如何在Java中实现基于OAuth2的授权服务

硅谷Laioffer

于 2024-07-18 02:20:16 发布

阅读量13

点赞数

文章标签： java 开发语言

如何在Java中实现基于OAuth2的授权服务

大家好，我是微赚淘客系统3.0的小编，是个冬天不穿秋裤，天冷也要风度的程序猿！本文将详细介绍如何在Java中实现基于OAuth2的授权服务，涵盖从项目配置到实际代码实现的各个环节。

一、项目结构与依赖

首先，我们需要创建一个Spring Boot项目，并添加必要的OAuth2依赖。以下是pom.xml文件的部分内容：

<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://www.apache.org/xsd/maven-4.0.0.xsd">
    <modelVersion>4.0.0</modelVersion>
    <groupId>cn.juwatech</groupId>
    <artifactId>oauth2-example</artifactId>
    <version>1.0-SNAPSHOT</version>
    <dependencies>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-web</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-security</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.security.oauth.boot</groupId>
            <artifactId>spring-security-oauth2-autoconfigure</artifactId>
            <version>2.5.5</version>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-data-jpa</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.h2</groupId>
            <artifactId>h2</artifactId>
            <scope>runtime</scope>
        </dependency>
    </dependencies>
</project>

二、配置OAuth2授权服务器

我们首先需要配置OAuth2授权服务器。以下是授权服务器的配置类：

package cn.juwatech.oauth2;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;
import org.springframework.security.oauth2.provider.token.TokenStore;
import org.springframework.security.oauth2.provider.token.store.InMemoryTokenStore;

@Configuration
@EnableAuthorizationServer
public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {

    @Bean
    public TokenStore tokenStore() {
        return new InMemoryTokenStore();
    }

    @Bean
    public PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }

    @Override
    public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
        clients.inMemory()
                .withClient("client-id")
                .secret(passwordEncoder().encode("client-secret"))
                .authorizedGrantTypes("authorization_code", "refresh_token", "password", "client_credentials")
                .scopes("read", "write")
                .accessTokenValiditySeconds(3600)
                .refreshTokenValiditySeconds(7200);
    }

    @Override
    public void configure(AuthorizationServerEndpointsConfigurer endpoints) {
        endpoints.tokenStore(tokenStore());
    }

    @Override
    public void configure(AuthorizationServerSecurityConfigurer security) {
        security.tokenKeyAccess("permitAll()").checkTokenAccess("isAuthenticated()");
    }
}

三、配置资源服务器

配置资源服务器来保护API端点，确保只有经过授权的请求才能访问受保护的资源。

package cn.juwatech.oauth2;

import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;

@Configuration
@EnableResourceServer
public class ResourceServerConfig extends ResourceServerConfigurerAdapter {

    @Override
    public void configure(HttpSecurity http) throws Exception {
        http
            .authorizeRequests()
            .antMatchers("/api/public").permitAll()
            .antMatchers("/api/private").authenticated();
    }
}

四、用户认证配置

我们需要配置Spring Security来管理用户认证。以下是一个简单的内存用户配置：

package cn.juwatech.oauth2;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;

@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.inMemoryAuthentication()
                .withUser("user")
                .password(passwordEncoder().encode("password"))
                .roles("USER");
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
            .authorizeRequests()
            .antMatchers("/login", "/oauth/authorize").permitAll()
            .anyRequest().authenticated()
            .and()
            .formLogin().permitAll();
    }

    @Bean
    public PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }
}

五、创建API端点

接下来，我们创建两个API端点，一个公开的和一个受保护的。

package cn.juwatech.oauth2;

import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RestController;

@RestController
public class ApiController {

    @GetMapping("/api/public")
    public String publicEndpoint() {
        return "This is a public endpoint.";
    }

    @GetMapping("/api/private")
    public String privateEndpoint() {
        return "This is a private endpoint.";
    }
}

六、测试OAuth2授权

启动Spring Boot应用，并使用OAuth2授权码流程进行测试。可以使用Postman等工具来模拟OAuth2授权流程。

获取授权码：

GET http://localhost:8080/oauth/authorize?response_type=code&client_id=client-id&redirect_uri=http://localhost:8080/callback&scope=read

通过授权码获取访问令牌：

POST http://localhost:8080/oauth/token
Authorization: Basic base64(client-id:client-secret)
Content-Type: application/x-www-form-urlencoded
Body: grant_type=authorization_code&code=AUTH_CODE&redirect_uri=http://localhost:8080/callback

使用访问令牌访问受保护的资源：

七、总结

本文详细介绍了如何在Java中实现基于OAuth2的授权服务，涵盖项目配置、授权服务器配置、资源服务器配置、用户认证配置以及API端点创建等内容。通过上述步骤，可以实现一个简单的OAuth2授权服务，为API提供安全保护。

本文著作权归聚娃科技微赚淘客系统开发者团队，转载请注明出处！

原创作者: szk123456 转载于: https://blog.51cto.com/szk123456/11484559

硅谷Laioffer

关注

0
点赞
踩
0

收藏

觉得还不错? 一键收藏
0
评论
如何在Java中实现基于OAuth2的授权服务

如何在Java中实现基于OAuth2的授权服务大家好，我是微赚淘客系统3.0的小编，是个冬天不穿秋裤，天冷也要风度的程序猿！本文将详细介绍如何在Java中实现基于OAuth2的授权服务，涵盖从项目配置到实际代码实现的各个环节。一、项目结构与依赖首先，我们需要创建一个Spring Boot项目，并添加必要的OAuth2...
复制链接

扫一扫