本文章不对token的验证操作,只是第三方的模块对Oauth2的使用,使用场景,对一整套系统进行模块化开发,子模块的api采用主枝模块的Oauth2进行安全性验证
在pom.xml中添加依赖
<dependency> <groupId>org.springframework.security.oauth</groupId> <artifactId>spring-security-oauth2</artifactId> </dependency>
在dev.yml文件中添加
security:
oauth2:client:
access-token-uri: http://localhost:8080/oauth/token
client-id: locaca-66
client-secret: dsmfksdmfs
client-authentication-scheme: form
grant-type: client_credentials
resource:
user-info-uri: http://localhost:8080/api/check_token
token的验证地址为 http://localhost:8080/api/check_token
新增类
@RestController @Configuration @EnableResourceServer @EnableGlobalMethodSecurity(prePostEnabled = true) public class ResourceServerConfig extends ResourceServerConfigurerAdapter { @Autowired private ApplicationContext applicationContext; /** * CORS过滤器,填加CORS头 * @return CORS过滤器,供Spring使用。 */ @Bean public CorsFilter corsFilter() { final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(); final CorsConfiguration config = new CorsConfiguration(); config.setAllowCredentials(true); config.addAllowedOrigin("*"); config.addAllowedHeader("*"); config.addAllowedMethod("GET"); config.addAllowedMethod("PUT"); config.addAllowedMethod("POST"); config.addAllowedMethod("DELETE");