- 1echarts 3D环状饼图_echarts 3d环形图
- 2Unity pc端内嵌网页插件Embedded Browser基本使用流程(转载)
- 3Elasticsearch(四)——ES Java API——Http 客户端(简单使用,普通 Http 请求)、低级客户端、高级客户端(索引管理、文档操作(增删改查)、根据条件查询文档)_es api
- 4机器学习 凝聚态物理_机器学习遇到了凝聚的问题
- 52024腾讯云游戏服务器租用多少钱一年?
- 6Elasticsearch:RestHighLevelClient的简单使用
- 7GitHub 优秀的 Android 开源项目_github android慈善开源项目
- 8BatchRendererGroup Shooter Demo 学习记录(一)_unity的batchrenderergroup
- 9web3 :开源区块链浏览器调研
- 10Social network & Social computing(社会网络和社会计算)_社会网络计算技术专业复核
OAuth2实战笔记_oauth2/authorize
赞
踩
1 在父级工程下新建mudule,mudule名称为auth-server
2 在config包下新建两个配置类
OAuth2Config.java
package com.auth.config;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;
import org.springframework.security.oauth2.provider.token.TokenStore;
import org.springframework.security.oauth2.provider.token.store.InMemoryTokenStore;
@Configuration
@EnableAuthorizationServer
public class OAuth2Config extends AuthorizationServerConfigurerAdapter {
@Autowired
private AuthenticationManager authenticationManager;
private static final String CLIENT_ID = "cms";
private static final String SECRET_CHAR_SEQUENCE = "{noop}secret";
private static final String ALL = "all";
private static final int ACCESS_TOKEN_VALIDITY_SECONDS = 30*60;
// 密码模式授权模式
private static final String GRANT_TYPE_PASSWORD = "password";
//授权码模式
private static final String AUTHORIZATION_CODE = "authorization_code";
//简化授权模式
private static final String IMPLICIT = "implicit";
//客户端模式
private static final String CLIENT_CREDENTIALS="client_credentials";
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients
.inMemory()
.withClient(CLIENT_ID)
.secret(SECRET_CHAR_SEQUENCE)
.autoApprove(false)
.redirectUris("http://127.0.0.1:8081/user/login") //重定向uri
.scopes(ALL)
.accessTokenValiditySeconds(ACCESS_TOKEN_VALIDITY_SECONDS)
.authorizedGrantTypes(AUTHORIZATION_CODE, IMPLICIT, GRANT_TYPE_PASSWORD, CLIENT_CREDENTIALS);
}
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
endpoints.authenticationManager(authenticationManager).tokenStore(memoryTokenStore());
}
/**
* 认证服务器的安全配置
*
* @param security
* @throws Exception
*/
@Override
public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
security
// 开启/oauth/check_token验证端口认证权限访问,checkTokenAccess("isAuthenticated()")设置授权访问
.checkTokenAccess("permitAll()")
//允许表单认证
.allowFormAuthenticationForClients();
}
@Bean
public TokenStore memoryTokenStore() {
return new InMemoryTokenStore();
}
}
application.yml配置如下:
server:
port: 8888
spring:
application:
name: auth-server-one
cloud:
nacos:
config:
server-addr: localhost:8848
file-extension: yml
SecurityConfig.java
package com.auth.config;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
@Configuration
@EnableWebSecurity
@Order(1)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception { //auth.inMemoryAuthentication()
auth.inMemoryAuthentication()
.withUser("lxs")
.password("{noop}123") //使用springsecurity5,需要加上{noop}指定使用NoOpPasswordEncoder给DelegatingPasswordEncoder去校验密码
.roles("admin");
}
@Override
public void configure(WebSecurity web) throws Exception {
//解决静态资源被拦截的问题
// web.ignoring().antMatchers("/asserts/**");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.formLogin().permitAll()
.and().logout().logoutUrl("/logout").logoutSuccessUrl("/")
