SpringBoot入门建站全系列(三十五)整合Oauth2做单机版认证授权

最新推荐文章于 2024-09-12 23:23:29 发布
最新推荐文章于 2024-09-12 23:23:29 发布
阅读量470 收藏
点赞数
分类专栏: SpringBoot专题 文章标签: spring boot oauth
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/feiyangtianyao/article/details/104699330
版权

SpringBoot入门建站全系列(三十五)整合Oauth2做单机版认证授权

一、概述

OAuth 2.0 规范定义了一个授权(delegation)协议,对于使用Web的应用程序和API在网络上传递授权决策非常有用。OAuth被用在各钟各样的应用程序中,包括提供用户认证的机制。

四种模式:
- 密码模式;
- 授权码模式;
- 简化模式;
- 客户端模式;
四种角色:
- 资源拥有者;
- 资源服务器;
- 第三方应用客户端;
- 授权服务器;

本文主要说明授权码模式。

首发地址:
  品茗IT: https://www.pomit.cn/p/2806101761026561

如果大家正在寻找一个java的学习环境,或者在开发中遇到困难,可以加入我们的java学习圈,点击即可加入,共同学习,节约学习时间,减少很多在学习中遇到的难题。

本篇和Spring的整合Oauth2:《Spring整合Oauth2单机版认证授权详情》并没有多大区别,真正将Oauth2用起来做单点登录,需要考虑的东西不止这些,这里只是做单机演示说明,后续会在SpringCloud专题中对真实环境的单点登录做详细说明。

二、基本配置

2.1 Maven依赖

需要引入oauth2用到的依赖,以及数据源、mybatis依赖。

<dependency>
	<groupId>org.springframework.boot</groupId>
	<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
	<groupId>org.mybatis.spring.boot</groupId>
	<artifactId>mybatis-spring-boot-starter</artifactId>
</dependency>
<dependency>
	<groupId>mysql</groupId>
	<artifactId>mysql-connector-java</artifactId>
</dependency>
<dependency>
	<groupId>org.apache.commons</groupId>
	<artifactId>commons-dbcp2</artifactId>
</dependency>
<dependency>
	<groupId>org.springframework.boot</groupId>
	<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
	<groupId>org.springframework.boot</groupId>
	<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
	<groupId>org.springframework.security.oauth</groupId>
	<artifactId>spring-security-oauth2</artifactId>
	<version>${security.oauth2.version}</version>
</dependency>
2.2 配置文件

在application.properties 中需要配置数据库相关信息的信息,如:

spring.datasource.type=org.apache.commons.dbcp2.BasicDataSource
spring.datasource.dbcp2.max-wait-millis=60000
spring.datasource.dbcp2.min-idle=20
spring.datasource.dbcp2.initial-size=2
spring.datasource.dbcp2.validation-query=SELECT 1
spring.datasource.dbcp2.connection-properties=characterEncoding=utf8
spring.datasource.dbcp2.validation-query=SELECT 1
spring.datasource.dbcp2.test-while-idle=true
spring.datasource.dbcp2.test-on-borrow=true
spring.datasource.dbcp2.test-on-return=false

spring.datasource.driverClassName = com.mysql.jdbc.Driver
spring.datasource.url=jdbc:mysql://127.0.0.1:3306/boot?useUnicode=true&characterEncoding=utf8&serverTimezone=UTC
spring.datasource.username=cff
spring.datasource.password=123456

mybatis.configuration.log-impl=org.apache.ibatis.logging.stdout.StdOutImpl

这只是数据库的配置而已,无须oauth2的配置。

三、配置资源服务器

资源服务器需要使用@EnableResourceServer开启,是标明哪些资源是受Ouath2保护的。下面的代码标明/api是受保护的,而且资源id是my_rest_api。

ResourceServerConfiguration:

package com.cff.springbootwork.oauth.resource;

import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;
import org.springframework.security.oauth2.provider.error.OAuth2AccessDeniedHandler;

@Configuration
@EnableResourceServer
public class ResourceServerConfiguration extends ResourceServerConfigurerAdapter {

	private static final String RESOURCE_ID = "my_rest_api";

	@Override
	public void configure(ResourceServerSecurityConfigurer resources) {
		resources.resourceId(RESOURCE_ID).stateless(false);
	}

	@Override
	public void configure(HttpSecurity http) throws Exception {
		http.anonymous().disable().requestMatchers().antMatchers("/api/**").and().authorizeRequests()
				.antMatchers("/api/**").authenticated().and().exceptionHandling()
				.accessDeniedHandler(new OAuth2AccessDeniedHandler());
	}

}

四、配置授权服务器

授权服务器需要使用@EnableAuthorizationServer注解开启,主要负责client的认证,token的生成的。AuthorizationServerConfiguration需要依赖SpringSecurity的配置,因此下面还是要说SpringSecurity的配置。

