.NET 6 OAuth2.0 IdentityServer4 4.X PasswordToken(创建Token) RefreshToken(刷新Token) RevokeToken(撤销Token

已于 2023-02-14 10:20:38 修改
阅读量4.4k 收藏 5
点赞数
分类专栏: .NET Core 文章标签: .netcore .net microsoft
于 2021-11-16 11:25:19 首次发布
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/KingCruel/article/details/121352066
版权

.NET Core OAuth IdentityServer4 AllowAnonymous Policy 白名单 .NET 5 IdentityServer4 4.X版本
jwt.io
最小 API 概述
使用 ASP.NET Core 创建最小 Web API
IdentityServer4 1.0.0 documentation 官网 
Token Endpoint 
    Requesting a token 
    Requesting a token using the client_credentials  Grant Type 
    Requesting a token using the password  Grant Type 
    Requesting a token using the authorization_code Grant Type 
    Requesting a token using the refresh_token Grant Type 
    Requesting a Device Token 
Token Introspection Endpoint 
Token Revocation Endpoint 
UserInfo Endpoint 

1、Program.cs

using AuthService;
using AuthService.CoreLibrary;
using AuthService.Filters;
using System.Data;
using System.Data.SqlClient;

var builder = WebApplication.CreateBuilder(args);

// Add services to the container.
var connectionString = builder.Configuration.GetConnectionString("DefaultConnection");

string[] address = builder.Configuration["AppSettings:CorsAddress"].Split(',');
string[] port = builder.Configuration["AppSettings:CorsPort"].Split(',');

builder.Services.Configure<RedisOptions>(builder.Configuration.GetSection("RedisOptions"));
RedisOptions redisOptions = new RedisOptions();
builder.Configuration.Bind("RedisOptions", redisOptions);
string host = redisOptions.Host;
string port = redisOptions.Port;

//加载自定义配置文件
var config = builder.Host.ConfigureAppConfiguration((hostingContext, config) =>
{
    config.AddJsonFile("CustomConfig.json", optional: true, reloadOnChange: true);
});
//读取 CustomConfig.json 文件 SmtpServer 配置项
var smtp = builder.Configuration["SmtpServer"];

#region 数据库 EF Core
builder.Services.AddDbContext<AssetDbContext>(options =>
  options.UseSqlServer(builder.Configuration.GetConnectionString("DefaultConnection")));
#endregion

#region 数据库 Dapper
string dbType = builder.Configuration["DbSql:DbType"];
switch (dbType)
{
    case "SqlServer":
        //builder.Services.AddSingleton(builder.Configuration.GetConnectionString("DefaultConnection"));
        builder.Services.AddSingleton(builder.Configuration["DbSql:SqlServerConnection"]);
        break;
    default:
        break;
}

builder.Services.AddSingleton<IDbConnection, SqlConnection>();
builder.Services.AddSingleton<IUserRepository, UserRepository>();
builder.Services.AddSingleton<IUserLogRepository, UserLogRepository>();
builder.Services.AddSingleton<ILogUserLoginRepository, LogUserLoginRepository>();
#endregion

#region
builder.Services.AddIdentityServer(options => { })
    .AddDeveloperSigningCredential()
    .AddInMemoryClients(AuthService.Security.Clients.GetClients())
    .AddInMemoryIdentityResources(AuthService.Security.IdentityConfig.GetIdentityResources())
    .AddInMemoryApiResources(AuthService.Security.IdentityConfig.GetResources())
#region ids4 4.X 新特性 
    .AddInMemoryApiScopes(AuthService.Security.IdentityConfig.GetScopes())
    //.AddInMemoryApiScopes(Security.IdentityConfig.ApiScopes)
#endregion
    .AddProfileService<AuthService.Security.ProfileService>()
    .AddResourceOwnerValidator<AuthService.Security.ResourceOwnerPasswordValidator>();
#endregion

builder.Services.AddControllers();
// Learn more about configuring Swagger/OpenAPI at https://aka.ms/aspnetcore/swashbuckle
builder.Services.AddEndpointsApiExplorer();
builder.Services.AddSwaggerGen();

