spring-authorization-server1.1.1的使用

已于 2023-07-07 09:32:23 修改
阅读量1.1k 收藏 6
点赞数
分类专栏: spring authorization server 文章标签: java 后端 bootstrap
于 2023-07-02 08:39:14 首次发布
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/miaowansheng/article/details/131486743
版权
该文章详细描述了使用SpringBoot3.1.1、SpringAuthorizationServer1.1.1和SpringSecurity6.1.1来构建一个OAuth2授权服务器的过程。内容包括配置文件设置、数据库表结构、实体类定义、服务接口、安全配置以及登录页面的实现。此外,还涉及到数据库脚本和代码示例,展示了如何处理授权码、注册客户端以及用户角色管理。
摘要由CSDN通过智能技术生成
  1. 环境:
    1. java: 19
    2. idea: 2023.1.1
    3. windows: 11
    4. chrome: 114.0.5735.199
    5. mysql: 8.0
    6. springboot: 3.1.1
    7. spring-authorization-server: 1.1.1
    8. spring-security: 6.1.1
  2. Gradle 依赖

    1. dependencies {
      implementation 'org.springframework.boot:spring-boot-starter-data-jpa'
      implementation 'org.springframework.boot:spring-boot-starter-oauth2-authorization-server'
      implementation 'org.springframework.boot:spring-boot-starter-security'
      implementation 'org.springframework.boot:spring-boot-starter-web'
      compileOnly 'org.projectlombok:lombok'
      runtimeOnly 'com.mysql:mysql-connector-j'
      annotationProcessor 'org.projectlombok:lombok'
      testImplementation 'org.springframework.boot:spring-boot-starter-test'
      testImplementation 'org.springframework.security:spring-security-test'
      }

  3. application.properties 改为application.yml

    1. server:
  port: 9000
spring:
  jpa:
    open-in-view: false
    show-sql: true
  datasource:
    url: jdbc:mysql://127.0.0.1:3306/oauth2_dev?useUnicode=true&characterEncoding=UTF-8&useSSL=true&serverTimezone=Asia/Shanghai
    username: mysql
    password: pwd

  4. User包下新建用户、角色的entity、repository、service

    用户User.java

        

package com.iawz.oauth2.user.entity;

import com.fasterxml.jackson.annotation.JsonFormat;
import com.fasterxml.jackson.annotation.JsonIgnore; 
import lombok.*;
import org.springframework.data.annotation.CreatedDate;
import org.springframework.data.annotation.LastModifiedDate;
import org.springframework.data.jpa.domain.support.AuditingEntityListener;

import jakarta.persistence.*;
import java.time.LocalDateTime;
import java.util.Set;

@Entity
@EntityListeners(AuditingEntityListener.class)
@Data
public class User {
    @Id
    @GeneratedValue(strategy = GenerationType.IDENTITY)
    private Integer id;

    private String name;
    private String mobile;
    private String password;

    private Boolean disabled;
    private Boolean locked;

    @JsonFormat(pattern = "yyyy-MM-dd HH:mm:ss")
    @Column(nullable = false, updatable = false)
    @CreatedDate
    private LocalDateTime createTime;
    @JsonFormat(pattern = "yyyy-MM-dd HH:mm:ss")
    @LastModifiedDate
    private LocalDateTime updateTime;

    @ManyToMany(fetch = FetchType.EAGER)
    @JoinTable(name = "user_role",
            joinColumns = @JoinColumn(name = "userId"),
            inverseJoinColumns = @JoinColumn(name = "roleId")
    )
    @JsonIgnore
    private Set<Role> roles;
}

角色Role.java

package com.iawz.oauth2.user.entity;

import com.fasterxml.jackson.annotation.JsonFormat;
import lombok.*;
import org.springframework.data.annotation.CreatedDate;
import org.springframework.data.jpa.domain.support.AuditingEntityListener;

import jakarta.persistence.*;
import java.time.LocalDateTime;
import java.util.Set;

@Entity
@EntityListeners(AuditingEntityListener.class) 
@Data
public class Role {
    @Id
    @GeneratedValue(strategy = GenerationType.IDENTITY)
    private Integer id;

    private String name;
    private Boolean disabled;
    @JsonFormat(pattern = "yyyy-MM-dd HH:mm:ss")
    @Column(nullable = false, updatable = false)
    @CreatedDate
    private LocalDateTime createTime;

    @ManyToMany(mappedBy = "roles")
    private Set<User> users;
}

UserRepository.java

import org.springframework.data.jpa.repository.JpaRepository;

import java.util.Optional;

public interface UserRepository extends JpaRepository<User, Integer> {
    Optional<User> findByMobile(String mobile);
    boolean existsByMobile(String mobile);
}

UserService.java

@Service
@AllArgsConstructor
public class UserService {
    private final UserRepository userRepository;

    public User getByMobile(String mobile){
        return userRepository.findByMobile(mobile).orElseThrow(()->new UserNotFoundException("不存在这样的用户"));
    }
}