4.1 授权配置

AuthorizationServerConfiguration:

package com.cff.springbootwork.oauth.auth;

import java.util.Arrays;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;
import org.springframework.security.oauth2.provider.ClientDetails;
import org.springframework.security.oauth2.provider.ClientDetailsService;
import org.springframework.security.oauth2.provider.client.BaseClientDetails;
import org.springframework.security.oauth2.provider.client.InMemoryClientDetailsService;
import org.springframework.security.oauth2.provider.code.AuthorizationCodeServices;

import com.cff.springbootwork.oauth.provider.DefaultPasswordEncoder;

@Configuration
@EnableAuthorizationServer
public class AuthorizationServerConfiguration extends AuthorizationServerConfigurerAdapter {

	private static String REALM = "MY_OAUTH_REALM";

	@Autowired
	private AuthenticationManager authenticationManager;
	
	@Autowired
	DefaultPasswordEncoder defaultPasswordEncoder;

	@Autowired
	@Qualifier("authorizationCodeServices")
	private AuthorizationCodeServices authorizationCodeServices;

	/**
	 * 可以在这里将客户端数据替换成数据库配置。
	 * 
	 * @return
	 */
	@Bean
	public ClientDetailsService clientDetailsService() {
		InMemoryClientDetailsService inMemoryClientDetailsService = new InMemoryClientDetailsService();
		BaseClientDetails baseClientDetails = new BaseClientDetails();
		baseClientDetails.setClientId("MwonYjDKBuPtLLlK");
		baseClientDetails.setClientSecret(defaultPasswordEncoder.encode("123456"));
		baseClientDetails.setAccessTokenValiditySeconds(120);
		baseClientDetails.setRefreshTokenValiditySeconds(600);
		
		Set<String> salesWords = new HashSet<String>() {{
			add("http://www.pomit.cn");
		}};
		baseClientDetails.setRegisteredRedirectUri(salesWords);
		List<String> scope = Arrays.asList("read", "write", "trust");
		baseClientDetails.setScope(scope);

		List<String> authorizedGrantTypes = Arrays.asList("authorization_code", "refresh_token");
		baseClientDetails.setAuthorizedGrantTypes(authorizedGrantTypes);

		Map<String, ClientDetails> clientDetailsStore = new HashMap<>();
		clientDetailsStore.put("MwonYjDKBuPtLLlK", baseClientDetails);
		inMemoryClientDetailsService.setClientDetailsStore(clientDetailsStore);

		return inMemoryClientDetailsService;
	}

	@Override
	public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
		clients.withClientDetails(clientDetailsService());
	}

	@Override
	public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
		endpoints.authenticationManager(authenticationManager);
		endpoints.authorizationCodeServices(authorizationCodeServices);
	}

	@Override
	public void configure(AuthorizationServerSecurityConfigurer oauthServer) throws Exception {
		oauthServer.allowFormAuthenticationForClients();
		oauthServer.realm(REALM + "/client");
	}
}

这里的

  • clientDetailsService是配置文件中配置的客户端详情;
  • tokenStore是token存储bean;
  • authenticationManager安全管理器,使用Spring定义的即可,但要声明为bean。
  • authorizationCodeServices是配置文件中我们自定义的token生成bean。
  • PasswordEncoder密码处理工具类,必须指定的一个bean,可以使用NoOpPasswordEncoder来表明并未对密码做任何处理,实际上你可以实现PasswordEncoder来写自己的密码处理方案。
  • UserApprovalHandler 需要定义为bean的Oauth2授权通过处理器。

4.2 密码处理器

DefaultPasswordEncoder 负责对密码进行转换。

DefaultPasswordEncoder :

package com.cff.springbootwork.oauth.provider;

import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.stereotype.Component;

@Component
public class DefaultPasswordEncoder implements PasswordEncoder {

	public DefaultPasswordEncoder() {
		this(-1);
	}

	/**
	 * @param strength
	 *            the log rounds to use, between 4 and 31
	 */
	public DefaultPasswordEncoder(int strength) {

	}

	public String encode(CharSequence rawPassword) {
		return rawPassword.toString();
	}

	public boolean matches(CharSequence rawPassword, String encodedPassword) {
		return rawPassword.toString().equals(encodedPassword);
	}
}

4.3 自定义的Token的Code生成逻辑

这个就是定义在授权服务器AuthorizationServerConfiguration 中的authorizationCodeServices。

InMemoryAuthorizationCodeServices:

package com.cff.springbootwork.oauth.token;

import java.util.concurrent.ConcurrentHashMap;

import org.springframework.security.oauth2.common.util.RandomValueStringGenerator;
import org.springframework.security.oauth2.provider.OAuth2Authentication;
import org.springframework.security.oauth2.provider.code.RandomValueAuthorizationCodeServices;
import org.springframework.stereotype.Service;

