3.携带token访问受限资源
携带token访问资源,这涉及到@EnableResourceServer相关的资源服务的配置。
@Configuration @EnableResourceServer protected static class ResourceServerConfiguration extends ResourceServerConfigurerAdapter {
@Override public void configure(ResourceServerSecurityConfigurer resources) { resources.resourceId(DEMO_RESOURCE_ID).stateless(true); }
@Override public void configure(HttpSecurity http) throws Exception { http .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED) .and() .requestMatchers().anyRequest() .and() .anonymous() .and() .authorizeRequests() .antMatchers("/order/**").authenticated();//配置order访问控制,必须认证过后才可以访问 } } |
涉及到ResourceServerSecurityConfigurer和HttpSecurity;前者与资源安全配置相关,后者与http安全配置相关。
ResourceServerSecurityConfigurer主要是这个方法configure
@Override public void configure(HttpSecurity http) throws Exception {
AuthenticationManager oauthAuthenticationManager = oauthAuthenticationManager(http); resourcesServerFilter = new OAuth2AuthenticationProcessingFilter(); resourcesServerFilter.setAuthenticationEntryPoint(authenticationEntryPoint); resourcesServerFilter.setAuthenticationManager(oauthAuthenticationManager); if (eventPublisher != null) {
|