背景
本项目是oauth2的资源服务器2,同时也是客户端
所调用接口的项目是oauth2的授权服务器,同时也是资源服务器1
依赖
...
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-openfeign</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.security.oauth</groupId>
<artifactId>spring-security-oauth2</artifactId>
<version>2.3.3.RELEASE</version>
</dependency>
...
配置
security:
oauth2:
# 对应 OAuth2ClientProperties 类
#客户端认证,这里配置相当于该资源服务器同时也是一个客户端,可以这里不配置在前端配置
client:
client-id: test_client
client-secret: user
#对应 ResourceServerProperties 类
#校验访问令牌的有效性
resource:
user-info-uri: http:/127.0.0.1:18890/nacos-authserver/oauth/check_token
#自定义,获取访问令牌,用于实现/login接口
access-token-uri: http://127.0.0.1:18890/nacos-authserver/oauth/token
启动
@EnableFeignClients
package com.example.producer;
import org.mybatis.spring.annotation.MapperScan;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.cloud.client.discovery.EnableDiscoveryClient;
import org.springframework.cloud.openfeign.EnableFeignClients;
@SpringBootApplication
@EnableDiscoveryClient
@MapperScan(value = "com.example.producer.mapper")
public class ProducerApplication {
public static void main(String[] args) {
SpringApplication.run(ProducerApplication.class, args);
}
}
接口调用
-
自定义拦截,
否则feign无法携带oauth2的token信息
,会报错401未授权package com.example.producer.interceptor; import feign.RequestInterceptor; import feign.RequestTemplate; import org.springframework.stereotype.Component; import org.springframework.web.context.request.RequestAttributes; import org.springframework.web.context.request.RequestContextHolder; import org.springframework.web.context.request.ServletRequestAttributes; import javax.servlet.http.HttpServletRequest; /** * 自定义Feign请求拦截 * 为Feign远程调用接口增加token信息 */ @Component public class OAuth2FeignRequestInterceptor implements RequestInterceptor { @Override public void apply(RequestTemplate requestTemplate) { RequestAttributes requestAttributes = RequestContextHolder.currentRequestAttributes(); HttpServletRequest request = ((ServletRequestAttributes) requestAttributes).getRequest(); String token = request.getHeader("Authorization"); if(!token.isEmpty()){ requestTemplate.header("Authorization",token); } } }
-
接口,注意不要忘记配置
configuration = OAuth2FeignRequestInterceptor.class)
package com.example.producer.remote; import com.example.producer.interceptor.OAuth2FeignRequestInterceptor; import org.springframework.cloud.openfeign.FeignClient; import org.springframework.web.bind.annotation.GetMapping; @FeignClient(value = "nacos-authserver",configuration = OAuth2FeignRequestInterceptor.class) public interface UserRemote { @GetMapping("/user/userinfo") Object getUserInfo(); }
-
controller
package com.example.producer.controller; import com.example.producer.remote.UserRemote; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RestController; @RestController @RequestMapping("/user") public class UserController { @Autowired UserRemote userRemote; @GetMapping("userinfo") public Object getUserInfo(){ return userRemote.getUserInfo(); } }