OAuth2.0 Authorization Server授权服务器之入门配置

OAuth2.0之Authorization Server授权服务器配置

下一节:Oauth2 resource server入门配置

pom.xml

<dependencies>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-web</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.cloud</groupId>
            <artifactId>spring-cloud-starter-oauth2</artifactId>
        </dependency>
    </dependencies>

配置类 Oauth2Config

@EnableAuthorizationServer
@Configuration
public class Oauth2Config extends AuthorizationServerConfigurerAdapter { //  继承证服务器配置适配类 

//    token生成策略
    @Autowired
    private TokenStore tokenStore;

//    client 客户端信息服务类
    @Autowired
    private ClientDetailsService clientDetailsService;

//    授权码服务类
    @Autowired
    private AuthorizationCodeServices authorizationCodeServices;

//    身份信息管理类
    @Autowired
    private AuthenticationManager authenticationManager;

//    密码加密器
    @Autowired
    private PasswordEncoder passwordEncoder;

//    配置认证服务
    @Override
    public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
        security.tokenKeyAccess("permitAll()")
                .checkTokenAccess("permitAll()")
                .allowFormAuthenticationForClients();
    }

    /**
     * 配置客户端信息
     * @param clients
     * @throws Exception
     */
    @Override
    public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
        clients.inMemory()
                .withClient("client")
                .secret(passwordEncoder.encode("123456"))
                .resourceIds("resource1") //可以访问的资源编号
                .authorizedGrantTypes("authorization_code","password","client_credentials","implicit","refresh_token") //客户端允许的授权类型
                .scopes("server") //允许授权的范围
                .autoApprove(false) //false  表示请求来到时会跳转到授权页面
                .redirectUris("http://www.baidu.com")
        ;
    }

//    配置认证服务端点
    @Override
    public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
        endpoints.authenticationManager(authenticationManager) //security认证管理器
                .tokenServices(tokenService()) //token服务
                .authorizationCodeServices(authorizationCodeServices) //授权码服务
                .allowedTokenEndpointRequestMethods(HttpMethod.GET, HttpMethod.POST)
        ;
    }


    /**
     * token 令牌服务
     * @return
     */
    @Bean
    public AuthorizationServerTokenServices tokenService() {
        DefaultTokenServices defaultTokenServices = new DefaultTokenServices();
        defaultTokenServices.setClientDetailsService(clientDetailsService);
        defaultTokenServices.setTokenStore(tokenStore);  //关联存储方式
//        defaultTokenServices.setTokenEnhancer();
        defaultTokenServices.setSupportRefreshToken(true);
        defaultTokenServices.setAccessTokenValiditySeconds(7200); //令牌有效期 两小时
        defaultTokenServices.setRefreshTokenValiditySeconds(259200); //刷新令牌有效期 三天
        return defaultTokenServices;
    }

    @Bean
    public TokenStore tokenStore() {
        return new InMemoryTokenStore();
    }

    @Bean
    public AuthorizationCodeServices authorizationCodeServices() {
        return new InMemoryAuthorizationCodeServices();
    }
}

security 配置类 SecurityConfig

@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {
    @Bean
    public PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
//        super.configure(auth);
        auth.inMemoryAuthentication()
                .withUser("da")
                .password(passwordEncoder().encode("123456"))
                .authorities("root")
        ;
    }

    @Override
    public void configure(WebSecurity web) throws Exception {
        web.ignoring().antMatchers("/index");
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.csrf()
                .disable()
                .authorizeRequests()
                .anyRequest()
                .authenticated()
                .and()
                .formLogin();
    }


    @Override
    @Bean
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }
}

下一节:Oauth2 resource server入门配置

©️2020 CSDN 皮肤主题: 大白 设计师:CSDN官方博客 返回首页