【基于Oauth2的api接口开发】3、自定义授权方式

已于 2022-06-24 10:01:24 修改
阅读量1.8k 收藏 10
点赞数
分类专栏: 接口API 文章标签: spring boot 后端 java
于 2022-06-20 16:52:06 首次发布
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/qq_37634156/article/details/125374913
版权

前言

        spring boot OAuth2.0默认自带了四种授权模式,比如密码模式,授权码模式等。但是在实际生产过程中,这四种模式并不容易满足要求,所以就需要自定义一些授权模式

maven依赖包

<!--oauth2-->
<dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
    <groupId>org.springframework.security.oauth</groupId>
    <artifactId>spring-security-oauth2</artifactId>
    <version>2.2.1.RELEASE</version>
</dependency>

 实现

        本文自定义平台ID授权模式,只需要传入平台ID即可完成授权,实现方法如下:

1、创建tokenConfig配置类

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.oauth2.provider.token.TokenStore;
import org.springframework.security.oauth2.provider.token.store.InMemoryTokenStore;

@Configuration
public class TokenConfig {

    /**
     * 使用内存存储令牌
     * @return
     */
    @Bean
    public TokenStore tokenStore(){
        return new InMemoryTokenStore();
    }
}

2、配置自定义授权模式类 

import com.bw.dsm.config.Oauth2.Platfrom.PlatformGranter;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.ProviderManager;
import org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.oauth2.common.OAuth2AccessToken;
import org.springframework.security.oauth2.provider.*;
import org.springframework.security.oauth2.provider.client.ClientCredentialsTokenGranter;
import org.springframework.security.oauth2.provider.code.AuthorizationCodeServices;
import org.springframework.security.oauth2.provider.code.AuthorizationCodeTokenGranter;
import org.springframework.security.oauth2.provider.code.InMemoryAuthorizationCodeServices;
import org.springframework.security.oauth2.provider.code.RandomValueAuthorizationCodeServices;
import org.springframework.security.oauth2.provider.implicit.ImplicitTokenGranter;
import org.springframework.security.oauth2.provider.password.ResourceOwnerPasswordTokenGranter;
import org.springframework.security.oauth2.provider.refresh.RefreshTokenGranter;
import org.springframework.security.oauth2.provider.request.DefaultOAuth2RequestFactory;
import org.springframework.security.oauth2.provider.token.*;
import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider;

import java.util.ArrayList;
import java.util.Collections;
import java.util.List;

@Configuration
public class TokenGranterConfig {

    @Autowired
    private ClientDetailsService clientDetailsService;

    @Autowired
    private UserDetailsService userDetailsService;

    @Autowired
    private AuthenticationManager authenticationManager;

    @Autowired
    private TokenStore tokenStore;

    @Autowired(required = false)
    private List<TokenEnhancer> tokenEnhancer;

    @Autowired
    private RandomValueAuthorizationCodeServices authorizationCodeServices;

    private boolean reuseRefreshToken = true;

    private AuthorizationServerTokenServices tokenServices;

    private TokenGranter tokenGranter;

    /**
     * 授权模式
     */
    @Bean
    public TokenGranter tokenGranter() {
        if (tokenGranter == null) {
            tokenGranter = new TokenGranter() {
                private CompositeTokenGranter delegate;
                @Override
                public OAuth2AccessToken grant(String grantType, TokenRequest tokenRequest) {
                    if (delegate == null) {
                        delegate = new CompositeTokenGranter(getAllTokenGranters());
                    }
                    return delegate.grant(grantType, tokenRequest);
                }
            };
        }
        return tokenGranter;
    }


    /**
     * 所有授权模式:默认的5种模式 + 自定义的模式
     */
    private List<TokenGranter> getAllTokenGranters() {
        AuthorizationServerTokenServices tokenServices = tokenServices();
        AuthorizationCodeServices authorizationCodeServices = authorizationCodeServices();
        OAuth2RequestFactory requestFactory = requestFactory();
        //获取默认的授权模式
        List<TokenGranter> tokenGranters = getDefaultTokenGranters(tokenServices, authorizationCodeServices, requestFactory);
        if (authenticationManager != null) {
            // 添加platform模式
            tokenGranters.add(new PlatformGranter(authenticationManager, tokenServices, clientDetailsService, requestFactory));
        }
        return tokenGranters;
    }

