手把手教你用SpringBoot将Spring Security与OAuth 2.0进行整合

最新推荐文章于 2024-04-26 16:12:17 发布
最新推荐文章于 2024-04-26 16:12:17 发布
阅读量2.4k 收藏 17
点赞数 4
分类专栏: SpringBoot 文章标签: spring boot spring security oauth2.0
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/qq_26020387/article/details/107893329
版权

写在前面
Spring Security 作为一款Spring 家族中的一款安全框架,在Spring Boot 环境下可以很容易的将其嵌入其中。 本项目建议有一些Spring Security基础的人学习。纯小白用户建议先学习 [Spring Security 入门](https://blog.csdn.net/qq_26020387/article/details/107495056)

本文涉及知识点

  1. Spring Boot
  2. Spring Security
  3. OAuth 2.0
  4. MySQL
  5. MyBatis
  6. Redis
  7. JWT

使用Spring Boot 作为项目骨架,随后会出一篇使用Spring Cloud将这些技术点进行整合。前者更适合小型项目或练习用,后者更适合在中大型项目中部署使用。

该项目已开源到GitHub传送门。这篇文章会尽可能详细的讲解每一个步骤,若做不出来或有问题可以去GitHub下载本项目的源码或私信作者。

一、项目结构

在这里插入图片描述

config : 配置包,用于配置OAuth,Security, JWT
controller:外部可请求的资源
dao:数据持久层
entity:实体类
service:业务层
util:工具包

user_db:数据库文件

二、步骤讲解

  1. 创建项目并配置环境。
  2. 创建实体类,dao层,mapper文件,进行数据库连接。
  3. 配置Spring Security,包含实现UserDetailsService接口,配置密码编码器,设置安全拦截器和认证管理器。
  4. 配置JWT,进行Token设置,使用Jwt令牌存储方案。
  5. 配置OAuth 2.0 认证服务器,将jwt令牌存储在redis中,客户端目前使用Memory存储,真实项目需将其替换为jdbc存储。设置授权码模式下授权码从内存中获取,也可设置为jdbc模式。
  6. 配置OAuth 2.0 资源服务器,配置服务令牌解析服务器和资源访问安全配置。

三、代码实现

1. 创建项目并配置环境

可以在创建项目时进行勾选,可以直接复制pom文件中的坐标
版本:

  • spring boot : 2.3.0
  • spring-cloud-starter-oauth2 :2.2.1.RELEASE
  • mybatis-spring-boot-starter : 2.1.2
  • mysql : 5.1.47

使用 spring-cloud-starter-oauth2 可以省去很多引其他包的步骤,尽量避免由于版本造成的问题报错。

pom.xml

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
    <modelVersion>4.0.0</modelVersion>
    <groupId>com.aaa</groupId>
    <artifactId>springboot-security-oauth2</artifactId>
    <version>0.0.1-SNAPSHOT</version>
    <name>springboot-security-oauth2</name>
    <description>Demo project for Spring Boot</description>

    <properties>
        <java.version>1.8</java.version>
        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
        <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
        <spring-boot.version>2.3.0.RELEASE</spring-boot.version>
    </properties>

    <dependencies>
        <!-- spring web -->
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-web</artifactId>
        </dependency>

        <!-- spring security-->
        <dependency>
            <groupId>org.springframework.cloud</groupId>
            <artifactId>spring-cloud-starter-oauth2</artifactId>
            <version>2.2.1.RELEASE</version>
        </dependency>
        <!-- redis -->
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-data-redis</artifactId>
        </dependency>
        <!-- test -->
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-test</artifactId>
            <scope>test</scope>
        </dependency>
        <!-- mybatis -->
        <dependency>
            <groupId>org.mybatis.spring.boot</groupId>
            <artifactId>mybatis-spring-boot-starter</artifactId>
            <version>2.1.2</version>
        </dependency>
        <!-- mysql -->
        <dependency>
            <groupId>mysql</groupId>
            <artifactId>mysql-connector-java</artifactId>
            <version>5.1.47</version>
        </dependency>
        <dependency>
            <groupId>junit</groupId>
            <artifactId>junit</artifactId>
            <scope>test</scope>
        </dependency>
    </dependencies>

    <dependencyManagement>
        <dependencies>
            <dependency>
                <groupId>org.springframework.boot</groupId>
                <artifactId>spring-boot-dependencies</artifactId>
                <version>${spring-boot.version}</version>
                <type>pom</type>
                <scope>import</scope>
            </dependency>
        </dependencies>
    </dependencyManagement>

