devbox
羊村懒王
这个屌丝很懒,什么也没留下!
关注作者
热门标签
热门文章
当前位置:   article > 正文

springboot 2.1.4 集成Spring Security oauth2 —— 2.3.5.RELEASE,修复各种5.0以上坑..._spring-security-oauth2-2.3.5.release

作者:羊村懒王 | 2024-02-15 09:59:21

spring-security-oauth2-2.3.5.release

oauth2 定义了下面四种授权方式:

  • 授权码模式(authorization code)
  • 简化模式(implicit)
  • 密码模式(resource owner password credentials)
  • 客户端模式(client credentials)

* response_type:表示授权类型,必选项,此处的值固定为"code"

* client_id:表示客户端的ID,必选项

* redirect_uri:表示重定向URI,可选项

* scope:表示申请的权限范围,可选项

* state:表示客户端的当前状态,可以指定任意值,认证服务器会原封不动地返回这个值。

上代码:

  1. package com.oath.config;
  2.  
  3. import org.springframework.beans.factory.annotation.Autowired;
  4. import org.springframework.context.annotation.Configuration;
  5. import org.springframework.http.HttpMethod;
  6. import org.springframework.security.authentication.AuthenticationManager;
  7. import org.springframework.security.core.userdetails.UserDetailsService;
  8. import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
  9. import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
  10. import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
  11. import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
  12. import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
  13. import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;
  14.  
  15. @Configuration
  16. @EnableAuthorizationServer
  17. public class OAuth2ServerConfig extends AuthorizationServerConfigurerAdapter {
  18.  
  19. 	@Autowired
  20. 	private AuthenticationManager authenticationManager;
  21.  
  22. 	@Autowired
  23. 	private BCryptPasswordEncoder bCryptPasswordEncoder;
  24. 	
  25. 	@Autowired
  26. 	private UserDetailsService userDetailsService;
  27.  
  28. 	@Override
  29. 	public void configure(AuthorizationServerSecurityConfigurer oauthServer) throws Exception {
  30. 		oauthServer.realm("oauth2-resources") // code授权添加
  31. 				.tokenKeyAccess("permitAll()").checkTokenAccess("isAuthenticated()") // allow check token
  32. 				.allowFormAuthenticationForClients();
  33. 	}
  34.  
  35. 	@Override
  36. 	public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
  37. 		endpoints.authenticationManager(authenticationManager)
  38. 				// 允许 GET、POST 请求获取 token,即访问端点:oauth/token
  39. 				.allowedTokenEndpointRequestMethods(HttpMethod.GET, HttpMethod.POST);
  40. 		// 要使用refresh_token的话,需要额外配置userDetailsService
  41. 		endpoints.userDetailsService(userDetailsService);
  42. 	}
  43.  
  44. 	@Override
  45. 	public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
  46. 		clients.inMemory().withClient("demoApp").secret(bCryptPasswordEncoder.encode("demoAppSecret"))
  47. 				.redirectUris("http://baidu.com")// code授权添加
  48. 				.authorizedGrantTypes("authorization_code", "client_credentials", "password", "refresh_token")
  49. 				.scopes("all").resourceIds("oauth2-resource").accessTokenValiditySeconds(1200)
  50. 				.refreshTokenValiditySeconds(50000);
  51. 	}
  52.  
  53. }

 

 

资源服务器:

  1. package com.oath.config;
  2.  
  3. import org.springframework.context.annotation.Configuration;
  4. import org.springframework.security.config.annotation.web.builders.HttpSecurity;
  5. import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
  6. import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
  7.  
  8. @Configuration
  9. @EnableResourceServer
  10. public class ResourceServerConfig extends ResourceServerConfigurerAdapter {
  11. 	@Override
  12. 	public void configure(HttpSecurity http) throws Exception {
  13. 		http.requestMatchers().antMatchers("/api/**").and().authorizeRequests().antMatchers("/api/**").authenticated();
  14. 	}
  15. }

安全配置:

