Oauth2---AuthorizationServer配置

最新推荐文章于 2024-05-27 11:11:13 发布
置顶 最新推荐文章于 2024-05-27 11:11:13 发布
阅读量2.7w 收藏 64
点赞数 21
分类专栏: java
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/silmeweed/article/details/101603227
版权

       AuthorizationServerConfigurerAdapter只是一个提供给开发配置ClientDetailsServiceConfigurer、AuthorizationServerEndpointsConfigurer、AuthorizationServerSecurityConfigurer空壳类并没有持有以上三个配置Bean对象。由初始化时调用AuthorizationServerConfigurerAdapter.configure(xxxConfigure) 给机会开发注入、配置。

开发定义的配置列表:

1. ClientDetailsService:ClientDetails信息加载实现类。

2. TokenStore:token管理服务。

3. TokenEnhancer:token信息的额外信息处理。

4. PasswordEncoder: clientDetail 信息里的client_secret字段加解密器。

一、核心类:

1. AuthorizationServerConfigurerAdapter: AuthorizationServer配置的适配类。

2. OAuth2AuthorizationServerConfiguration:系统提供的配置实现类,用户自定时可参考这类的实现。

但这对象生成条件:

//1.没有其它AuthorizationServerConfigurer的配置对象,如果用户自己有定义就不产生。
//2.yml配置文件有:security.oauth2.authorization属性配置。@ConditionalOnMissingBean(AuthorizationServerConfigurer.class)
@EnableConfigurationProperties(AuthorizationServerProperties.class)

3. 开发自定义MyAuthorizationServerConfig extends AuthorizationServerConfigurerAdapter:

完成相关的配置(向这个些类注入自定义的Bean):

(1)ClientDetailsServiceConfigurer:clientDetailsService注入,决定clientDeatils信息的处理服务。
(2)AuthorizationServerEndpointsConfigurer:访问端点配置。tokenStroe、tokenEnhancer服务
(3)AuthorizationServerSecurityConfigurer:访问安全配置。

 

二、配置类:

1. ClientDetailsServiceConfigurer:

      主要是注入ClientDetailsService实例对象(唯一配置注入)。其它地方可以通过ClientDetailsServiceConfigurer调用开发配置的ClientDetailsService。系统提供的二个ClientDetailsService实现类:JdbcClientDetailsService、InMemoryClientDetailsService。

回调配置ClientDetailsServiceConfigurer

   /**
	 *
	 * 配置从哪里获取ClientDetails信息。
	 * 在client_credentials授权方式下,只要这个ClientDetails信息。
	 * @param clientsDetails
	 * @throws Exception
	 */
	@Override
	public void configure(ClientDetailsServiceConfigurer clientsDetails) throws Exception {
		//认证信息从数据库获取
		clientsDetails.withClientDetails(clientDetailsService);
		// 测试用,将客户端信息存储在内存中
		clientsDetails.inMemory()
				.withClient("client")   // client_id
				.secret("secret")       // client_secret
				.authorizedGrantTypes("authorization_code")     // 该client允许的授权类型
				.scopes("app")     // 允许的授权范围
				.autoApprove(true); //登录后绕过批准询问(/oauth/confirm_access)
			
	}

JdbcClientDetailsService类 


public class JdbcClientDetailsService implements ClientDetailsService, ClientRegistrationService {

    //操作oauth_client_details数据库SQL语句,另外可以自行注入
    private static final String CLIENT_FIELDS_FOR_UPDATE = "resource_ids, scope, "
            + "authorized_grant_types, web_server_redirect_uri, authorities, access_token_validity, "
            + "refresh_token_validity, additional_information, autoapprove";
    private static final String CLIENT_FIELDS = "client_secret, " + CLIENT_FIELDS_FOR_UPDATE;
    private static final String BASE_FIND_STATEMENT = "select client_id, " + CLIENT_FIELDS + " from oauth_client_details";
    private static final String DEFAULT_FIND_STATEMENT = BASE_FIND_STATEMENT + " order by client_id";
    private static final String DEFAULT_SELECT_STATEMENT = BASE_FIND_STATEMENT + " where client_id = ?";
    private static final String DEFAULT_INSERT_STATEMENT = "insert into oauth_client_details (" + CLIENT_FIELDS
            + ", client_id) values (?,?,?,?,?,?,?,?,?,?,?)";
    private static final String DEFAULT_UPDATE_STATEMENT = "update oauth_client_details " + "set "
            + CLIENT_FIELDS_FOR_UPDATE.replaceAll(", ", "=?, ") + "=? where client_id = ?";
    private static final String DEFAULT_UPDATE_SECRET_STATEMENT = "update oauth_client_details "
            + "set client_secret = ? where client_id = ?";
    private static final String DEFAULT_DELETE_STATEMENT = "delete from oauth_client_details where client_id = ?";

