Spring Cloud进阶之路 | 十八:授权服务(Spring Cloud Oauth2)ClientDetailsService之JdbcClientDetailsService

最新推荐文章于 2024-08-08 09:56:59 发布
最新推荐文章于 2024-08-08 09:56:59 发布
阅读量5.2k 收藏 29
点赞数 2
分类专栏: 微服务 # Spring Cloud
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/liuminglei1987/article/details/104363638
版权

 

前言

前面的文章Spring Cloud进阶之路 | 八:授权服务(Spring Cloud Oauth2)中,介绍了基于Spring Cloud Oauth2框架的微服务授权服务器。其中,关于认证客户端相关信息均存储在内存中,服务一旦重启,即随即丢失,非常不利于维护。在实际项目中,势必要持久化存储。

本文即对认证客户端信息持久化ClientDetailsServic之JdbcClientDetailsService做相关说明。

 

准备工作

复用文章Spring Cloud进阶之路 | 八:授权服务(Spring Cloud Oauth2)中的xmall-auth授权工程。

 

授权服务器配置改造

通过方法public void configure(ClientDetailsServiceConfigurer clients) throws Exception配置ClientDetailsServic为JdbcClientDetailsService。

其中,共有四种方案。下面将分别介绍。

 

方案一

此方案最简单常见,只需配置DataSource即可,其它交给框架自动配置。

package com.luas.xmall.auth.configuration;
​
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.oauth2.config.annotation.builders.JdbcClientDetailsServiceBuilder;
import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;
import org.springframework.security.oauth2.provider.ClientDetails;
import org.springframework.security.oauth2.provider.ClientDetailsService;
import org.springframework.security.oauth2.provider.ClientRegistrationException;
import org.springframework.security.oauth2.provider.token.store.InMemoryTokenStore;
​
import javax.sql.DataSource;
​
@Configuration
@EnableAuthorizationServer
public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {
​
    @Autowired
    private PasswordEncoder passwordEncoder;
​
    @Autowired
    private UserDetailsService userDetailsService;
​
    @Autowired
    private AuthenticationManager authenticationManager;
​
    @Autowired
    private DataSource dataSource;
​
    @Override
    public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
        security.
                allowFormAuthenticationForClients()
                .tokenKeyAccess("permitAll()")
                .checkTokenAccess("permitAll()")
        ;
    }
​
    @Override
    public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
        endpoints.tokenStore(new InMemoryTokenStore())
                .authenticationManager(authenticationManager)
                .userDetailsService(userDetailsService)
                .allowedTokenEndpointRequestMethods(HttpMethod.GET, HttpMethod.POST);
    }
​
    @Override
    public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
        // 配置方法1,只需配置DataSource即可,其它交给框架自动配置
        clients.jdbc(dataSource).passwordEncoder(passwordEncoder);
    }
​
}

​​

方案二

本方案以构建ClientDetailsServiceBuilder为最终目的。

package com.luas.xmall.auth.configuration;
​
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.oauth2.config.annotation.builders.JdbcClientDetailsServiceBuilder;
import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;
import org.springframework.security.oauth2.provider.ClientDetails;
import org.springframework.security.oauth2.provider.ClientDetailsService;
import org.springframework.security.oauth2.provider.ClientRegistrationException;
import org.springframework.security.oauth2.provider.token.store.InMemoryTokenStore;
​
import javax.sql.DataSource;
​
@Configuration
@EnableAuthorizationServer
public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {
​
    @Autowired
    private PasswordEncoder passwordEncoder;
​
    @Autowired
    private UserDetailsService userDetailsService;
​
    @Autowired
    private AuthenticationManager authenticationManager;
​
    @Autowired
    private DataSource dataSource;
​
    @Override
    public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
        security.
                allowFormAuthenticationForClients()
                .tokenKeyAccess("permitAll()")
                .checkTokenAccess("permitAll()")
        ;
    }
​
    @Override
    public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
        endpoints.tokenStore(new InMemoryTokenStore())
                .authenticationManager(authenticationManager)
                .userDetailsService(userDetailsService)
                .allowedTokenEndpointRequestMethods(HttpMethod.GET, HttpMethod.POST);
    }
​
    @Override
    public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
        // 配置方法2,构建ClientDetailsServiceBuilder
        clients.configure(jdbcClientDetailsServiceBuilder());
    }
​
    private JdbcClientDetailsServiceBuilder jdbcClientDetailsServiceBuilder() {
        return new JdbcClientDetailsServiceBuilder().dataSource(dataSource).passwordEncoder(passwordEncoder);
    }
}