@Service("authorizationCodeServices")
public class InMemoryAuthorizationCodeServices extends RandomValueAuthorizationCodeServices {
	protected final ConcurrentHashMap<String, OAuth2Authentication> authorizationCodeStore = new ConcurrentHashMap<String, OAuth2Authentication>();
	private RandomValueStringGenerator generator = new RandomValueStringGenerator(16);

	@Override
	protected void store(String code, OAuth2Authentication authentication) {
		this.authorizationCodeStore.put(code, authentication);
	}

	@Override
	public OAuth2Authentication remove(String code) {
		OAuth2Authentication auth = this.authorizationCodeStore.remove(code);
		return auth;
	}

	@Override
	public String createAuthorizationCode(OAuth2Authentication authentication) {
		String code = generator.generate();
		store(code, authentication);
		return code;
	}
}

五、SpringSecurity配置

5.1 SpringSecurity常规配置

SpringSecurity的配置在客户端和认证授权服务器中是必须的,这里是单机,它更是必须的。

ClientSecurityConfiguration:

package com.cff.springbootwork.oauth.client;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.oauth2.provider.ClientDetailsService;
import org.springframework.security.oauth2.provider.approval.ApprovalStore;
import org.springframework.security.oauth2.provider.approval.TokenApprovalStore;
import org.springframework.security.oauth2.provider.approval.TokenStoreUserApprovalHandler;
import org.springframework.security.oauth2.provider.request.DefaultOAuth2RequestFactory;
import org.springframework.security.oauth2.provider.token.TokenStore;
import org.springframework.security.oauth2.provider.token.store.InMemoryTokenStore;
import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;

import com.cff.springbootwork.oauth.handler.AjaxAuthFailHandler;
import com.cff.springbootwork.oauth.handler.AjaxAuthSuccessHandler;
import com.cff.springbootwork.oauth.handler.AjaxLogoutSuccessHandler;
import com.cff.springbootwork.oauth.handler.UnauthorizedEntryPoint;
import com.cff.springbootwork.oauth.provider.SimpleAuthenticationProvider;

@Configuration
@EnableWebSecurity
public class ClientSecurityConfiguration extends WebSecurityConfigurerAdapter {
	@Autowired
	private SimpleAuthenticationProvider simpleAuthenticationProvider;

	@Autowired
	public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
		auth.authenticationProvider(simpleAuthenticationProvider);
	}

	@Override
	public void configure(HttpSecurity http) throws Exception {
		SimpleUrlAuthenticationFailureHandler hander = new SimpleUrlAuthenticationFailureHandler();
		hander.setUseForward(true);
		hander.setDefaultFailureUrl("/login.html");

		http.exceptionHandling().authenticationEntryPoint(new UnauthorizedEntryPoint()).and().csrf().disable()
				.authorizeRequests().antMatchers("/oauth/**").permitAll().antMatchers("/mybatis/**").authenticated()
				.and().formLogin().loginPage("/login.html").usernameParameter("userName").passwordParameter("userPwd")
				.loginProcessingUrl("/login").successHandler(new AjaxAuthSuccessHandler())
				.failureHandler(new AjaxAuthFailHandler()).and().logout().logoutUrl("/logout")
				.logoutSuccessHandler(new AjaxLogoutSuccessHandler());

		http.authorizeRequests().antMatchers("/user/**").authenticated();
	}

	@Override
	@Bean
	public AuthenticationManager authenticationManagerBean() throws Exception {
		return super.authenticationManagerBean();
	}
}

这里,

  • SimpleAuthenticationProvider 是用户名密码认证处理器。下面会说。

  • authenticationManager安全管理器,使用Spring定义的即可,但要声明为bean。

  • configure方法是SpringSecurity配置的常规写法。

  • UnauthorizedEntryPoint:未授权的统一处理方式。

  • successHandler、failureHandler、logoutSuccessHandler顾名思义,就是响应处理逻辑,如果不打算单独处理,只做跳转,有响应的successForwardUrl、failureForwardUrl、logoutSuccessUrl等。

5.2 SpringSecurity用户名密码验证器

SimpleAuthenticationProvider 实现了AuthenticationProvider 接口的authenticate方法,提供用户名密码的校验,校验成功后,生成UsernamePasswordAuthenticationToken。

这里面用到的userInfoService,是自己实现从数据库中获取用户信息的业务逻辑。

SimpleAuthenticationProvider :

package com.cff.springbootwork.oauth.provider;

import java.util.Collection;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.stereotype.Component;

import com.cff.springbootwork.mybatis.domain.UserInfo;
import com.cff.springbootwork.mybatis.service.UserInfoService;

@Component
public class SimpleAuthenticationProvider implements AuthenticationProvider {
	@Autowired
	private UserInfoService userInfoService;

