api文档: OAuth for Spring Security 2.4.0.BUILD-SNAPSHOT API
概述参见: Spring Security OAuth2 深入解析_CatalpaFlat的博客-CSDN博客
指定access_token的有效时间,只提供思路,代码不完整
在资源服务器配置类
@EnableResourceServer注解下 继承AuthorizationServerConfigurerAdapter类 重写
public void configure(ClientDetailsServiceConfigurer clients)方法
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Import;
import org.springframework.context.annotation.Primary;
import org.springframework.data.redis.connection.RedisConnectionFactory;
import org.springframework.security.authentication.ProviderManager;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
import org.springframework.security.oauth2.provider.endpoint.TokenEndpoint;
import org.springframework.security.oauth2.provider.token.AuthorizationServerTokenServices;
import org.springframework.security.oauth2.provider.token.DefaultTokenServices;
import org.springframework.security.oauth2.provider.token.store.redis.RedisTokenStore;
import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider;
import java.util.Arrays;
/**
* 认证服务器配置,权限配置
*/
@Configuration
@EnableAuthorizationServer
public class AuthServerConfig extends WebSecurityConfigurerAdapter {
public AuthServerConfig(TokenEndpoint tokenEndpoint) {
tokenEndpoint.setOAuth2RequestValidator(new NonScopeOAuth2RequestValidator());
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.logout().disable();
}
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring(). antMatchers("/swagger-ui.html")
.antMatchers("/webjars/**")
.antMatchers("/v2/**")
.antMatchers("/swagger-resources/**");
}
static class AuthServerConfigurer extends AuthorizationServerConfigurerAdapter {
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients.inMemory()
.withClient("clientId")//clientId
.secret("secret")//secret
.accessTokenValiditySeconds(30)//设置token的有效时间
.authorizedGrantTypes("refresh_token", "password")//授权类型
.scopes("all");//范围
}
}
}