SpringCloud Oauth2(2)资源服务基于角色的鉴权
服务的鉴权我会用两种方式来实现,第一种是基于PreAuthorize
这种基于角色的,第二种是自定义url资源的。
项目结构图
maven引用
pom.xml
<dependencies>
<dependency>
<groupId>com.td</groupId>
<artifactId>common-server</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-netflix-eureka-client</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-oauth2</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-devtools</artifactId>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-jdbc</artifactId>
</dependency>
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>td</groupId>
<artifactId>myjdbc</artifactId>
<version>4.7</version>
</dependency>
<!-- https://mvnrepository.com/artifact/io.springfox/springfox-swagger2 -->
<dependency>
<groupId>io.springfox</groupId>
<artifactId>springfox-swagger2</artifactId>
<version>2.9.2</version>
</dependency>
<!-- https://mvnrepository.com/artifact/io.springfox/springfox-swagger-ui -->
<dependency>
<groupId>io.springfox</groupId>
<artifactId>springfox-swagger-ui</artifactId>
<version>2.9.2</version>
</dependency>
</dependencies>
application.yml配置
application.yml
spring:
application:
name: baseServer
datasource:
driver-class-name: com.mysql.cj.jdbc.Driver
url: jdbc:mysql://119.23.43.22:3306/oauth?characterEncoding=utf8&useCursorFetch=true&defaultFetchSize=1000&autoReconnect=true&useSSL=false
username: root
password: Root!2018
mvc:
favicon:
enabled: false
server:
port: 1002
eureka:
client:
service-url:
defaultZone: http://localhost:1000/eureka
instance:
lease-expiration-duration-in-seconds: 30 #服务过期时间配置,超过这个时间没有接收到心跳EurekaServer就会将这个实例剔除
lease-renewal-interval-in-seconds: 10 #服务刷新时间配置,每隔这个时间会主动心跳一次
security:
oauth2:
resource:
id: baseServer
#不知道加上zuul地址就不行,直接访问地址就可以
user-info-uri: http://localhost:1005/user
prefer-token-info: false
资源服务器配置
ResourceServerConfig
@Configuration
@EnableResourceServer
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class ResourceServerConfig extends ResourceServerConfigurerAdapter {
@Override
public void configure(HttpSecurity http) throws Exception {
http.csrf().disable().exceptionHandling()
.authenticationEntryPoint((request, response, authException) -> response.sendError(HttpServletResponse.SC_UNAUTHORIZED))
.and()
.authorizeRequests()
.antMatchers("/aa/**").permitAll()//不需要校驗權限
.anyRequest().authenticated()
.and()
.httpBasic();
// http.addFilterBefore(customFilter, FilterSecurityInterceptor.class);
}
}
最后编写一个测试例子
TestController
@RestController
@RequestMapping(value = "/test")
public class TestController {
@GetMapping("hello")
@PreAuthorize("hasRole('ROLE_ADMIN')")
public String hello() {
return "hello!";
}
}
user_1这个账号不具有admin角色,所以不能访问:
admin这个账号可以访问:
感谢大家阅读。