    <build>
        <plugins>
            <plugin>
                <groupId>org.springframework.boot</groupId>
                <artifactId>spring-boot-maven-plugin</artifactId>
                <version>2.3.0.RELEASE</version>
            </plugin>
        </plugins>
    </build>
</project>

application.properties

在这里对web、DataSource、MyBatis、Redis进行配置
注意:pom.xml中对于jdbc驱动引用在spring.datasource.driver-class-name对应的值不同,一定要根据自己在pom文件选择的jdbc驱动版本选择driver-class-name。

# web
server.port=8080
server.servlet.context-path=/
spring.application.name=security-springboot
# DataSource
spring.datasource.url=jdbc:mysql://localhost:3306/user_db
spring.datasource.username=root
spring.datasource.password=root
spring.datasource.driver-class-name=com.mysql.jdbc.Driver
# mybatis
mybatis.mapper-locations=classpath:mapper/*.xml

#logging.level.root=debug

# redis
spring.redis.database=0
spring.redis.host=127.0.0.1

spring.redis.port=6379
spring.redis.password=
spring.redis.pool.max-active=8
spring.redis.pool.max-wait=-1
spring.redis.pool.max-idle=8

spring.redis.pool.min-idle=0
spring.redis.timeout=0

2. 连接数据库

这里与通常使用mybatis连接数据库方式相同。不难但步骤较多

a. 创建数据库

user_db.sql

-- ----------------------------
-- Table structure for t_permission
-- ----------------------------
DROP TABLE IF EXISTS `t_permission`;
CREATE TABLE `t_permission`  (
  `id` varchar(32) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL,
  `code` varchar(32) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL COMMENT '权限标识符',
  `description` varchar(64) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL COMMENT '描述',
  `url` varchar(128) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL COMMENT '请求地址',
  PRIMARY KEY (`id`) USING BTREE
) ENGINE = InnoDB CHARACTER SET = utf8 COLLATE = utf8_general_ci ROW_FORMAT = Compact;

-- ----------------------------
-- Records of t_permission
-- ----------------------------
INSERT INTO `t_permission` VALUES ('1', 'p1', '测试资源\r\n1', '/resource/r1');
INSERT INTO `t_permission` VALUES ('2', 'p2', '测试资源2', '/resource/r2');
INSERT INTO `t_permission` VALUES ('3', 'p3', '测试资源3', '/resource/r3');

-- ----------------------------
-- Table structure for t_role
-- ----------------------------
DROP TABLE IF EXISTS `t_role`;
CREATE TABLE `t_role`  (
  `id` varchar(32) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL,
  `role_name` varchar(255) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL,
  `description` varchar(255) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL,
  `create_time` datetime(0) NULL DEFAULT NULL,
  `update_time` datetime(0) NULL DEFAULT NULL,
  `status` char(1) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL,
  PRIMARY KEY (`id`) USING BTREE,
  UNIQUE INDEX `unique_role_name`(`role_name`) USING BTREE
) ENGINE = InnoDB CHARACTER SET = utf8 COLLATE = utf8_general_ci ROW_FORMAT = Compact;

-- ----------------------------
-- Records of t_role
-- ----------------------------
INSERT INTO `t_role` VALUES ('1', '管理员', NULL, NULL, NULL, '');

-- ----------------------------
-- Table structure for t_role_permission
-- ----------------------------
DROP TABLE IF EXISTS `t_role_permission`;
CREATE TABLE `t_role_permission`  (
  `role_id` varchar(32) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL,
  `permission_id` varchar(32) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL,
  PRIMARY KEY (`role_id`, `permission_id`) USING BTREE
) ENGINE = InnoDB CHARACTER SET = utf8 COLLATE = utf8_general_ci ROW_FORMAT = Compact;

-- ----------------------------
-- Records of t_role_permission
-- ----------------------------
INSERT INTO `t_role_permission` VALUES ('1', '1');
INSERT INTO `t_role_permission` VALUES ('1', '2');