#region 跨域访问
string AllowSpecificOrigins = "AllowSpecificOrigins";
var urls = StringPlus.GetCors(address, port);
builder.Services.AddCors(options =>
{
    options.AddPolicy(AllowSpecificOrigins, builder =>
    {
        builder.WithOrigins(urls).AllowAnyMethod().AllowAnyHeader().AllowCredentials();
    });
});
#endregion

builder.Services.AddControllers(options =>
{
    options.Filters.Add(typeof(CustomExceptionFilter));
});

var app = builder.Build();

// Configure the HTTP request pipeline.
if (app.Environment.IsDevelopment())
{
    app.UseSwagger();
    app.UseSwaggerUI();
}

var summaries = new[]
{
    "Freezing", "Bracing", "Chilly", "Cool", "Mild", "Warm", "Balmy", "Hot", "Sweltering", "Scorching"
};

app.MapGet("/", () => "Hello World!");

app.MapGet("/api/users/{text}", (string text) => $"{text}");

app.MapGet("/GetData", (IUserRepository userRep) => 
{
    return userRep.GetList();
})
.WithName("GetData");

app.MapGet("/api/users/{userId}/books/{bookId}", (int userId, int bookId) => new
{
    code = 200,
    data = new
    {
        user = userId,
        book = bookId
    },
    message = ""
});

app.MapGet("/api/weatherforecast", () =>
{
    var forecast = Enumerable.Range(1, 5).Select(index => new WeatherForecast
    (
        DateTime.Now.AddDays(index),
        Random.Shared.Next(-20, 55),
        summaries[Random.Shared.Next(summaries.Length)]
    )).ToArray();
    return forecast;
})
.WithName("GetWeatherForecast");

app.UseHttpsRedirection();

app.UseIdentityServer();
app.UseRouting();

app.UseCors(AllowSpecificOrigins);
app.UseEndpoints(endpoints =>
{
    endpoints.MapControllers();
});

app.Run();

internal record WeatherForecast(DateTime Date, int TemperatureC, string? Summary)
{
    public int TemperatureF => 32 + (int)(TemperatureC / 0.5556);
}

2、StringPlus.cs

using System.Text;

namespace AuthService.CoreLibrary
{
    public class StringPlus
    {
        public static string[] StringToStrArray(string str)
        {
            string[] strArray = null;
            if (!string.IsNullOrEmpty(str))
            {
                strArray = str.Split(',');
            }
            return strArray;
        }

        public static string[] GetCors(string[] address, string[] port)
        {
            string[] array = null;
            if (address != null && port != null)
            {
                StringBuilder cors = new StringBuilder();
                for (int i = 0; i <= address.Length - 1; i++)
                {
                    for (int j = 0; j <= port.Length - 1; j++)
                        cors.Append($"{address[i]}:{port[j]},");
                }
                string url = cors.ToString();
                if (!string.IsNullOrEmpty(url))
                    array = StringToStrArray(url.Substring(0, url.LastIndexOf(",")));
            }
            return array;
        }
    }
}

3、RedisOptions.cs

public class RedisOptions
{
    public string Host { get; set; }
    public string Port { get; set; }
}

4、appsettings.json【注意:TrustServerCertificate=true】

{
  "Logging": {
    "LogLevel": {
      "Default": "Information",
      "Microsoft.AspNetCore": "Warning"
    }
  },
  "AllowedHosts": "*",
  "ConnectionStrings": {
    "Default": "data source=192.168.159.130;initial catalog=dbTest;user id=sa;password=000000;TrustServerCertificate=true;"
  }
}