5. excetpion包下新建UserExistedException.java、UserNotFoundException.java

public class UserNotFoundException extends RuntimeException{
    public UserNotFoundException(String  message){
        super(message);
    }

    public UserNotFoundException(String message, Throwable cause){
        super(message, cause);
    }
}

public class UserExistedException extends RuntimeException{
    public UserExistedException(String message){
        super(message);
    }

    public UserExistedException(String message, Throwable cause){
        super(message, cause);
    }
}

6.  configuration包下新建DefaultSecurityConfig.java、AuthorizationServerConfig.java

import com.nimbusds.jose.jwk.JWKSet;
import com.nimbusds.jose.jwk.RSAKey;
import com.nimbusds.jose.jwk.source.JWKSource;
import com.nimbusds.jose.proc.SecurityContext;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.Ordered;
import org.springframework.core.annotation.Order;
import org.springframework.http.MediaType;
import org.springframework.jdbc.core.JdbcTemplate;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.oauth2.jwt.JwtDecoder;
import org.springframework.security.oauth2.server.authorization.JdbcOAuth2AuthorizationService;
import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService;
import org.springframework.security.oauth2.server.authorization.client.JdbcRegisteredClientRepository;
import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository;
import org.springframework.security.oauth2.server.authorization.config.annotation.web.configuration.OAuth2AuthorizationServerConfiguration;
import org.springframework.security.oauth2.server.authorization.config.annotation.web.configurers.OAuth2AuthorizationServerConfigurer;
import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint;
import org.springframework.security.web.util.matcher.MediaTypeRequestMatcher;

/**
 * @author Joe Grandja
 * @author Daniel Garnier-Moiroux
 * @author Steve Riesenberg
 * @since 1.1
 */
@Configuration(proxyBeanMethods = false)
public class AuthorizationServerConfig {

	@Bean
	@Order(Ordered.HIGHEST_PRECEDENCE)
	public SecurityFilterChain authorizationServerSecurityFilterChain(
			HttpSecurity http, RegisteredClientRepository registeredClientRepository,
			AuthorizationServerSettings authorizationServerSettings) throws Exception {

		OAuth2AuthorizationServerConfiguration.applyDefaultSecurity(http);

		http.getConfigurer(OAuth2AuthorizationServerConfigurer.class)
				.authorizationEndpoint(a -> a.authorizationResponseHandler(new Oauth2AuthenticationResponseHandler()));

		http
			.exceptionHandling((exceptions) -> exceptions
				.defaultAuthenticationEntryPointFor(
					new LoginUrlAuthenticationEntryPoint("/login"),
					new MediaTypeRequestMatcher(MediaType.TEXT_HTML)
				)
			);

		return http.build();
	}

	@Bean
	public RegisteredClientRepository registeredClientRepository(JdbcTemplate jdbcTemplate) {
		return new JdbcRegisteredClientRepository(jdbcTemplate);
	}

	@Bean
	public OAuth2AuthorizationService authorizationService(JdbcTemplate jdbcTemplate,
			RegisteredClientRepository registeredClientRepository) {
		return new JdbcOAuth2AuthorizationService(jdbcTemplate, registeredClientRepository);
	}


	@Bean
	public JWKSource<SecurityContext> jwkSource() {
		RSAKey rsaKey = Jwks.generateRsa();
		JWKSet jwkSet = new JWKSet(rsaKey);
		return (jwkSelector, securityContext) -> jwkSelector.select(jwkSet);
	}

	@Bean
	public JwtDecoder jwtDecoder(JWKSource<SecurityContext> jwkSource) {
		return OAuth2AuthorizationServerConfiguration.jwtDecoder(jwkSource);
	}

	@Bean
	public AuthorizationServerSettings authorizationServerSettings() {
		return AuthorizationServerSettings.builder().build();
	}


}

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.SecurityFilterChain;


@EnableWebSecurity
@Configuration
public class DefaultSecurityConfig {

	@Bean
	public SecurityFilterChain defaultSecurityFilterChain(HttpSecurity http) throws Exception {
		http
			.authorizeHttpRequests(authorize ->
				authorize
					//.requestMatchers( "/anonymous").permitAll()
					.anyRequest().authenticated()
			)
			.formLogin(formLogin ->
				formLogin.loginPage("/login").permitAll()
			)
            .oauth2ResourceServer(rs -> rs.jwt(Customizer.withDefaults()))
            .csrf(c ->
				c.disable()
			) ;

		return http.build();
	}

	@Bean
	public PasswordEncoder passwordEncoder(){
		return new BCryptPasswordEncoder();
	}


}

7.在authentication包下新建Jwks.java

/*
 * Copyright 2020-2023 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      https://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package com.iawz.oauth2.authentication.jose;

import com.nimbusds.jose.jwk.Curve;
import com.nimbusds.jose.jwk.ECKey;
import com.nimbusds.jose.jwk.OctetSequenceKey;
import com.nimbusds.jose.jwk.RSAKey;

import javax.crypto.SecretKey;
import java.security.KeyPair;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.ECPublicKey;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.util.UUID;