-- ----------------------------
-- Table structure for t_user
-- ----------------------------
DROP TABLE IF EXISTS `t_user`;
CREATE TABLE `t_user`  (
  `id` bigint(20) NOT NULL AUTO_INCREMENT COMMENT '用户id',
  `username` varchar(64) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL,
  `password` varchar(64) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL,
  `fullname` varchar(255) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL COMMENT '用户姓名',
  `mobile` varchar(11) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL COMMENT '手机号',
  PRIMARY KEY (`id`) USING BTREE
) ENGINE = InnoDB AUTO_INCREMENT = 4 CHARACTER SET = utf8 COLLATE = utf8_general_ci ROW_FORMAT = Compact;

-- ----------------------------
-- Records of t_user
-- ----------------------------
INSERT INTO `t_user` VALUES (1, 'zhangsan', '$2a$10$37vdSYJUVguwXpLDnZfEt.UDC0y6Yk2RCzFuJKfOrWCiTnUFlmj3K', NULL, NULL);
INSERT INTO `t_user` VALUES (2, 'aaa', '$2a$10$UDvMFn8koZzJ70JGriqkbeVBELa.EFnFDFfkglZfiYhUyxryK3ebi', NULL, NULL);
INSERT INTO `t_user` VALUES (3, 'bbb', '$2a$10$eLA6kZcUI2PLvwX9n4unwe4hNZWlVBR5JuJ1fOQaHz9qnFxs.1jS.', NULL, NULL);

-- ----------------------------
-- Table structure for t_user_role
-- ----------------------------
DROP TABLE IF EXISTS `t_user_role`;
CREATE TABLE `t_user_role`  (
  `user_id` varchar(32) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL,
  `role_id` varchar(32) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL,
  `create_time` datetime(0) NULL DEFAULT NULL,
  `creator` varchar(255) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL,
  PRIMARY KEY (`user_id`, `role_id`) USING BTREE
) ENGINE = InnoDB CHARACTER SET = utf8 COLLATE = utf8_general_ci ROW_FORMAT = Compact;

-- ----------------------------
-- Records of t_user_role
-- ----------------------------
INSERT INTO `t_user_role` VALUES ('1', '1', NULL, NULL);

SET FOREIGN_KEY_CHECKS = 1;

b. 创建实体类

User.java

package com.aaa.entity;

/**
 * 用户信息
 * @author 淮南King
 */
public class User {
    /**
     * 用户id
     */
    private String id;
    /**
     * 用户名
     */
    private String username;
    /**
     * 用户密码
     */
    private String password;
    /**
     * 用户角色ID
     */
    private Integer roleId;

    public String getId() {
        return id;
    }

    public void setId(String id) {
        this.id = id;
    }

    public String getUsername() {
        return username;
    }

    public void setUsername(String username) {
        this.username = username;
    }

    public String getPassword() {
        return password;
    }

    public void setPassword(String password) {
        this.password = password;
    }

    public Integer getRoleId() {
        return roleId;
    }

    public void setRoleId(Integer roleId) {
        this.roleId = roleId;
    }
}

Permission.java

package com.aaa.entity;
/**
 *  权限信息
 * @author 淮南King
 */
public class Permission {
    /**
     * 权限id
     */
    private String id;
    /**
     * 权限代号
     */
    private String code;
    /**
     * 权限描述
     */
    private String description;
    /**
     * 路径
     */
    private String url;

    public String getId() {
        return id;
    }

    public void setId(String id) {
        this.id = id;
    }

    public String getCode() {
        return code;
    }

    public void setCode(String code) {
        this.code = code;
    }

    public String getDescription() {
        return description;
    }

    public void setDescription(String description) {
        this.description = description;
    }

    public String getUrl() {
        return url;
    }

    public void setUrl(String url) {
        this.url = url;
    }
}

c. 创建dao层

UserDao.java

package com.aaa.dao;

import com.aaa.entity.User;
import org.apache.ibatis.annotations.Mapper;

import java.util.List;

/**
 * 用户信息持久层
 * @author 淮南King
 */
@Mapper
public interface UserDao {
    /**
     * 根据账号查询用户信息
     *
     * @param username 用户姓名
     * @return 用户信息
     */
    User getUserByUsername(String username);

    /**
     * 根据用户id查询用户权限
     *
     * @param userId 用户id
     * @return 权限列表
     */
    List<String> findPermissionsByUserId(String userId);
}

d. 创建service层

UserService.java

package com.aaa.service;

import com.aaa.dao.UserDao;
import com.aaa.entity.User;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;

import java.util.List;

/**
 * 用户信息持久业务层
 *
 * @author 淮南King
 * @date 2020-07-21
 */
@Service
public class UserService {

