第一次分享博客,大神勿喷,多多指教! 前不久研究了一下oauth2框架的各种模式,今天主要分享一下password模式。
做完有一段时间,记忆不是很犹新,简单讲一下我理解的原理。事例写在两个项目里最下面有git连接,开箱即用
讲一下我理解的原理,很多client可能都需要访问我的很多resource,这时候我们需要通过oauthserver负责验证client信息,赋给client访问resource权限,然后再通过jwt生成token给用户个人权限,用户拿着这个token去访问我们的resource就可以了.两个demo很多东西还没完善,都是写死的,根据需求自己改就好了,可以全部写在一个项目里,但是不建议,那样感觉失去意义,provider用的是sercurity提供的小界面,可以自定义,或者提供接口给client,根据业务需求吧。
附上简单的架构图
废话不多说了上代码:
oauthserver:
@Configuration @EnableAuthorizationServer public class OauthServerConfig extends AuthorizationServerConfigurerAdapter { @Autowired private AuthenticationManager authenticationManager; @Bean public JwtAccessTokenConverter accessTokenConverter() { JwtAccessTokenConverter converter = new JwtAccessTokenConverter(); converter.setSigningKey("asdfadf"); return converter; } @Override public void configure(ClientDetailsServiceConfigurer clients) throws Exception { clients.inMemory().withClient("demo") .secret("secret") .resourceIds("demo1") .authorizedGrantTypes("password") .authorities("ROLE_CLIENT") .scopes("read", "write") .accessTokenValiditySeconds(3600); } @Bean public TokenStore tokenStore() { return new JwtTokenStore(accessTokenConverter()); } @Override public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception { endpoints.accessTokenConverter(accessTokenConverter()); endpoints.tokenStore(tokenStore()); endpoints.authenticationManager(authenticationManager); } @Bean @Primary public DefaultTokenServices tokenServices() { DefaultTokenServices defaultTokenServices = new DefaultTokenServices(); defaultTokenServices.setTokenStore(tokenStore()); defaultTokenServices.setSupportRefreshToken(true); return defaultTokenServices; } @Override public void configure(AuthorizationServerSecurityConfigurer oauthServer) throws Exception { oauthServer.tokenKeyAccess("permitAll()") .checkTokenAccess("isAuthenticated()") .allowFormAuthenticationForClients(); }
@Configuration @EnableWebSecurity @EnableGlobalMethodSecurity(prePostEnabled = true) public class SecurityConfig extends WebSecurityConfigurerAdapter { @Bean public PasswordEncoder passwordEncoder() { return NoOpPasswordEncoder.getInstance(); } @Override public void configure(HttpSecurity http) throws Exception { http .formLogin() .loginPage("/login").permitAll() .and() .authorizeRequests() .anyRequest() .authenticated(); // http // .authorizeRequests() // .anyRequest().authenticated() // .and() // .oauth2Login(); } @Autowired public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception { auth .inMemoryAuthentication() .withUser("user").password("123").roles("USER"); } @Override @Bean public AuthenticationManager authenticationManagerBean() throws Exception { return super.authenticationManagerBean(); }
resourceserver:
@Configuration @EnableResourceServer public class ResourceServiceConfig extends ResourceServerConfigurerAdapter{ @Bean public JwtAccessTokenConverter accessTokenConverter() { JwtAccessTokenConverter converter = new JwtAccessTokenConverter(); converter.setSigningKey("asdfadf"); return converter; } @Bean public TokenStore tokenStore() { // return new InMemoryTokenStore(); // return new JdbcTokenStore(jdbcTokenDataSource()); return new JwtTokenStore(accessTokenConverter()); } @Bean @Primary public DefaultTokenServices tokenServices() { DefaultTokenServices defaultTokenServices = new DefaultTokenServices(); defaultTokenServices.setTokenStore(tokenStore()); return defaultTokenServices; } @Override public void configure(ResourceServerSecurityConfigurer config) { config.tokenServices(tokenServices()) .resourceId("demo1") .stateless(true); } @Override public void configure(HttpSecurity http) throws Exception { http.requestMatchers().antMatchers("/api/**") .and() .authorizeRequests() .antMatchers("/api/**").authenticated(); }
获取token: curl -i -X POST -d "username=user&password=123&grant_type=password&client_id=demo&client_secret=secret" http://localhost:8085/oauth/token 访问资源: curl -i http://localhost:8085/api/info?access_token=1111111 校验信息: curl -i -X POST -H "Accept:application/json" -u "demoApp:demoAppSecret" http://localhost:8081/oauth/check_token?token=111111 git源码网址:oauth2server-https://github.com/Addison666/oauth2Jwt resourceserver-https://github.com/Addison666/oauth2JwtResource