    private RowMapper<ClientDetails> rowMapper = new ClientDetailsRowMapper();
    //1.用于client_secret密码入库与出库时转化
    private PasswordEncoder passwordEncoder = NoOpPasswordEncoder.getInstance();
    //2.数据库存操作。
    private final JdbcTemplate jdbcTemplate;
    private JdbcListFactory listFactory;

    public JdbcClientDetailsService(DataSource dataSource) {
        Assert.notNull(dataSource, "DataSource required");
        this.jdbcTemplate = new JdbcTemplate(dataSource);
        this.listFactory = new DefaultJdbcListFactory(new NamedParameterJdbcTemplate(jdbcTemplate));
    }

    /**
     * 核心方法。加载ClientDetails by clientId
     */
    public ClientDetails loadClientByClientId(String clientId) throws InvalidClientException {
        ClientDetails details;
        try {
            details = jdbcTemplate.queryForObject(selectClientDetailsSql, new ClientDetailsRowMapper(), clientId);
        }
        catch (EmptyResultDataAccessException e) {
            throw new NoSuchClientException("No client with requested id: " + clientId);
        }
        return details;
    }

}
InMemoryClientDetailsService类

public class InMemoryClientDetailsService implements ClientDetailsService {

  private Map<String, ClientDetails> clientDetailsStore = new HashMap<String, ClientDetails>();

  public ClientDetails loadClientByClientId(String clientId) throws ClientRegistrationException {
    ClientDetails details = clientDetailsStore.get(clientId);
    return details;
  }
}

2. AuthorizationServerEndpointsConfigurer端点配置

AuthorizationServerEndpointsConfigurer其实是一个装载类,装载Endpoints所有相关的类配置(AuthorizationServer、TokenServices、TokenStore、ClientDetailsService、UserDetailsService)。

配置方法:

    /**
	 * 注入相关配置:
	 * 1. 密码模式下配置认证管理器 AuthenticationManager
	 * 2. 设置 AccessToken的存储介质tokenStore, 默认使用内存当做存储介质。
      * 3. userDetailsService注入
	 */
	@Override
	public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {

		TokenEnhancerChain tokenEnhancerChain = new TokenEnhancerChain();
		endpoints
				.authenticationManager(authenticationManager)
				//末确认点.userDetailsService(userDetailsService) //MUST:密码模式下需设置一个AuthenticationManager对象,获取 UserDetails信息
				.tokenStore(tokenStore)//token的保存方式
				.tokenEnhancer(tokenEnhancerChain);//token里加点信息
}

AuthorizationServerEndpointsConfigurer类: 

public final class AuthorizationServerEndpointsConfigurer {

	private AuthorizationServerTokenServices tokenServices;
	private ConsumerTokenServices consumerTokenServices;
	private AuthorizationCodeServices authorizationCodeServices;
	private ResourceServerTokenServices resourceTokenServices;
	private TokenStore tokenStore;
	private TokenEnhancer tokenEnhancer;
	private AccessTokenConverter accessTokenConverter;
	private ApprovalStore approvalStore;
	private TokenGranter tokenGranter;
	private OAuth2RequestFactory requestFactory;
	private OAuth2RequestValidator requestValidator;
	private UserApprovalHandler userApprovalHandler;
	private AuthenticationManager authenticationManager;
	private ClientDetailsService clientDetailsService;
    private String prefix;
	private Map<String, String> patternMap = new HashMap<String, String>();
	private Set<HttpMethod> allowedTokenEndpointRequestMethods = new HashSet<HttpMethod>();

	private FrameworkEndpointHandlerMapping frameworkEndpointHandlerMapping;

	private boolean approvalStoreDisabled;
	private List<Object> interceptors = new ArrayList<Object>();

	private DefaultTokenServices defaultTokenServices;

	private UserDetailsService userDetailsService;

	private boolean tokenServicesOverride = false;

	private boolean userDetailsServiceOverride = false;

	private boolean reuseRefreshToken = true;

	private WebResponseExceptionTranslator<OAuth2Exception> exceptionTranslator;

	private RedirectResolver redirectResolver;