/**
 * @author Joe Grandja
 * @since 1.1
 */
public final class Jwks {

	private Jwks() {
	}

	public static RSAKey generateRsa() {
		KeyPair keyPair = KeyGeneratorUtils.generateRsaKey();
		RSAPublicKey publicKey = (RSAPublicKey) keyPair.getPublic();
		RSAPrivateKey privateKey = (RSAPrivateKey) keyPair.getPrivate();
		// @formatter:off
		return new RSAKey.Builder(publicKey)
				.privateKey(privateKey)
				.keyID(UUID.randomUUID().toString())
				.build();
		// @formatter:on
	}

	public static ECKey generateEc() {
		KeyPair keyPair = KeyGeneratorUtils.generateEcKey();
		ECPublicKey publicKey = (ECPublicKey) keyPair.getPublic();
		ECPrivateKey privateKey = (ECPrivateKey) keyPair.getPrivate();
		Curve curve = Curve.forECParameterSpec(publicKey.getParams());
		// @formatter:off
		return new ECKey.Builder(curve, publicKey)
				.privateKey(privateKey)
				.keyID(UUID.randomUUID().toString())
				.build();
		// @formatter:on
	}

	public static OctetSequenceKey generateSecret() {
		SecretKey secretKey = KeyGeneratorUtils.generateSecretKey();
		// @formatter:off
		return new OctetSequenceKey.Builder(secretKey)
				.keyID(UUID.randomUUID().toString())
				.build();
		// @formatter:on
	}

}

新建KeyGeneratorUtils.java

/*
 * Copyright 2020-2023 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      https://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package com.iawz.oauth2.authentication.jose;

import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import java.math.BigInteger;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.spec.ECFieldFp;
import java.security.spec.ECParameterSpec;
import java.security.spec.ECPoint;
import java.security.spec.EllipticCurve;

/**
 * @author Joe Grandja
 * @since 1.1
 */
final class KeyGeneratorUtils {

	private KeyGeneratorUtils() {
	}

	static SecretKey generateSecretKey() {
		SecretKey hmacKey;
		try {
			hmacKey = KeyGenerator.getInstance("HmacSha256").generateKey();
		} catch (Exception ex) {
			throw new IllegalStateException(ex);
		}
		return hmacKey;
	}

	static KeyPair generateRsaKey() {
		KeyPair keyPair;
		try {
			KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
			keyPairGenerator.initialize(2048);
			keyPair = keyPairGenerator.generateKeyPair();
		} catch (Exception ex) {
			throw new IllegalStateException(ex);
		}
		return keyPair;
	}

	static KeyPair generateEcKey() {
		EllipticCurve ellipticCurve = new EllipticCurve(
				new ECFieldFp(
						new BigInteger("115792089210356248762697446949407573530086143415290314195533631308867097853951")),
				new BigInteger("115792089210356248762697446949407573530086143415290314195533631308867097853948"),
				new BigInteger("41058363725152142129326129780047268409114441015993725554835256314039467401291"));
		ECPoint ecPoint = new ECPoint(
				new BigInteger("48439561293906451759052585252797914202762949526041747995844080717082404635286"),
				new BigInteger("36134250956749795798585127919587881956611106672985015071877198253568414405109"));
		ECParameterSpec ecParameterSpec = new ECParameterSpec(
				ellipticCurve,
				ecPoint,
				new BigInteger("115792089210356248762697446949407573529996955224135760342422259061068512044369"),
				1);

		KeyPair keyPair;
		try {
			KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC");
			keyPairGenerator.initialize(ecParameterSpec);
			keyPair = keyPairGenerator.generateKeyPair();
		} catch (Exception ex) {
			throw new IllegalStateException(ex);
		}
		return keyPair;
	}

}

新建SecurityUser.java

package com.iawz.oauth2.authentication.dto;

import com.iawz.oauth2.user.entity.Role;
import com.iawz.oauth2.user.entity.User;
import lombok.Getter;
import lombok.Setter;

import java.util.HashSet;
import java.util.Set;

@Getter
@Setter
public class SecurityUser {
    private Integer id;
    private String username;
    private String password;
    private String mobile;
    private Boolean disabled;
    private Boolean locked;
    private Set<Role> roles;

    public SecurityUser(User user){
        this.id = user.getId();
        this.username = user.getName();
        this.password = user.getPassword();
        this.mobile = user.getMobile();
        this.disabled = user.getDisabled();
        this.locked = user.getLocked();
        Set<Role> roles = new HashSet<>();
        if (null != user.getRoles() && user.getRoles().size() > 0){
            for (Role role: user.getRoles()){
                if (!role.getDisabled()){
                    roles.add(role);
                }
            }
        }
        this.roles = roles;
    }
}