    /**
     * 默认的授权模式
     */
    private List<TokenGranter> getDefaultTokenGranters(AuthorizationServerTokenServices tokenServices
            , AuthorizationCodeServices authorizationCodeServices, OAuth2RequestFactory requestFactory) {
        List<TokenGranter> tokenGranters = new ArrayList<>();
        // 添加授权码模式
        tokenGranters.add(new AuthorizationCodeTokenGranter(tokenServices, authorizationCodeServices, clientDetailsService, requestFactory));
        // 添加刷新令牌的模式
        tokenGranters.add(new RefreshTokenGranter(tokenServices, clientDetailsService, requestFactory));
        // 添加隐士授权模式
        tokenGranters.add(new ImplicitTokenGranter(tokenServices, clientDetailsService, requestFactory));
        // 添加客户端模式
        tokenGranters.add(new ClientCredentialsTokenGranter(tokenServices, clientDetailsService, requestFactory));
        if (authenticationManager != null) {
            // 添加密码模式
            tokenGranters.add(new ResourceOwnerPasswordTokenGranter(authenticationManager, tokenServices, clientDetailsService, requestFactory));
        }
        return tokenGranters;
    }

    private AuthorizationServerTokenServices tokenServices() {
        if (tokenServices != null) {
            return tokenServices;
        }
        this.tokenServices = createDefaultTokenServices();
        return tokenServices;
    }

    private AuthorizationCodeServices authorizationCodeServices() {
        if (authorizationCodeServices == null) {
            authorizationCodeServices = new InMemoryAuthorizationCodeServices();
        }
        return authorizationCodeServices;
    }

    private OAuth2RequestFactory requestFactory() {
        return new DefaultOAuth2RequestFactory(clientDetailsService);
    }

    private DefaultTokenServices createDefaultTokenServices() {
        DefaultTokenServices tokenServices = new DefaultTokenServices();
        tokenServices.setTokenStore(tokenStore);
        tokenServices.setSupportRefreshToken(true);
        tokenServices.setReuseRefreshToken(reuseRefreshToken);
        tokenServices.setClientDetailsService(clientDetailsService);
        tokenServices.setTokenEnhancer(tokenEnhancer());
        addUserDetailsService(tokenServices, this.userDetailsService);
        return tokenServices;
    }

    private TokenEnhancer tokenEnhancer() {
        if (tokenEnhancer != null) {
            TokenEnhancerChain tokenEnhancerChain = new TokenEnhancerChain();
            tokenEnhancerChain.setTokenEnhancers(tokenEnhancer);
            return tokenEnhancerChain;
        }
        return null;
    }

    private void addUserDetailsService(DefaultTokenServices tokenServices, UserDetailsService userDetailsService) {
        if (userDetailsService != null) {
            PreAuthenticatedAuthenticationProvider provider = new PreAuthenticatedAuthenticationProvider();
            provider.setPreAuthenticatedUserDetailsService(new UserDetailsByNameServiceWrapper<>(userDetailsService));
            tokenServices.setAuthenticationManager(new ProviderManager(Collections.singletonList(provider)));
        }
    }
}

3、创建资源认证配置类,继承AuthorizationServerConfigurerAdapter类

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;
import org.springframework.security.oauth2.provider.ClientDetailsService;
import org.springframework.security.oauth2.provider.TokenGranter;
import org.springframework.security.oauth2.provider.client.JdbcClientDetailsService;
import org.springframework.security.oauth2.provider.code.AuthorizationCodeServices;
import org.springframework.security.oauth2.provider.code.JdbcAuthorizationCodeServices;
import org.springframework.security.oauth2.provider.token.AuthorizationServerTokenServices;
import org.springframework.security.oauth2.provider.token.DefaultTokenServices;
import org.springframework.security.oauth2.provider.token.TokenStore;

import javax.sql.DataSource;

@Configuration
@EnableAuthorizationServer
public class AuthorizationServer extends AuthorizationServerConfigurerAdapter {

    @Autowired
    private TokenStore tokenStore;

    @Autowired
    private ClientDetailsService clientDetailsService;

    @Autowired
    private AuthorizationCodeServices authorizationCodeServices;