 

方案三

此方案以构建ClientDetailsService为最终目的,本例中,我们使用ClientDetailsServiceBuilder来构建ClientDetailsService,即以JdbcClientDetailsServiceBuilder构建JdbcClientDetailsService,比较方便,也可以直接构建JdbcClientDetailsService对象。

使用JdbcClientDetailsServiceBuilder构建JdbcClientDetailsService。

package com.luas.xmall.auth.configuration;
​
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.oauth2.config.annotation.builders.JdbcClientDetailsServiceBuilder;
import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;
import org.springframework.security.oauth2.provider.ClientDetails;
import org.springframework.security.oauth2.provider.ClientDetailsService;
import org.springframework.security.oauth2.provider.ClientRegistrationException;
import org.springframework.security.oauth2.provider.token.store.InMemoryTokenStore;
​
import javax.sql.DataSource;
​
@Configuration
@EnableAuthorizationServer
public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {
​
    @Autowired
    private PasswordEncoder passwordEncoder;
​
    @Autowired
    private UserDetailsService userDetailsService;
​
    @Autowired
    private AuthenticationManager authenticationManager;
​
    @Autowired
    private DataSource dataSource;
​
    @Override
    public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
        security.
                allowFormAuthenticationForClients()
                .tokenKeyAccess("permitAll()")
                .checkTokenAccess("permitAll()")
        ;
    }
​
    @Override
    public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
        endpoints.tokenStore(new InMemoryTokenStore())
                .authenticationManager(authenticationManager)
                .userDetailsService(userDetailsService)
                .allowedTokenEndpointRequestMethods(HttpMethod.GET, HttpMethod.POST);
    }
​
    @Override
    public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
        // 配置方法3,使用ClientDetailsServiceBuilder构建ClientDetailsService
        clients.withClientDetails(jdbcClientDetailsService());
    }
​
    private ClientDetailsService jdbcClientDetailsService() throws Exception {
        return new JdbcClientDetailsServiceBuilder().dataSource(dataSource).passwordEncoder(passwordEncoder).build();
    }
​
}

直接构建JdbcClientDetailsService对象。

package com.luas.xmall.auth.configuration;
​
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.oauth2.config.annotation.builders.JdbcClientDetailsServiceBuilder;
import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;
import org.springframework.security.oauth2.provider.ClientDetails;
import org.springframework.security.oauth2.provider.ClientDetailsService;
import org.springframework.security.oauth2.provider.ClientRegistrationException;
import org.springframework.security.oauth2.provider.client.JdbcClientDetailsService;
import org.springframework.security.oauth2.provider.token.store.InMemoryTokenStore;
​
import javax.sql.DataSource;
​
@Configuration
@EnableAuthorizationServer
public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {
​
    @Autowired
    private PasswordEncoder passwordEncoder;
​
    @Autowired
    private UserDetailsService userDetailsService;
​
    @Autowired
    private AuthenticationManager authenticationManager;
​
    @Autowired
    private DataSource dataSource;
​
    @Override
    public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
        security.
                allowFormAuthenticationForClients()
                .tokenKeyAccess("permitAll()")
                .checkTokenAccess("permitAll()")
        ;
    }
​
    @Override
    public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
        endpoints.tokenStore(new InMemoryTokenStore())
                .authenticationManager(authenticationManager)
                .userDetailsService(userDetailsService)
                .allowedTokenEndpointRequestMethods(HttpMethod.GET, HttpMethod.POST);
    }
​
    @Override
    public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
        // 配置方法3,使用ClientDetailsServiceBuilder构建ClientDetailsService
        clients.withClientDetails(jdbcClientDetailsService());
    }
​
    private ClientDetailsService jdbcClientDetailsService() throws Exception {
        // 直接构建JdbcClientDetailsService对象
        JdbcClientDetailsService jdbcClientDetailsService = new JdbcClientDetailsService(dataSource);
        jdbcClientDetailsService.setPasswordEncoder(passwordEncoder);
        return jdbcClientDetailsService;
    }
}