5、.NET 5 IdentityServer4 4.X版本配置【\AuthService\Security\IdentityConfig.cs】

using AuthService.CoreLibrary;
using IdentityServer4.Models;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Threading.Tasks;
 
namespace AuthService.Security
{
  public class IdentityConfig
  {
    public static IEnumerable<ApiResource> GetResources()
    {
      return new List<ApiResource>
      {
        new ApiResource(ConfigManager.Configuration["IdentityAuthentication:Scope"],ConfigManager.Configuration["IdentityAuthentication:ClientName"])
        {
          #region ids4 4.X 新特性
          Scopes = { "Asset",ConfigManager.Configuration["IdentityAuthentication:Scope"]},
          #endregion
          ApiSecrets = { new Secret(ConfigManager.Configuration["IdentityAuthentication:Secret"].Sha256()) }
        }
      };
    }
 
    public static IEnumerable<IdentityResource> GetIdentityResources()
    {
      return new IdentityResource[]
      {
        new IdentityResources.OpenId(),
        new IdentityResources.Profile(),
      };
    }
 
    /// <summary>
    /// ids4 4.X 新特性
    /// </summary>
    /// <returns></returns>
    public static IEnumerable<ApiScope> GetScopes()
    {
      return new ApiScope[]
      {
        new ApiScope("Asset"),
        new ApiScope(ConfigManager.Configuration["IdentityAuthentication:Scope"]),
      };
    }
 
    /// <summary>
    /// ids4 4.X 新特性
    /// </summary>
    public static IEnumerable<ApiScope> ApiScopes =>
      new ApiScope[]
      {
        new ApiScope("Asset"),
        new ApiScope(ConfigManager.Configuration["IdentityAuthentication:Scope"]),
      };
  }
}

6、Controller
RequestPasswordTokenAsync:创建Token
RequestRefreshTokenAsync:刷新Token
RevokeTokenAsync:撤销Token

using AutoMapper;
using Azure.Core;
using IdentityModel.Client;
using Microsoft.AspNetCore.Authentication;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Mvc.ApplicationModels;
using Microsoft.IdentityModel.Tokens;
using Newtonsoft.Json;
using Newtonsoft.Json.Linq;
using System;
using System.IdentityModel.Tokens.Jwt;
using System.Net.Http;
using System.Security.Claims;
using System.Text;
using static IdentityModel.OidcConstants;

namespace WebAPI.Controllers
{
    /// <summary>
    /// 
    /// </summary>
    [Route("api/passport/[action]")]
    public class PassportController : ControllerBase
    {
        private readonly string url = string.Empty;

        private readonly IUserRepository _userRepo;
        private readonly IConfiguration _configuration;
        private readonly IHttpClientHelper _client;
        private readonly MsgResult _msgResult;
        private readonly IMapper _mapper;
        private readonly ILogger _logger;

        /// <summary>
        /// 
        /// </summary>
        /// <param name="userRepo"></param>
        /// <param name="configuration"></param>
        /// <param name="client"></param>
        /// <param name="msgResult"></param>
        /// <param name="mapper"></param>
        /// <param name="logger"></param>
        public PassportController(IUserRepository userRepo, IConfiguration configuration, IHttpClientHelper client, MsgResult msgResult, IMapper mapper, ILogger<PassportController> logger)
        {
            _userRepo = userRepo;
            _configuration = configuration;
            _client = client;
            _msgResult = msgResult;
            _mapper = mapper;
            _logger = logger;
            url = _configuration["IdentityAuthentication:Authority"]!;
        }

        /// <summary>
        /// 登录
        /// </summary>
        /// <param name="request"></param>
        /// <returns></returns>
        [HttpPost]
        [AllowAnonymous]
        public async Task<MsgResult> Login([FromBody] LoginRequest request)
        {
            #region token
            //Dictionary<string, string> parm = new Dictionary<string, string>();
            //parm.Add("grant_type", "password");
            //parm.Add("client_Id", _configuration["IdentityAuthentication:ApiName"]!);
            //parm.Add("client_secret", _configuration["IdentityAuthentication:ApiSecret"]!);
            //parm.Add("username", request.user_name);
            //parm.Add("password", request.password);
            //parm.Add("user_type", "Admin");
            //parm.Add("scope", $"{_configuration["IdentityAuthentication:ApiName"]} openid offline_access");