	@Override
	public Authentication authenticate(Authentication authentication) throws AuthenticationException {
		
		String userName = authentication.getPrincipal().toString();
		UserInfo user = userInfoService.getUserInfoByUserName(userName);

		if (user == null) {
			throw new BadCredentialsException("查无此用户");
		}
		if (user.getPasswd() != null && user.getPasswd().equals(authentication.getCredentials())) {
			Collection<? extends GrantedAuthority> authorities = AuthorityUtils.NO_AUTHORITIES;

			return new UsernamePasswordAuthenticationToken(user.getUserName(), user.getPasswd(), authorities);
		} else {
			throw new BadCredentialsException("用户名或密码错误。");
		}
	}

	@Override
	public boolean supports(Class<?> arg0) {
		return true;
	}

}

六、测试Oauth2

6.1 Web测试接口

OauthRest :


package com.cff.springbootwork.oauth.web;

import java.util.List;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RestController;

import com.cff.springbootwork.mybatis.domain.UserInfo;
import com.cff.springbootwork.mybatis.service.UserInfoService;

@RestController
@RequestMapping("/api")
public class OauthRest {

	@Autowired
	UserInfoService userInfoService;

	@RequestMapping(value = "/page", method = { RequestMethod.GET })
	public List<UserInfo> page() {
		return userInfoService.page(1, 10);
	}

}

6.2 测试过程

  1. 首先访问http://127.0.0.1:8080/api/test。 提示
<oauth>
<error_description>
An Authentication object was not found in the SecurityContext
</error_description>
<error>unauthorized</error>
</oauth>

这标明,oauth2控制了资源,需要access_token。

  1. 请求授权接口oauth/authorize:http://localhost:8080/oauth/authorize?response_type=code&client_id=MwonYjDKBuPtLLlK&redirect_uri=http://www.pomit.cn

client_id是配置文件中写的,redirect_uri随意,因为单机版的只是测试接口。后面会整理下多机版的博文。

打开后自动调整到登录页面:

在这里插入图片描述

输入正确的用户名密码,调整到授权页面。

在这里插入图片描述

点击同意以后,调整到redirect_uri指定的页面。

在这里插入图片描述

获取到code:TnSFA6vrIZiKadwr

  1. 用code换取access_token,请求token接口:http://127.0.0.1:8080/oauth/token?grant_type=authorization_code&code=TnSFA6vrIZiKadwr&client_id=MwonYjDKBuPtLLlK&client_secret=secret&redirect_uri=http://www.pomit.cn。这个请求必须是post,因此不能在浏览器中输入了,可以使用postman:

在这里插入图片描述

获取到access_token为:686dc5d5-60e9-48af-bba7-7f16b49c248b。

  1. 用access_token请求/api/test接口:

http://127.0.0.1:8080/api/test?access_token=686dc5d5-60e9-48af-bba7-7f16b49c248b结果为:

在这里插入图片描述

七、过程中用到的其他实体及逻辑

AjaxAuthFailHandler:

package com.cff.springbootwork.oauth.handler;

import java.io.IOException;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.springframework.http.HttpStatus;
import org.springframework.http.MediaType;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;

import com.cff.springbootwork.oauth.model.ResultCode;
import com.cff.springbootwork.oauth.model.ResultModel;
import com.fasterxml.jackson.databind.ObjectMapper;

public class AjaxAuthFailHandler extends SimpleUrlAuthenticationFailureHandler {
	@Override
	public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response,
			AuthenticationException exception) throws IOException, ServletException {
		if (isAjaxRequest(request)) {
			ResultModel rm = new ResultModel(ResultCode.CODE_00014.getCode(), exception.getMessage());
			ObjectMapper mapper = new ObjectMapper();
			response.setStatus(HttpStatus.OK.value());
			response.setContentType(MediaType.APPLICATION_JSON_UTF8_VALUE);
			mapper.writeValue(response.getWriter(), rm);
		} else {
			setDefaultFailureUrl("/login.html");
			super.onAuthenticationFailure(request, response, exception);
		}
	}

	public static boolean isAjaxRequest(HttpServletRequest request) {
		String ajaxFlag = request.getHeader("X-Requested-With");
		return ajaxFlag != null && "XMLHttpRequest".equals(ajaxFlag);
	}
}

AjaxAuthSuccessHandler:

package com.cff.springbootwork.oauth.handler;

import java.io.IOException;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.http.HttpStatus;
import org.springframework.http.MediaType;
import org.springframework.security.core.Authentication;
import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;

import com.cff.springbootwork.oauth.model.ResultCode;
import com.cff.springbootwork.oauth.model.ResultModel;
import com.fasterxml.jackson.databind.ObjectMapper;

public class AjaxAuthSuccessHandler extends SavedRequestAwareAuthenticationSuccessHandler {
	protected final Log logger = LogFactory.getLog(this.getClass());

