oauth2.0 高性能服务器,搭建oauth2.0 授权服务器

pom.xml

xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">

4.0.0

io.spring2go

authcode-server

0.0.1-SNAPSHOT

jar

authcode-server

Demo project for Spring Boot

org.springframework.boot

spring-boot-starter-parent

1.5.10.RELEASE

UTF-8

UTF-8

1.8

org.springframework.boot

spring-boot-starter-security

org.springframework.boot

spring-boot-starter-web

org.springframework.security.oauth

spring-security-oauth2

org.springframework.boot

spring-boot-starter-test

test

org.springframework.security

spring-security-test

test

org.springframework.boot

spring-boot-maven-plugin

配置授权服务器

package io.spring2go.authcodeserver.config;

import org.springframework.context.annotation.Configuration;

import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;

import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;

import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;

//授权服务器配置

@Configuration

@EnableAuthorizationServer

public class OAuth2AuthorizationServer extends

AuthorizationServerConfigurerAdapter {

@Override

public void configure(ClientDetailsServiceConfigurer clients)

throws Exception {

clients.inMemory()

.withClient("clientapp")

.secret("112233")

.redirectUris("http://localhost:9001/callback")

// 授权码模式

.authorizedGrantTypes("authorization_code")

.scopes("read_userinfo", "read_contacts");

}

}

配置资源服务器

package io.spring2go.authcodeserver.config;

import org.springframework.context.annotation.Configuration;

import org.springframework.security.config.annotation.web.builders.HttpSecurity;

import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;

import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;

//资源服务配置

@Configuration

@EnableResourceServer

public class OAuth2ResourceServer extends ResourceServerConfigurerAdapter {

@Override

public void configure(HttpSecurity http) throws Exception {

http.authorizeRequests()

.anyRequest()

.authenticated()

.and()

.requestMatchers()

.antMatchers("/api/**");

}

}

编写资源api

package io.spring2go.authcodeserver.api;

import org.springframework.http.ResponseEntity;

import org.springframework.security.core.context.SecurityContextHolder;

import org.springframework.security.core.userdetails.User;

import org.springframework.stereotype.Controller;

import org.springframework.web.bind.annotation.RequestMapping;

@Controller

public class UserController {

// 资源API

@RequestMapping("/api/userinfo")

public ResponseEntity getUserInfo() {

User user = (User) SecurityContextHolder.getContext()

.getAuthentication().getPrincipal();

String email = user.getUsername() + "@spring2go.com";

UserInfo userInfo = new UserInfo();

userInfo.setName(user.getUsername());

userInfo.setEmail(email);

return ResponseEntity.ok(userInfo);

}

}

public class UserInfo {

private String name;

private String email;

public String getName() {

return name;

}

public void setName(String name) {

this.name = name;

}

public String getEmail() {

return email;

}

public void setEmail(String email) {

this.email = email;

}

}

启动类

package io.spring2go.authcodeserver;

import org.springframework.boot.SpringApplication;

import org.springframework.boot.autoconfigure.SpringBootApplication;

@SpringBootApplication

public class AuthCodeServerApplication {

public static void main(String[] args) {

SpringApplication.run(AuthCodeServerApplication.class, args);

}

}

readme

基于授权码模式+Spring Security OAuth2的最简授权服务器

操作方式

1. 获取授权码

浏览器请求：

注意：state参数暂忽略

响应案例：

#2. 获取访问令牌

curl -X POST --user clientapp:112233 http://localhost:8080/oauth/token -H

"content-type: application/x-www-form-urlencoded" -d

"code=8uYpdo&grant_type=authorization_code&redirect_uri=http%3A%2F%2Flocalh

ost%3A9001%2Fcallback&scope=read_userinfo"

image.png

案例响应：

{

"access_token": "3e7279ef-0453-4356-8104-579503e38a3e",

"token_type": "bearer",

"expires_in": 43199,

"scope": "read_userinfo"

}

3. 调用API

image.png

curl -X GET http://localhost:8080/api/userinfo -H "authorization: Bearer 36cded80-b6f5-43b7-bdfc-594788a24530"

案例响应：

{

"name": "bobo",

"email": "bobo@spring2go.com"

}

这样简单授权服务器就搭建成功了