新建类Oauth2AuthenticationResponseHandler.java用来捕获发送code前注销掉session

package com.iawz.oauth2.authentication.service;

import jakarta.servlet.ServletException;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import lombok.extern.slf4j.Slf4j;
import org.springframework.security.core.Authentication;
import org.springframework.security.oauth2.server.authorization.authentication.OAuth2AuthorizationCodeRequestAuthenticationToken;
import org.springframework.security.web.DefaultRedirectStrategy;
import org.springframework.security.web.RedirectStrategy;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.util.StringUtils;
import org.springframework.web.util.UriComponentsBuilder;
import org.springframework.web.util.UriUtils;

import java.io.IOException;
import java.nio.charset.StandardCharsets;

public class Oauth2AuthenticationResponseHandler implements AuthenticationSuccessHandler {
    private final RedirectStrategy redirectStrategy = new DefaultRedirectStrategy();
    @Override
    public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException {
        OAuth2AuthorizationCodeRequestAuthenticationToken authorizationCodeRequestAuthentication = (OAuth2AuthorizationCodeRequestAuthenticationToken)authentication;
        UriComponentsBuilder uriBuilder = UriComponentsBuilder.fromUriString(authorizationCodeRequestAuthentication.getRedirectUri()).queryParam("code", new Object[]{authorizationCodeRequestAuthentication.getAuthorizationCode().getTokenValue()});
        if (StringUtils.hasText(authorizationCodeRequestAuthentication.getState())) {
            uriBuilder.queryParam("state", new Object[]{UriUtils.encode(authorizationCodeRequestAuthentication.getState(), StandardCharsets.UTF_8)});
        }

        String redirectUri = uriBuilder.build(true).toUriString();
        this.redirectStrategy.sendRedirect(request, response, redirectUri);
        request.getSession().invalidate();
    }
}

新建类SecurityUserService.java

package com.iawz.oauth2.authentication.service;

import com.iawz.oauth2.authentication.dto.SecurityUser;
import com.iawz.oauth2.exception.UserNotFoundException;
import com.iawz.oauth2.user.service.UserService;
import lombok.AllArgsConstructor;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Service;

import java.util.stream.Collectors;

@AllArgsConstructor
@Service
public class SecurityUserService implements UserDetailsService {
    private final UserService userService;
    @Override
    public UserDetails loadUserByUsername(String mobile) {
        try{
            SecurityUser user = new SecurityUser(userService.getByMobile(mobile));

            return new User(
                    user.getMobile(),
                    user.getPassword(),
                    !user.getDisabled(),
                    true,
                    true,
                    !user.getLocked(),
                    user.getRoles().stream().map(role -> new SimpleGrantedAuthority(role.getName())).collect(Collectors.toList())
            );
        }catch (UserNotFoundException e){
            throw new UsernameNotFoundException(e.getMessage());
        }
    }

}

新建登录页面:LoginController.java

package com.iawz.oauth2.authentication.controller;

import lombok.AllArgsConstructor;
import org.springframework.http.MediaType;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.RestController;

@AllArgsConstructor
@RestController
public class LoginController {

    @GetMapping(value = "/login", produces = MediaType.TEXT_HTML_VALUE)
    public String login(@RequestParam(value = "error", required = false) String error){
        StringBuilder builder = new StringBuilder();

        builder.append("<!DOCTYPE html>");
        builder.append("<html>");
        builder.append("<head>");
        builder.append("    <meta charset=\"utf-8\">");
        builder.append("    <meta name=\"viewport\" content=\"width=device-width, initial-scale=1, shrink-to-fit=no\">");
        builder.append("    <title>登陆</title>");
        builder.append("</head>");
        builder.append("<body>");
        builder.append("<div style=\"width:100%;display: flex; flex-direction: row; -webkit-box-pack: center; justify-content: center; -webkit-box-align: center; align-items: center; box-sizing: border-box;margin: 0px auto;padding-top: 40px;\">");
        builder.append("<form style=\"width:330px;box-sizing: border-box;padding: 0;margin: 0;\" method=\"post\" action=\"/login\">");
        if(null != error){
            builder.append("<div style=\"margin-bottom:10px;padding:5px 8px;border:1px solid #ff934c;background-color:#fff3cd;\">");
            builder.append("<span style=\"font-size:12px;color:#664d03;\">登陆账号或密码错误</span>");
            builder.append("</div>");
        }
        builder.append("<div style=\"width:100%;box-sizing:border-box;padding:0;margin-bottom:18px;\">");
        builder.append("<input style=\"width:100%;box-sizing:border-box;margin:0;height:42px;border:1px solid #d7d8d9;\" type=\"text\" id=\"username\" name=\"username\"   placeholder=\"请输入账号\" required oninvalid=\"this.setCustomValidity('账号不能为空')\" oninput=\"this.setCustomValidity('')\">");
        builder.append("</div>");
        builder.append("<div style=\"width:100%;box-sizing:border-box;padding:0;margin-bottom:18px;\">");
        builder.append("<input style=\"width:100%;box-sizing:border-box;margin:0;height:42px;border:1px solid #d7d8d9;\" type=\"password\" id=\"password\" name=\"password\"  placeholder=\"请输入密码\" required oninvalid=\"this.setCustomValidity('密码不能为空')\" oninput=\"this.setCustomValidity('')\">");
        builder.append("</div>");
        builder.append("<div style=\"width:100%;box-sizing:border-box;padding:0;margin: 0;\">");
        builder.append("<button style=\"width:100%;box-sizing:border-box;padding:0;margin: 0;height:42px;line-height:42px;background-color:#007bff;color:white;font-size:14px;border:1px solid #007bff;\" type=\"submit\">登陆</button>");
        builder.append("</div>");
        builder.append("</form>");
        builder.append("</div>");
        builder.append("</body>");
        builder.append("</html>");

        return builder.toString();
    }

}

8.数据库:

CREATE DATABASE  IF NOT EXISTS `oauth2_dev` /*!40100 DEFAULT CHARACTER SET utf8mb4 COLLATE utf8mb4_0900_ai_ci */ /*!80016 DEFAULT ENCRYPTION='N' */;
USE `oauth2_dev`;
-- MySQL dump 10.13  Distrib 8.0.26, for Win64 (x86_64)
--
-- Host: localhost    Database: oauth2_dev
-- ------------------------------------------------------
-- Server version	8.0.26

/*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */;
/*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */;
/*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */;
/*!50503 SET NAMES utf8 */;
/*!40103 SET @OLD_TIME_ZONE=@@TIME_ZONE */;
/*!40103 SET TIME_ZONE='+00:00' */;
/*!40014 SET @OLD_UNIQUE_CHECKS=@@UNIQUE_CHECKS, UNIQUE_CHECKS=0 */;
/*!40014 SET @OLD_FOREIGN_KEY_CHECKS=@@FOREIGN_KEY_CHECKS, FOREIGN_KEY_CHECKS=0 */;
/*!40101 SET @OLD_SQL_MODE=@@SQL_MODE, SQL_MODE='NO_AUTO_VALUE_ON_ZERO' */;
/*!40111 SET @OLD_SQL_NOTES=@@SQL_NOTES, SQL_NOTES=0 */;

--
-- Table structure for table `oauth2_authorization`
--

DROP TABLE IF EXISTS `oauth2_authorization`;
/*!40101 SET @saved_cs_client     = @@character_set_client */;
/*!50503 SET character_set_client = utf8mb4 */;
CREATE TABLE `oauth2_authorization` (
  `id` varchar(100) NOT NULL,
  `registered_client_id` varchar(100) NOT NULL,
  `principal_name` varchar(200) NOT NULL,
  `authorization_grant_type` varchar(100) NOT NULL,
  `authorized_scopes` varchar(1000) DEFAULT NULL,
  `attributes` text,
  `state` varchar(500) DEFAULT NULL,
  `authorization_code_value` text,
  `authorization_code_issued_at` timestamp NULL DEFAULT NULL,
  `authorization_code_expires_at` timestamp NULL DEFAULT NULL,
  `authorization_code_metadata` text,
  `access_token_value` text,
  `access_token_issued_at` timestamp NULL DEFAULT NULL,
  `access_token_expires_at` timestamp NULL DEFAULT NULL,
  `access_token_metadata` text,
  `access_token_type` varchar(100) DEFAULT NULL,
  `access_token_scopes` varchar(1000) DEFAULT NULL,
  `oidc_id_token_value` text,
  `oidc_id_token_issued_at` timestamp NULL DEFAULT NULL,
  `oidc_id_token_expires_at` timestamp NULL DEFAULT NULL,
  `oidc_id_token_metadata` text,
  `refresh_token_value` text,
  `refresh_token_issued_at` timestamp NULL DEFAULT NULL,
  `refresh_token_expires_at` timestamp NULL DEFAULT NULL,
  `refresh_token_metadata` text,
  `user_code_value` text,
  `user_code_issued_at` timestamp NULL DEFAULT NULL,
  `user_code_expires_at` timestamp NULL DEFAULT NULL,
  `user_code_metadata` text,
  `device_code_value` text,
  `device_code_issued_at` timestamp NULL DEFAULT NULL,
  `device_code_expires_at` timestamp NULL DEFAULT NULL,
  `device_code_metadata` text,
  PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci;
/*!40101 SET character_set_client = @saved_cs_client */;

--
-- Dumping data for table `oauth2_authorization`
--

LOCK TABLES `oauth2_authorization` WRITE;
/*!40000 ALTER TABLE `oauth2_authorization` DISABLE KEYS */;
/*!40000 ALTER TABLE `oauth2_authorization` ENABLE KEYS */;
UNLOCK TABLES;

--
-- Table structure for table `oauth2_registered_client`
--

DROP TABLE IF EXISTS `oauth2_registered_client`;
/*!40101 SET @saved_cs_client     = @@character_set_client */;
/*!50503 SET character_set_client = utf8mb4 */;
CREATE TABLE `oauth2_registered_client` (
  `id` varchar(100) NOT NULL,
  `client_id` varchar(100) NOT NULL,
  `client_id_issued_at` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,
  `client_secret` varchar(200) DEFAULT NULL,
  `client_secret_expires_at` timestamp NULL DEFAULT NULL,
  `client_name` varchar(200) NOT NULL,
  `client_authentication_methods` varchar(1000) NOT NULL,
  `authorization_grant_types` varchar(1000) NOT NULL,
  `redirect_uris` varchar(1000) DEFAULT NULL,
  `post_logout_redirect_uris` varchar(1000) DEFAULT NULL,
  `scopes` varchar(1000) NOT NULL,
  `client_settings` varchar(2000) NOT NULL,
  `token_settings` varchar(2000) NOT NULL,
  PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci;
/*!40101 SET character_set_client = @saved_cs_client */;