/**
* tokenServices重新生成一个PreAuthenticatedAuthenticationProvider作为认证。
*/
private void addUserDetailsService(DefaultTokenServices tokenServices, UserDetailsService userDetailsService) {
		if (userDetailsService != null) {
			PreAuthenticatedAuthenticationProvider provider = new PreAuthenticatedAuthenticationProvider();
			provider.setPreAuthenticatedUserDetailsService(new UserDetailsByNameServiceWrapper<PreAuthenticatedAuthenticationToken>(
					userDetailsService));
			tokenServices
					.setAuthenticationManager(new ProviderManager(Arrays.<AuthenticationProvider> asList(provider)));
		}
	}
}

三、AuthorizationServerSecurityConfigurer端点安全配置:

  AuthorizationServerSecurityConfigurer继承SecurityConfigurerAdapter.也就是一个 Spring Security安全配置提供给AuthorizationServer去配置AuthorizationServer的端点(/oauth/****)的安全访问规则、过滤器Filter。

类继承关系:

可配置属性项: 

1. ClientDetail加密方式

2. allowFormAuthenticationForClients 允许表单认证。针对/oauth/token端点。

3. 添加开发配置tokenEndpointAuthenticationFilters

4. tokenKeyAccess、checkTokenAccess访问权限。

 

/**
	 *  配置:安全检查流程,用来配置令牌端点(Token Endpoint)的安全与权限访问
	 *  默认过滤器:BasicAuthenticationFilter
	 *  1、oauth_client_details表中clientSecret字段加密【ClientDetails属性secret】
	 *  2、CheckEndpoint类的接口 oauth/check_token 无需经过过滤器过滤,默认值:denyAll()
	 * 对以下的几个端点进行权限配置:
	 * /oauth/authorize:授权端点
	 * /oauth/token:令牌端点
	 * /oauth/confirm_access:用户确认授权提交端点
	 * /oauth/error:授权服务错误信息端点
	 * /oauth/check_token:用于资源服务访问的令牌解析端点
	 * /oauth/token_key:提供公有密匙的端点,如果使用JWT令牌的话
	 **/
	@Override
	public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
		security.allowFormAuthenticationForClients()//允许客户表单认证
				.passwordEncoder(new BCryptPasswordEncoder())//设置oauth_client_details中的密码编码器
				.tokenKeyAccess("permitAll()")
				.checkTokenAccess("isAuthenticated()")
				.passwordEncoder(oauthClientPasswordEncoder);
	}

AuthorizationServerSecurityConfigurer类

public final class AuthorizationServerSecurityConfigurer extends
        SecurityConfigurerAdapter<DefaultSecurityFilterChain, HttpSecurity> {

    private AuthenticationEntryPoint authenticationEntryPoint;
    private AccessDeniedHandler accessDeniedHandler = new OAuth2AccessDeniedHandler();
    //client secrets加密器
    private PasswordEncoder passwordEncoder;
    private String realm = "oauth2/client";
    private boolean allowFormAuthenticationForClients = false;
    private String tokenKeyAccess = "denyAll()";
    private String checkTokenAccess = "denyAll()";
    private boolean sslOnly = false;
    //开发定义过滤器
    private List<Filter> tokenEndpointAuthenticationFilters = new ArrayList<Filter>();