            //string tokenJson = await _client.PostAsync($"{url}/connect/token", StringPlus.DictionaryToString(parm), "application/x-www-form-urlencoded");
            //TokenDto token = JsonConvert.DeserializeObject<TokenDto>(tokenJson);
            //if (token != null)
            //{
            //    _msgResult.code = token.code;
            //    _msgResult.data = token;
            //    _msgResult.message = token.message;
            //}
            #endregion

            #region
            IdentityModel.Client.TokenResponse tokenRes = await new HttpClient().RequestPasswordTokenAsync(new PasswordTokenRequest
            {
                Address = $"{url}/connect/token",
                GrantType = "password",
                ClientId = _configuration["IdentityAuthentication:ApiName"]!,
                ClientSecret = _configuration["IdentityAuthentication:ApiSecret"]!,
                UserName = request.user_name,
                Password = request.password,
                Scope = $"{_configuration["IdentityAuthentication:ApiName"]} openid offline_access",
                Parameters = new Dictionary<string, string>()
                {
                    { "user_type","Admin"}
                }
            });

            if (tokenRes != null)
            {
                _msgResult.code = 1;
                _msgResult.data = tokenRes.Json;
                _msgResult.message = "";
            }
            #endregion

            return _msgResult;
        }

        /// <summary>
        /// 刷新token
        /// </summary>
        /// <returns></returns>
        [AllowAnonymous]
        [HttpPost]
        public async Task<MsgResult> RefreshToken([FromBody] QualityControl.Models.RefreshTokenRequest request)
        {
            #region
            //Dictionary<string, string> parm = new Dictionary<string, string>();
            //parm.Add("grant_type", "refresh_token");
            //parm.Add("client_Id", _configuration["IdentityAuthentication:ApiName"]!);
            //parm.Add("client_secret", _configuration["IdentityAuthentication:ApiSecret"]!);
            //parm.Add("refresh_token", request.refresh_token);

            //string tokenJson = await _client.PostAsync($"{url}/connect/token", StringPlus.DictionaryToString(parm), "application/x-www-form-urlencoded");
            //TokenDto token = JsonConvert.DeserializeObject<TokenDto>(tokenJson);

            //if (token != null)
            //{
            //    _msgResult.code = token.code;
            //    _msgResult.data = token;
            //    _msgResult.message = token.message;
            //}
            #endregion

            #region
            IdentityModel.Client.TokenResponse tokenRes = await new HttpClient().RequestRefreshTokenAsync(new IdentityModel.Client.RefreshTokenRequest
            {
                Address = $"{url}/connect/token",
                RefreshToken = request.refresh_token,
                GrantType = "refresh_token",
                ClientId = _configuration["IdentityAuthentication:ApiName"]!,
                ClientSecret = _configuration["IdentityAuthentication:ApiSecret"]!,
            });

            if (tokenRes != null)
            {
                _msgResult.code = 1;
                _msgResult.data = tokenRes.Json;
                _msgResult.message = "";
            }
            #endregion

            return _msgResult;
        }

        /// <summary>
        /// 退出
        /// </summary>
        /// <returns></returns>
        [AllowAnonymous]
        [HttpPost()]
        public async Task<MsgResult> Logout()
        {
            string token = HttpContext.Request.Headers["Authorization"].ToString().Replace("bearer ", "").Replace("Bearer ", "");
            HttpClient client = new HttpClient();
            await client.RevokeTokenAsync(new TokenRevocationRequest
            {
                Address = $"{url}/connect/revocation",
                ClientId = _configuration["IdentityAuthentication:ApiName"]!,
                ClientSecret = _configuration["IdentityAuthentication:ApiSecret"]!,
                Token = token,
            });