    @Autowired UserDao dao;

    public User getUserByUsername(String username) {
        return dao.getUserByUsername(username);
    }

    public List<String> findPermissionsByUserId(String userId) {
        return dao.findPermissionsByUserId(userId);
    }
}

d. mapper层

UserMapper.xml

<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd">
<mapper namespace="com.aaa.dao.UserDao">

    <select id="getUserByUsername" parameterType="String" resultType="com.aaa.entity.User">
        select id,username,password,fullname,mobile from t_user where username = #{username}
    </select>

    <select id="findPermissionsByUserId" parameterType="String" resultType="String">
        SELECT code FROM t_permission WHERE id IN(
            SELECT permission_id FROM t_role_permission WHERE role_id IN(
            SELECT role_id FROM t_user_role WHERE user_id = #{id} ))
    </select>
</mapper>

3. 配置Spring Security

a. 配置UserDetailsService

UserDetail.java

package com.aaa.config;

import com.aaa.dao.UserDao;
import com.aaa.entity.User;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Service;

import java.util.List;

/**
 * 实现spring-security核心接口UserDetailsService
 * 负载用户特定数据
 *
 * @author 淮南King
 */
@Service
public class UserDetail implements UserDetailsService {

    @Autowired UserDao userDao;

    /**
     * 根据账号查询用户信息
     * @param username
     * @return
     */
    @Override public UserDetails loadUserByUsername(String username) {
        //将来连接数据库根据账号查询用户信息
        User user = userDao.getUserByUsername(username);
        //当查询此用户不存在时,将抛出用户名未找到异常
        if (user == null) {
            throw new UsernameNotFoundException("No such user found, the user name is: "+username);
        }
        //根据用户id查询权限
        List<String> permissions = userDao.findPermissionsByUserId(user.getId());
        //将permissions转为数组
        String[] permissionArray = new String[permissions.size()];
        permissions.toArray(permissionArray);
        //创建UserDetails 将从数据库查询到的用户信息包装返回给Security
        UserDetails userDetails =
            org.springframework.security.core.userdetails.User.withUsername(user.getUsername()).password(user.getPassword()).authorities(permissionArray)
                .build();
        return userDetails;
    }
}

b. security核心配置

WebSecurityConfig.java

package com.aaa.config;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;

/**
 * spring security配置<br>
 * Order -> 指定优先级别  值越低,优先级越高。值越高,优先级越低<br>
 * EnableGlobalMethodSecurity 启用全局方法安全,启用pre注解
 * @author 淮南King
 */
@Configuration
@Order(10)
@EnableGlobalMethodSecurity(securedEnabled = true, prePostEnabled = true)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    /**
     * 密码编码器
     */
    @Bean
    public PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }

    /**
     * 认证管理器
     * @return
     * @throws Exception
     */
    @Bean
    @Override
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }
    /**
     * 安全拦截机制
     * @param http
     * @throws Exception
     */
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        //关闭跨域伪造请求拦截
        http.csrf().disable();
        //开启授权配置
        http.authorizeRequests()
            //允许访问授权接口
            .antMatchers("/login/**","/oauth/**").permitAll()
            //其他所有请求直接放行,权限验证在资源服务器中进行
            .anyRequest().permitAll();
        //允许表单登录
        http.formLogin().permitAll();
    }
}

4. 配置JWT令牌

TokenConfig.java

package com.aaa.config;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.oauth2.provider.token.TokenStore;
import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter;
import org.springframework.security.oauth2.provider.token.store.JwtTokenStore;

/**
 * Token 配置类
 * @author 淮南King
 * @date 2020-08-06
 */
@Configuration
public class TokenConfig {

    /**
     * 签名密钥
     */
    private String SIGNING_KEY = "secret";

    /**
     * token存储
     * @return
     */
    @Bean
    public TokenStore tokenStore() {
        //JWT令牌存储方案
        return new JwtTokenStore(accessTokenConverter());
    }

    /**
     * Jwt访问令牌转换器
     * @return
     */
    @Bean
    public JwtAccessTokenConverter accessTokenConverter() {
        JwtAccessTokenConverter converter = new JwtAccessTokenConverter();
        //对称秘钥,资源服务器使用该秘钥来验证
        converter.setSigningKey(SIGNING_KEY);
        return converter;
    }
}

