前面oauth2 server设置好了,登录oauth2 server正常,但另外建一个oauth2 client 总是不能登录认证,网上说是spring boot 2 中去除了@EnableOAuth2Sso注解,今天终于找到适合我的spring boot 2.11的oauth2 client,实现了客户端认证。
1.新建spring start project 项目,我命名为microservice-oauth2-client-8805
2.pom.xml,上全文吧
-
<?xml version="1.0" encoding="UTF-8"?>
-
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-
xsi:schemaLocation=
"http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
-
<modelVersion>4.0.0
</modelVersion>
-
<parent>
-
<groupId>org.springframework.boot
</groupId>
-
<artifactId>spring-boot-starter-parent
</artifactId>
-
<version>2.1.1.RELEASE
</version>
-
<relativePath/>
<!-- lookup parent from repository -->
-
</parent>
-
<groupId>com.linbsoft
</groupId>
-
<artifactId>microservice-oauth2-client-8805
</artifactId>
-
<version>0.0.1-SNAPSHOT
</version>
-
<name>microservice-oauth2-client-8805
</name>
-
<description>Demo project for Spring Boot microservice-oauth2-client-8805
</description>
-
-
<properties>
-
<project.build.sourceEncoding>UTF-8
</project.build.sourceEncoding>
-
<project.reporting.outputEncoding>UTF-8
</project.reporting.outputEncoding>
-
<java.version>1.8
</java.version>
-
<spring-cloud.version>Greenwich.M3
</spring-cloud.version>
<!-- Finchley.M8 -->
-
</properties>
-
<dependencies>
-
<dependency>
-
<groupId>org.springframework.boot
</groupId>
-
<artifactId>spring-boot-starter-web
</artifactId>
-
</dependency>
-
<dependency>
-
<groupId>org.springframework.cloud
</groupId>
-
<artifactId>spring-cloud-starter-netflix-eureka-client
</artifactId>
-
</dependency>
-
<dependency>
-
<groupId>org.springframework.cloud
</groupId>
-
<artifactId>spring-cloud-starter-config
</artifactId>
-
</dependency>
-
<dependency>
-
<groupId>org.springframework.boot
</groupId>
-
<artifactId>spring-boot-starter-security
</artifactId>
-
</dependency>
-
<dependency>
-
<groupId>org.springframework.security
</groupId>
-
<artifactId>spring-security-oauth2-client
</artifactId>
-
</dependency>
-
<dependency>
-
<groupId>org.springframework.security
</groupId>
-
<artifactId>spring-security-oauth2-jose
</artifactId>
-
</dependency>
-
<dependency>
-
<groupId>org.springframework.security.oauth
</groupId>
-
<artifactId>spring-security-oauth2
</artifactId>
-
<version>2.3.3.RELEASE
</version>
-
</dependency>
-
-
-
<dependency>
-
<groupId>org.springframework.boot
</groupId>
-
<artifactId>spring-boot-starter-test
</artifactId>
-
<scope>test
</scope>
-
</dependency>
-
</dependencies>
-
<dependencyManagement>
-
<dependencies>
-
<dependency>
-
<groupId>org.springframework.cloud
</groupId>
-
<artifactId>spring-cloud-dependencies
</artifactId>
-
<version>${spring-cloud.version}
</version>
-
<type>pom
</type>
-
<scope>import
</scope>
-
</dependency>
-
</dependencies>
-
</dependencyManagement>
-
<repositories>
-
<repository>
-
<id>spring-milestones
</id>
-
<name>Spring Milestones
</name>
-
<url>https://repo.spring.io/milestone
</url>
-
<snapshots>
-
<enabled>false
</enabled>
-
</snapshots>
-
</repository>
-
</repositories>
-
-
<build>
-
<plugins>
-
<plugin>
-
<groupId>org.springframework.boot
</groupId>
-
<artifactId>spring-boot-maven-plugin
</artifactId>
-
</plugin>
-
</plugins>
-
</build>
-
-
</project>
3. application.peoperties
-
server.port:
8805
-
spring.application.
name=MicroserviceOauth2Client8805
-
spring.cloud.discovery.enabled=true
-
eureka.client.serviceUrl.defaultZone=http:
//admin:123@centos7.linbsoft.com:8101/eureka/,http://admin:123@microservice1.linbsoft.com:8102/eureka/
-
# logging.level.root= debug
-
-
spring.security.oauth2.client.registration.my-client-
1.client-id=admin
-
spring.security.oauth2.client.registration.my-client-
1.client-secret=
123456
-
spring.security.oauth2.client.registration.my-client-
1.client-
name=admin
-
spring.security.oauth2.client.registration.my-client-
1.scope=
read
-
spring.security.oauth2.client.registration.my-client-
1.redirect-uri=http:
//microservice1.linbsoft.com:8805/login/oauth2/code/callback
-
spring.security.oauth2.client.registration.my-client-
1.client-authentication-method=basic
-
spring.security.oauth2.client.registration.my-client-
1.authorization-grant-
type=authorization_code
-
spring.security.oauth2.client.registration.my-client-
1.provider=my-oauth-provider
-
spring.security.oauth2.client.provider.my-oauth-provider.authorization-uri=http:
//centos7.linbsoft.com:8301/oauth/authorize
-
spring.security.oauth2.client.provider.my-oauth-provider.token-uri=http:
//centos7.linbsoft.com:8301/oauth/token
-
spring.security.oauth2.client.provider.my-oauth-provider.user-info-uri=http:
//centos7.linbsoft.com:8301/user
-
spring.security.oauth2.client.provider.my-oauth-provider.user-
name-attribute=
name
这里要注意的是redirect-uri 和 oauth2 server不要相同域名,这个后面会说到为什么
4. 创建测试资源 ExampleController类
@RestController
public class ExampleController {
@RequestMapping("/")
public String email(Principal principal) {
return "Hello " + principal.getName();
}
@RequestMapping("/hello")
public String emailaa(Principal principal) {
return "Hello1 " + principal.getName();
}
}
5.修改 oauth2 server 增加对这个网站的回地址注册
在这个public void configure(ClientDetailsServiceConfigurer clients) 里
clients.inMemory()
.withClient("admin")
.scopes("read")
.secret(new BCryptPasswordEncoder().encode("123456"))
.redirectUris("http://centos7.linbsoft.com:8301","http://microservice1.linbsoft.com:8805/login/oauth2/code/callback")
.authorizedGrantTypes("password", "authorization_code", "refresh_token")
加入了http://microservice1.linbsoft.com:8805/login/oauth2/code/callback
6. 测试
结果出错了,提示[authorization_request_not_found]
后来看到网友文章说是定位到session=null,有个说法是因为oauth2客户端和服务端以都在同一个服务器地址,都在同一个浏览器,网友的原话是【这些错误意味着没有找到授权请求。 authorization request存储在会话中,所以一些会话没有被存储。 默认情况下会话由cookie管理。所以我认为这可能是因为你正在本地主机上运行所有东西,所以第一个cookie由localhost:8080设置以存储授权请求会话数据,并且当你登录到localhost:8081时,它将为其会话设置另一个cookie。】
怎么解决呢,想到的是把oauth2客户端和服务端的域名区分开来,因此,虽然在同一个ip,但设置两个域名:
192.168.49.141 centos7.linbsoft.com
192.168.49.141 microservice1.linbsoft.com
然后,oauth2 server 按部署在centos7.linbsoft.com:8301使用,而oauth2 client 按部署在microservice1.linbsoft.com:8805上使用,果然正常了。
oauth2客户端顺利登录oauth2服务器认证后访问客户端保护资源