 

方案四

本方案为自定义ClientDetailsService,实际项目中,也许存在不按照官方建议的数据结构的情况,此时,就需要自行定义数据结构,同时,也必须自行定义对应的ClientDetailsService,用以获取ClientDetails。

package com.luas.xmall.auth.configuration;
​
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.oauth2.config.annotation.builders.JdbcClientDetailsServiceBuilder;
import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;
import org.springframework.security.oauth2.provider.ClientDetails;
import org.springframework.security.oauth2.provider.ClientDetailsService;
import org.springframework.security.oauth2.provider.ClientRegistrationException;
import org.springframework.security.oauth2.provider.client.JdbcClientDetailsService;
import org.springframework.security.oauth2.provider.token.store.InMemoryTokenStore;
​
import javax.sql.DataSource;
​
@Configuration
@EnableAuthorizationServer
public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {
​
    @Autowired
    private PasswordEncoder passwordEncoder;
​
    @Autowired
    private UserDetailsService userDetailsService;
​
    @Autowired
    private AuthenticationManager authenticationManager;
​
    @Autowired
    private DataSource dataSource;
​
    @Override
    public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
        security.
                allowFormAuthenticationForClients()
                .tokenKeyAccess("permitAll()")
                .checkTokenAccess("permitAll()")
        ;
    }
​
    @Override
    public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
        endpoints.tokenStore(new InMemoryTokenStore())
                .authenticationManager(authenticationManager)
                .userDetailsService(userDetailsService)
                .allowedTokenEndpointRequestMethods(HttpMethod.GET, HttpMethod.POST);
    }
​
    @Override
    public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
        // 配置方法4,自定义ClientDetailsService
        clients.withClientDetails(myClientDetailsService());
    }
​
    public ClientDetailsService myClientDetailsService() throws Exception {
        return new ClientDetailsService() {
            @Override
            public ClientDetails loadClientByClientId(String clientId) throws ClientRegistrationException {
                // TODO 调用dao、service查询自定义数据结构、库,组织对应的ClientDetails
                return null;
            }
        };
    }
}

 

聚合配置

聚合四种方案,配置如下,可自行注释、取消相关注释,以开启对应方案。

package com.luas.xmall.auth.configuration;
​
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.oauth2.config.annotation.builders.JdbcClientDetailsServiceBuilder;
import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;
import org.springframework.security.oauth2.provider.ClientDetails;
import org.springframework.security.oauth2.provider.ClientDetailsService;
import org.springframework.security.oauth2.provider.ClientRegistrationException;
import org.springframework.security.oauth2.provider.client.JdbcClientDetailsService;
import org.springframework.security.oauth2.provider.token.store.InMemoryTokenStore;
​
import javax.sql.DataSource;
​
@Configuration
@EnableAuthorizationServer
public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {
​
    @Autowired
    private PasswordEncoder passwordEncoder;
​
    @Autowired
    private UserDetailsService userDetailsService;
​
    @Autowired
    private AuthenticationManager authenticationManager;
​
    @Autowired
    private DataSource dataSource;
​
    @Override
    public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
        security.
                allowFormAuthenticationForClients()
                .tokenKeyAccess("permitAll()")
                .checkTokenAccess("permitAll()")
        ;
    }
​
    @Override
    public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
        endpoints.tokenStore(new InMemoryTokenStore())
                .authenticationManager(authenticationManager)
                .userDetailsService(userDetailsService)
                .allowedTokenEndpointRequestMethods(HttpMethod.GET, HttpMethod.POST);
    }
​
    @Override
    public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
        // 配置方法1,只需配置DataSource即可,其它交给框架自动配置
        clients.jdbc(dataSource).passwordEncoder(passwordEncoder);
​
        // 配置方法2,构建ClientDetailsServiceBuilder
        //clients.configure(jdbcClientDetailsServiceBuilder());
​
        // 配置方法3,使用ClientDetailsServiceBuilder构建ClientDetailsService
        //clients.withClientDetails(jdbcClientDetailsService());
​
        // 配置方法4,自定义ClientDetailsService
        //clients.withClientDetails(myClientDetailsService());
    }
​
    private JdbcClientDetailsServiceBuilder jdbcClientDetailsServiceBuilder() {
        return new JdbcClientDetailsServiceBuilder().dataSource(dataSource).passwordEncoder(passwordEncoder);
    }
​
    private ClientDetailsService jdbcClientDetailsService() throws Exception {
        return new JdbcClientDetailsServiceBuilder().dataSource(dataSource).passwordEncoder(passwordEncoder).build();
​
        // 直接构建JdbcClientDetailsService对象
//        JdbcClientDetailsService jdbcClientDetailsService = new JdbcClientDetailsService(dataSource);
//        jdbcClientDetailsService.setPasswordEncoder(passwordEncoder);
//        return jdbcClientDetailsService;
    }
​
    public ClientDetailsService myClientDetailsService() throws Exception {
        return new ClientDetailsService() {
            @Override
            public ClientDetails loadClientByClientId(String clientId) throws ClientRegistrationException {
                // TODO 调用dao、service查询自定义数据结构、库,组织对应的ClientDetails
                return null;
            }
        };
    }
}