            _msgResult.code = 1;
            _msgResult.message = "退出成功";

            return _msgResult;
        }
    }
}

*
*
*

KingCruel
关注
  • 0
    点赞
  • 5
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
专栏目录
OAuth2获取token报错invalid stream header
12-14
记一次异常解决:OAuth2获取token...检查需要创建OAuth2的几张表:oauth_access_tokenoauth_approvals、oauth_client_details、oauth_client_tokenoauth_code、oauth_refresh_token 这几张表的字段类型一定要设
HttpClient获取OAuth2.0中的code
09-20
通过httpclient post去获取,response返回码是302,返回的code放在header的... 请求的时候client_id,response_type,redirect_uri,state拼接在url后面,account和password放在body表单(x-www-form-urlencoded)中
[认证授权] 2.OAuth2授权(续) & JWT(JSON Web Token)
weixin_34034261的博客
04-03 196
1 RFC6749还有哪些可以完善的? 1.1 撤销Token 在上篇[认证授权] 1.OAuth2授权 中介绍到了OAuth2可以帮我们解决第三方Client访问受保护资源的问题,但是只提供了如何获得access_token,并未说明怎么来撤销一个access_token。关于这部分OAuth2单独定义了一个RFC7009 - OAuth 2.0 Token Revocation来解决撤销T...
.Net5 WebApi中使用IdentityServer4搭建身份认证中心,以及客户端的身份认证集成,包括token续签(refreshToken)(已在生产中使用)
Ling、bug
05-09 1028
本文内容: 1、使用IdentityServer4搭建身份认证中心服务端; 2、不同客户端接入到身份认证中心实现身份认证; 话不多说,进入正题: 1、使用IdentityServer4搭建身份认证中心服务端; a、使用nuget安装IdentityServer4,不做过多赘述 b、在Startup中注入IdentityServer4: public void ConfigureServicesMain(IServiceCollection services) .
探索ASP.NET Core 6与IdentityServer4:为Angular应用构建安全的OAuth2和OpenID Connect解决方案...
最新发布
gitblog_00084的博客
05-17 281
探索ASP.NET Core 6与IdentityServer4:为Angular应用构建安全的OAuth2和OpenID Connect解决方案 项目地址:https://gitcode.com/damienbod/AspNet6IdentityServer4AngularOidcFlows 在这个数字化时代,安全已经成为任何应用程序的基石。IdentityServer4,作为一款强大的身份验证...
IdentityServer4专题之四:Authorization Endpoint、Token Endpoint、scope、Access Token和Refresh Token、授权服务器发生错误...
weixin_30810239的博客
05-15 640
1.Authorization Endpoint 它是与用户交互的端点,用户在此进行为客户端应用授权的操作,即authorization grant 2.Token Endpoint 端点,就是一个web服务,一个路径,一个uri。客户端应用向Token端点展示它的权限,即展示authrization grant或者refresh token,来获取access token.除了implic...
.Net6 生成Token刷新Token
Oracel 11G安装过程
02-26 4717
.Net6 中如何生成Token并通过refresh_token刷新Token.
NET Core中JWT+OAuth2.0实现SSO,附完整源码(.NET6)
xwnxwn的专栏
10-15 1547
https://www.cnblogs.com/wei325/p/16316004.html
.NET Core中JWT+OAuth2.0实现SSO,附完整源码(.NET6)
weixin_41120428的博客
08-03 833
一、简介 单点登录(SingleSignOn,SSO)指的是在多个应用系统中,只需登录一次,就可以访问其他相互信任的应用系统。JWTJson Web Token,这里不详细描述,简单说是一种认证机制。OAuth2.0OAuth2.0是一个认证流程,一共有四种方式,这里用的是最常用的授权码方式,流程为:1、系统A向认证中心先获取一个授权码code。2、系统A通过授权码code获取 token,refresh_token,expiry_time,scope。token:系统A向认证方获取资源请求时带上的toke
vue下axios拦截器token刷新机制的实例代码
10-15
接下来,`refreshToken`函数是核心,它负责向服务器发送刷新令牌的请求,并更新本地存储的token。如果刷新失败,用户将被重定向到登录页面。 ```javascript // 刷新token function refreshToken(config, token, ...
