SpringCloud2.0整合OAuth2.0

最新推荐文章于 2024-05-28 08:25:45 发布

M义薄云天

最新推荐文章于 2024-05-28 08:25:45 发布

阅读量2.3k

点赞数

分类专栏： javaEE

本文链接：https://blog.csdn.net/weixin_39494923/article/details/85247130

版权

本文档详细介绍了如何在SpringCloud2.0中整合OAuth2.0授权服务，包括OAuth授权服务器配置、Spring-Security安全设置、资源服务器配置、使用Redis存储token并解决最新版RedisTokenStore的弃用问题，以及自定义客户端认证和配置文件的加密认证等步骤。

摘要由CSDN通过智能技术生成

以下是把配置文件放在Git仓库，SpringCloudConfig配置中心拉取，动态刷新

一.for pom.xml

<dependencies>
       <dependency>
           <groupId>org.springframework.cloud</groupId>
           <artifactId>spring-cloud-starter-netflix-eureka-client</artifactId>
       </dependency>
       <dependency>
           <groupId>org.springframework.boot</groupId>
           <artifactId>spring-boot-starter-test</artifactId>
       </dependency>
       <!--config-->
       <dependency>
           <groupId>org.springframework.cloud</groupId>
           <artifactId>spring-cloud-config-client</artifactId>
       </dependency>
       <dependency>
           <groupId>org.springframework.cloud</groupId>
           <artifactId>spring-cloud-starter-config</artifactId>
       </dependency>
       <!--spring-cloud-bus-->
       <dependency>
           <groupId>org.springframework.cloud</groupId>
           <artifactId>spring-cloud-starter-bus-amqp</artifactId>
       </dependency>
       <!-- actuator监控 -->
       <dependency>
           <groupId>org.springframework.boot</groupId>
           <artifactId>spring-boot-starter-actuator</artifactId>
       </dependency>
       <!-- hystrix容错 -->
       <dependency>
           <groupId>org.springframework.cloud</groupId>
           <artifactId>spring-cloud-starter-netflix-hystrix</artifactId>
       </dependency>
       <!-- 加密标配 -->
       <dependency>
           <groupId>org.springframework.boot</groupId>
           <artifactId>spring-boot-starter-security</artifactId>
       </dependency>
       <dependency>
           <groupId>org.springframework.cloud</groupId>
           <artifactId>spring-cloud-starter-oauth2</artifactId>
       </dependency>
       <!--添加  重试机制 的依赖
因网络的抖动等原因导致config-client在启动时候访问config-server没有访问成功从而报错，
希望config-client能重试几次，故重试机制
-->
       <dependency>
           <groupId>org.springframework.retry</groupId>
           <artifactId>spring-retry</artifactId>
       </dependency>
       <dependency>
           <groupId>org.springframework.boot</groupId>
           <artifactId>spring-boot-starter-aop</artifactId>
       </dependency>
       <!--nosql-->
       <dependency>
           <groupId>org.springframework.boot</groupId>
           <artifactId>spring-boot-starter-data-redis</artifactId>
       </dependency>
       <dependency>
           <groupId>redis.clients</groupId>
           <artifactId>jedis</artifactId>
           <version>2.9.0</version>
       </dependency>
       <!--cache-->
       <dependency>
           <groupId>org.springframework.boot</groupId>
           <artifactId>spring-boot-starter-cache</artifactId>
       </dependency>
   </dependencies>
   <build>
       <finalName>${project.artifactId}</finalName>
       <plugins>
           <plugin>
               <groupId>org.springframework.boot</groupId>
               <artifactId>spring-boot-maven-plugin</artifactId>
               <version>1.5.13.RELEASE</version>
               <configuration>
                   <!-- 指定程序入口 -->
                   <mainClass>com.huajie.provider.auth.AuthApplication</mainClass>
               </configuration>
               <executions>
                   <execution>
                       <goals>
                           <goal>repackage</goal>
                       </goals>
                   </execution>
                   <!--<execution>-->
                   <!--<goals>-->
                   <!--<goal>build-info</goal>-->
                   <!--</goals>-->
                   <!--</execution>-->
               </executions>
           </plugin>
           <!-- 添加docker-maven插件 -->
           <plugin>
               <groupId>com.spotify</groupId>
               <artifactId>docker-maven-plugin</artifactId>
               <version>0.4.13</version>
               <configuration>
                   <imageName>${project.artifactId}:${project.version}</imageName>
                   <baseImage>java</baseImage>
                   <entryPoint>["java", "-jar", "/${project.build.finalName}.jar"]</entryPoint>
                   <!--覆盖已存在的标签 镜像-->
                   <forceTags>true</forceTags>
                   <resources>
                       <resource>
                           <targetPath>/</targetPath>
                           <directory>${project.build.directory}</directory>
                           <include>${project.build.finalName}.jar</include>
                       </resource>
                   </resources>
               </configuration>
           </plugin>
       </plugins>
   </build>