5. 配置认证服务器

MyAuthorizationServerConfig.java

package com.aaa.config;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Primary;
import org.springframework.data.redis.connection.RedisConnectionFactory;
import org.springframework.http.HttpMethod;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;
import org.springframework.security.oauth2.provider.ClientDetailsService;
import org.springframework.security.oauth2.provider.code.AuthorizationCodeServices;
import org.springframework.security.oauth2.provider.code.InMemoryAuthorizationCodeServices;
import org.springframework.security.oauth2.provider.token.AuthorizationServerTokenServices;
import org.springframework.security.oauth2.provider.token.DefaultTokenServices;
import org.springframework.security.oauth2.provider.token.TokenEnhancerChain;
import org.springframework.security.oauth2.provider.token.TokenStore;
import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter;
import org.springframework.security.oauth2.provider.token.store.redis.RedisTokenStore;

import java.util.Arrays;

/**
 * 认证服务器
 *
 * @author 淮南King
 * @date 2020-08-04
 */
@Configuration
@EnableAuthorizationServer
public class MyAuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {

    @Autowired private RedisConnectionFactory redisConnectionFactory;

    @Autowired private ClientDetailsService clientDetailsService;

    @Autowired private AuthenticationManager authenticationManager;

    @Autowired
    private JwtAccessTokenConverter accessTokenConverter;

    /**
     * 客户端详情服务
     *
     * @param clients
     * @throws Exception
     */
    @Override
    public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
        // 使用in-memory存储
        clients.inMemory()
            // client_id
            .withClient("c1")
            //客户端密钥
            .secret(new BCryptPasswordEncoder().encode("secret"))
            //资源列表
            .resourceIds("res1")
            // 该client允许的授权类型authorization_code,password,refresh_token,implicit,client_credentials
            .authorizedGrantTypes("authorization_code", "password", "client_credentials", "implicit", "refresh_token")
            // 允许的授权范围
            .scopes("all")
            //false跳转到授权页面
            .autoApprove(false)
            //加上验证回调地址
            .redirectUris("http://www.baidu.com");
    }

    /**
     * 设置token存储在redis中
     * @return
     */
    @Bean
    public TokenStore redisTokenStore() {
        //使用redis存储token
        RedisTokenStore redisTokenStore = new RedisTokenStore(redisConnectionFactory);
        //设置redis token存储中的前缀
        redisTokenStore.setPrefix("auth-token:");
        return redisTokenStore;
    }

    /**
     * 令牌管理服务
     *
     * @return
     */
    @Bean
    @Primary
    public AuthorizationServerTokenServices tokenService() {
        DefaultTokenServices service = new DefaultTokenServices();
        //客户端详情服务
        service.setClientDetailsService(clientDetailsService);
        //支持刷新令牌
        service.setSupportRefreshToken(true);
        //令牌存储服务
        service.setTokenStore(redisTokenStore());

        //令牌增强
        TokenEnhancerChain tokenEnhancerChain = new TokenEnhancerChain();
        tokenEnhancerChain.setTokenEnhancers(Arrays.asList(accessTokenConverter));
        service.setTokenEnhancer(tokenEnhancerChain);


        // 令牌默认有效期2小时
        service.setAccessTokenValiditySeconds(7200);
        // 刷新令牌默认有效期3天
        service.setRefreshTokenValiditySeconds(259200);
        return service;
    }

    @Autowired private AuthorizationCodeServices authorizationCodeServices;

    //授权码模式 需要配置
    @Bean
    public AuthorizationCodeServices authorizationCodeServices() {
        //设置授权码模式的授权码如何存取
        return new InMemoryAuthorizationCodeServices();
    }

    @Override
    public void configure(AuthorizationServerEndpointsConfigurer endpoints) {
        endpoints
            //令牌管理服务
            .tokenServices(tokenService())
            //配置JWT转换器
            .accessTokenConverter(accessTokenConverter)
            //认证管理器
            .authenticationManager(authenticationManager)
            //授权码服务
            .authorizationCodeServices(authorizationCodeServices)
            .allowedTokenEndpointRequestMethods(HttpMethod.POST);
    }

    @Override
    public void configure(AuthorizationServerSecurityConfigurer security) {
        security
            //oauth/token_key是公开
            .tokenKeyAccess("permitAll()")
            //oauth/check_token公开
            .checkTokenAccess("permitAll()")
            //表单认证(申请令牌)
            .allowFormAuthenticationForClients();
    }
}

