一、环境准备
1、回顾
【Spring Security Oauth2】构建授权服务器(一):内存模式
二、构建服务
1、创建ResourceServerConfig资源管理类
package com.cyun.uua.test.config.oauth2;
import lombok.RequiredArgsConstructor;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;
import org.springframework.security.oauth2.provider.token.RemoteTokenServices;
import org.springframework.security.oauth2.provider.token.ResourceServerTokenServices;
/**
* @author Administrator
* @version 1.0
* @EnableGlobalMethodSecurity:开启注解权限控制。不添加则注解权限无效。
**/
@Configuration
@EnableResourceServer
@RequiredArgsConstructor
@EnableGlobalMethodSecurity(securedEnabled = true, prePostEnabled = true)
public class ResourceServerConfig extends ResourceServerConfigurerAdapter {
/** 资源ID,跟授权服务器客户端标识配置的资源列表对应 */
public static final String RESOURCE_ID = "res1";
/**
* 资源服务令牌解析服务
*
* @return
*/
@Bean
public ResourceServerTokenServices tokenService() {
//使用远程服务请求授权服务器校验token,必须指定校验token 的url、client_id,client_secret
RemoteTokenServices service = new RemoteTokenServices();
service.setCheckTokenEndpointUrl("http://localhost:7103/oauth/check_token");
service.setClientId("c1");
service.setClientSecret("secret");
return service;
}
/**
* 资源管理
*
* @param resources
*/
@Override
public void configure(ResourceServerSecurityConfigurer resources) {
//资源 id
resources.resourceId(RESOURCE_ID)
//验证令牌的服务
.tokenServices(tokenService());
}
/**
* 安全控制
*
* @param http
* @throws Exception
*/
@Override
public void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/select").permitAll()
// 授权服务器中配置的作用域
.antMatchers("/**").access("#oauth2.hasScope('all')")
.and().csrf().disable()
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
}
}
2、application.yml配置文件
server:
port: 7104
3、UuaTestServerApplication启动类
package com.cyun.uua.test;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.security.access.annotation.Secured;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
import javax.annotation.security.PermitAll;
import javax.annotation.security.RolesAllowed;
/**
* @author He PanFu
* @date 2022-03-08 14:59:54
*/
@SpringBootApplication
@RestController
public class UuaTestServerApplication {
public static void main(String[] args) {
SpringApplication.run(UuaTestServerApplication.class, args);
}
@GetMapping("/add")
@RolesAllowed({"DBA", "ADMIN", "USER"})
public String add() {
return "新增接口";
}
@GetMapping("/update")
@Secured("ROLE_ADMIN")
public String update() {
return "修改接口";
}
@GetMapping("/del")
@PreAuthorize("hasAuthority('DELETE') and hasRole('DBA')")
public String delete() {
return "删除接口";
}
@GetMapping("/select")
// @PermitAll
public String select() {
return "查询接口";
}
}
三、启动,测试
1、查询请求,不需要令牌
2、新增请求
2.1、不携带令牌访问
2.2、携带令牌访问(Authorization、Bearer)