 

数据源

配置数据源DataSource。

server:
  port: 7777
​
spring:
  datasource:
    name: test
    url: jdbc:mysql://127.0.0.1:3306/xmall-auth?characterEncoding=utf8&generateSimpleParameterMetadata=true&serverTimezone=GMT%2B8
    username: root
    password: 123456
    # 使用druid数据源
    type: com.alibaba.druid.pool.DruidDataSource
    driver-class-name: com.mysql.cj.jdbc.Driver
    filters: stat,slf4j
    maxActive: 20
    initialSize: 2
    minIdle: 1
    maxWait: 60000
    timeBetweenEvictionRunsMillis: 60
    minEvictableIdleTimeMillis: 300000
    validationQuery: select 'x'
    testWhileIdle: true
    testOnBorrow: false
    testOnReturn: false
    poolPreparedStatements: true
    maxOpenPreparedStatements: 20

 

数据结构

官方建议的数据结构如下,可根据数据库类型,自行调整。shcema.sql文件位于src/main/resources下。

create table oauth_client_details (
  client_id VARCHAR(256) PRIMARY KEY,
  resource_ids VARCHAR(256),
  client_secret VARCHAR(256),
  scope VARCHAR(256),
  authorized_grant_types VARCHAR(256),
  web_server_redirect_uri VARCHAR(256),
  authorities VARCHAR(256),
  access_token_validity INTEGER,
  refresh_token_validity INTEGER,
  additional_information VARCHAR(4096),
  autoapprove VARCHAR(256),
  create_time TIMESTAMP
);
​
create table oauth_client_token (
  token_id VARCHAR(256),
  token LONGVARBINARY,
  authentication_id VARCHAR(256) PRIMARY KEY,
  user_name VARCHAR(256),
  client_id VARCHAR(256),
  create_time TIMESTAMP
);
​
create table oauth_access_token (
  token_id VARCHAR(256),
  token LONGVARBINARY,
  authentication_id VARCHAR(256) PRIMARY KEY,
  user_name VARCHAR(256),
  client_id VARCHAR(256),
  authentication LONGVARBINARY,
  refresh_token VARCHAR(256),
  create_time TIMESTAMP
);
​
create table oauth_refresh_token (
  token_id VARCHAR(256),
  token LONGVARBINARY,
  authentication LONGVARBINARY,
  create_time TIMESTAMP
);
​
create table oauth_code (
  code VARCHAR(256), authentication LONGVARBINARY, create_time TIMESTAMP
);
​
create table oauth_approvals (
  userId VARCHAR(256),
  clientId VARCHAR(256),
  scope VARCHAR(256),
  status VARCHAR(10),
  expiresAt TIMESTAMP,
  lastModifiedAt TIMESTAMP,
  create_time TIMESTAMP
);
​
​
create table ClientDetails (
  appId VARCHAR(256) PRIMARY KEY,
  resourceIds VARCHAR(256),
  appSecret VARCHAR(256),
  scope VARCHAR(256),
  grantTypes VARCHAR(256),
  redirectUrl VARCHAR(256),
  authorities VARCHAR(256),
  access_token_validity INTEGER,
  refresh_token_validity INTEGER,
  additionalInformation VARCHAR(4096),
  autoApproveScopes VARCHAR(256),
  create_time TIMESTAMP
);