6. 配置资源服务器

MyResourceServerConfig.java

package com.aaa.config;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;
import org.springframework.security.oauth2.provider.error.OAuth2AccessDeniedHandler;
import org.springframework.security.oauth2.provider.token.RemoteTokenServices;
import org.springframework.security.oauth2.provider.token.ResourceServerTokenServices;

/**
 * 资源服务器
 *
 * @author 淮南King
 * @date 2020-08-04
 */
@Configuration
@Order(2)
@EnableResourceServer
public class MyResourceServerConfig extends ResourceServerConfigurerAdapter {

    public static final String RESOURCE_ID = "res1";

    /**
     * 资源服务令牌解析服务
     * @return
     */
    @Bean
    public ResourceServerTokenServices resourceTokenService() {
        //使用远程服务请求授权服务器校验token,必须指定校验token 的url、client_id,client_secret
        RemoteTokenServices service=new RemoteTokenServices();
        service.setCheckTokenEndpointUrl("http://localhost:8080/oauth/check_token");
        service.setClientId("c1");
        service.setClientSecret("secret");
        return service;
    }

    @Override
    public void configure(ResourceServerSecurityConfigurer resources) {
        resources.resourceId(RESOURCE_ID)
            .tokenServices(resourceTokenService())
            .stateless(true);
    }

    /**
     * 资源访问安全配置
     * @param http
     * @throws Exception
     */
    @Override
    public void configure(HttpSecurity http) throws Exception {
        //关闭跨站请求防护
        http.csrf().disable();
        http
            .authorizeRequests()
            // '/oauth/token' 请求进行直接放行
            .antMatchers("/oauth/token").permitAll()
            //  '/resource/**' 资源需要有all 范围
            .antMatchers("/resource/**").access("#oauth2.hasScope('all')")
            // 其他的资源进行放行
            .anyRequest().permitAll();

        //指定要使用的访问拒绝处理程序  OAuth2发送403
        http.exceptionHandling().accessDeniedHandler(new OAuth2AccessDeniedHandler());
    }
}

7. controller资源

AuthController.java

package com.aaa.controller;

import com.aaa.util.SecurityUtil;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

/**
 * 需要权限才能被访问的资源
 * @author 淮南King
 * @date 2020-07-21
 */
@RestController
@RequestMapping("/resource")
public class AuthController {

    /**
     * 测试资源1
     * 拥有p1权限才可以访问
     *
     * @return
     */
    @GetMapping("/r1")
    @PreAuthorize("hasAuthority('p1')")
    public String resource1() {
        //获取当前线程的SecurityContext
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        //获取当前线程的名称
        return SecurityUtil.getUserNameByAuthentication(authentication) + " 访问资源1";
    }

    /**
     * 测试资源2
     * 拥有p2权限才可以访问
     *
     * @return
     */
    @GetMapping("/r2")
    @PreAuthorize("hasAuthority('p2')")
    public String resource2() {
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        return SecurityUtil.getUserNameByAuthentication(authentication) + " 访问资源2";
    }

    /**
     * 测试资源3
     * 拥有p3权限才可以访问
     *
     * @return
     */
    @GetMapping("/r3")
    @PreAuthorize("hasAuthority('p3')")
    public String resource3() {
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        return SecurityUtil.getUserNameByAuthentication(authentication) + " 访问资源3";
    }
}

TestController.java

package com.aaa.controller;

import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RestController;

/**
 * @author 淮南King
 */
@RestController
public class TestController {

    @GetMapping("test")
    public String test(){
        return "test访问成功,这个不需要权限哦!";
    }
}

四、测试

1. 密码模式获取token

http://localhost:8080/oauth/token? client_id=c1&client_secret=secret&grant_type=password&username=shangsan&password=123
使用post请求后可以获取到token
在这里插入图片描述