nodejs实现OAuth2.0授权服务认证
10-18
5. 第三方应用使用这个授权码向服务提供商请求访问令牌(access_token)和刷新令牌(refresh_token)。 6. 服务提供商验证授权码后,返回access_token和可能的refresh_token。 7. 第三方应用使用access_token访问...
Spring Security OAuth 个性化token的使用
08-26
在Spring Security OAuth框架中, tokenOAuth 2.0 协议中的一种机制,用于保护资源服务器的安全。默认情况下,Spring Security OAuth返回的token不包含用户的业务信息,这就会导致系统多次调用,降低系统性能。...
ASP.NETCORE OAuthidentityServer4简单实现
ItDotNet的博客
08-27 272
点我——&gt; ASP.NETCORE OAuthidentityServer4简单实现
图解OAuth 2.0协议族(十):撤销令牌 revoke access token
yunyun1886358的专栏
11-06 1854
OAuth 2.0协议:撤销令牌 revoke access token 此协议支持客户端主动的撤销访问令牌,降低令牌泄露的风险。
.Net6基于IdentityServer4搭建认证授权服务
qq_41974094的博客
05-04 1309
源码地址:https://gitee.com/nzyGetHub/Microservice2.git。至此,基于IdentityServer4的认证授权服务就搭建完成了。该方法用于客户端请求获取Token时校验用户信息是否存在。使用RefreshToken刷新AccessToken。该方法用于将用户的角色信息添加到Token。请求获取AccessToken。.Net6的空项目,引用包源。类,模拟数据库用户信息实体。添加Config配置类。
.NET Core OAuth IdentityServer4 Token AllowAnonymous 刷新token RefreshToken Postman截图
KingCruel的专栏
03-21 4128
身份验证和 ASP.NET Web API 中的授权IdentityServer4 Reference TokenIdentityServer4 1.0.0 documentation(官网) 业务逻辑 ● 搭建 授权服务器 和 资源服务器 ● 给App客户端发放 AppId 和 AppSecret ● 用户向App客户端提供自己的 账号 和 密码 ● App客户端将AppId、AppSe...
Spring Security Oauth2系列(六)
索南杰夕的专栏
06-01 1300
摘要:每次测试和新的需求更改导致发生了bug,我都会持续更新相关系列文章。本文主要讲解前面系列文章的一个bug,当用户登录过后,立即关闭浏览器,反复操作,切记执行退出登录流程,会发生一个问题,登录不上,现在就来解决这个问题吧。直接关闭浏览器导致后续登录不上的原因:speingsecurity oauth2登录流程很重要的一个环节是token的校验,试想这样一个场景,立即登录过后,你的token还在...
html授权码登录,IdentityServer4实现OAuth2.0四种模式之授权码模式
weixin_29000991的博客
06-09 537
授权码模式隐藏码模式最大不同是授权码模式不直接返回token,而是先返回一个授权码,然后再根据这个授权码去请求token。这比隐藏模式更为安全。从应用场景上来区分的话,隐藏模式适应于全前端的应用,授权码模式适用于有后端的应用,因为客户端根据授权码去请求token时是需要把客户端密码转进来的,为了避免客户端密码被暴露,所以请求token这个过程需要放在后台。一,服务端配置1,添加客户端新建一个支持授...
net6 swagger与IdentityServer集成登录验证,完美解决调试、部署等问题
mansai的专栏
03-05 1696
网上很多教程的结果是这样的,用postman获取token,再复制到下图value进行登录,这样的方式感觉有点呆。 理想的状态是跳到登录界面,实现集成登录验证,如图 自动跳转到登录界面 登录后再自动跳转到swgger 实现步骤 1、NuGet包添加Swashbuckle.AspNetCore 自定义鉴权中间件SetupAuthenticationMiddleware using Microsoft.AspNetCore.Authentication.JwtBea.
springboot整合springsecurity+oauth2.0实现token认证
07-08
嗨!关于Spring Boot整合Spring Security和OAuth2.0实现token认证,你可以按照以下步骤进行操作: 1. 添加依赖:在你的Spring Boot项目的pom.xml文件中,添加Spring Security和OAuth2.0相关的依赖。 ```xml <dependencies> <!-- Spring Security --> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-security</artifactId> </dependency> <!-- Spring Security OAuth2 --> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-oauth2-client</artifactId> </dependency> </dependencies> ``` 2. 