spring security Oauth2
依赖
<dependencies>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-oauth2</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
</dependencies>
<dependencyManagement>
<dependencies>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-dependencies</artifactId>
<version>Hoxton.SR8</version>
<type>pom</type>
<scope>import</scope>
</dependency>
</dependencies>
</dependencyManagement>
配置
// spring security 认证类
@Service
public class UserService implements UserDetailsService {
@Autowired
private PasswordEncoder passwordEncoder;
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
String pwd = passwordEncoder.encode("123456");
return new User(username,pwd,
AuthorityUtils.commaSeparatedStringToAuthorityList("admin,sysadmin"));
}
}
// 用于测试的资源
@RestController
@RequestMapping("/user")
public class UserController {
@RequestMapping("getCurrentUser")
public Object getCurrentUser(Authentication authentication){
return authentication.getPrincipal();
}
}
// spring security 权限认证配置
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/oauth/**","/login/**","/logout/**")
.permitAll()
.anyRequest().authenticated()
.and()
.formLogin().permitAll()
.and()
.csrf()
.disable()
;
}
@Bean
public PasswordEncoder passwordEncoder(){
return new BCryptPasswordEncoder();
}
}
// 认证服务器配置
@Configuration
@EnableAuthorizationServer
public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {
@Autowired
private PasswordEncoder passwordEncoder;
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients.inMemory()
.withClient("client")
.secret(passwordEncoder.encode("878412"))
.redirectUris("http://www.baidu.com")
.scopes("all")
.authorizedGrantTypes("authorization_code");
}
}
// 资源服务器配置
@Configuration
@EnableAuthorizationServer
public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {
@Autowired
private PasswordEncoder passwordEncoder;
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients.inMemory()
.withClient("client")
.secret(passwordEncoder.encode("878412"))
// 用于接收授权码,一般在此页面中再依据授权码去获取授权令牌。
.redirectUris("http://www.baidu.com")
.scopes("all")
.authorizedGrantTypes("authorization_code");
}
}
启动类
普通的springboot启动类。
使用测试
-
获取授权码
http://localhost:8080/oauth/authorize?response_type=code&client_id=client&redirect_uri=http://localhost:8081/test&scope=all
参数说明:
response_type: code --授权码
client_id: client – AuthorizationServerConfig配置文件中配置的withClient
redirect_uri:http://localhost:8081/test – AuthorizationServerConfig配置文件中配置的redirectUris。
scope:all – 授权类型 ,AuthorizationServerConfig配置文件中配置的scopes。
请求上面的地址后先会跳转到登录页面,使用UserService配置的账号密码登录后会跳转到授权页面,授权后才会跳转到百度,并附带授权码(本例中没有校验账号,只校验密码为123456即可,所以账号可以随意输入,密码为123456)
-
用获取到的授权码再去请求授权令牌(使用postman来测试)
地址:http://localhost:8080/oauth/token
认证方式:Basic Auth ,账号、密码:AuthorizationServerConfig配置文件中配置的withClient、secret的值
参数:
参数名 值 grant_type authorization_code client_id client redirect_uri http://localhost:8081/test scope all code 上面获取到的授权吗
-
依据授权令牌请求资源
地址:http://localhost:8080/user/getCurrentUser
授权方式:bearer token