    @Autowired
    private AuthenticationManager authenticationManager;

    @Autowired
    private TokenGranter tokenGranter;

    @Autowired
    private PasswordEncoder passwordEncider;

    /**
     * 令牌管理服务
     * @return
     */
    @Bean
    public AuthorizationServerTokenServices tokenService(){
        DefaultTokenServices services = new DefaultTokenServices();
        services.setClientDetailsService(clientDetailsService); // 客户端信息服务
        services.setSupportRefreshToken(true); // 是否产生刷新令牌
        services.setTokenStore(tokenStore); // 令牌存储策略
        services.setAccessTokenValiditySeconds(7200); // 令牌默认有效期2个小时
        services.setRefreshTokenValiditySeconds(259200); // 刷新令牌默认有效期3天
        return services;
    }

    /**
     * 设置授权码模式的授权码如何存取,存储数据库
     * @param dataSource
     * @return
     */
    @Bean
    public AuthorizationCodeServices authorizationCodeServices(DataSource dataSource){
        return new JdbcAuthorizationCodeServices(dataSource);
    }


    /**
     * 将客户端信息存储到数据库
     * @param dataSource
     * @return
     */
    @Bean
    public ClientDetailsService clientDetailsService(DataSource dataSource){
        ClientDetailsService clientDetailsService = new JdbcClientDetailsService(dataSource);
        ((JdbcClientDetailsService)clientDetailsService).setPasswordEncoder(passwordEncider);
        return clientDetailsService;
    }

    /**
     * 配置客户端详细信息服务
     * @param clients
     * @throws Exception
     */
    @Override
    public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
        clients.withClientDetails(clientDetailsService);
    }

    /**
     * 令牌访问端点的安全策略
     * @param security
     * @throws Exception
     */
    @Override
    public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
        security
                .tokenKeyAccess("permitAll()") // oauth/token_key 公开
                .checkTokenAccess("permitAll()") // oauth/check_token 公开
                .allowFormAuthenticationForClients() // 表单认证,申请令牌
        ;
    }

    /**
     * 令牌访问端点
     * @param endpoints
     * @throws Exception
     */
    @Override
    public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
        endpoints
                .tokenGranter(tokenGranter) // 配置授权模式 默认的5种模式 + 自定义的模式
                .authenticationManager(authenticationManager) // 密码模式需要 认证管理器
                .authorizationCodeServices(authorizationCodeServices) // 授权码模式需要 授权码服务
                .tokenServices(tokenService()) // 令牌管理服务
                .allowedTokenEndpointRequestMethods(HttpMethod.POST) // 允许POST提交
        ;
    }
}

4、配置资源服务器类,继承ResourceServerConfigurerAdapter类

import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;

@Configuration
@EnableResourceServer
public class ResourceServerConfig extends ResourceServerConfigurerAdapter {

    /**
     * 配置那些url要做oauth验证
     * @param http
     * @throws Exception
     */
    @Override
    public void configure(HttpSecurity http) throws Exception {
        http.requestMatchers().antMatchers("/interaction/v1/**").and().authorizeRequests().antMatchers("/interaction/v1/**").authenticated();

        // 禁用 session
        http
                .sessionManagement()
                .sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
                .authorizeRequests().anyRequest().authenticated().and()
                .cors().and()
                .csrf().disable();
    }

    @Override
    public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
        // 配置资源 ID
        // 配置资源 ID,需要在 oauth_client_details 表中添加,详细查看数据库脚本
        resources.resourceId("resourcesId").stateless(true);

        // 自定义token失效/错误返回信息
//        OAuth2AuthenticationEntryPoint authenticationEntryPoint = new OAuth2AuthenticationEntryPoint();
//        authenticationEntryPoint.setExceptionTranslator(new CustomExceptionTranslator());
//        resources.authenticationEntryPoint(authenticationEntryPoint);
    }
}

5、配置安全认证类,继承WebSecurityConfigurerAdapter类

import com.bw.dsm.config.Oauth2.Platfrom.PlatformAuthenticationProvider;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;

@Configuration
@EnableGlobalMethodSecurity(securedEnabled = true,prePostEnabled = true)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    private UserDetailsService userDetailsService;

    //密码编码器
    @Bean
    public PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }

    // 认证管理器
    @Bean
    @Override
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }

    /**
     * 自定义platform验证
     * 自定义验证方法需要在这里添加到 authenticationProvider 中
     * 添加默认的验证方法
     * @return
     */
    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth
                .authenticationProvider(platformAuthenticationProvider())
                .authenticationProvider(daoAuthenticationProvider())
        ;
    }

    /**
     * 自定义platform验证
     * @return
     */
    @Bean
    public PlatformAuthenticationProvider platformAuthenticationProvider(){
        return new PlatformAuthenticationProvider();
    }

    /**
     * 配置默认的密码授权模式的ProviderManager,否则 密码授权 client认证将不会通过。
     * @return
     */
    @Bean
    public DaoAuthenticationProvider daoAuthenticationProvider(){
        DaoAuthenticationProvider daoAuthenticationProvider = new DaoAuthenticationProvider();
        daoAuthenticationProvider.setUserDetailsService(userDetailsService);
        daoAuthenticationProvider.setPasswordEncoder(passwordEncoder());
        return daoAuthenticationProvider;
    }


    //安全拦截机制
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.csrf().disable();
        http.requestMatchers().antMatchers("/oauth/**")
                .and()
                .authorizeRequests()
                .antMatchers("/oauth/**").authenticated();
    }
}

6、创建自定义grant_type模式的实现类,继承AbstractTokenGranter类

import org.springframework.security.authentication.AbstractAuthenticationToken;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.core.Authentication;
import org.springframework.security.oauth2.common.exceptions.InvalidGrantException;
import org.springframework.security.oauth2.provider.*;
import org.springframework.security.oauth2.provider.token.AbstractTokenGranter;
import org.springframework.security.oauth2.provider.token.AuthorizationServerTokenServices;

import java.util.LinkedHashMap;
import java.util.Map;

public class PlatformGranter extends AbstractTokenGranter {

    // 创建自定义grant_type的名称
    private static final String GRANT_TYPE = "platform";

    private final AuthenticationManager authenticationManager;

    public PlatformGranter(AuthenticationManager authenticationManager, AuthorizationServerTokenServices tokenServices
            , ClientDetailsService clientDetailsService, OAuth2RequestFactory requestFactory) {
        super(tokenServices, clientDetailsService, requestFactory, GRANT_TYPE);
        this.authenticationManager = authenticationManager;
    }

    @Override
    protected OAuth2Authentication getOAuth2Authentication(ClientDetails client, TokenRequest tokenRequest) {
        Map<String, String> parameters = new LinkedHashMap<>(tokenRequest.getRequestParameters());
        String platformId = parameters.get("platformId");

        Authentication userAuth = new PlatformAuthenticationToken(platformId);
        ((AbstractAuthenticationToken) userAuth).setDetails(parameters);
        userAuth = authenticationManager.authenticate(userAuth);
        if (userAuth == null || !userAuth.isAuthenticated()) {
            throw new InvalidGrantException("Could not authenticate platformId: " + platformId);
        }

        OAuth2Request storedOAuth2Request = getRequestFactory().createOAuth2Request(client, tokenRequest);
        return new OAuth2Authentication(storedOAuth2Request, userAuth);
    }
}

7、新增一个 AuthenticationToken 实现类 PlatformAuthenticationToken,用于存放该授权所需的信息

import org.springframework.security.authentication.AbstractAuthenticationToken;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.SpringSecurityCoreVersion;

import java.util.Collection;

public class PlatformAuthenticationToken extends AbstractAuthenticationToken {

    private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID;

    // ~ Instance fields
    // ================================================================================================

    private final Object principal;

    // ~ Constructors
    // ===================================================================================================

    /**
     * This constructor can be safely used by any code that wishes to create a
     * <code>UsernamePasswordAuthenticationToken</code>, as the {@link #isAuthenticated()}
     * will return <code>false</code>.
     *
     */
    public PlatformAuthenticationToken(String openId) {
        super(null);
        this.principal = openId;
        setAuthenticated(false);
    }