.and().authorizeRequests().antMatchers("/oauth/**", "/login/**", "/logout/**", "/api/**").permitAll()
.anyRequest().authenticated()
// 关闭跨域保护;
.and().csrf().disable();
}
@Bean
@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
}
3 启动nacos,默认端口是8848
在postman中测试四种模式,以下是从postman中导出json文件
{
"info": {
"_postman_id": "0d5da656-39bc-4606-8628-dfd120a77845",
"name": "T31",
"schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json"
},
"item": [
{
"name": "oauth2",
"item": [
{
"name": "授权码模式-获取授权码",
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://localhost:8888/oauth/authorize?client_id=cms&client_secret=secret&response_type=code",
"protocol": "http",
"host": [
"localhost"
],
"port": "8888",
"path": [
"oauth",
"authorize"
],
"query": [
{
"key": "client_id",
"value": "cms"
},
{
"key": "client_secret",
"value": "secret"
},
{
"key": "response_type",
"value": "code"
}
]
}
},
"response": []
},
{
"name": "授权模式-通过授权码获得令牌",
"request": {
"auth": {
"type": "basic",
"basic": [
{
"key": "password",
"value": "secret",
"type": "string"
},
{
"key": "username",
"value": "cms",
"type": "string"
}
]
},
"method": "POST",
"header": [],
"url": {
"raw": "http://localhost:8888/oauth/token?code=Ww8fv7&grant_type=authorization_code&redirect_uri=http://127.0.0.1:8084/cms/login&scope=all",
"protocol": "http",
"host": [
"localhost"
],
"port": "8888",
"path": [
"oauth",
"token"
],
"query": [
{
"key": "code",
"value": "Ww8fv7"
},
{
"key": "grant_type",
"value": "authorization_code"
},
{
"key": "redirect_uri",
"value": "http://127.0.0.1:8084/cms/login"
},
{
"key": "scope",
"value": "all"
}
]
}
},
"response": []
},
{
"name": "访问微服务-access_token",
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://localhost:8084/cms/index?access_token=64e77f6b-7cf9-4300-9dcc-eec0695e5756",
"protocol": "http",
"host": [
"localhost"
],
"port": "8084",
"path": [
"cms",
"index"
],
"query": [
{
"key": "access_token",
"value": "64e77f6b-7cf9-4300-9dcc-eec0695e5756"
}
]
}
},
"response": []
},
{
"name": "访问微服务-bearer",
"request": {
"auth": {
"type": "bearer",
"bearer": [
{
"key": "token",
"value": "222490ef-e832-4b84-a893-e9c7403cccb6",
"type": "string"
}
]
},
"method": "GET",
"header": [],
"url": {
"raw": "http://localhost:8084/cms/index",
"protocol": "http",
"host": [
"localhost"
],
"port": "8084",
"path": [
"cms",
"index"
]
}
},
"response": []
},
{
"name": "getCurrent-获得身份认证",
"request": {
"auth": {
"type": "bearer",
"bearer": [
{
"key": "token",
"value": "300d374b-635c-43b8-a11a-0ab64af70b5f",
"type": "string"
}
]
},
"method": "GET",
"header": [],
"url": {
"raw": "http://localhost:8084/cms/getCurrentUser",
"protocol": "http",
"host": [
"localhost"
],
"port": "8084",
"path": [
"cms",
"getCurrentUser"
],
"query": [
{
"key": "access_token",
"value": "300d374b-635c-43b8-a11a-0ab64af70b5f",
"disabled": true
}
]
}
},
"response": []
},
{
"name": "密码模式-获得token",
"request": {
"auth": {
"type": "basic",
"basic": [
{
"key": "username",
"value": "cms",
"type": "string"
},
{
"key": "password",
"value": "secret",
"type": "string"
}
]
},
"method": "POST",
"header": [],
"url": {
"raw": "http://localhost:8888/oauth/token?password=123&grant_type=password&username=lxs&scope=all",