  1. package com.oath.config;
  2.  
  3. import org.springframework.context.annotation.Bean;
  4. import org.springframework.security.authentication.AuthenticationManager;
  5. import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
  6. import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
  7. import org.springframework.security.config.annotation.web.builders.HttpSecurity;
  8. import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
  9. import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
  10. import org.springframework.security.core.userdetails.User;
  11. import org.springframework.security.core.userdetails.UserDetailsService;
  12. import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
  13. import org.springframework.security.provisioning.InMemoryUserDetailsManager;
  14.  
  15. @EnableGlobalMethodSecurity(prePostEnabled = true)
  16. @EnableWebSecurity
  17. public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
  18. 	
  19. 	@Bean
  20. 	public BCryptPasswordEncoder passwordEncoder() {
  21. 		return new BCryptPasswordEncoder();
  22. 	}
  23.  
  24.     /**
  25.      * anyRequest          |   匹配所有请求路径
  26.      * access              |   SpringEl表达式结果为true时可以访问
  27.      * anonymous           |   匿名可以访问
  28.      * denyAll             |   用户不能访问
  29.      * fullyAuthenticated  |   用户完全认证可以访问(非remember-me下自动登录)
  30.      * hasAnyAuthority     |   如果有参数,参数表示权限,则其中任何一个权限可以访问
  31.      * hasAnyRole          |   如果有参数,参数表示角色,则其中任何一个角色可以访问
  32.      * hasAuthority        |   如果有参数,参数表示权限,则其权限可以访问
  33.      * hasIpAddress        |   如果有参数,参数表示IP地址,如果用户IP和参数匹配,则可以访问
  34.      * hasRole             |   如果有参数,参数表示角色,则其角色可以访问
  35.      * permitAll           |   用户可以任意访问
  36.      * rememberMe          |   允许通过remember-me登录的用户访问
  37.      * authenticated       |   用户登录后可访问
  38.      */
  39. 	@Override
  40. 	public void configure(HttpSecurity http) throws Exception {
  41. 		http.csrf().disable();
  42. 		http.requestMatchers().antMatchers("/oauth/**", "/login/**", "/logout/**").and().authorizeRequests()
  43. 				.antMatchers("/oauth/**").authenticated().and().formLogin().permitAll();
  44. 	}
  45.  
  46. 	// 配置内存模式的用户
  47. 	@Bean
  48. 	@Override
  49. 	protected UserDetailsService userDetailsService() {
  50. 		InMemoryUserDetailsManager manager = new InMemoryUserDetailsManager();
  51. 		manager.createUser(User.withUsername("demoUser1").password(this.passwordEncoder().encode("123456"))
  52. 				.authorities("USER").build());
  53. 		manager.createUser(User.withUsername("demoUser2").password(this.passwordEncoder().encode("123456"))
  54. 				.authorities("USER").build());
  55. 		return manager;
  56. 	}
  57.  
  58. 	@Override
  59. 	@Bean
  60. 	public AuthenticationManager authenticationManagerBean() throws Exception {
  61. 		return super.authenticationManagerBean();
  62. 	}
  63.  
  64. 	@Override
  65. 	protected void configure(AuthenticationManagerBuilder auth) throws Exception {
  66. 		auth.userDetailsService(userDetailsService()).passwordEncoder(passwordEncoder());
  67. 	}
  68. }

 

测试接口:

  1. package com.oath.controller;
  2.  
  3. import org.springframework.web.bind.annotation.PathVariable;
  4. import org.springframework.web.bind.annotation.RequestMapping;
  5. import org.springframework.web.bind.annotation.RestController;
  6.  
  7. @RestController
  8. @RequestMapping("/api")
  9. public class HelloOath2Controller {
  10. 	@RequestMapping("/hello/{id}")
  11. 	public String helloOath2(@PathVariable long id) {
  12. 		System.out.println("请求的ID编码为:" + id);
  13. 		return "helloOath2";
  14. 	}
  15. }

启动类:

  1. package com.oath;
  2.  
  3. import org.springframework.boot.SpringApplication;
  4. import org.springframework.boot.autoconfigure.SpringBootApplication;
  5.  
  6. @SpringBootApplication
  7. public class SpingbootOath2DemoApplication {
  8.  
  9. 	/**
  10. 	 * *【密码授权模式-client】
  11. 	 * 		密码模式需要参数:username,password,grant_type,client_id,client_secret
  12. 	 * 		http://localhost:8080/oauth/token?username=demoUser1&password=123456&grant_type=password&client_id=demoApp&client_secret=demoAppSecret
  13. 	 * 
  14. 	 * *【客户端授权模式-password】 客户端模式需要参数:grant_type,client_id,client_secret
  15. 	 * 		http://localhost:8080/oauth/token?grant_type=client_credentials&client_id=demoApp&client_secret=demoAppSecret
  16. 	 * 
  17. 	 * *【授权码模式-code】 获取code
  18. 	 * 		http://localhost:8080/oauth/authorize?response_type=code&client_id=demoApp&redirect_uri=http://baidu.com
  19. 	 * 
  20. 	 ** 【通过code】 换token
  21. 	 * 		http://localhost:8080/oauth/token?grant_type=authorization_code&code=Filepd&client_id=demoApp&client_secret=demoAppSecret&redirect_uri=http://baidu.com
  22. 	 * 		这里的code字段是授权码模式中返回的code  例如: https://www.baidu.com/?code=tsuHSh
  23. 	 * 
  24. 	 ** 【通过refresh token】 刷新token
  25. 	 *		http://localhost:8080/oauth/token?grant_type=refresh_token&refresh_token=7ba47059-d853-4050-9c64-69d0cade71a7&client_id=demoApp&client_secret=demoAppSecret
  26. 	 *		其中grant_type为固定值:grant_type=refresh_token    , refresh_token = 通过code获取的token中的refresh_token
  27. 	 *		
  28. 	 */
  29.  
  30. 	public static void main(String[] args) {
  31. 		SpringApplication.run(SpingbootOath2DemoApplication.class, args);
  32. 	}
  33.  
  34. }