--
-- Dumping data for table `oauth2_registered_client`
--

LOCK TABLES `oauth2_registered_client` WRITE;
/*!40000 ALTER TABLE `oauth2_registered_client` DISABLE KEYS */;
INSERT INTO `oauth2_registered_client` VALUES ('08c66356-8f4d-4338-8b69-e313eedb9f46','test','2023-04-13 06:59:25','$2a$10$zayY.GBFA4X6DRYdwb0fQuAWv7QQsf37it3DW4fRSWRL5EYjfu/eW',NULL,'test','client_secret_basic','refresh_token,authorization_code','http://192.168.0.106:3000/login',NULL,'openid','{\"@class\":\"java.util.Collections$UnmodifiableMap\",\"settings.client.require-proof-key\":false,\"settings.client.require-authorization-consent\":false}','{\"@class\":\"java.util.Collections$UnmodifiableMap\",\"settings.token.reuse-refresh-tokens\":true,\"settings.token.id-token-signature-algorithm\":[\"org.springframework.security.oauth2.jose.jws.SignatureAlgorithm\",\"RS256\"],\"settings.token.authorization-code-time-to-live\":[\"java.time.Duration\",300.000000000],\"settings.token.access-token-time-to-live\":[\"java.time.Duration\",300.000000000],\"settings.token.access-token-format\":{\"@class\":\"org.springframework.security.oauth2.server.authorization.settings.OAuth2TokenFormat\",\"value\":\"self-contained\"},\"settings.token.refresh-token-time-to-live\":[\"java.time.Duration\",3600.000000000]}');
/*!40000 ALTER TABLE `oauth2_registered_client` ENABLE KEYS */;
UNLOCK TABLES;

--
-- Table structure for table `role`
--

DROP TABLE IF EXISTS `role`;
/*!40101 SET @saved_cs_client     = @@character_set_client */;
/*!50503 SET character_set_client = utf8mb4 */;
CREATE TABLE `role` (
  `id` int NOT NULL AUTO_INCREMENT,
  `name` varchar(255) DEFAULT NULL,
  `disabled` tinyint DEFAULT NULL,
  `create_time` datetime DEFAULT NULL,
  PRIMARY KEY (`id`)
) ENGINE=InnoDB AUTO_INCREMENT=3 DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci;
/*!40101 SET character_set_client = @saved_cs_client */;

--
-- Dumping data for table `role`
--

LOCK TABLES `role` WRITE;
/*!40000 ALTER TABLE `role` DISABLE KEYS */;
INSERT INTO `role` VALUES (1,'ROLE_ADMIN',0,'2023-04-20 10:00:10'),(2,'ROLE_USER',0,'2023-04-20 10:00:10');
/*!40000 ALTER TABLE `role` ENABLE KEYS */;
UNLOCK TABLES;

--
-- Table structure for table `user`
--

DROP TABLE IF EXISTS `user`;
/*!40101 SET @saved_cs_client     = @@character_set_client */;
/*!50503 SET character_set_client = utf8mb4 */;
CREATE TABLE `user` (
  `id` int NOT NULL AUTO_INCREMENT,
  `name` varchar(255) DEFAULT NULL,
  `password` varchar(255) DEFAULT NULL,
  `mobile` varchar(45) DEFAULT NULL,
  `disabled` tinyint DEFAULT NULL,
  `locked` tinyint DEFAULT NULL,
  `create_time` datetime DEFAULT NULL,
  `update_time` datetime DEFAULT NULL,
  PRIMARY KEY (`id`)
) ENGINE=InnoDB AUTO_INCREMENT=3 DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci;
/*!40101 SET character_set_client = @saved_cs_client */;

--
-- Dumping data for table `user`
--

LOCK TABLES `user` WRITE;
/*!40000 ALTER TABLE `user` DISABLE KEYS */;
INSERT INTO `user` VALUES (1,'张三','$2a$10$IK1kEXta23fbQ0HJhsmdneu7FUjOkKQb.8Glsdv19Won.FnidVQFu','16688886666',0,0,'2023-04-28 10:00:00','2023-04-28 10:00:00');
/*!40000 ALTER TABLE `user` ENABLE KEYS */;
UNLOCK TABLES;

--
-- Table structure for table `user_role`
--

DROP TABLE IF EXISTS `user_role`;
/*!40101 SET @saved_cs_client     = @@character_set_client */;
/*!50503 SET character_set_client = utf8mb4 */;
CREATE TABLE `user_role` (
  `user_id` int NOT NULL,
  `role_id` int NOT NULL,
  PRIMARY KEY (`user_id`,`role_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci;
/*!40101 SET character_set_client = @saved_cs_client */;

--
-- Dumping data for table `user_role`
--

LOCK TABLES `user_role` WRITE;
/*!40000 ALTER TABLE `user_role` DISABLE KEYS */;
INSERT INTO `user_role` VALUES (1,1),(1,2);
/*!40000 ALTER TABLE `user_role` ENABLE KEYS */;
UNLOCK TABLES;
/*!40103 SET TIME_ZONE=@OLD_TIME_ZONE */;