二 for java file (class)

1. OAuth 授权服务器配置

@Configuration
@EnableAuthorizationServer
public class AuthorizationServerConfiguration extends AuthorizationServerConfigurerAdapter {

    private static final Logger log = LoggerFactory.getLogger(AuthorizationServerConfiguration.class);

    // 注入认证管理
    @Autowired
    AuthenticationManager authenticationManager;

    // 方案 一：采用redis缓存服务存储token
    @Autowired
    RedisConnectionFactory redisConnectionFactory;

    // 方案二 使用内存存储token
    @Autowired
    private TokenStore tokenStore;


    @Override
    public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
        log.info("======================^_^ start client validation  ^_^========================");
        //自定义验证：实现 ClientDetailsService接口
        clients.withClientDetails(new BaseClientDetailService());

        //内存中 配置客户端,一个用于password认证一个用于client认证
//        clients.inMemory()
//            .withClient("client_1")
//            .resourceIds("order")
//            .authorizedGrantTypes("client_credentials", "refresh_token")
//            .scopes("select")
//            .authorities("oauth2")
//            .secret(finalSecret)
//            .and()
//            .withClient("client_2")
//            .resourceIds("order") // 资源id
//            .authorizedGrantTypes("password", "refresh_token")
//            .scopes("select")
//            .authorities("oauth2")
//            .secret(finalSecret)
//            .and()
//            .withClient("client_code")
//            .resourceIds(DEMO_RESOURCE_ID)  // 资源id
//            .authorizedGrantTypes("authorization_code", "client_credentials", "refresh_token",
//                    "password", "implicit")
//            .scopes("all")
//            //.authorities("oauth2")
//            .redirectUris("http://www.baidu.com")
//            .accessTokenValiditySeconds(1200)
//            .refreshTokenValiditySeconds(50000);
    }

    @Override
    public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
        log.info("======================^_^ start generate token ^_^========================");
        // 基于方案一，*******redis服务存储token*********
        // 样例keys如下：
//        1) "auth_to_access:227ccfa0102c5cbefcc06a8b99bc12fa"
//        2) "uname_to_access:client:admin"
//        3) "access_to_refresh:e711ab59-f49b-4400-a3eb-4af90df67395"
//        4) "client_id_to_access:client"
//        5) "refresh_to_access:c45d5a9e-f3e6-4170-9ae7-b8f57e67277f"
//        6) "refresh:c45d5a9e-f3e6-4170-9ae7-b8f57e67277f"
//        7) "refresh_auth:c45d5a9e-f3e6-4170-9ae7-b8f57e67277f"
//        8) "access:e711ab59-f49b-4400-a3eb-4af90df67395"
//        9) "auth:e711ab59-f49b-4400-a3eb-4af90df67395"
        endpoints
                .tokenStore(new MyRedisTokenStore(redisConnectionFactory))
                .authenticationManager(authenticationManager)
                .allowedTokenEndpointRequestMethods(HttpMethod.GET,

最低0.47元/天解锁文章

M义薄云天

关注

0
点赞
踩
6

收藏

觉得还不错? 一键收藏
0
评论
SpringCloud2.0整合OAuth2.0

以下是把配置文件放在Git仓库，SpringCloudConfig配置中心拉取，动态刷新一.for pom.xml&lt;dependencies&gt; &lt;dependency&gt; &lt;groupId&gt;org.springframework.cloud&lt;/groupId&gt; &lt;artifact...
复制链接

扫一扫