POM依赖

  1. <?xml version="1.0" encoding="UTF-8"?>
  2. <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  3. 	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
  4. 	<modelVersion>4.0.0</modelVersion>
  5. 	<parent>
  6. 		<groupId>org.springframework.boot</groupId>
  7. 		<artifactId>spring-boot-starter-parent</artifactId>
  8. 		<version>2.1.4.RELEASE</version>
  9. 		<relativePath/> <!-- lookup parent from repository -->
  10. 	</parent>
  11. 	<groupId>com.oath.demo</groupId>
  12. 	<artifactId>spingboot-oath2-demo</artifactId>
  13. 	<version>0.0.1-SNAPSHOT</version>
  14. 	<name>spingboot-oath2-demo</name>
  15. 	<description>Demo project for Spring Boot</description>
  16.  
  17. 	<properties>
  18. 		<java.version>1.8</java.version>
  19. 	</properties>
  20.  
  21. 	<dependencies>
  22. 		<dependency>
  23. 			<groupId>org.springframework.boot</groupId>
  24. 			<artifactId>spring-boot-starter-web</artifactId>
  25. 		</dependency>
  26. 		
  27. 		<dependency>
  28.             <groupId>org.springframework.security.oauth</groupId>
  29.             <artifactId>spring-security-oauth2</artifactId>
  30.             <version>2.3.5.RELEASE</version>
  31.         </dependency>
  32.         <dependency>
  33.             <groupId>org.springframework.boot</groupId>
  34.             <artifactId>spring-boot-starter-security</artifactId>
  35.         </dependency>
  36.  
  37. 		<dependency>
  38. 			<groupId>org.projectlombok</groupId>
  39. 			<artifactId>lombok</artifactId>
  40. 			<optional>true</optional>
  41. 		</dependency>
  42. 		<dependency>
  43. 			<groupId>org.springframework.boot</groupId>
  44. 			<artifactId>spring-boot-starter-test</artifactId>
  45. 			<scope>test</scope>
  46. 		</dependency>
  47. 	</dependencies>
  48.  
  49. 	<build>
  50. 		<plugins>
  51. 			<plugin>
  52. 				<groupId>org.springframework.boot</groupId>
  53. 				<artifactId>spring-boot-maven-plugin</artifactId>
  54. 			</plugin>
  55. 		</plugins>
  56. 	</build>
  57.  
  58. </project>

 

测试:

  1. 【密码授权模式-client】
  2. 密码模式需要参数:username,password,grant_type,client_id,client_secret
  3. http://localhost:8080/oauth/token?username=demoUser1&password=123456&grant_type=password&client_id=demoApp&client_secret=demoAppSecret
  4.  
  5. 【客户端授权模式-password】
  6. 客户端模式需要参数:grant_type,client_id,client_secret
  7. http://localhost:8080/oauth/token?grant_type=client_credentials&client_id=demoApp&client_secret=demoAppSecret
  8.  
  9. 【授权码模式-code】
  10. 获取code
  11. http://localhost:8080/oauth/authorize?response_type=code&client_id=demoApp&redirect_uri=http://baidu.com
  12.  
  13. 通过code换token(注意:code参数为授权码模式返回的参数)
  14. http://localhost:8080/oauth/token?grant_type=authorization_code&code=Filepd&client_id=demoApp&client_secret=demoAppSecret&redirect_uri=http://baidu.com
  15.  
  16. 【通过refresh token】 刷新token
  17. http://localhost:8080/oauth/token?grant_type=refresh_token&refresh_token=7ba47059-d853-4050-9c64-69d0cade71a7&client_id=demoApp&client_secret=demoAppSecret
  18. 其中grant_type为固定值:grant_type=refresh_token    , refresh_token = 通过code获取的token中的refresh_token
声明:本文内容由网友自发贡献,不代表【wpsshop博客】立场,版权归原作者所有,本站不承担相应法律责任。如您发现有侵权的内容,请联系我们。转载请注明出处:https://www.wpsshop.cn/w/羊村懒王/article/detail/83438
推荐阅读
相关标签

Copyright © 2003-2013 www.wpsshop.cn 版权所有,并保留所有权利。

  

闽ICP备14008679号