以下是把配置文件放在Git仓库,SpringCloudConfig配置中心拉取,动态刷新
一.for pom.xml
<dependencies>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-netflix-eureka-client</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
</dependency>
<!--config-->
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-config-client</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-config</artifactId>
</dependency>
<!--spring-cloud-bus-->
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-bus-amqp</artifactId>
</dependency>
<!-- actuator监控 -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-actuator</artifactId>
</dependency>
<!-- hystrix容错 -->
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-netflix-hystrix</artifactId>
</dependency>
<!-- 加密标配 -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-oauth2</artifactId>
</dependency>
<!--添加 重试机制 的依赖
因网络的抖动等原因导致config-client在启动时候访问config-server没有访问成功从而报错,
希望config-client能重试几次,故重试机制
-->
<dependency>
<groupId>org.springframework.retry</groupId>
<artifactId>spring-retry</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-aop</artifactId>
</dependency>
<!--nosql-->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-redis</artifactId>
</dependency>
<dependency>
<groupId>redis.clients</groupId>
<artifactId>jedis</artifactId>
<version>2.9.0</version>
</dependency>
<!--cache-->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-cache</artifactId>
</dependency>
</dependencies>
<build>
<finalName>${project.artifactId}</finalName>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
<version>1.5.13.RELEASE</version>
<configuration>
<!-- 指定程序入口 -->
<mainClass>com.huajie.provider.auth.AuthApplication</mainClass>
</configuration>
<executions>
<execution>
<goals>
<goal>repackage</goal>
</goals>
</execution>
<!--<execution>-->
<!--<goals>-->
<!--<goal>build-info</goal>-->
<!--</goals>-->
<!--</execution>-->
</executions>
</plugin>
<!-- 添加docker-maven插件 -->
<plugin>
<groupId>com.spotify</groupId>
<artifactId>docker-maven-plugin</artifactId>
<version>0.4.13</version>
<configuration>
<imageName>${project.artifactId}:${project.version}</imageName>
<baseImage>java</baseImage>
<entryPoint>["java", "-jar", "/${project.build.finalName}.jar"]</entryPoint>
<!--覆盖已存在的标签 镜像-->
<forceTags>true</forceTags>
<resources>
<resource>
<targetPath>/</targetPath>
<directory>${project.build.directory}</directory>
<include>${project.build.finalName}.jar</include>
</resource>
</resources>
</configuration>
</plugin>
</plugins>
</build>
二 for java file (class)
1. OAuth 授权服务器配置
@Configuration
@EnableAuthorizationServer
public class AuthorizationServerConfiguration extends AuthorizationServerConfigurerAdapter {
private static final Logger log = LoggerFactory.getLogger(AuthorizationServerConfiguration.class);
// 注入认证管理
@Autowired
AuthenticationManager authenticationManager;
// 方案 一:采用redis缓存服务存储token
@Autowired
RedisConnectionFactory redisConnectionFactory;
// 方案二 使用内存存储token
@Autowired
private TokenStore tokenStore;
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
log.info("======================^_^ start client validation ^_^========================");
//自定义验证:实现 ClientDetailsService接口
clients.withClientDetails(new BaseClientDetailService());
//内存中 配置客户端,一个用于password认证一个用于client认证
// clients.inMemory()
// .withClient("client_1")
// .resourceIds("order")
// .authorizedGrantTypes("client_credentials", "refresh_token")
// .scopes("select")
// .authorities("oauth2")
// .secret(finalSecret)
// .and()
// .withClient("client_2")
// .resourceIds("order") // 资源id
// .authorizedGrantTypes("password", "refresh_token")
// .scopes("select")
// .authorities("oauth2")
// .secret(finalSecret)
// .and()
// .withClient("client_code")
// .resourceIds(DEMO_RESOURCE_ID) // 资源id
// .authorizedGrantTypes("authorization_code", "client_credentials", "refresh_token",
// "password", "implicit")
// .scopes("all")
// //.authorities("oauth2")
// .redirectUris("http://www.baidu.com")
// .accessTokenValiditySeconds(1200)
// .refreshTokenValiditySeconds(50000);
}
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
log.info("======================^_^ start generate token ^_^========================");
// 基于方案一,*******redis服务存储token*********
// 样例keys如下:
// 1) "auth_to_access:227ccfa0102c5cbefcc06a8b99bc12fa"
// 2) "uname_to_access:client:admin"
// 3) "access_to_refresh:e711ab59-f49b-4400-a3eb-4af90df67395"
// 4) "client_id_to_access:client"
// 5) "refresh_to_access:c45d5a9e-f3e6-4170-9ae7-b8f57e67277f"
// 6) "refresh:c45d5a9e-f3e6-4170-9ae7-b8f57e67277f"
// 7) "refresh_auth:c45d5a9e-f3e6-4170-9ae7-b8f57e67277f"
// 8) "access:e711ab59-f49b-4400-a3eb-4af90df67395"
// 9) "auth:e711ab59-f49b-4400-a3eb-4af90df67395"
endpoints
.tokenStore(new MyRedisTokenStore(redisConnectionFactory))
.authenticationManager(authenticationManager)
.allowedTokenEndpointRequestMethods(HttpMethod.GET,