oauth2.0+jwt资源服务的配置
配置ResourceConfig
package com.fxj.resource.config;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;
import org.springframework.security.oauth2.provider.token.TokenStore;
import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter;
import org.springframework.security.oauth2.provider.token.store.JwtTokenStore;
@Configuration
@EnableResourceServer
public class ResourceConfig extends ResourceServerConfigurerAdapter {
@Override
public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
//resourceId授权服务相关client的resourceId
resources.resourceId("resourceId1");
}
@Override
public void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
//所有请求必须授权
.antMatchers("/**").authenticated();
}
@Bean
public TokenStore tokenStore() {
return new JwtTokenStore(jwtAccessTokenConverter());
}
/**
* 与授权服务器使用共同的密钥进行解析
*/
@Bean
public JwtAccessTokenConverter jwtAccessTokenConverter() {
JwtAccessTokenConverter converter = new JwtAccessTokenConverter();
converter.setSigningKey("123456");
return converter;
}
}
测试
密码授权方式
请求token
用token请求资源
在请求头加上红色框部分
token前加Bearer 单词后有一个空格
授权码方式
获取授权码
在浏览器中器访问,redirect_uri地址要写为授权服务一样的地址
http://localhost:8088/oauth/authorize?response_type=code&client_id=admin-app&redirect_uri=http://localhost:8088/aaa
点击授权
返回code
用此code请求token,一个code只能用一次
请求资源
github项目地址
自此结束!