    @Override
    public void init(HttpSecurity http) throws Exception {
        //1.异常发生时的入口配置
        registerDefaultAuthenticationEntryPoint(http);
        //1. passwordEncoder注入到ClientDetailsUserDetailsService(
        // UserDetailsService对象存储在HttpSecurity.SharedObject里。
        if (passwordEncoder != null) {
            ClientDetailsUserDetailsService clientDetailsUserDetailsService = new ClientDetailsUserDetailsService(clientDetailsService());
            clientDetailsUserDetailsService.setPasswordEncoder(passwordEncoder());
            http.getSharedObject(AuthenticationManagerBuilder.class)
                    .userDetailsService(clientDetailsUserDetailsService)
                    .passwordEncoder(passwordEncoder());
        }
        else {
            http.userDetailsService(new ClientDetailsUserDetailsService(clientDetailsService()));
        }
        //2.配置/oaut/***端点 httpBasic安全规则
        http.securityContext().securityContextRepository(new NullSecurityContextRepository()).and().csrf().disable()
                .httpBasic().realmName(realm);
        //3. ssl 通道安全
        if (sslOnly) {
            http.requiresChannel().anyRequest().requiresSecure();
        }
    }

    /**
     * 开发配置:
     * 1. allowFormAuthenticationForClients 允许表单认证。针对/oauth/token端点添加ClientCredentialsTokenEndpointFilter
     * 2. 添加开发配置tokenEndpointAuthenticationFilters。(在 BasicAuthenticationFilter之前)
     * 3. 添加在 accessDeniedHandler
     */
    @Override
    public void configure(HttpSecurity http) throws Exception {

        // ensure this is initialized
        frameworkEndpointHandlerMapping();
        //2. 针对/oauth/token端点添加ClientCredentialsTokenEndpointFilter
        if (allowFormAuthenticationForClients) {
            clientCredentialsTokenEndpointFilter(http);
        }
        //3.添加开发配置tokenEndpointAuthenticationFilters。(在 BasicAuthenticationFilter之前)
        for (Filter filter : tokenEndpointAuthenticationFilters) {
            http.addFilterBefore(filter, BasicAuthenticationFilter.class);
        }
        //4. 添加在 accessDeniedHandler,处理访问AccessDeniedException发生时处理。
        http.exceptionHandling().accessDeniedHandler(accessDeniedHandler);
    }

    /**
     * 配置异常发生时入口点AuthenticationEntryPoint
     * @param http
     */
    private void registerDefaultAuthenticationEntryPoint(HttpSecurity http) {
        ExceptionHandlingConfigurer<HttpSecurity> exceptionHandling = http.getConfigurer(ExceptionHandlingConfigurer.class);
        if (exceptionHandling == null) {
            return;
        }
        //1.端点入口:BasicAuthenticationEntryPoint设置response配置。
        // response.addHeader("WWW-Authenticate", "Basic realm=\"" + realmName + "\"");
        // response.sendError(HttpStatus.UNAUTHORIZED.value(), HttpStatus.UNAUTHORIZED.getReasonPhrase());
        if (authenticationEntryPoint==null) {
            BasicAuthenticationEntryPoint basicEntryPoint = new BasicAuthenticationEntryPoint();
            basicEntryPoint.setRealmName(realm);
            authenticationEntryPoint = basicEntryPoint;
        }
        //发生异常时,会调用到BasicAuthenticationEntryPoint.commence()
        exceptionHandling.defaultAuthenticationEntryPointFor(postProcess(authenticationEntryPoint), preferredMatcher);
    }

    /**
     * 核心:
     * "/oauth/token"端点的添加过滤器clientCredentialsTokenEndpointFilter(clientId, client_secert)密码比对。而且
     *  放到BasicAuthenticationFilter之前。
     *  http.addFilterBefore(clientCredentialsTokenEndpointFilter, BasicAuthenticationFilter.class);
     */
    private ClientCredentialsTokenEndpointFilter clientCredentialsTokenEndpointFilter(HttpSecurity http) {
        ClientCredentialsTokenEndpointFilter clientCredentialsTokenEndpointFilter = new ClientCredentialsTokenEndpointFilter(
                frameworkEndpointHandlerMapping().getServletPath("/oauth/token"));
        clientCredentialsTokenEndpointFilter
                .setAuthenticationManager(http.getSharedObject(AuthenticationManager.class));
        OAuth2AuthenticationEntryPoint authenticationEntryPoint = new OAuth2AuthenticationEntryPoint();
        authenticationEntryPoint.setTypeName("Form");
        authenticationEntryPoint.setRealmName(realm);
        clientCredentialsTokenEndpointFilter.setAuthenticationEntryPoint(authenticationEntryPoint);
        clientCredentialsTokenEndpointFilter = postProcess(clientCredentialsTokenEndpointFilter);
        http.addFilterBefore(clientCredentialsTokenEndpointFilter, BasicAuthenticationFilter.class);
        return clientCredentialsTokenEndpointFilter;
    }