2. 使用客户端模式获取token

在这里插入图片描述

通过token获取资源

在这里插入图片描述

淮南King
关注
  • 4
    点赞
  • 17
    收藏
    觉得还不错? 一键收藏
  • 6
    评论
专栏目录
springbootspring securityOauth2.0的授权配置代码
08-17
springbootspring securityOauth2.0的授权配置代码 1、项目架构 springbootspring securityOauth2.0 2、主要功能 (1)允许客户端token调用 (2)允许客户端token调用 (3)数据库存储令牌
SpringBootSpring Security OAuth2.0认证授权
Qdog
05-04 2794
一、集成SpringBoot 1.1 集成SpringBoot 1.1.1 创建SpringBoot工程和引入依赖 <?xml version="1.0" encoding="UTF-8"?> <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apa
Spring Boot 整 Spring Security + OAuth2
程序员35
04-02 5455
学习在 Spring Boot 中整 Spring SecurityOAuth2 。 1 OAuth2 概述 1.1 OAuth2 简介 OAuth 是一个开放标准,该标准允许用户让第三方应用访问该用户在某一网站上存储的私密资源(如头像、照片、视频等),而在这个过程中无需将用户名和密码提供给第三方应用。实现这一功能是通过提供一个令牌(token),而不是用户名和密码来访问他们存放在特定服...
Spring Boot携手OAuth2.0,轻松实现微信扫码登录!
最新发布
Yaml4的博客
04-26 1402
✌️大厂全栈码农|毕设实战开发,专注于大学生项目实战开发、讲解和毕业答疑辅导。推荐订阅精彩专栏 👇🏻 避免错过下次更新。
SpringBootspringsecurityOAuth2.0-达摩院
weixin_44021967的博客
08-11 638
文章目录07-01 RESTful简介第九章 Spring Cache第十章 spring security10-03 手工配置用户名密码10-04 HTTPSecurity配置10-05 HTTPSecurity登录表单配置10-06 HTTPSecurity注销登录请求10-07 多个HTTPSecurity10-8 密码加密10-12 动态权限配置SpringBootOAuth2.0 07-01 RESTful简介 添加依赖:web,Rest Repositories,底层使用了Spring Da
springbootspringsecurity+oauth2.0密码授权模式
qq_45072555的博客
01-15 6935
本文采用的springboot去整springsecurity,采用oauth2.0授权认证,使用jwt对token增强。本文仅为学习记录,如有不足多谢提出。
Spring Security + OAuth2.0 整简单案例(Spring Boot)(1)
a52496994的博客
12-10 1384
1 新建SpringBoot项目 新建SpringBoot项目后将pom.xml修改,版本号尽量一致,以免出现一些奇奇怪怪的bug <?xml version="1.0" encoding="UTF-8"?> <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://m
springsecurity OAuth2.0(springboot集成springsecurity 以及springcloud集成springsecurity
qq_73182976的博客
03-12 1203
用户认证通过后,为了避免用户的每次操作都进行认证,将用户的信息保存在会话中。会话就是系统为了保持当前登录的用户的登录状态锁提供的机制。
Spring Security Oauth2.0 实现短信验证码登录示例
08-28
在该示例中,我们将使用 Spring Security Oauth2.0 实现短信验证码登录功能。该功能允许用户使用手机号码和短信验证码进行登录验证。 三、MobileAuthenticationToken 类 MobileAuthenticationToken 类是一个自定义...
SpringbootSpring security+Oauth2+JWT搭建认证服务器,网关,微服务之间权限认证及授权
04-22
SpringbootSpring security+Oauth2+JWT搭建认证服务器,网关,微服务之间权限认证及授权
spring security 基于oauth 2.0 实现 sso 单点登录Demo.zip
06-12
spring security 基于oauth 2.0 实现 sso 单点登录Demo 使用 spring security 基于oauth 2.0 实现 sso 单点登录Demo spring boot + spring security + spring security oauth
Spring Security Oauth2.0认证授权专题
06-19
Spring boot+Spring Security Oauth2.0,Sprint cloud+Spring Security Oauth2集成。四种认证方式。附带有代码,和案例,案例,还有视频链接。我保证看完就回,如果视频链接失效,评论回复我,我单独再给你一份。
SpringBootOAuth2.0看完你就会了!
qq_41826150的博客
08-05 5088
OAuth 2.0是一种开放的授权协议,它允许用户授权第三方应用访问其账户(或资源),而无需共享其用户账户凭据。在Spring Boot中,我们可以使用Spring SecurityOAuth2.0模块来实现授权验证。
SpringbootSpring Security Oauth2.0 + JWT (一)
zh_feiy的博客
10-14 3292
基于Springboot + Spring Security Oauth2.0 + Jwt实现RBAC权限模型,这几个概念就不做描述了,例子很多 整Spring Security pom.xml依赖 <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-security</artifactId> </dep
权限管理 springboot集成springSecurity Oauth2 JWT
qq_50909707的博客
10-06 6631
实现SpringSecurity里的UserDetailsService接口的LoadUserByUsername方法便可以实现自定义登录逻辑。以下代码将实现用户名为admin,密码为123的登录。一旦使用了自定义登录逻辑,原本的user和打印的password登录将不再生效。此时,通过admin 123便可登录。对于登出SpringSecurity也提供了一个/logout的接口。
