SpringBoot 整合 SpringSecurity,token 落地,前后端分离接口安全。
SpringBoot 环境搭建和入门:Spring Boot 2.x 快速入门
导入 mysql 脚本
包含用户表,oauth2.0 数据脚本
https://gitee.com/shizidada/moose-resource/blob/master/moose-security.sql
全部 : https://gitee.com/shizidada/moose/blob/master/src/main/resources/moose.sql
导入依赖
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.security.oauth.boot</groupId>
<artifactId>spring-security-oauth2-autoconfigure</artifactId>
<version>2.2.5.RELEASE</version>
</dependency>
创建 WebSecurity 配置文件
@Slf4j
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true, jsr250Enabled = true, securedEnabled = true)
public class MooseWebSecurityConfiguration extends WebSecurityConfigurerAdapter {
@Bean
@Override
public UserDetailsService userDetailsServiceBean() throws Exception {
return new UserDetailsServiceImpl();
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsServiceBean());
}
/**
* 用于支持 password 模式 密码模式需要 AuthenticationManager 支持
* password 模式一点要加上这个
* @throws Exception
*/
@Bean
@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
}
创建 AuthorizationServer 配置
/**
* 资源认证配置
* <p>
* Description:
* </p>
*
* @author taohua
* @version v1.0.0
* @see com.moose.operator.web.security.configure
* <p>
* [/oauth/authorize] [/oauth/token] [/oauth/check_token]
* [/oauth/confirm_access] [/oauth/token_key] [/oauth/error]
*/
@Configuration
@Enabl