另外,针对mysql,笔者改造了一版mysql数据库对应的数据结构,shcema-mysql.sql文件位于src/main/resources下。

create table oauth_client_details (
  client_id VARCHAR(255) PRIMARY KEY,
  resource_ids VARCHAR(255),
  client_secret VARCHAR(255),
  scope VARCHAR(255),
  authorized_grant_types VARCHAR(255),
  web_server_redirect_uri VARCHAR(255),
  authorities VARCHAR(255),
  access_token_validity INTEGER,
  refresh_token_validity INTEGER,
  additional_information VARCHAR(4096),
  autoapprove VARCHAR(255),
  create_time TIMESTAMP
);
​
create table oauth_client_token (
  token_id VARCHAR(255),
  token BLOB,
  authentication_id VARCHAR(255) PRIMARY KEY,
  user_name VARCHAR(255),
  client_id VARCHAR(255),
  create_time TIMESTAMP
);
​
create table oauth_access_token (
  token_id VARCHAR(255),
  token BLOB,
  authentication_id VARCHAR(255) PRIMARY KEY,
  user_name VARCHAR(255),
  client_id VARCHAR(255),
  authentication BLOB,
  refresh_token VARCHAR(255),
  create_time TIMESTAMP
);
​
create table oauth_refresh_token (
  token_id VARCHAR(255),
  token BLOB,
  authentication BLOB,
  create_time TIMESTAMP
);
​
create table oauth_code (
  code VARCHAR(255), authentication BLOB, create_time TIMESTAMP
);
​
create table oauth_approvals (
  userId VARCHAR(255),
  clientId VARCHAR(255),
  scope VARCHAR(255),
  status VARCHAR(10),
  expiresAt TIMESTAMP,
  lastModifiedAt TIMESTAMP,
  create_time TIMESTAMP
);
​
​
create table ClientDetails (
  appId VARCHAR(255) PRIMARY KEY,
  resourceIds VARCHAR(255),
  appSecret VARCHAR(255),
  scope VARCHAR(255),
  grantTypes VARCHAR(255),
  redirectUrl VARCHAR(255),
  authorities VARCHAR(255),
  access_token_validity INTEGER,
  refresh_token_validity INTEGER,
  additionalInformation VARCHAR(4096),
  autoApproveScopes VARCHAR(255),
  create_time TIMESTAMP
);

 

时间戳字段问题

mysql版本不同,对TIMESTAMP类型解释也不同,如mysql5.7,版本,create_time TIMESTAMP代表的含义如下:

  1. 如果该字段是第一个TIMESTAMP字段,则等同于create_time TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP

  2. 如果该字段不是第一个TIMESTAMP字段,则等同于create_time TIMESTAMP NOT NULL DEFAULT '0000-00-00 00:00:00'。特别说明一下,此种情况下,数据库会报错,因为不允许0类型的日期值存在。

至于其它版本的解释,读者可自行查阅相关资料,笔者后续也会详细介绍此数据库字段类型。

 