    /**
     * 居然使用共享方式
     */
    private ClientDetailsService clientDetailsService() {
        return getBuilder().getSharedObject(ClientDetailsService.class);
    }

    private FrameworkEndpointHandlerMapping frameworkEndpointHandlerMapping() {
        return getBuilder().getSharedObject(FrameworkEndpointHandlerMapping.class);
    }

    private PasswordEncoder passwordEncoder() {
        return new PasswordEncoder() {
            @Override
            public boolean matches(CharSequence rawPassword, String encodedPassword) {
                return StringUtils.hasText(encodedPassword) ? passwordEncoder.matches(rawPassword, encodedPassword)
                        : true;
            }
            @Override
            public String encode(CharSequence rawPassword) {
                return passwordEncoder.encode(rawPassword);
            }
        };
    }

}
public class ClientCredentialsTokenEndpointFilter extends AbstractAuthenticationProcessingFilter {

	private AuthenticationEntryPoint authenticationEntryPoint = new OAuth2AuthenticationEntryPoint();

    public ClientCredentialsTokenEndpointFilter() {
		this("/oauth/token");
	}

	public ClientCredentialsTokenEndpointFilter(String path) {
		super(path);
		setRequiresAuthenticationRequestMatcher(new ClientCredentialsRequestMatcher(path));
		// If authentication fails the type is "Form"
		((OAuth2AuthenticationEntryPoint) authenticationEntryPoint).setTypeName("Form");
	}

	@Override
	public void afterPropertiesSet() {
		super.afterPropertiesSet();
		setAuthenticationFailureHandler(new AuthenticationFailureHandler() {
			public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response,
					AuthenticationException exception) throws IOException, ServletException {
				if (exception instanceof BadCredentialsException) {
					exception = new BadCredentialsException(exception.getMessage(), new BadClientCredentialsException());
				}
				authenticationEntryPoint.commence(request, response, exception);
			}
		});
		setAuthenticationSuccessHandler(new AuthenticationSuccessHandler() {
			public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response,
					Authentication authentication) throws IOException, ServletException {
				// no-op - just allow filter chain to continue to token endpoint
			}
		});
	}

	@Override
	public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response)
			throws AuthenticationException, IOException, ServletException {
        //1.获取请求参数:clientId、clientSecret用来认证
		String clientId = request.getParameter("client_id");
		String clientSecret = request.getParameter("client_secret");

		//2.如果认证过就不需要再认证
		Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
		if (authentication != null && authentication.isAuthenticated()) {
			return authentication;
		}
		if (clientId == null) {
			throw new BadCredentialsException("No client credentials presented");
		}
		if (clientSecret == null) {
			clientSecret = "";
		}

		UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(clientId,
				clientSecret);
        //4.开始认证
		return this.getAuthenticationManager().authenticate(authRequest);

	}

 

