COMMENT = '用户角色表' ROW_FORMAT = Dynamic;
-
- -- ----------------------------
- -- Records of tb_user_role
- -- ----------------------------
- INSERT INTO `tb_user_role` VALUES (37, 37, 37);
-
- SET FOREIGN_KEY_CHECKS = 1;
声明:本文内容由网友自发贡献,不代表【wpsshop博客】立场,版权归原作者所有,本站不承担相应法律责任。如您发现有侵权的内容,请联系我们。转载请注明出处:https://www.wpsshop.cn/w/笔触狂放9/article/detail/84364
推荐阅读
相关标签