    /**
     * This constructor should only be used by <code>AuthenticationManager</code> or
     * <code>AuthenticationProvider</code> implementations that are satisfied with
     * producing a trusted (i.e. {@link #isAuthenticated()} = <code>true</code>)
     * authentication token.
     *
     * @param principal
     * @param authorities
     */
    public PlatformAuthenticationToken(Object principal,
                                     Collection<? extends GrantedAuthority> authorities) {
        super(authorities);
        this.principal = principal;
        super.setAuthenticated(true);
    }

    // ~ Methods
    // ========================================================================================================

    @Override
    public Object getCredentials() {
        return null;
    }

    @Override
    public Object getPrincipal() {
        return this.principal;
    }

    @Override
    public void setAuthenticated(boolean isAuthenticated) {
        if (isAuthenticated) {
            throw new IllegalArgumentException(
                    "Cannot set this token to trusted - use constructor which takes a GrantedAuthority list instead");
        }
        super.setAuthenticated(false);
    }

    @Override
    public void eraseCredentials() {
        super.eraseCredentials();
    }
}

8、新增一个 AuthenticationProvider 实现类 PlatformAuthenticationProvider实现授权的逻辑

import com.bw.dsm.service.impl.SpringDataUserDetailsService;
import lombok.Setter;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.InternalAuthenticationServiceException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;

@Setter
public class PlatformAuthenticationProvider implements AuthenticationProvider {

    @Autowired
    private UserDetailsService userDetailsService;

    @Autowired
    private SpringDataUserDetailsService springDataUserDetailsService;

    @Override
    public Authentication authenticate(Authentication authentication) {
        PlatformAuthenticationToken authenticationToken = (PlatformAuthenticationToken) authentication;
        String platformId = (String) authenticationToken.getPrincipal();
        // 调用自定义的通过platformId获取用户信息方法
        UserDetails user = springDataUserDetailsService.loadUserByPlatformId(platformId);
        if (null == user) {
            throw new InternalAuthenticationServiceException("platformId错误");
        }

        PlatformAuthenticationToken authenticationResult = new PlatformAuthenticationToken(user, user.getAuthorities());
        authenticationResult.setDetails(authenticationToken.getDetails());
        return authenticationResult;
    }

    @Override
    public boolean supports(Class<?> authentication) {
        return PlatformAuthenticationToken.class.isAssignableFrom(authentication);
    }

    public UserDetailsService getUserDetailsService() {
        return userDetailsService;
    }

    public void setUserDetailsService(UserDetailsService userDetailsService) {
        this.userDetailsService = userDetailsService;
    }
}

9、自定义service实现类,从数据库验证平台ID

这里暂未做数据库处理。

import com.alibaba.fastjson.JSON;
import com.bw.dsm.entity.config.OauthSysUser;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Service;

import java.util.ArrayList;
import java.util.List;

@Service
public class SpringDataUserDetailsService implements UserDetailsService {

    //根据 账号查询用户信息
    @Override
    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {

        //将来连接数据库根据账号查询用户信息
        OauthSysUser sysUser = new OauthSysUser();
        sysUser.setUsername("sed");
        sysUser.setPassword("sed123");;
        if(sysUser == null){
            //如果用户查不到,返回null,由provider来抛出异常
            return null;
        }
        // TODO: 角色、权限集合
        List<GrantedAuthority> grantedAuthorities = new ArrayList();
        grantedAuthorities.add(new SimpleGrantedAuthority("USER"));
        //将userDto转成json
        String principal = JSON.toJSONString(sysUser);
        UserDetails userDetails = User.withUsername(principal).password(sysUser.getPassword()).authorities(grantedAuthorities).build();
        return userDetails;
    }

    public UserDetails loadUserByPlatformId(String platformId) throws UsernameNotFoundException {

        // 将来连接数据库根据账号查询用户信息
        OauthSysUser sysUser = new OauthSysUser();
        sysUser.setUsername("sed");
        sysUser.setPassword("sed123");
        if(sysUser == null){
            //如果用户查不到,返回null,由provider来抛出异常
            return null;
        }

        // TODO: 角色、权限集合
        List<GrantedAuthority> grantedAuthorities = new ArrayList();
        grantedAuthorities.add(new SimpleGrantedAuthority("USER"));

        //将sysUser转成json
        String principal = JSON.toJSONString(sysUser);
        UserDetails userDetails = User.withUsername(principal).password(sysUser.getPassword()).authorities(grantedAuthorities).build();
        return userDetails;
    }
}

