折腾了一天. 终于在晚上 7点半 搞定了
1.废话不说 pom.xml 增加依赖 主要就是security 和 oauth2.0 的包
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
</dependency>
<!-- security oauth2 -->
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-oauth2</artifactId>
</dependency>
2.继承 WebSecurityConfigurerAdapter 的配置类中 主配置文件
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication().withUser("shili").password("zzz123").roles("ADMIN");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable()
.anonymous().disable()
.authorizeRequests()
.antMatchers("/oauth/token").permitAll().and().formLogin();
}
这里主要配置了登录的用户名和密码 以及 开放 /oauth/token 的路径
3. 继承 ResourceServerConfigurerAdapter 的配置类中
@Configuration
@EnableResourceServer
@Order(6)
public class ResourceServerConfiguration extends ResourceServerConfigurerAdapter {
private static final String RESOURCE_ID = "my_rest_api";
@Override
public void configure(ResourceServerSecurityConfigurer resources) {
resources.resourceId(RESOURCE_ID).stateless(false);
}
@Override
public void configure(HttpSecurity http) throws Exception {
http.
anonymous().disable()
.requestMatchers().antMatchers("/sayhello")
.and().authorizeRequests()
.antMatchers("/sayhello").access("hasRole('ADMIN')")
.and().exceptionHandling().accessDeniedHandler(new OAuth2AccessDeniedHandler());
}
}
4.最后是继承 AuthorizationServerConfigurerAdapter 的配置类
@Configuration
@EnableAuthorizationServer
public class SecurityOauth2Config extends AuthorizationServerConfigurerAdapter {
private static String REALM="MY_OAUTH_REALM";
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
//客户端详情服务
clients.inMemory()
.withClient("13890999")
.authorizedGrantTypes("password", "authorization_code", "refresh_token", "implicit")
.authorities("ROLE_CLIENT", "ROLE_TRUSTED_CLIENT")
.scopes("read", "write", "trust")
.secret("secret")
.accessTokenValiditySeconds(120).//Access token is only valid for 2 minutes.
refreshTokenValiditySeconds(600);//Refresh token is only valid for 10 minutes.
}
@Override
public void configure(AuthorizationServerSecurityConfigurer oauthServer) throws Exception {
oauthServer.allowFormAuthenticationForClients();
}
}
5.测试步骤 首先访问以下地址
http://localhost:8080/oauth/authorize?client_id=13890999&response_type=code&redirect_uri=http://localhost:8080
就会跳转到登录页面 然后登录 会跳转到授权确认页面 最后会跳转到 http://localhost:8080/code=XXXXX
其中的XXXXX就是我们需要的code
然后使用curl开始POST我们的token 地址
curl "http://localhost:8080/oauth/token" -d "client_id=13890999&client_secret=secret&grant_type=authorization_code&code=XXXXX&redirect_uri=http://localhost:8080"
命令中的CODE 你要修改成你上一步获取到CODE
他就会返回如下 代码 表示已经成功了!
{"access_token":"5905c5da-0925-4752-8b6a-423936cfac71","token_type":"bearer","re
fresh_token":"9ebff67a-8a1d-462c-bf74-4a0a66f2980b","expires_in":119,"scope":"tr
ust read write"}
有了这个access_token 就可以访问 ResourceServerConfigurerAdapter 配置的url了
curl "http://localhost:8080/sayhello" -d "access_token=5905c5da-
0925-4752-8b6a-423936cfac71" -v
出现网页源代码 表示访问成功 到这里 Auth2.0 完成了一半了
明天 把那个很丑的授权页改一改 就OK了
原文地址:https://my.oschina.net/u/659068/blog/1549853