/*!40101 SET SQL_MODE=@OLD_SQL_MODE */;
/*!40014 SET FOREIGN_KEY_CHECKS=@OLD_FOREIGN_KEY_CHECKS */;
/*!40014 SET UNIQUE_CHECKS=@OLD_UNIQUE_CHECKS */;
/*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */;
/*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */;
/*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;
/*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */;

-- Dump completed on 2023-07-01  9:25:58

9.调试:

获取code方法:打开chrome,输入地址回车http://192.168.0.106:9000/oauth2/authorize?response_type=code&client_id=test&redirect_uri=http://192.168.0.106:3000/login

输入账号16688886666密码123获取到临时code

获取token,用postman或者curl命令

curl --location --request POST "http://192.168.0.106:9000/oauth2/token?code={临时码}&grant_type=authorization_code&redirect_uri=http%3A%2F%2F192.168.0.106%3A3000%2Flogin" --header "Authorization: Basic dGVzdDoxMjM="

danleiter
关注
专栏目录
Spring Boot OAuth2 认证服务器搭建及授权码认证演示
oscar999的专栏
07-26 1057
本篇基于JDK8 搭建Spring Boot 的OAuth 2的认证服务器, 并完全显示授权码认证模式的完整过程
Spring Security 学习笔记(六)--OAuth2.0
SuperArc1999的博客
01-08 1823
6.1OAuth2.0介绍 OAuth(开放授权)是一个开放标准,允许用户授权第三方应用访问他们存储在另外的服务提供者上的信息。而不需要将用户名和密码提供给第三方应用或分享他们数据的所有内容。OAuth2.0是OAuth协议的延续版本,但不向后兼容OAuth1.0。即完全废止了OAuth1.0。很多大公司如Google,Yahoo,Microsoft等都提供了OAuth认证服务,这些足以证明OAuth标准逐渐成为开放资源授权的标准。 OAuth2.0已被广泛应用。 下面是OAuth2.0的认证流程
Spring Authorization Server 授权服务器
xxxzzzqqq_的博客
03-07 2723
Spring Authorization Server 遵循Oauth2.1和OpenID Connect 1.0,它建立在Spring Security之上。 ​
Spring Authorization Server 1.1.1 学习记录
qq_41896122的博客
06-30 2153
则不签发 refreshe_token, 和网上很多人都不太一样, 但是OIDC模式该字段必须是none,因为没有 client_secret,所以现在还不清楚如何在该模式下获取refreshe_token。该模式的流程不过多进行赘述了,和OAuth2.0一致:引导客户端做认证,回调给客户端携带code,客户端再携带code,client_secret 等请求。, 这里就和授权码模式一样了,接下来,再访问服务端 /oauth2/token 来获取token,需要携带。需要后端服务作为支持,可以存储。
Spring Authorization Server授权框架
最新发布
aRtHuR1207的博客
09-25 768
英文官网假设想要以 Google 帐号来登录 echatsoft客服系统,需要怎么做呢?最简单的方式是把用户名密码交给 echatsoft,这样 echatsoft 就能以 Google 的身份登录。但是这样存在很大的安全隐患,如果echatsoft不小心泄漏了用户名密码,或者想要撤销授权的时候,基本就没有很好的办法。因此我们需要一种授权协议,并不直接给第三方应用用户名密码,而是引入一个中间层,access_token。
Spring Authorization Server 1.1 扩展实现 OAuth2 密码模式与 Spring Cloud 的整合实战
热门推荐
有来技术
10-24 1万+
本文基于开源微服务商城项目 youlai-mall、Spring Boot 3 和 Spring Authorization Server 1.1 版本,演示了如何扩展密码模式,以及如何将其应用于 Spring Cloud 微服务实战。
[Spring] Spring Authorization Server 0.1.1 版发布
邓超的博客
05-11 261
欢迎加入 Spring cloud 交流群: 617143034 原文地址: https://spring.io/blog/2021/05/10/spring-authorization-server-0-1-1-available-now 正文 代表团队和所有贡献者,我们很高兴在今天 (2021-05-11) 发布了 Spring Authorization Server 的 0.1.1 版本! 您可以从 repo.spring.io 和 Maven Central 下载它: compile 'org..
spring-authorization-server-1.1.0已发布
LiMng06的博客
05-23 319
本次新增了几个重要的内容:
[spring]-【spring-oauth2】-笔记1
长泽雅美我老婆的博客
04-06 4871
oauth2的简单体验,后续会继续更新多点的内容(是自己看网课和文档,自己慢慢摸索出来的,所以写的比较杂,涉及简单的源码部分) 一、简单体验 1. 搭建项目 没什么操作,注意控制住spring-cloud 和 spring-boot 的版本就OK。 依赖: -pom.xml <parent> <groupId>org.springframework.boot</groupId> <artifactId>sprin.