silmeweed
关注
  • 21
    点赞
  • 64
    收藏
    觉得还不错? 一键收藏
  • 4
    评论
专栏目录
Oauth2.0基于Spring Authorization Server模块client_secret_basic或者post
Lance
03-15 2751
介绍 处理oauth2.0请求授权client授权模式, 使用授权服务器对客户端进行身份验证时使用的身份验证方法 client_secret_basic client_secret_post client_secret_jwt private_key_jwt none 基于项目:Spring Authorization Server 1. maven项目依赖 spring-authorization-server v0.2.2 2.application.yml配置 spring:
Spring Authorization ServerOAuth2AuthorizationServiceOAuth2AuthorizationConsentService
一个写了10年bug的程序员日常笔记。
05-09 431
在Spring Security OAuth2的上下文中,和是两个接口,它们分别负责OAuth 2.0授权过程中的不同方面。它们在Spring Security OAuth2项目中尤为常见,该项目提供了一种在Spring Boot应用程序中实现OAuth 2.0的方式。
Spring Security#OAuth2
来啊 快活啊
06-20 4808
Congiurer ClientDetailsServiceConfigurer AuthorizationServerSecurityConfigure AuthorizationServerEndpointsConfigurer ResourceServerSecurityConfigurer HttpSecurity Authorization Server ClientDetailsServ
spring-authorization-server系列(2)---demo分析
最新发布
qq_16033193的博客
05-27 290
通过HttpSecurity的build(),初始化convert、filter、provider,搭建起来框架的链路。
oauth2 客户端模式】Spring Authorization Server + Resource + Client 资源服务间的相互访问
土味儿
05-20 4682
1、概述 上一节中介绍了项目的搭建,并实现了授权码模式的访问。在上一节的基础上,再来实现客户端模式。【图文详解】搭建 Spring Authorization Server + Resource + Client 完整Demo 用户通过客户端访问资源是 授权码模式 微服务(资源)间的访问是 客户端模式;客户端模式下,只需要提供注册客户端的ID和密钥,就可以向授权服务器申请令牌,授权服务器核实ID和密钥后,会直接发放令牌,无须再认证/授权,特别适合项目内部模块间的调用。 2、授权服务器中注册新客户端
Spring OAuth2 授权服务器配置详解
码农小胖哥
11-15 6028
前两篇文章分别体验了Spring Authorization Server的使用和讲解了其各个过滤器的作用。今天来讲讲Spring Authorization Server授权服务器的配置...
SpringSecurityOAuth2配置认证服务器策略
qq_41853447的博客
06-07 4208
SpringSecurityOAuth2配置认证服务器策略  源码地址:https://github.com/gl-stars/springSecurity-example.git 一、刷新令牌 如果客服端的令牌过期,可以使用刷新令牌更新令牌。这就就可以避免再次通过用户名和密码登录,重新获取令牌这些麻烦的操作了。刷新令牌只能是授权码和密码模式下有效,在认证服务器AuthorizationServerConfig的authorizedGrantTypes中配置刷新令牌的参数refresh_token
spring-security-oauth2-authorization-server.zip
08-25
本项目“spring-security-oauth2-authorization-server”将带你深入理解如何利用Spring Security OAuth2构建一个授权服务器,以保护你的API并提供安全的访问控制。 OAuth2是一种开放标准,用于授权第三方应用访问...
yii2-league-oauth2-server:Yii 2.0 实现 PHP 联盟 OAuth2 服务器接口
05-30
通常,我们会创建一个`AuthServer`类,该类继承自`League\OAuth2\Server\AuthorizationServer`,并根据需求进行定制。 OAuth2服务器包含几个核心概念: 1. **客户端(Client)**:代表一个第三方应用,需要获取用户...
node-oauth2-server
03-30
2. 初始化:创建`oauth2`实例,配置模型接口和选项。 3. 授权处理:设置路由处理授权请求,调用`authorize()`方法启动授权流程。 4. 访问令牌生成:处理授权响应,调用`token()`方法生成访问令牌。 5. 检验令牌:在...
OAuth2-server-master.zip
10-10
在这个"OAuth2-server-master.zip"压缩包中,我们很可能是得到了一个使用Spring Boot和Spring Security实现OAuth2授权服务的示例项目。 1. **OAuth2基础概念**: - **授权(Authorization)**: OAuth2的核心是授权...
Laravel开发-oauth2-server
08-28
创建一个新的服务提供者(ServiceProvider)继承自`League\OAuth2\Server\AuthorizationServer`,并注册到`config/app.php`的`providers`数组中。同时,定义所需的密钥和存储机制,例如使用Laravel的数据库或缓存...
配置 spring cloud oauth2 的(关键)易错点
qq_39729362的博客
01-15 401
1、在配置端点时:configure(AuthorizationServerEndpointsConfigurer endpoints) ,需要指明 AuthenticationManager,即调用方法:authenticationManager(authenticationManager),但是在注入authenticationManager时,网站同时给了两种方案: A、调用WebSec...