"protocol": "http",
"host": [
"localhost"
],
"port": "8888",
"path": [
"oauth",
"token"
],
"query": [
{
"key": "password",
"value": "123"
},
{
"key": "grant_type",
"value": "password"
},
{
"key": "username",
"value": "lxs"
},
{
"key": "scope",
"value": "all"
}
]
}
},
"response": []
},
{
"name": "简化模式-获得token",
"request": {
"auth": {
"type": "noauth"
},
"method": "GET",
"header": [],
"url": {
"raw": "http://localhost:8888/oauth/authorize?client_id=cms&redirect_uri=http://127.0.0.1:8084/cms/login&response_type=token&scope=all",
"protocol": "http",
"host": [
"localhost"
],
"port": "8888",
"path": [
"oauth",
"authorize"
],
"query": [
{
"key": "client_id",
"value": "cms"
},
{
"key": "redirect_uri",
"value": "http://127.0.0.1:8084/cms/login"
},
{
"key": "response_type",
"value": "token"
},
{
"key": "scope",
"value": "all"
}
]
}
},
"response": []
},
{
"name": "授权模式-客户端模式",
"request": {
"auth": {
"type": "noauth"
},
"method": "POST",
"header": [],
"url": {
"raw": "http://localhost:8888/oauth/token?client_id=cms&client_secret=secret&grant_type=client_credentials&scope=all",
"protocol": "http",
"host": [
"localhost"
],
"port": "8888",
"path": [
"oauth",
"token"
],
"query": [
{
"key": "client_id",
"value": "cms"
},
{
"key": "client_secret",
"value": "secret"
},
{
"key": "grant_type",
"value": "client_credentials"
},
{
"key": "scope",
"value": "all"
}
]
}
},
"response": []
},
{
"name": "验证令牌",
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://localhost:8888/oauth/check_token?token=66b05a2e-c277-4fab-81d3-aee74635c2fd",
"protocol": "http",
"host": [
"localhost"
],
"port": "8888",
"path": [
"oauth",
"check_token"
],
"query": [
{
"key": "token",
"value": "66b05a2e-c277-4fab-81d3-aee74635c2fd"
}
]
}
},
"response": []
}
]
},
{
"name": "1-密码模式-获得token",
"request": {
"auth": {
"type": "basic",
"basic": [
{
"key": "password",
"value": "123456",
"type": "string"
},
{
"key": "username",
"value": "client",
"type": "string"
}
]
},
"method": "POST",
"header": [],
"url": {
"raw": "http://localhost:9098/oauth/token?password=admin&grant_type=password&username=liuguoliang&scope=read",
"protocol": "http",
"host": [
"localhost"
],
"port": "9098",
"path": [
"oauth",
"token"
],
"query": [
{
"key": "password",
"value": "admin"
},
{
"key": "grant_type",
"value": "password"
},
{
"key": "username",
"value": "liuguoliang"
},
{
"key": "scope",
"value": "read"
}
]
}
},
"response": []
},
{
"name": "2-授权测试-order",
"request": {
"auth": {
"type": "bearer",
"bearer": [
{
"key": "token",
"value": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE2MzY2MTkzMzQsInVzZXJfbmFtZSI6ImxpdWd1b2xpYW5nIiwianRpIjoiMjJjYzIyOWQtZDRjZS00NWY1LTkyOGUtOWRkZTc1YjA1ZGNiIiwiY2xpZW50X2lkIjoiY2xpZW50Iiwic2NvcGUiOlsicmVhZCJdfQ.mXpIMRJYx08VmD7OHpdAEtEWNwLuMPH5n4DcF11NBbr6-VkWdDrmXt1axakhKdtJlZTSis-Rslq0bO4m3aH4QxMT2kAaizxRfPTSDu-vPwNkZPI5XmNCAAm_iuC559Z2ew8EEfQ8tMDP8sWWMjeOELj_0nutBa5NdOWUJEsEaVocRKeau6Hht9KXMsDM1cVmgdPbRCX8eGkvVJuXwaWrXuTPbBHhFpVG6flZGH86N_kFcGHehDPkqB-JdUe3EE9X2aroXuluAbSu6YVqEr4QtFaPR2YZ_m_rdEZuJ4Z1oHWXMN2mbqOj1tzkkBaDDEzIADxEHNu_uuNsW7jRJpiSrw",
"type": "string"
}
]
},
"method": "GET",
"header": [],
"url": {
"raw": "http://localhost:9001/order/123",
"protocol": "http",
"host": [