配置Spring Security:创建一个继承自WebSecurityConfigurerAdapter的配置类,并重写configure方法来配置Spring Security的行为。 ```java @Configuration @EnableWebSecurity public class SecurityConfig extends WebSecurityConfigurerAdapter { @Override protected void configure(HttpSecurity http) throws Exception { http .authorizeRequests() .antMatchers("/oauth2/**", "/login/**", "/logout/**") .permitAll() .anyRequest() .authenticated() .and() .oauth2Login() .loginPage("/login") .and() .logout() .logoutSuccessUrl("/") .invalidateHttpSession(true) .clearAuthentication(true) .deleteCookies("JSESSIONID"); } } ``` 在上述配置中,我们允许访问一些特定的URL(如/oauth2/**,/login/**和/logout/**),并保护所有其他URL。我们还设置了自定义的登录页面和注销成功后的跳转页面。 3. 配置OAuth2.0:创建一个继承自AuthorizationServerConfigurerAdapter的配置类,并重写configure方法来配置OAuth2.0的行为。 ```java @Configuration @EnableAuthorizationServer public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter { @Autowired private AuthenticationManager authenticationManager; @Override public void configure(ClientDetailsServiceConfigurer clients) throws Exception { clients .inMemory() .withClient("client_id") .secret("client_secret") .authorizedGrantTypes("authorization_code", "password", "refresh_token") .scopes("read", "write") .accessTokenValiditySeconds(3600) .refreshTokenValiditySeconds(86400); } @Override public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception { endpoints .authenticationManager(authenticationManager); } } ``` 在上述配置中,我们使用内存存储客户端信息(client_id和client_secret),并配置了授权类型(如authorization_code、password和refresh_token)。我们还设置了访问令牌和刷新令牌的有效期。 4. 创建登录页面:创建一个HTML登录页面,用于用户进行身份验证并获取访问令牌。 ```html <!DOCTYPE html> <html> <head> <title>Login</title> </head> <body> <h2>Login</h2> <form th:action="@{/login}" method="post"> <div> <label for="username">Username:</label> <input type="text" id="username" name="username" /> </div> <div> <label for="password">Password:</label> <input type="password" id="password" name="password" /> </div> <div> <button type="submit">Login</button> </div> </form> </body> </html> ``` 5. 处理登录请求:创建一个控制器来处理登录请求,并在登录成功后重定向到受保护的资源。 ```java @Controller public class LoginController { @GetMapping("/login") public String showLoginForm() { return "login"; } @PostMapping("/login") public String loginSuccess() { return "redirect:/protected-resource"; } } ``` 在上述控制器中,我们使用@GetMapping注解来处理GET请求,@PostMapping注解来处理POST请求。登录成功后,我们将用户重定向到受保护的资源。 这样,你就完成了Spring Boot整合Spring Security和OAuth2.0实现token认证的配置。你可以根据自己的需求进行进一步的定制和扩展。希望对你有所帮助!如果你有任何疑问,请随时问我。

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值