10、需要在配置文件中加上允许覆盖注册配置

# 当遇到同样名字的时候是否允许覆盖注册
spring.main.allow-bean-definition-overriding= true

11、sql脚本

SET FOREIGN_KEY_CHECKS=0;

-- ----------------------------
-- Table structure for oauth_client_details
-- ----------------------------
DROP TABLE IF EXISTS `oauth_client_details`;
CREATE TABLE `oauth_client_details` (
  `client_id` varchar(255) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL COMMENT '客户端标\r\n识',
  `resource_ids` varchar(255) CHARACTER SET utf8 COLLATE utf8_general_ci DEFAULT NULL COMMENT '接入资源列表',
  `client_secret` varchar(255) CHARACTER SET utf8 COLLATE utf8_general_ci DEFAULT NULL COMMENT '客户端秘钥',
  `scope` varchar(255) CHARACTER SET utf8 COLLATE utf8_general_ci DEFAULT NULL,
  `authorized_grant_types` varchar(255) CHARACTER SET utf8 COLLATE utf8_general_ci DEFAULT NULL,
  `web_server_redirect_uri` varchar(255) CHARACTER SET utf8 COLLATE utf8_general_ci DEFAULT NULL,
  `authorities` varchar(255) CHARACTER SET utf8 COLLATE utf8_general_ci DEFAULT NULL,
  `access_token_validity` int DEFAULT NULL,
  `refresh_token_validity` int DEFAULT NULL,
  `additional_information` longtext CHARACTER SET utf8 COLLATE utf8_general_ci,
  `create_time` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
  `archived` tinyint DEFAULT NULL,
  `trusted` tinyint DEFAULT NULL,
  `autoapprove` varchar(255) CHARACTER SET utf8 COLLATE utf8_general_ci DEFAULT NULL,
  PRIMARY KEY (`client_id`) USING BTREE
) ENGINE=InnoDB DEFAULT CHARSET=utf8 ROW_FORMAT=DYNAMIC COMMENT='接入客户端信息';

-- ----------------------------
-- Records of oauth_client_details
-- ----------------------------
INSERT INTO `oauth_client_details` VALUES ('client', 'resourcesId', '$2a$10$q0mE0npS9Cm7gQTR4BkXT.kORLOSpxMf2fFOMkyf9roPb0ddRUS12', 'ROLE_ADMIN,ROLE_USER,ROLE_API', 'client_credentials,password,authorization_code,implicit,refresh_token,platform', 'http://www.baidu.com', null, '7200', '259200', null, '2020-12-19 15:20:06', '0', '0', 'false');

12、测试/oauth/token获取token方法

 上图可以看到获取token成功,这里我的返回参数内容格式是自定义加密的,关于自定义返回参数内容格式可见:

自定义spring security oauth2 /oauth/token以及token失效/过期的返回内容格式

唯空城
关注
  • 0
    点赞
  • 10
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
专栏目录
深入理解 WebSecurityConfigurerAdapter【源码篇】
2401_84446580的博客
05-03 809
资料过多,篇幅有限开源分享:【大厂前端面试题解析+核心总结学习笔记+真实项目实战+最新讲解视频】自古成功在尝试。不尝试永远都不会成功。勇敢的尝试是成功的一半。http.and()[外链图片转存中…(img-FhMlKjMO-1714729010990)][外链图片转存中…(img-yXxArca0-1714729010992)]资料过多,篇幅有限开源分享:【大厂前端面试题解析+核心总结学习笔记+真实项目实战+最新讲解视频】自古成功在尝试。不尝试永远都不会成功。勇敢的尝试是成功的一半。
eaglephp使用微信api接口开发微信框架
12-19
包含微信5.0 API基础接口自定义菜单、高级接口,具体如下:1、接收用户消息。2、向用户回复消息。3、接受事件推送。4、会话界面自定义菜单。5、语音识别。6、客服接口。7、OAuth2.0网页授权。8、生成带参数二维码...
Spring Security Oauth2 认证(获取token/刷新token)流程(password模式)
热门推荐
凶猛的小蜜蜂
05-11 17万+
1.本文介绍的认证流程范围 本文主要对从用户发起获取token的请求(/oauth/token),到请求结束返回token中间经过的几个关键点进行说明。 2.认证会用到的相关请求 注:所有请求均为post请求。 获取access_token请求(/oauth/token) 请求所需参数:client_id、client_secret、grant_type、username、passwo...
oauth2自定义授权认证模式
weixin_45738731的博客
06-06 1297
4、认证服务配置中增加自定义授权。2、自定义身份授权Token。1、自定义授权码模式。
oauth2自定义granter与provider实现自定义身份认证
weixin_45738731的博客
05-17 874
oauth接收到了你传入的grant_type,并把你的请求转发到了你自己的Granter,但谁来进行真正的用户信息合法性校验呢?这段代码比较简单,说白了,当用户进行身份校验时,如果传入的grant_type为group_token_authentication,那么则自动进入这段逻辑创建GroupCompanyAuthenticationToken对象的实例,并将request接收到的参数传入。同时,还提供了认证模式的扩展机制,以便于我们在遇到特殊情况时根据自己的需求来完成身份验证。
java oauth2登录以及权限_Spring Cloud集成Security OAuth 2.0权限鉴权验证示例
weixin_39862097的博客
11-26 681
Spring Cloud集成Security OAuth 2.0权限鉴权验证示例一、背景说明 目前市场上微服务之间涉及到相互调用的问题,在这个过程中为了验证安全性,需要采用鉴权方式进行管理。目前主流的鉴权方式有Apache Shiro和Spring Security,在这里暂且不讨论Apache Shiro和Spring Security孰优孰劣。本文只讲解Spring Security的集成方式...
java oauth2接口_基于Oauth2的api接口开发(一)
weixin_33532631的博客
03-06 4693
1.OAUTH2核心参数说明grant_type参数说明表格:grant_type说明authorization_code标准的Server授权模式password基于用户密码的授权模式client_credentials基于APP密钥的授权模式refresh_token刷新accessTokenresponse_type参数说明表格:response_type说明code标准的Server授权模...
Spring Security#OAuth2
来啊 快活啊
06-20 4749
Congiurer ClientDetailsServiceConfigurer AuthorizationServerSecurityConfigure AuthorizationServerEndpointsConfigurer ResourceServerSecurityConfigurer HttpSecurity Authorization Server ClientDetailsServ
easy-notes:简笔记(easy notes)打造你的轻便私人笔记。接口涉及Spring Security,OAuth2,Jwt,MongoDB,客户端采用Vue.js,Ant Design
02-04
基于SpringBoot生态开发接口服务,涉及Spring Security,OAuth2,Jwt,MongoDB等技术的应用。客户端采用Vue.js,Ant Design开发:演示演示地址: : 部分截图:工程目录采用传统的分层模型设计: - src/main/java -...
npr-one-backend-proxy-php:基于PHP的服务器端代理,用于与NPR One API授权服务器进行交互
03-09
第三方开发人员有两种主要方法来获取API与其他任何微服务进行交互所需的访问令牌: authorization_code授予device_code授权(基于Google拟议规范的自定义授权) 由于安全方面的考虑,NPR One授权服务器当前不接受...
entfrm-boot可视化开发平台-其他
06-12
entfrm-boot是一个以模块化为核心的无代码开发平台,是一个集PC和APP快速开发、系统管理、运维监控、开发工具、OAuth2授权、可视化数据源管理与数据构建、API动态生成与统计、工作流、智能表单设计、微服务骨架等全...
