最近在搞关于oauth2的系统,在网上的资料比较杂乱,也痛苦了不少了时间,最后终于开发好了符合自己实际应用的系统
在这里顺便把整理后的例子发上来,希望能够帮到别人,同时也给自己留个记录
首先,先添加依赖
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-oauth2</artifactId>
</dependency>
例子使用redis来存储token信息,加入redis依赖
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-redis</artifactId>
</dependency>
使用mysql来保存客户端信息,加入mysql依赖
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-jdbc</artifactId>
</dependency>
<dependency>
<groupId>com.alibaba</groupId>
<artifactId>druid-spring-boot-starter</artifactId>
<version>1.1.13</version>
</dependency>
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
</dependency>
application.properties
server.port=8080
#datasource config
spring.datasource.url=jdbc:mysql://localhost:3306/oauth_test?useUnicode=true&characterEncoding=utf8
spring.datasource.driver-class-name=com.mysql.cj.jdbc.Driver
spring.datasource.username=root
spring.datasource.password=
#redis config
spring.redis.host=127.0.0.1
spring.redis.port=6379
spring.redis.password=123456
step1.配置spring security
package cn.tanntly.authentication.server.config;
import org.springframework.context.annotation.Bean;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
@EnableGlobalMethodSecurity(prePostEnabled = true)
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Override
public void configure(HttpSecurity http) throws Exception {
http.csrf().disable();
http.requestMatchers().antMatchers("/oauth/**", "/login/**", "/logout/**")
.and().authorizeRequests().antMatchers("/oauth/**").authenticated()
.and().formLogin().permitAll();
}
//配置内存模式的用户
@Bean
@Override
protected UserDetailsService userDetailsService() {
//用户暂时使用内存模式,可以自行实现UserDetailsService后,进行替换
InMemoryUserDetailsManager inMemoryUserDetailsManager = new InMemoryUserDetailsManager();
inMemoryUserDetailsManager.createUser(User.withUsername("user_1")
//这一堆是123456使用 BCryptPasswordEncoder 编码之后的样子
.password("$2a$10$u2.TGFJuzx13g1lDXoy.KeUQU8s6/HoqTaHCqWMV8/eeyLUEyYs9W").authorities("USER").build());
return inMemoryUserDetailsManager;
}
@Override
@Bean
public AuthenticationManager authenticationManagerBean() throws Exception {
//支持password模式
return super.authenticationManagerBean();
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
//新版本不配置会抛空指针
auth.userDetailsService(userDetailsService()).passwordEncoder(passwordEncoder());
}
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
}
step2.oauth 配置
package cn.tanntly.authentication.server.config;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.data.redis.connection.RedisConnectionFactory;
import org.springframework.http.HttpMethod;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;
import org.springframework.security.oauth2.provider.token.store.redis.RedisTokenStore;
import javax.sql.DataSource;
@Configuration
@EnableAuthorizationServer
public class OAuth2ServerConfig extends AuthorizationServerConfigurerAdapter {
@Autowired
private AuthenticationManager authenticationManager;
@Autowired
private DataSource dataSource;
@Autowired
private RedisConnectionFactory redisConnectionFactory;
@Override
public void configure(AuthorizationServerSecurityConfigurer oauthServer) {
oauthServer
.realm("oauth2-resources")
.tokenKeyAccess("permitAll()")
.checkTokenAccess("permitAll()")
.allowFormAuthenticationForClients();
}
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) {
endpoints.authenticationManager(authenticationManager)
.allowedTokenEndpointRequestMethods(HttpMethod.GET, HttpMethod.POST)
.tokenStore(new RedisTokenStore(redisConnectionFactory));
}
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
// 默认使用内存,这里配置使用数据库
clients.jdbc(dataSource);
}
}
同时附带client的数据库结构:
CREATE TABLE `oauth_client_details` (
`client_id` varchar(128) NOT NULL,
`resource_ids` varchar(128) DEFAULT NULL,
`client_secret` varchar(128) DEFAULT NULL,
`scope` varchar(128) DEFAULT NULL,
`authorized_grant_types` varchar(128) DEFAULT NULL,
`web_server_redirect_uri` varchar(128) DEFAULT NULL,
`authorities` varchar(128) DEFAULT NULL,
`access_token_validity` int(11) DEFAULT NULL,
`refresh_token_validity` int(11) DEFAULT NULL,
`additional_information` varchar(4096) DEFAULT NULL,
`autoapprove` varchar(128) DEFAULT NULL,
PRIMARY KEY (`client_id`) USING BTREE
)
step3.测试
1.客户端模式
{
"access_token": "ca8b91e3-c9a0-490f-9499-b984bcc6aa4a",
"token_type": "bearer",
"expires_in": 1199,
"scope": "all"
}
2.密码模式
{
"access_token": "79216763-d5d6-4562-a3aa-f7c93e4afb88",
"token_type": "bearer",
"refresh_token": "f01683fa-c6dc-40c6-8baa-09b404f3b7be",
"expires_in": 1199,
"scope": "all"
}
3.授权码模式
3.1进入登录页面
3.2登录成功后,跳转到回调地址时,会带上授权码code
https://www.baidu.com/?code=3b27p3
3.3通过code获取token
{
"access_token": "79216763-d5d6-4562-a3aa-f7c93e4afb88",
"token_type": "bearer",
"refresh_token": "f01683fa-c6dc-40c6-8baa-09b404f3b7be",
"expires_in": 690,
"scope": "all"
}