	@Override
	public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response,
			Authentication authentication) throws IOException, ServletException {
		request.getSession().setAttribute("userName", authentication.getName());
		if (isAjaxRequest(request)) {
			ResultModel rm = new ResultModel(ResultCode.CODE_00000);
			ObjectMapper mapper = new ObjectMapper();
			response.setStatus(HttpStatus.OK.value());
			response.setContentType(MediaType.APPLICATION_JSON_UTF8_VALUE);
			mapper.writeValue(response.getWriter(), rm);
		} else {
			super.onAuthenticationSuccess(request, response, authentication);
		}
	}

	public static boolean isAjaxRequest(HttpServletRequest request) {
		String ajaxFlag = request.getHeader("X-Requested-With");
		return ajaxFlag != null && "XMLHttpRequest".equals(ajaxFlag);
	}
}

AjaxLogoutSuccessHandler:

package com.cff.springbootwork.oauth.handler;

import java.io.IOException;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.springframework.http.HttpStatus;
import org.springframework.http.MediaType;
import org.springframework.security.core.Authentication;
import org.springframework.security.web.authentication.logout.SimpleUrlLogoutSuccessHandler;

import com.cff.springbootwork.oauth.model.ResultCode;
import com.cff.springbootwork.oauth.model.ResultModel;
import com.fasterxml.jackson.databind.ObjectMapper;

public class AjaxLogoutSuccessHandler extends SimpleUrlLogoutSuccessHandler {
	public void onLogoutSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication)
			throws IOException, ServletException {
		if (isAjaxRequest(request)) {
			ResultModel rm = new ResultModel(ResultCode.CODE_00000);
			ObjectMapper mapper = new ObjectMapper();
			response.setStatus(HttpStatus.OK.value());
			response.setContentType(MediaType.APPLICATION_JSON_UTF8_VALUE);
			mapper.writeValue(response.getWriter(), rm);
		} else {
			super.onLogoutSuccess(request, response, authentication);
		}
	}

	public static boolean isAjaxRequest(HttpServletRequest request) {
		String ajaxFlag = request.getHeader("X-Requested-With");
		return ajaxFlag != null && "XMLHttpRequest".equals(ajaxFlag);
	}
}

UnauthorizedEntryPoint:

package com.cff.springbootwork.oauth.handler;

import java.io.IOException;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.springframework.http.HttpStatus;
import org.springframework.http.MediaType;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.AuthenticationEntryPoint;

import com.cff.springbootwork.oauth.model.ResultCode;
import com.cff.springbootwork.oauth.model.ResultModel;
import com.fasterxml.jackson.databind.ObjectMapper;

public class UnauthorizedEntryPoint implements AuthenticationEntryPoint {
	@Override
	public void commence(HttpServletRequest request, HttpServletResponse response,
			AuthenticationException authException) throws IOException, ServletException {
		if (isAjaxRequest(request)) {
			ResultModel rm = new ResultModel(ResultCode.CODE_40004);
			ObjectMapper mapper = new ObjectMapper();
			response.setStatus(HttpStatus.OK.value());
			response.setContentType(MediaType.APPLICATION_JSON_UTF8_VALUE);
			mapper.writeValue(response.getWriter(), rm);
		} else {
			response.sendRedirect("/login.html");
		}

	}

	public static boolean isAjaxRequest(HttpServletRequest request) {
		String ajaxFlag = request.getHeader("X-Requested-With");
		return ajaxFlag != null && "XMLHttpRequest".equals(ajaxFlag);
	}
}

ResultModel:

package com.cff.springbootwork.oauth.model;

public class ResultModel {
	String code;
	String message;

	public String getCode() {
		return code;
	}

	public void setCode(String code) {
		this.code = code;
	}

	public String getMessage() {
		return message;
	}

	public void setMessage(String message) {
		this.message = message;
	}

	public ResultModel() {
	}

	public ResultModel(String code, String messgae) {
		this.code = code;
		this.message = messgae;
	}

	public ResultModel(String messgae) {
		this.code = "00000";
		this.message = messgae;
	}

	public static ResultModel ok(String messgae) {
		return new ResultModel("00000", messgae);
	}
}

八、Mybatis的逻辑及实体

UserInfoService:

package com.cff.springbootwork.mybatis.service;

import java.util.List;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;

import com.cff.springbootwork.mybatis.dao.UserInfoDao;
import com.cff.springbootwork.mybatis.domain.UserInfo;

@Service
public class UserInfoService {
	@Autowired
	UserInfoDao userInfoDao;
	public UserInfo getUserInfoByUserName(String userName){
		return userInfoDao.findByUserName(userName);
	}
	
	public List<UserInfo> page(int page, int size){
		return userInfoDao.testPageSql(page, size);
	}
	
	public List<UserInfo> testTrimSql(UserInfo userInfo){
		return userInfoDao.testTrimSql(userInfo);
	}
}

