史上【最快Oauth2学习教程】认证及接入
用Oauth2接入权限系统的朋友越来越多,而且通用性比较好,这里为了让大家能够快速地进行学习和使用,特提供教程一份。
工具包版本
Spring Boot 2.2.0.M5
Spring Cloud Hoxton.M2
Spring Cloud OAuth2 2.2.0.M2
开发框架
SpringBoot
maven 依赖引入
- 将AuthenticationManager注入到spring中,方便后续oauth server注入
- 创建UserDetailsService的内存实现,注入一个测试用户
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-oauth2</artifactId>
</dependency>
</dependencies>
配置权限拦截
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {
/**
* 必须注入 AuthenticationManager,不然oauth 无法处理四种授权方式
*
* @return
* @throws Exception
*/
@Bean
@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
/**
* 注入UserDetailsService
* @return
*/
@Bean
@Override
protected UserDetailsService userDetailsService() {
InMemoryUserDetailsManager userDetailsManager = new InMemoryUserDetailsManager();
userDetailsManager.createUser(User.withUsername("lengleng").password("{noop}lengleng").authorities("USER").build());
return userDetailsManager;
}
}
配置oauth2 认证服务器
- 配置clientId 信息及其支持的授权模式
@Configuration
@EnableAuthorizationServer
public class BigAuthServerConfiguration extends AuthorizationServerConfigurerAdapter {
@Autowired
private AuthenticationManager authenticationManager;
@Autowired
private UserDetailsService userDetailsService;
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients.inMemory()
.withClient("appid")
.secret("{noop}secret")
.authorizedGrantTypes("password", "authorization_code", "client_credentials", "implicit", "refresh_token")
.scopes("all");
}
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) {
endpoints.authenticationManager(authenticationManager)
.userDetailsService(userDetailsService);
}
}
以上操作已完成了认证服务器的功能。
测试密码模式
curl -X POST -H "Content-Type: application/x-www-form-urlencoded" -d 'grant_type=password&username=cd&password=cd&scope=all' "http://appid:secret@localhost:8080/oauth/token"
配置资源服务器
- 引入web、 cloud-oauth
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-oauth2</artifactId>
</dependency>
</dependencies>
配置客户端信息
security:
oauth2:
client:
client-id: appid
client-secret: secret
scope: all
resource: # 认证中心的check_token 接口地址
token-info-uri: http://127.0.0.1:8080/oauth/check_token
应用声明资源服务器
- @EnableResourceServer 完成接入
@EnableResourceServer
@EnableDiscoveryClient
@SpringBootApplication
public class Oauth2ServerApplication {
public static void main(String[] args) {
SpringApplication.run(Oauth2ServerApplication.class, args);
}
}
认证服务器暴露check_token
public class BigAuthServerConfiguration extends AuthorizationServerConfigurerAdapter {
/**
* checkTokenAccess 权限设置为isAuthenticated,不然资源服务器 来请求403
* @param oauthServer
*/
@Override
public void configure(AuthorizationServerSecurityConfigurer oauthServer) {
oauthServer
.allowFormAuthenticationForClients()
.checkTokenAccess("isAuthenticated()");
}
}
服务器demo 接口
@RestController
public class DemoController {
@GetMapping("/info")
public Authentication authentication(Authentication authentication) {
return authentication;
}
}
获取token测试
通过token请求测试接口获取当前用户信息
汇总
更多关于Oauth2的知识,请关注如下二维码:
扫一扫
1681
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