"localhost"
],
"port": "9001",
"path": [
"order",
"123"
]
}
},
"response": []
},
{
"name": "3-授权测试-admin",
"request": {
"auth": {
"type": "bearer",
"bearer": [
{
"key": "token",
"value": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE2MzY2MTkyODksInVzZXJfbmFtZSI6ImFkbWluIiwiYXV0aG9yaXRpZXMiOlsiUk9MRV9BRE1JTiJdLCJqdGkiOiJjMTMzMDMzZS1jNTg4LTRmZTQtOTFiZC0yOTQzZjVjNTNhMDAiLCJjbGllbnRfaWQiOiJjbGllbnQiLCJzY29wZSI6WyJyZWFkIl19.CVjqhtBWDyYVy6nVc-fGmRpF78I9qD-RtQh6aEZFMmD9AMnjPMdBSSWoQAaH3DLjEBoKKIPVglZfRKz9pdI2KWB3_sDoDvmXiDKsuaFMV2KrBe_YF0Dh6ll_qf6DcKZVeeG4O4lr2ENeDPROOP6ArUnrSxxPSxuyeQgZNDLj7WpMH4uKpAjNippSQ-qItuHXFPQpKhm-6DPzrdoxR778IavVYcQ7rQXmGC-3Ur74X-hdlU1pIAvMp36qMgxUmLdRPVm7d7b9mCgTf7IaWZWz2RvTdbZFAkud85Sy5MQuY8DiGT46wNcRj_ivKToyNVd9ApvxiIhzxEv5Lyxdf_0Ecg",
"type": "string"
}
]
},
"method": "GET",
"header": [],
"url": {
"raw": "http://localhost:9001/admin/123",
"protocol": "http",
"host": [
"localhost"
],
"port": "9001",
"path": [
"admin",
"123"
]
}
},
"response": []
},
{
"name": "4-授权测试-hello",
"request": {
"auth": {
"type": "bearer",
"bearer": [
{
"key": "token",
"value": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE2MzY2MTkzMzQsInVzZXJfbmFtZSI6ImxpdWd1b2xpYW5nIiwianRpIjoiMjJjYzIyOWQtZDRjZS00NWY1LTkyOGUtOWRkZTc1YjA1ZGNiIiwiY2xpZW50X2lkIjoiY2xpZW50Iiwic2NvcGUiOlsicmVhZCJdfQ.mXpIMRJYx08VmD7OHpdAEtEWNwLuMPH5n4DcF11NBbr6-VkWdDrmXt1axakhKdtJlZTSis-Rslq0bO4m3aH4QxMT2kAaizxRfPTSDu-vPwNkZPI5XmNCAAm_iuC559Z2ew8EEfQ8tMDP8sWWMjeOELj_0nutBa5NdOWUJEsEaVocRKeau6Hht9KXMsDM1cVmgdPbRCX8eGkvVJuXwaWrXuTPbBHhFpVG6flZGH86N_kFcGHehDPkqB-JdUe3EE9X2aroXuluAbSu6YVqEr4QtFaPR2YZ_m_rdEZuJ4Z1oHWXMN2mbqOj1tzkkBaDDEzIADxEHNu_uuNsW7jRJpiSrw",
"type": "string"
}
]
},
"method": "GET",
"header": [],
"url": {
"raw": "http://localhost:9001/hello",
"protocol": "http",
"host": [
"localhost"
],
"port": "9001",
"path": [
"hello"
]
}
},
"response": []
},
{
"name": "5-授权测试-获得登录用户",
"request": {
"auth": {
"type": "bearer",
"bearer": [
{
"key": "token",
"value": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE2MzY2MTkyODksInVzZXJfbmFtZSI6ImFkbWluIiwiYXV0aG9yaXRpZXMiOlsiUk9MRV9BRE1JTiJdLCJqdGkiOiJjMTMzMDMzZS1jNTg4LTRmZTQtOTFiZC0yOTQzZjVjNTNhMDAiLCJjbGllbnRfaWQiOiJjbGllbnQiLCJzY29wZSI6WyJyZWFkIl19.CVjqhtBWDyYVy6nVc-fGmRpF78I9qD-RtQh6aEZFMmD9AMnjPMdBSSWoQAaH3DLjEBoKKIPVglZfRKz9pdI2KWB3_sDoDvmXiDKsuaFMV2KrBe_YF0Dh6ll_qf6DcKZVeeG4O4lr2ENeDPROOP6ArUnrSxxPSxuyeQgZNDLj7WpMH4uKpAjNippSQ-qItuHXFPQpKhm-6DPzrdoxR778IavVYcQ7rQXmGC-3Ur74X-hdlU1pIAvMp36qMgxUmLdRPVm7d7b9mCgTf7IaWZWz2RvTdbZFAkud85Sy5MQuY8DiGT46wNcRj_ivKToyNVd9ApvxiIhzxEv5Lyxdf_0Ecg",
"type": "string"
}
]
},
"method": "GET",
"header": [],
"url": {
"raw": "http://localhost:9001/principle",
"protocol": "http",
"host": [
"localhost"
],
"port": "9001",
"path": [
"principle"
]
}
},
"response": []
},
{
"name": "6-登录-获得token",
"request": {
"auth": {
"type": "noauth"
},
"method": "POST",
"header": [],
"url": {
"raw": "http://localhost:9001/user/login?username=malong&password=admin",
"protocol": "http",
"host": [
"localhost"
],
"port": "9001",
"path": [
"user",
"login"
],
"query": [
{
"key": "username",
"value": "malong"
},
{
"key": "password",
"value": "admin"
}
]
}
},
"response": []
}
]
}
- 一,认证服务器端:Maven依赖
[详细] -->赞
踩