UserInfoMapper:

package com.cff.springbootwork.mybatis.dao;

import java.util.List;

import org.apache.ibatis.annotations.Mapper;
import org.apache.ibatis.annotations.Param;
import org.apache.ibatis.annotations.Select;
import org.apache.ibatis.annotations.Update;

import com.cff.springbootwork.mybatis.domain.UserInfo;

@Mapper
public interface UserInfoDao {
	@Select({
		"<script>",
	        "SELECT ",
	        "user_name as userName,passwd,name,mobile,valid, user_type as userType",
	        "FROM user_info",
	        "WHERE user_name = #{userName,jdbcType=VARCHAR}",
	   "</script>"})
	UserInfo findByUserName(@Param("userName") String userName);
	
	@Select({
		"<script>",
	        "SELECT ",
	        "user_name as userName,passwd,name,mobile,valid, user_type as userType",
	        "FROM user_info",
	        "WHERE mobile = #{mobile,jdbcType=VARCHAR}",
            "<if test='userType != null and userType != \"\" '> and user_type = #{userType, jdbcType=VARCHAR} </if>",
	   "</script>"})
	List<UserInfo> testIfSql(@Param("mobile") String mobile,@Param("userType") String userType);
	
	@Select({
		"<script>",
			"SELECT ",
	        "user_name as userName,passwd,name,mobile,valid, user_type as userType",
	         "     FROM user_info ",
	         "    WHERE mobile IN (",
	         "   <foreach collection = 'mobileList' item='mobileItem' index='index' separator=',' >",
	         "      #{mobileItem}",
	         "   </foreach>",
	         "   )",
	    "</script>"})
	List<UserInfo> testForeachSql(@Param("mobileList") List<String> mobile);
	
	@Update({
		"<script>",
			"	UPDATE user_info",
	        "   SET ",
			"	<choose>",
			"	<when test='userType!=null'> user_type=#{user_type, jdbcType=VARCHAR} </when>",
			"	<otherwise> user_type='0000' </otherwise>",
			"	</choose>",
	        "  	WHERE user_name = #{userName, jdbcType=VARCHAR}",
	  	"</script>" })
	int testUpdateWhenSql(@Param("userName") String userName,@Param("userType") String userType);
	
	@Select({
		"<script>",
	 		"<bind name=\"tableName\" value=\"item.getIdentifyTable()\" />",
	 		"SELECT ",
	        "user_name as userName,passwd,name,mobile,valid, user_type as userType",
	        "FROM ${tableName}",
	        "WHERE mobile = #{item.mobile,jdbcType=VARCHAR}",
	   "</script>"})
	public List<UserInfo> testBindSql(@Param("item") UserInfo userInfo);
	
	@Select({
		"<script>",
	 		"<bind name=\"startNum\" value=\"page*pageSize\" />",
	 		"SELECT ",
	        "user_name as userName,passwd,name,mobile,valid, user_type as userType",
	        "FROM user_info",
	        "ORDER BY mobile ASC",
	        "LIMIT #{pageSize} OFFSET #{startNum}",
	   "</script>"})
	public List<UserInfo> testPageSql(@Param("page") int page, @Param("pageSize") int size);
	
	@Select({
		"<script>",
	 		"SELECT ",
	        "user_name as userName,passwd,name,mobile,valid, user_type as userType",
	        "FROM user_info",
	        "<trim prefix=\" where \" prefixOverrides=\"AND\">",
            	"<if test='item.userType != null and item.userType != \"\" '> and user_type = #{item.userType, jdbcType=VARCHAR} </if>",
            	"<if test='item.mobile != null and item.mobile != \"\" '> and mobile = #{item.mobile, jdbcType=VARCHAR} </if>",
	        "</trim>",
	   "</script>"})
	public List<UserInfo> testTrimSql(@Param("item") UserInfo userInfo);
	
	@Update({
		"<script>",
			"	UPDATE user_info",
	        "   <set> ",
	        "<if test='item.userType != null and item.userType != \"\" '>user_type = #{item.userType, jdbcType=VARCHAR}, </if>",
        	"<if test='item.mobile != null and item.mobile != \"\" '> mobile = #{item.mobile, jdbcType=VARCHAR} </if>",
			" 	</set>",
	        "  	WHERE user_name = #{item.userName, jdbcType=VARCHAR}",
	  	"</script>" })
	public int testSetSql(@Param("item") UserInfo userInfo);
}