Spring Security OAuth2使用步骤(一)
FAIRYTAIL的博客
08-26 3856
Springclound Security Oauth2配置授权服务器和资源服务器、token存储
Spring Security OAuth专题学习-授权服务源码解读
icarusliu的专栏
05-24 1799
授权服务主要完成以下四个核心功能: 客户端授权关系管理; 接收用户或客户端登录请求,生成accessToken Token存储 Token校验 本文将从源码层面分析授权服务如何实现上述四个功能。 关于Spring Oauth2的一些基础概念及示例,可参考:http://liumoran.cn/topic/myTopics/1 1. 概述 授权服务包含有以下几个关键类: EnableAutho...
SpringCloud搭建微服务之OAuth2.1认证和授权
liu320yj的博客
10-10 6409
Spring Boot新版本已经不在支持Spring Security OAuth,而是将资源服务和客户端集成到Spring Security 5.2.x版本中,认证服务单独成一个项目为Spring Authorization Server
Spring微服务实战第7章 保护微服务
天空鸟的博客
09-10 788
文章目录第7章 保护微服务7.1 OAuth2简介7.2 从小事做起:使用Spring和OAuth2来保护单个端点7.2.1 建立EagleEye OAuth2验证服务7.2.2 使用OAuth2服务注册客户端应用程序7.2.3 配置EagleEye用户7.2.4 验证用户7.3 使用OAuth2保护组织服务7.3.1 将Spring Security和OAuth2 jar添加到各个服务7.3.2 配置服务以指向OAuth2验证服务7.3.3 定义谁可以访问服务1.通过验证用户保护服务2.通过特定角色保护服
Spring Cloud OAuth2 认证服务器
凉茶铺的博客
08-31 2974
Spring Cloud OAuth2 是 Spring Cloud 体系对OAuth2协议的实现,可以用来做多个微服务的统一认证(验证身份合法性)授权(验证权限)。通过向OAuth2服务(统一认证授权服务)发送某个类型的grant_type进行集中认证和授权,从而获得access_token(访问令牌),而这个token是受其他微服务信任的。............
微服务登录认证(大部分公共默认配置省略)
Strong_shady的博客
09-02 583
一。user-auth服务(多端设备登录着手点) 1.1 配置AuthorizationServerConfig、CustomUserAuthenticationConverter(略) 自定义授权认证UserDetailsServiceImpl,远程调用user服务的loadFindById方法: @Service public class UserDetailsServiceImpl implements UserDetailsService { @Autowired Client
spring-boot-starter-oauth2-authorization-server 1.1.0 配置
05-27
您好,针对 `spring-boot-starter-oauth2-authorization-server` 版本为 1.1.0 的配置,以下是一个简单的示例: 1. 首先,在 `pom.xml` 文件中添加以下依赖: ```xml <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-oauth2-authorization-server</artifactId> <version>1.1.0</version> </dependency> ``` 2. 然后,在 `application.yml` 文件中添加以下配置: ```yaml spring: security: oauth2: authorization: server: jwt: key-value: "secret" client: registration: myapp: client-id: myapp client-secret: secret scope: read,write redirect-uri: "{baseUrl}/login/oauth2/code/{registrationId}" authorization-grant-type: authorization_code client-name: My App provider: myapp: issuer-uri: http://localhost:8080/oauth2/token authorization-uri: http://localhost:8080/oauth2/authorize token-uri: http://localhost:8080/oauth2/token user-info-uri: http://localhost:8080/userinfo user-name-attribute: sub ``` 在上述配置中,`jwt.key-value` 用于指定加密 JWT 的密钥,`client.registration.myapp` 用于指定客户端信息,`provider.myapp` 用于指定 OAuth2 服务提供商信息。 3. 最后,在启动类中添加 `@EnableAuthorizationServer` 注解即可启用 OAuth2 授权服务器功能: ```java @SpringBootApplication @EnableAuthorizationServer public class AuthorizationServerApplication { public static void main(String[] args) { SpringApplication.run(AuthorizationServerApplication.class, args); } } ``` 希望以上内容能够帮助到您。如果您有任何疑问,请随时提出。

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论 4
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值