【基于Oauth2的api接口开发】1、固定配置
qq_37634156的博客
03-07 880
maven引用 <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-security</artifactId> </dependency> <dependency> <groupId>org.springframework.security.oauth</
spring security oauth2.0搭建用户认证服务(三) - 自定义手机验证码登录
u013911102的博客
09-11 1925
项目场景: APP登录不仅仅是用户名和密码登录,同时还有手机验证码登录、第三方登录等。这回就说说手机验证码以及APP用户名和密码登录吧。 技术详解: 用户名密码登录: 1.之前的用户名和密码登录,/oauth/tokengrant_type默认是password,不过这里会把请求的用户名和密码暴露出去,因此我的想法是中间加密,然后解密之后再进行认证.因此我打算把之前的认证方式进行增强。 原因分析: 提示:这里填写问题的分析: 例如:Handler 发送消息有两种方式,分别是 Handle.
Oauth2---AuthorizationServer配置
silmeweed的博客
09-28 2万+
AuthorizationServerConfigurerAdapter只是一个提供给开发配置ClientDetailsServiceConfigurer、AuthorizationServerEndpointsConfigurer、AuthorizationServerSecurityConfigurer空壳类并没有持有以上三个配置Bean对象。由初始化时调用Authorizati...
OAuth2】用户授权第三方应用,流程详解及模式
SAME_LOVE的博客
12-25 1486
OAuth(开放授权)是一个开放标准,允许用户让第三方应用访问该用户在某一网站上存储的私密资源(如照片,视频,联系人列表),而无需将用户名和密码提供给第三方应用。OAuth通过提供一个授权令牌而不是用户名和密码来访问他们存储在服务提供者的数据。OAuth的核心是它的授权框架,允许基于代表资源所有者进行授权的访问控制。在OAuth术语中,资源所有者通常是指用户,而第三方应用则被称为客户端(Client),用户的数据被保存在服务提供者(Service Provider)处。
SpringSecurity OAuth2 自定义授权 微信小程序登录
走在编程之路.....
06-18 7858
结合网络上的方法,主要有两种方式,一种是采用Filter,一种是采用自定义授权,目前我实现的方式是采用的是“自定义授权”的方式实现微信小程序登录验证。
spring-cloud-starter-oauth2自定义授权模式
VariousLegendary的博客
04-20 480
如何使用SpringCloudOauth2自定义认证模式,本文将以自定义短信验证码登陆进行讲述
Springsecurity普通登录认证和OAuth2产生token的认证流程
join_null的博客
08-10 5678
一、普通登录认证过程 1.用户发起登录请求,请求登录接口/login(springsecurity默认登录接口地址) 2.过滤器UsernamePasswordAuthenticationFilter验证当前请求是否是在请求登录接口/login,如果是调用attemptAuthentication方法开始认证 3.attemptAuthentication方法在请求中获取到username、password参数封装成一个Authentication对象,调用...
SpringBootSecurity学习(22)前后端分离版之OAuth2.0自定义授权
Blues的专栏
10-14 5460
使用JDBC维护授权码 前面的代码中,测试流程第一步都是获取授权码,然后再携带授权码去申请令牌,授权码示例如下: 产生的授权码默认是 6 位的,产生以后并没有做任何管理,可以说是一个临时性的授权码,oauth2也提供了将授权码使用jdbc进行管理的功能,首先在数据库中创建表 oauth_code : code:存储服务端系统生成的code的值(未加密) authentication:存储将A...
springsecurity oauth2开发指南
最新发布
04-02
Spring Security OAuth2是一个基于Spring Security的开源框架,用于实现OAuth2协议的认证和授权功能。它提供了一套完整的解决方案,帮助开发者轻松地集成OAuth2认证和授权功能到他们的应用程序中。 下面是使用Spring Security OAuth2进行开发的一般指南: 1. 添加依赖:在你的项目中添加Spring Security OAuth2的依赖。可以通过Maven或Gradle来管理依赖。 2. 配置认证服务器:配置一个认证服务器来处理用户的认证请求。可以使用Spring Security提供的默认配置,也可以根据自己的需求进行自定义配置。 3. 配置资源服务器:配置一个资源服务器来保护你的API资源。资源服务器会验证请求中的访问令牌,并根据访问令牌的权限来决定是否允许访问资源。 4. 定义用户信息服务:实现UserDetailsService接口来定义用户信息服务。该服务将根据用户名加载用户信息,并将其与认证服务器进行验证。 5. 定义客户端信息服务:实现ClientDetailsService接口来定义客户端信息服务。该服务将根据客户端ID加载客户端信息,并将其与认证服务器进行验证。 6. 配置安全规则:根据你的需求,配置安全规则来限制对受保护资源的访问。可以使用注解或XML配置来定义安全规则。 7. 实现登录和授权页面:根据你的需求,实现登录和授权页面来处理用户的认证和授权请求。 8. 测试和调试:使用合适的工具和方法来测试和调试你的应用程序,确保OAuth2认证和授权功能正常工作。

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值