一、工程的jar包依赖
<!-- oauth2 --> <dependency> <groupId>org.springframework.cloud</groupId> <artifactId>spring-cloud-starter-oauth2</artifactId> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-security</artifactId> </dependency> <dependency> <groupId>org.springframework.security.oauth</groupId> <artifactId>spring-security-oauth2</artifactId> </dependency> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-jwt</artifactId> </dependency> |
二、三个重要Sql语句
1、WebSecurityConfig中的getUserQuery语句:作用是工程启动时把登录名和密码存储起来,便于获取token时做密码校验。
/** * 查询用户的sql */ private String getUserQuery() { return "SELECT username as username, password as password,1 FROM oauth_user_info WHERE username = ?"; } |
2、WebSecurityConfig中的getAuthoritiesQuery语句:作用是工程启动时把登录名和机构角色存储起来,便于oauth标签时可以使用根据角色来鉴权。
/** * 查询角色的sql */ private String getAuthoritiesQuery() { return "SELECT b.username,org_role_cd role FROM oauth_user_role a " + "RIGHT JOIN (SELECT user_cd,username FROM oauth_user_info where username=?) b " + "on a.user_cd=b.user_cd"; } |
3、CustomOAuth2RequestFactory中的getScopeSql语句:作用是工程启动时把功能scope存储起来,便于oauth标签时可以使用根据scope来鉴权。
/** * 获取scope的sql语句 */ private String getScopeSql() { String sql = "SELECT CONCAT(c.org_cd,'_',c.function_cd) scope from oauth_user_role_function c " + "where c.org_role_cd in ( SELECT DISTINCT(org_role_cd) FROM oauth_user_role a " +"RIGHT JOIN (SELECT user_cd,username FROM oauth_user_info " +"where username=?) b on a.user_cd=b.user_cd)"; return sql; } |
三、AuthorizationServerConfig配置连接数据库配置
连接redis
@Bean public TokenStore redisTokenStore(){ return new RedisTokenStore(redisConnectionFactory); } |
连接mysql
@Bean public JdbcTokenStore tokenStore() { //配置token保存机制,这里用mysql return new JdbcTokenStore(dataSource); } |
启动配置
@Override public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception { //@formatter:off endpoints.authenticationManager(authenticationManager) // .authorizationCodeServices(authorizationCodeServices()) /* .tokenStore(tokenStore())*/ .tokenStore(redisTokenStore()) .approvalStoreDisabled() .requestFactory(new CustomOAuth2RequestFactory(clientDetailsService ,jdbcTemplate)); /* .requestValidator(new CustomOAuth2RequestValidator());*/ //.accessTokenConverter(jwtAccessTokenConverter()); //@formatter:on } |
oauth服务器配置后地址为: http://Ip:端口号/oauth/oauth/token
可以在oauth服务器启动时可以看到发布的地址。