客户端信息


将之前在内存中存储的客户端信息初始化到数据库中,sql文件见目录src/main/resources/

INSERT INTO `oauth_client_details`(`client_id`, `resource_ids`, `client_secret`, `scope`, `authorized_grant_types`, `web_server_redirect_uri`, `authorities`, `access_token_validity`, `refresh_token_validity`, `additional_information`, `autoapprove`, `create_time`) VALUES ('admin', 'xmall-auth,xmall-product', '$2a$10$zNDgAkXKu4xSeupcLlZsKuSpmU75MQDqODhieBZvTMdeNEKwaUoIi', 'server,select', 'authorization_code,password,refresh_token,client_credentials,implicit', 'http://www.baidu.com', NULL, NULL, NULL, NULL, NULL, '2020-02-14 17:23:07');
INSERT INTO `oauth_client_details`(`client_id`, `resource_ids`, `client_secret`, `scope`, `authorized_grant_types`, `web_server_redirect_uri`, `authorities`, `access_token_validity`, `refresh_token_validity`, `additional_information`, `autoapprove`, `create_time`) VALUES ('client_1', 'xmall-auth,xmall-product', '$2a$10$zNDgAkXKu4xSeupcLlZsKuSpmU75MQDqODhieBZvTMdeNEKwaUoIi', 'server,select', 'password,refresh_token', NULL, NULL, NULL, NULL, NULL, NULL, '2020-02-14 17:24:17');
INSERT INTO `oauth_client_details`(`client_id`, `resource_ids`, `client_secret`, `scope`, `authorized_grant_types`, `web_server_redirect_uri`, `authorities`, `access_token_validity`, `refresh_token_validity`, `additional_information`, `autoapprove`, `create_time`) VALUES ('client_2', 'xmall-auth,xmall-product', '$2a$10$zNDgAkXKu4xSeupcLlZsKuSpmU75MQDqODhieBZvTMdeNEKwaUoIi', 'server,select', 'client_credentials,refresh_token', NULL, NULL, NULL, NULL, NULL, NULL, '2020-02-14 17:24:57');

 

验证

启动xmall-auth工程,端口为7777。

访问http://localhost:7777/oauth/token,输入一众参数,诸如client_id、client_secret、grant_type等,点击Send,即出现access_token、refresh_token等信息。

 

源码


github

https://github.com/liuminglei/SpringCloudLearning/tree/master/18/

gitee

https://gitee.com/xbd521/SpringCloudLearning/tree/master/18/

 

 

本文系【银河架构师】原创,如需转载请在文章明显处注明作者及出处。

微信搜索【银河架构师】,发现更多精彩内容。

 