SSM整合(MyBatis-Spring-SpringMVC)...校验技术
qq_45181415的博客
03-16 760
实用技术-校验框架 SSM整合-视频 纯注解开发SSM 1 校验框架 1.1 入门 1.1.1 表单校验的重要性 表单校验保障了数据有效性、安全性 数据可以随意输入,导致错误的结果。 1.1.2 表单校验分类 按校验位置分类: 客户端校验:浏览器,手机APP 服务端校验:后端服务器代码校验 按校验内容分类: 格式校验:比如年龄是否为负数,邮箱是否符合规则 逻辑校验:比如用户名在当前项目中是否已注册(需要查询数据库或者业务校验) 1.1.3 格式校验规则 以下几种全部属于格式校验: 长度.
Spring Security集成Oauth2实现用户身份验证+授权
qq_38586378的博客
06-05 5668
前言 最近的项目有使用到Sping Security和Oauth做用户身份验证和授权机制,所以在网上找了点资料简单学习并写了个小demo,在此进行记录总结。 参考链接 1. Spring Security了解:https://www.springcloud.cc/spring-security-zhcn.html 2. Spring Boot集成Spring Security: https://www.jianshu.com/p/afe6619d9663 https://www.cnblogs.
spring-authorization-server:由Spring Security团队领导的社区驱动项目,致力于为Spring社区提供Authorization Server支持
03-20
Spring授权服务器 Spring Authorization Server是由团队领导的社区驱动的项目,致力于向Spring社区提供支持。 该项目将作为独立项目在Spring的实验项目中开始,以便它可以更快地发展。 该项目的最终目标是取代提供的Authorization Server支持。 在我们社区的急需帮助下,该项目将以与原始Spring Security OAuth项目相同的方式增长。 功能规划 该项目使用来确定功能路线图的优先级,并帮助组织项目计划。可以在访问项目板。建议安装ZenHub因为它在GitHub的用户界面中本地集成。 可以在查看已完成和即将发布的功能列表。 入门 首先要阅读的是以深入了解如何构建授权服务器。这是至关重要的第一步,因为实现必须符合OAuth 2.0授权框架中定义的规范以及。 第二个开始是要非常熟悉以下Spring Security模块中的代码库: (
spring-security-oauth2-authorization-server.zip
08-25
本文以最简配置搭建一个授权服务,让大家初步了解授权服务及相关表。 token 存于数据库中 例子基于Spring Boot 2.1.7.RELEASE ,使用mysql数据库
spring authorization server 1.0.1与阿里nacos2.2.2微服务学习笔记(一)
菜鸟的学习笔记
12-02 1851
虽然spring authorization server学起来比较困难,但是我会坚持下去的。希望我这个小菜鸟能成功学会oauth2
Spring 官方发起Spring Authorization Server 项目
码农小胖哥
04-20 2244
Spring官方在近日发布了一则消息:将发起一个新的名为Spring Authorization Server[1]的项目。该项目是由Spring Security主导的一个社区驱动项目...
spring-authorization-server1.1.1)自定义认证
weixin_43861630的博客
07-27 3293
spring-authorization-server 1.1.1 spring-authorization-server自定义认证 spring-authorization-server 客户端及授权服务器
Spring Authorization Server (一)基本搭建
不知名酸奶糖 的博客
03-19 964
Spring Authorization Server 是一个框架,它提供OAuth 2.1和OpenID Connect 1.0规范以及其他相关规范的实现。它建立在Spring Security之上,为构建 OpenID Connect 1.0 身份提供者和 OAuth2 授权服务器产品提供安全、轻量级和可定制的基础。
Spring Authorization Server使用
zzy7075的专栏
05-21 1121
既然涉及到签名,就涉及到签名算法,对称加密还是非对称加密,那么就需要加密的 密钥或者公私钥对。不存在签名的JWT是不安全的,存在签名的JWT是不可窜改的。,目前已经到了 0.1.2 的版本,不过该项目还是一个实验性的项目,不可在生产环境中使用,此处来使用项目搭建一个简单的授权服务器。没有用户的参与,一般可以用于内部系统之间的访问,或者系统间不需要用户的参与。的创建,这个张三是授权服务器的用户,此处即QQ服务器的用户。此模式下,没有用户的参与,只有客户端和授权服务器之间的参与。
Spring Authorization Server实战
wsb_2526的博客
07-20 1135
OAuth是一个开放标准的授权协议,允许用户授权第三方应用访问其在某个服务提供者上的受保护资源,而无需将其实际的凭证(比如用户和密码)分享给第三方应用。OAuth2.0协议的流程如下:用户打开客户端后,客户端要求用户给与授权;用户同意给客户端授权;客户端使用上一步获得授权,向服务器申请令牌;授权服务器对客户端认证后,向客户端发放令牌;客户端使用令牌,向资源服务器申请获取资源;资源服务器确认令牌有效后,向客户端开发资源;
spring-authorization-server自定义认证配置
09-20
使用spring-authorization-server时,我们可以通过自定义认证配置来对授权服务器进行个性化的定制。具体步骤如下: 1. 创建自定义认证配置类:我们可以创建一个自定义的配置类,继承自...
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值