UserInfo:

package com.cff.springbootwork.mybatis.domain;

public class UserInfo {
	private String userName;
	private String passwd;
	private String name;
	private String mobile;
	private Integer valid;
	private String userType;

	public UserInfo() {

	}

	public UserInfo(UserInfo src) {
		this.userName = src.userName;
		this.passwd = src.passwd;
		this.name = src.name;
		this.mobile = src.mobile;
		this.valid = src.valid;
	}

	public UserInfo(String userName, String passwd, String name, String mobile, Integer valid) {
		super();
		this.userName = userName;
		this.passwd = passwd;
		this.name = name;
		this.mobile = mobile;
		this.valid = valid;
	}

	public void setUserName(String userName) {
		this.userName = userName;
	}

	public String getUserName() {
		return userName;
	}

	public void setPasswd(String passwd) {
		this.passwd = passwd;
	}

	public String getPasswd() {
		return passwd;
	}

	public void setName(String name) {
		this.name = name;
	}

	public String getName() {
		return name;
	}

	public void setMobile(String mobile) {
		this.mobile = mobile;
	}

	public String getMobile() {
		return mobile;
	}

	public void setValid(Integer valid) {
		this.valid = valid;
	}

	public Integer getValid() {
		return valid;
	}

	public String getUserType() {
		return userType;
	}

	public void setUserType(String userType) {
		this.userType = userType;
	}

	public String getIdentifyTable(){
		return "user_info";
	}
}

品茗IT-博客专题:https://www.pomit.cn/lecture.html汇总了Spring专题Springboot专题SpringCloud专题web基础配置专题。

快速构建项目

Spring项目快速开发工具:

