OAuth2简易实战(一)-四种模式
https://www.cnblogs.com/sky-chen/archive/2019/03/13/10523882.html#autoid-1-3-4-0-0-0
资源服务器
<!-- 认证中心 -->
<dependency>
<groupId>org.springframework.security.oauth</groupId>
<artifactId>spring-security-oauth2</artifactId>
<version>2.1.6.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-jwt</artifactId>
<version>1.1.0.RELEASE</version>
</dependency>
<!-- JWT 解码-->
<dependency>
<groupId>com.nimbusds</groupId>
<artifactId>nimbus-jose-jwt</artifactId>
<version>8.2.1</version>
</dependency>
<!-- 认证中心 -->
管理api, 通过权限访问
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
/**
*
* @author guokaige
* @date: 2018年9月17日 上午9:06:37
*/
@Configuration
@EnableResourceServer
public class SsoResourceServerConfig extends ResourceServerConfigurerAdapter{
@Override
public void configure(HttpSecurity http) throws Exception {
http
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
.and()
.requestMatchers()
//只匹配/user/下面的
.antMatchers("/outer/**")
.and()
.authorizeRequests()
.antMatchers("/outer/**").hasAnyAuthority("all")
.anyRequest().authenticated();
}
}
1. 用客户端证书交换访问令牌Token
grant_type
这里为“client_credentials”
client_id
应用注册时获得的client id
client_secret
应用注册时获得的client secret
注意token_type为 Bearer
2. 用token访问受控的api
需要在header里面添加参数:
参数: Authorization
值: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzY29wZSI6WyJhbGwiLCJST0xFX1VTRVIiXSwiY29tcGFueSI6InRvcG5ldCIsImV4cCI6MTYyNzE0ODE0MCwidXNlciI6Im51bGwiLCJhdXRob3JpdGllcyI6WyJhbGwiLCJST0xFX1VTRVIiXSwianRpIjoiODA1OWZhN2ItOGI2OC00MjkzLWFmOTgtM2YwZmRhZTAwYTA5IiwiY2xpZW50X2lkIjoiY2xpZW50MiJ9.-B4y2j_vJo7ExMAn_LU_aQTljTlvb_LZq7UwUcuVsgQ