SpringSecurity+OAuth2实现资源权限拦截管理
第一部分、客户端系统
一、接入第三方单点登录系统
1、添加依赖
< dependency>
< groupId> org.springframework.cloud</ groupId>
< artifactId> spring-cloud-starter-oauth2</ artifactId>
</ dependency>
< dependency>
< groupId> org.springframework.security.oauth</ groupId>
< artifactId> spring-security-oauth2</ artifactId>
< version> 2.3.3.RELEASE</ version>
</ dependency
<dependency >
< groupId> org.springframework.boot</ groupId>
< artifactId> spring-boot-starter-security</ artifactId>
</ dependency>
2、添加配置项
spring :
application :
name : 38- security
server :
port : 8038
security :
oauth2 :
client :
clientId : bd1c0a783ccdd1c9b9e4
clientSecret : 1a9030fbca47a5b2c28e92f19050bb77824b5ad1
accessTokenUri : https: //github.com/login/oauth/access_token
userAuthorizationUri : https: //github.com/login/oauth/authorize
clientAuthenticationScheme : form
resource :
userInfoUri : https: //api.github.com/user
preferTokenInfo : false
2、添加配置类
@Configuration
@EnableOAuth2Sso
public class SSOConfig {
}
3、添加配置项
这里是接入第三方的登录认证 https://github.com/login/oauth/access_token
4、简单识别的Controller
@RestController
public class IndexController {
@GetMapping ( "/index" )
public String index ( ) {
return "Welcome to the index!" ;
}
@GetMapping ( "/user" )
public Principal principal ( Principal user) {
return user;
}
}
二、使用本地的SSO登录认证服务
1、添加配置项
spring :
application :
name : 36- security
server :
port : 8036
eureka :
client :
serviceUrl :
defaultZone : http: //127.0.0.1: 8030/eureka/
security :
oauth2 :
client :
access-token-uri : http: //localhost: 8034/oauth/token
user-authorization-uri : http: //localhost: 8034/oauth/authorize
client-id : clientId
client-secret : secret
client-authentication-scheme : form
use-current-uri : false
pre-established-redirect-uri : http: //localhost: 8036/
grant-type : authorization_code
resource :
user-info-uri : http: //localhost: 8035/user
prefer-token-info : false
2、配置类
@Configuration
@EnableOAuth2Sso
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure ( HttpSecurity http) throws Exception {
http. csrf ( ) . disable ( )
. sessionManagement ( )
. sessionCreationPolicy ( SessionCreationPolicy . IF_REQUIRED )
. and ( )
. requestMatchers ( ) . anyRequest ( )
. and ( )
. authorizeRequests ( )
. antMatchers ( "/user/**" ) . authenticated ( )
. and ( )
. formLogin ( ) . successForwardUrl ( "/index" )
. and ( )
. logout ( ) . logoutUrl ( "/logout" )
. permitAll ( ) . logoutSuccessUrl ( "/" ) ;
}
}
三、使用本地数据库方式
1、初始化客户端用户表
CREATE TABLE `oauth_client_details` (
`client_id` varchar ( 255 ) NOT NULL ,
`resource_ids` varchar ( 255 ) DEFAULT NULL ,
`client_secret` varchar ( 255 ) DEFAULT NULL ,
`scope` varchar ( 255 ) DEFAULT NULL ,
`authorized_grant_types` varchar ( 255 ) DEFAULT NULL ,
`web_server_redirect_uri` varchar ( 255 ) DEFAULT NULL ,
`authorities` varchar ( 255 ) DEFAULT NULL ,
`access_token_validity` int ( 11 ) DEFAULT NULL ,
`refresh_token_validity` int ( 11 ) DEFAULT NULL ,
`additional_information` text,
`create_time` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ,
`archived` tinyint ( 1 ) DEFAULT '0' ,
`trusted` tinyint ( 1 ) DEFAULT '0' ,
`autoapprove` varchar ( 255 ) DEFAULT 'false' ,
`status` tinyint ( 1 ) DEFAULT NULL ,
`deleted` tinyint ( 1 ) DEFAULT NULL ,
PRIMARY KEY ( `client_id`)
) ENGINE = InnoDB DEFAULT CHARSET = utf8;
2、相关实体以及业务类
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private UserDetailsService userDetailsService;
@Override
protected void configure ( HttpSecurity http) throws Exception {
http. authorizeRequests ( )
. antMatchers ( "/oauth/**" , "/login/**" , "/logout" ) . permitAll ( )
. anyRequest ( ) . authenticated ( )
. and ( )
. formLogin ( )
. loginPage ( "/login" )
. and ( )
. logout ( ) . logoutSuccessUrl ( "/" ) ;
}
@Override
public void configure ( WebSecurity web) throws Exception {
web. ignoring ( ) . antMatchers ( "/assets/**" ) ;
}
@Override
protected void configure ( AuthenticationManagerBuilder auth) throws Exception {
auth. userDetailsService ( myUserDetailsService) . passwordEncoder ( passwordEncoder ( ) ) ;
}
@Bean
@Override
public AuthenticationManager authenticationManager ( ) throws Exception {
return super . authenticationManager ( ) ;
}
@Bean
public PasswordEncoder passwordEncoder ( ) {
return new BCryptPasswordEncoder ( ) ;
}
}