一键快速构建Spring项目工具

一键快速构建SpringBoot项目工具

一键快速构建SpringCloud项目工具

一站式Springboot项目生成

Mysql一键生成Mybatis注解Mapper

Spring组件化构建

SpringBoot组件化构建

SpringCloud服务化构建

喜欢这篇文章么,喜欢就加入我们一起讨论Java Web吧!
品茗IT交流群

逍遥天扬
关注
专栏目录
Springboot 使用OAuth2.0认证授权
Lycode
08-24 845
关于 OAuth2.0 看 这里 本文是一个简单的例子 看图 Pom.xml <parent> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-parent</artifactId> ...
springboot整合OAuth2组件,模拟第三方授权访问
06-25
<artifactId>spring-security-oauth2 <version>2.1.3.RELEASE <groupId>org.springframework.boot <artifactId>spring-boot-starter-security 这里有两个核心组件依赖:OAuth2组件和Security组件。 模块划分...
Spring整合Oauth2单机版认证授权详情
feiyangtianyao的专栏
08-22 682
Spring整合Oauth2单机版认证授权详情 一、概述 OAuth 2.0 规范定义了一个授权(delegation)协议,对于使用Web的应用程序和API在网络上传递授权决策非常有用。OAuth被用在各钟各样的应用程序中,包括提供用户认证的机制。 四种模式: - 密码模式; - 授权码模式; - 简化模式; - 客户端模式; 四种角色: - 资源拥有者; - 资源服务器; - 第三方应用客户端...
Spring】搭建SpringBoot + OAuth2认证授权服务
最新发布
一个不断前行的程序者
09-12 1457
在这篇博客中,我们成功搭建了一个基于Spring BootOAuth2的认证授权服务。我们配置了用户存储、安全配置、OAuth2授权服务器和资源服务器,并创建了一些基本的控制器和前端页面来演示登录和访问受保护资源的过程。请注意,这只是一个简单的示例,用于演示基本的OAuth2流程。在生产环境中,你需要考虑更多的安全性和配置选项,例如使用JWT令牌、配置数据库、添加错误处理、日志记录等。
OAuth2学习笔记
一个有趣、有料、有内涵的地方!
12-13 193
目前很多开放平台如新浪微博开放平台都在使用提供开放API接口供开发者使用,随之带来了第三方应用要到开放平台进行授权的问题,OAuth就是干这个的,OAuth2是OAu...
Spring整合Spring Security OAuth2.0认证授权
Qdog
05-03 1152
一、基本概念 1.1 什么是认证 比如:在初次使用微信前需要注册成为微信用户,然后输入账号和密码即可登录微信,输入账号和密码 登录微信的过程就是认证。 系统为什么要认证认证是为了保护系统的隐私数据与资源,用户的身份合法方可访问该系统的资源。 认证 :用户认证就是判断一个用户的身份是否合法的过程,用户去访问系统资源时系统要求验证用户的身份信 息,身份合法方可继续访问,不合法则拒绝访问。常见的用户身份认证方式有:用户名密码登录,二维码登录,手 机短信登录,指纹认证等方式。 1.2 什么是会话 用户认证通过后
vue+springmvc前后端分离开发(十四)(用oauth2来管理用户令牌)
qq_44938644的博客
04-30 771
这一节主要讲解了如何在后端配置oauth2,数据库中oauth2的体现,以及如何对oauth2提供的api进行交互
springboot整合Oauth2,GateWay实现网关登录授权验证
12-14
SpringBoot整合OAuth2和Gateway实现网关登录授权验证是一个复杂而关键的过程,它涉及到现代微服务架构中的安全性设计。OAuth2是一种授权框架,用于保护API并允许第三方应用访问受保护的资源,而Spring Gateway作为...
Springboot整合Spring security+Oauth2+JWT搭建认证服务器,网关,微服务之间权限认证授权
04-22
本教程将探讨如何使用Spring Boot结合Spring Security、OAuth2和JWT(JSON Web Token)来搭建一个认证服务器、API网关以及微服务之间的权限认证授权机制。 首先,Spring Security是Spring框架的一个模块,专门...
基于SpringBoot整合oauth2实现token认证
08-25
基于SpringBoot整合oauth2实现token认证 本文主要介绍了基于SpringBoot整合oauth2实现token认证的技术,通过示例代码对该技术进行了详细的介绍,对读者学习或工作具有重要参考价值。 SpringBootoauth2的整合 在...
Spring Security OAuth2笔记系列】- 【使用Spring MVC开发RESTful API】 用户信息修改和删除
代码有毒的博客
08-14 715
用户信息修改和删除 本节类容 常用的验证注解 自定义消息 自定义校验注解 常用的验证注解 自己官网或则百度吧。 官网文档 http://hibernate.org/validator/documentation/ https://docs.jboss.org/hibernate/stable/validator/reference/en-US/html_sing...
spring security + spring oauth2 +spring mvc SSO单点登录需要的最小jar包集合
06-14
实现功能需要的最小jar集合,其中lib文件夹是导出的jar,maven pom文件夹是maven组织的pom.xml文件。二选一。
spring security oauth2.0 实现
weixin_33726943的博客
04-05 198
  oauth应该属于security的一部分。关于oauth的的相关知识可以查看阮一峰的文章:http://www.ruanyifeng.com/blog/2014/05/oauth_2_0.html 一、目标   现在很多系统都支持第三方账号密码等登陆我们自己的系统,例如:我们经常会看到,一些系统使用微信账号,微博账号、QQ账号等登陆自己的系统,我们现在就是要模拟这种登陆的方式,很多大的公...
spring Security4 和 oauth2整合 注解+xml混合使用(基础运行篇)
feiyangtianyao的专栏
12-01 3755
Spring Security4 和 oauth2整合最近项目中需要用到oauth2,到网上找了好多资料,全是乱七八糟的,东拼西凑,终于跑出来了一版,xml的方式太乱了,跑不了,还是用注解方式,并把一些关键配置提到xml中。git地址:https://gitee.com/xiaoyaofeiyang/OauthUmpspring Security4 和 oauth2整合 注解+xml混合使用
企业级springboot+mybatis+springsecurity用户权限管理登录
weixin_41784062的博客
10-06 3103
标题基于springboot+mybatis+springsecurity的经过数据库验证后简单的用户登录**   最近自己入门一下springsecurity的简单知识,自己就想着写一个简单的用户登录、拥有不同权限的人所能访问的资源是不同滴,但是在写之前访问了很多博主的博客和教学视频与我的想法都大相径庭,并不是我所想要的,用户是存储在数据库中里面,并不是在配置文件中写死的那种,这样就较为符合实际...
OAuth2-client配置oauth2Login源码解读
m0_53097017的博客
11-08 1976
本文主要讲述了oauth-client2.0的oauthLogin配置的源码解读,和讲解使用gateway以客户端身份去访问oautn2.0的授权服务器的过程
Spring Security系列教程04--实现HTTP基本认证
一一哥
09-07 2331
一. Spring Security的认证方式 1. 认证概念 认证: 认证就是用来判断系统中是否存在某用户,并判断该用户的身份是否合法的过程,解决的其实是用户登录的问题。认证的存在,是为了保护系统中的隐私数据与资源,只有合法的用户才可以访问系统中的资源。 2. 认证方式 在Spring Security中,常见的认证方式可以分为HTTP层面和表单层面,常见的认证方式如下: ①. HTTP基本认证; ②. Form表单认证 ③. HTTP摘要认证; 二. HTTP基本认证 1. 基本认证概述
Spring Securiy OAuth2 # AuthorizationServer realm
来啊 快活啊
09-13 1592
在AuthorizationServerProperties中有一个realm的配置,其文档说明如下Realm name for client authentication. If an unauthenticated request comes in to the token endpoint, it will respond with a challenge including this nam
登录报错后,状态码是401并弹出登录框
篱笆女人和狗的博客
09-02 3077
登录报错后,状态码是401并弹出登录框
Spring Boot整合OAuth2实现安全第三方授权流程
资源摘要信息:"Spring Boot整合OAuth2组件,模拟第三方授权访问" 在当今的软件开发领域,OAuth2协议是实现安全的第三方授权访问服务的常用技术。Spring Boot作为一个流行的Java开发框架,因其简便的配置和快速启动...
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值