银河架构师
关注
专栏目录
SpringCloud2.0整合OAuth2.0
M义薄云天的博客
12-25 2352
以下是把配置文件放在Git仓库,SpringCloudConfig配置中心拉取,动态刷新 一.for pom.xml <dependencies> <dependency> <groupId>org.springframework.cloud</groupId> <artifact...
学会 OAuth2.0 授权登录,10 张图就够了
竹林幽深
02-10 1024
https://mp.weixin.qq.com/s/emMpEaLLU3SyO7_X2JAUHQ
探索 OAuth 2.0 中的 oauth_client_details
最新发布
m0_61338779的博客
08-08 1030
探索 OAuth 2.0 中的 oauth_client_details
oauth2.0通过JdbcClientDetailsService从数据库读取相应的配置
weixin_33816300的博客
07-25 1042
oauth2.0通过JdbcClientDetailsService从数据库读取相应的配置 在上一节我们讲述的配置是把授权码存储在redis中,把相应的请求的路径用使用in-memory存储 ,这个是放在了内存中,但是实际开发我们的数据希望是从数据表中查询的,那应该怎么做呢? 1.回顾in-memory存储 ...
spring-cloud-starter-oauth2
cpongo5
11-28 2500
阅读该篇文章时,希望各位可以先搞懂oauth2协议的相关内容,这样该篇文档用到的一些类,各位就会觉得理所应当了。开发前准备 我在上篇文档的代码基础上,新建一个cloud+oauth2分支。 pom文件修改 1234<dependency> <groupId>org.springframe...
JdbcClientDetailsService从数据库读取相应的配置
word_joke的博客
02-05 2146
https://www.cnblogs.com/charlypage/p/9383420.html
Spring Security Oauth2核心组件之ClientDetailsService
clyu的博客
01-10 2456
一、客户端 public interface ClientDetails extends Serializable { String getClientId();//客户端id Set<String> getResourceIds();//此客户端可以访问的资源。如果为空,则调用者可以忽略 boolean isSecretRequired();//验证此客户端是否需要secret String getClientSecret();//获取客户端的secret bool
springcloud-gateway-oauth2:这是一个SpringCloud gateway +oauht2.0+jwt 实现微服务的认证和授权
05-11
1.springcloud-gateway-oauth2 这是一个SpringCloud gateway +oauht2.0+jwt 实现微服务的认证和授权 (记得修改 redis连接 和jdbc连接) 2.安装naocs 3.测试 1.访问认证服务: 2. 访问资源服务: 3. 用户的信息
Spring Cloud Alibaba 集成 Spring Security OAuth2.0 实现认证和授权
11-14
分布式系统的认证和授权 分布式架构采用 Spring Cloud Alibaba 认证和授权采用 Spring Security OAuth2.0 实现方法级权限控制 网关采用 gateway 中间件 服务注册和发现采用 nacos
Spring Cloud 集成OAuth2实现身份认证和单点登录
10-20
Spring Cloud中,我们可以使用Spring Security OAuth2模块来实现OAuth2的授权流程。 集成OAuth2的过程通常包括以下几个步骤: 1. **配置授权服务器**:授权服务器是负责处理用户登录、授权和令牌发放的组件。在...
基于Spring Boot 2.6、 Spring Cloud 2021 & Alibaba、 OAuth2 的权限管理系统
04-30
系统说明:基于 Spring Cloud 2021 、Spring Boot 2.6、 OAuth2 的 RBAC 权限管理系统 基于数据驱动视图的理念封装 element-ui,即使没有 vue 的使用经验也能快速上手 提供对常见容器化支持 Docker、Kubernetes、...
SpringSecurity OAuth2 (6) 自定义: ClientDetailsService, 异常处理以及一致性响应
热门推荐
O_o
07-07 1万+
本文介绍 Spring Security OAuth2 的自定义数据结构以及 ClientDetailsService.
jwt单点登录_Spring Cloud Security:Oauth2实现单点登录
weixin_39771260的博客
11-26 175
Spring Cloud Security 为构建安全的SpringBoot应用提供了一系列解决方案,结合Oauth2可以实现单点登录功能,本文将对其单点登录用法进行详细介绍。SpringCloud实战电商项目mall-swarm(5.1k+star)地址:https://github.com/macrozheng/mall-swarm单点登录简介单点登录(Single Sign On)指的是当...
3、oauth2授权之自定义ClientDetailsService
u012153127的博客
07-03 5333
oauth的客户端凭证校验是通过ClientDetailsService来实现的。oauth默认为我们提供了InMemoryClientDetailsServiceJdbcClientDetailsService,当然我们也可以自己实现ClientDetailsService。 1、新建CustomClientDetailService实现ClientDetailsService接口。 ps:这里我们需要加上@Primary把该类当成是主类,因为在@EnableAuthorizat...
Springsecurity-oauth2之ClientDetailsService
weixin_34249678的博客
02-24 6769
2019独角兽企业重金招聘Python工程师标准>>> ...
spring security oauth2认证中心 ClientDetailsServiceConfiguration自动配置源码
路过君的博客
02-18 1632
org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer @Target(ElementType.TYPE) @Retention(RetentionPolicy.RUNTIME) @Documented // 导入认证服务器端点配置和安全配置 @Import({AuthorizationServerEndpointsConfiguration.class, Auth.
spring cloud笔记 oauth2授权服务 clientDetails配置源码
路过君的博客
03-23 3643
@EnableAuthorizationServer ... @Import({... AuthorizationServerSecurityConfiguration.class}) ... AuthorizationServerSecurityConfiguration ... @Import({ ClientDetailsServiceConfiguration.class... }) ....
服务权限终极解决方案,Spring Cloud Gateway + Oauth2 实现统一认证和鉴权!
乌龟的专栏
08-10 6013
这篇文章主要向大家介绍微服务权限终极解决方案,Spring Cloud Gateway + Oauth2 实现统一认证和鉴权!,主要内容包括基础应用、实用技巧、原理机制等方面,希望对大家有所帮助。 标签:gitgithubwebredisspringapi缓存安全服务器restful 最近发现了一个很好的微服务权限解决方案,能够经过认证服务进行统一认证,而后经过网关来统一校验认证和鉴权。此方案为目前最新方案,仅支持Spring Boot 2.2.0、Spring Cloud Hoxton 以上版本,本
SpringCloud OAuth2 SSO 深度解析:@EnableOAuth2Sso注解与单点登录实现
"这篇文档详细分析了`@EnableOAuth2SSO`注解在实现Spring Cloud环境下OAuth2单点登录(SSO)中的作用。通过深入源码,讲解了相关配置和组件,如`OAuth2Client`、`OAuth2SsoProperties`、`OAuth2...
评论 1
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值