Spring Boot Security Oauth2.0 整
冰糖的博客
07-08 2165
Spring Boot Security Oauth2.0整写在前面依赖认证服务器基于内存的实现基于数据库的实现授权服务器 写在前面 阅读本文最好具备Spring Boot , Oauth2.0, Maven等等技能 接触oauth其实已经有很多年了,但是由于现实中的业务大多数都是接入第三方,对于搭建Oauth服务的需求i相对较少,无意看了下Spring Security Oauth的代码,发现变动蛮大,就想着搭建一套试试,但是网上的大部分程都比较零散,要么就是抄来抄去。于是自己动手搞一套。 额外提一嘴
Spring cloud OAuth2
lpz658798的博客
03-07 2002
Spring cloud OAuth2 实战开发流程(让你从不会到一站式开发)
springbootspringsecurityOAuth2
足迹人生的博客
01-13 2817
springbootspringsecurityOAuth2
springboot+springsecurity+oauth2整(并用mysql数据库实现持久化客户端数据)
热门推荐
Victor_An的博客
08-13 2万+
springboot+springsecurity+oauth2整(并用mysql实现持久化) 本文主要讲的是,实现oauth2的工作流程,需要对oauth2.0概念有一定的基础知识了解。阅读前请学习oauth2.0的理论知识。文末有此项目代码地址。 介绍 AuthorizationServer的搭建 创建Client 请求access_token 刷新access_token 介......
springbootspringsecurity+oauth2.0实现token认证
07-08
好的,你想了解如何在Spring Boot中整Spring SecurityOAuth 2.0来实现token认证。下面是一个基本的步骤: 1. 添加依赖:在你的`pom.xml`文件中添加Spring SecurityOAuth 2.0的依赖。 ```xml <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-security</artifactId> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-oauth2-client</artifactId> </dependency> ``` 2. 配置Spring Security:创建一个继承自`WebSecurityConfigurerAdapter`的配置类,并覆盖`configure`方法,配置Spring Security。 ```java @Configuration @EnableWebSecurity public class SecurityConfig extends WebSecurityConfigurerAdapter { @Override protected void configure(HttpSecurity http) throws Exception { http .authorizeRequests() .antMatchers("/oauth2/**", "/login/**", "/logout/**") .permitAll() .anyRequest() .authenticated() .and() .oauth2Login() .loginPage("/login") .and() .logout() .logoutUrl("/logout") .logoutSuccessUrl("/") .deleteCookies("JSESSIONID"); } } ``` 这个配置类指定了哪些URL需要进行认证,`antMatchers`方法指定了不需要认证的URL。 3. 配置OAuth 2.0客户端:创建一个继承自`WebSecurityConfigurerAdapter`的配置类,并使用`@EnableOAuth2Client`注解开启OAuth 2.0客户端。 ```java @Configuration @EnableOAuth2Client public class OAuth2ClientConfig extends WebSecurityConfigurerAdapter { @Override protected void configure(HttpSecurity http) throws Exception { // 配置HTTP Security } @Bean public OAuth2AuthorizedClientService authorizedClientService( OAuth2ClientRegistrationRepository clientRegistrationRepository) { return new InMemoryOAuth2AuthorizedClientService(clientRegistrationRepository); } } ``` 这个配置类可以用来配置OAuth 2.0的客户端,你可以在`configure`方法中添加一些额外的配置。 4. 配置OAuth 2.0客户端注册:在`application.properties`文件中配置OAuth 2.0的客户端注册信息。 ```properties spring.security.oauth2.client.registration.my-client-id.client-id=your-client-id spring.security.oauth2.client.registration.my-client-id.client-secret=your-client-secret spring.security.oauth2.client.registration.my-client-id.scope=your-scopes spring.security.oauth2.client.registration.my-client-id.authorization-grant-type=authorization_code spring.security.oauth2.client.registration.my-client-id.redirect-uri=your-redirect-uri ``` 这个配置文件中的`my-client-id`是你自己指定的客户端ID,你需要将其替换为你自己的信息。 这些步骤是实现Spring Boot中整Spring SecurityOAuth 2.0实现token认证的基本步骤。你可以根据自己的需求进行进一步的配置和扩展。

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论 6
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值