oauth样例项目【01】之 使用auth-code进行认证授权

源码

https://github.com/gaoxinfu/oauth-sample/tree/main/oauth-sample-01

pom.xml

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
    <modelVersion>4.0.0</modelVersion>

    <parent>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-parent</artifactId>
        <version>1.5.10.RELEASE</version>
        <relativePath /> <!-- lookup parent from repository -->
    </parent>

    <groupId>com.gaoxinfu.oauth.sample</groupId>
    <artifactId>oauth-server</artifactId>
    <version>0.0.1-SNAPSHOT</version>
    <name>sample01-授权服务器</name>
    <description>Demo project for Spring Boot</description>

    <properties>
        <java.version>1.8</java.version>
    </properties>

    <dependencies>
        <!--springboot web 服务器-->
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-web</artifactId>
        </dependency>

        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-security</artifactId>
        </dependency>
        <!-- for OAuth 2.0 -->
        <dependency>
            <groupId>org.springframework.security.oauth</groupId>
            <artifactId>spring-security-oauth2</artifactId>
        </dependency>

        <dependency>
            <groupId>org.projectlombok</groupId>
            <artifactId>lombok</artifactId>
        </dependency>
    </dependencies>

    <build>
        <plugins>
            <plugin>
                <groupId>org.springframework.boot</groupId>
                <artifactId>spring-boot-maven-plugin</artifactId>
            </plugin>
        </plugins>
    </build>
</project>

授权服务配置

package com.gaoxinfu.oauth.sample.config;

import org.springframework.context.annotation.Configuration;
import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;

/**
 * 授权服务器配置
 */
@Configuration
@EnableAuthorizationServer
public class AuthorizationServerConfig extends
        AuthorizationServerConfigurerAdapter {

    @Override
    public void configure(ClientDetailsServiceConfigurer clients)
            throws Exception {
        clients.inMemory()
            //客户端id
            .withClient("clientapp")
             //密码
            .secret("112233")
             //一般是发起的寻求获取auth-code的客户端的一个地址，我们在这里自己写在了TokenController中用于显示返回的code
            .redirectUris("http://localhost:9001/token/api/callback")
            // 授权码模式
            .authorizedGrantTypes("authorization_code")
            //权限范围设置
            .scopes("read_userinfo", "read_contacts");
    }

}

账户密码的配置

server.port=9001

# Spring Security Setting
security.user.name=gaoxinfu
security.user.password=123456

这里演示开始获取auth-code时候，需要账户密码登录之后，才可以继续下一步

资源服务配置

package com.gaoxinfu.oauth.sample.config;

import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;

/**
 * 资源服务配置
 */
@Configuration
@EnableResourceServer
public class ResourceServerConfig extends ResourceServerConfigurerAdapter {

    @Override
    public void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests()
            .anyRequest()
            .authenticated()
        .and()
            .requestMatchers()
            .antMatchers("/api/**");
    }

}

UserController演示资源的访问

package com.gaoxinfu.oauth.sample.controller;

import com.gaoxinfu.oauth.sample.entity.UserEntity;
import org.springframework.http.ResponseEntity;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.User;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.GetMapping;

@Controller
public class UserController {

    /**
     *
     * @return
     */
    @GetMapping("/api/getUser")
    public ResponseEntity<UserEntity> getUser() {
        User user = (User) SecurityContextHolder.getContext().getAuthentication().getPrincipal();
        return ResponseEntity.ok(new UserEntity(user.getUsername(),user.getUsername() + "@aliyun.com"));
    }
}

演示：

获取授权码：auth-code

这里我们通过浏览器去演示
获取auth-code
http://localhost:9001/oauth/authorize?client_id=clientapp&redirect_uri=http://localhost:9001//token/api/callback&response_type=code&scope=read_userinfo

填写账户名密码

授权同意还是拒绝，这里我们选择同意Approve

通过回调通知的方式给我们了auth-code

oauth code = bOhDxC

获取token

这里我们通过postman去演示

http://localhost:9001/oauth/token?code=n4xh0t&grant_type=authorization_code&redirect_uri=http://localhost:9001/token/api/callback&scope=read_userinfo

Query Params配置

授权类型

内容类型设置

发送请求，获取结果

附：这里注意下，如果一旦因为配置获取参数输入有误，获取失败，需要重新获取auth-code

使用token获取用户资源