spring authorization server使用说明

已于 2022-10-03 21:42:04 修改
阅读量1.3k 收藏
点赞数
分类专栏: spring security 文章标签: spring security oauth2授权中心
于 2022-10-02 22:00:41 首次发布
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/weixin_43931625/article/details/127146915
版权

spring authorization server使用说明

        

               

                                         

相关依赖

           

        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-security</artifactId>
        </dependency>

        <!-- 授权客户端 -->
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-oauth2-client</artifactId>
        </dependency>

        <!-- 授权服务器 -->
        <dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-oauth2-authorization-server</artifactId>
            <version>0.3.1</version>
        </dependency>

            

                    

                                         

授权组件注册

        

OAuth2AuthorizationServerConfigurer:注册授权组件

public final class OAuth2AuthorizationServerConfigurer<B extends HttpSecurityBuilder<B>> extends AbstractHttpConfigurer<OAuth2AuthorizationServerConfigurer<B>, B> {
    private final Map<Class<? extends AbstractOAuth2Configurer>, AbstractOAuth2Configurer> configurers = this.createConfigurers();
    private RequestMatcher jwkSetEndpointMatcher;
    private RequestMatcher authorizationServerMetadataEndpointMatcher;
    private final RequestMatcher endpointsMatcher = (request) -> {
        return this.getRequestMatcher(OAuth2AuthorizationEndpointConfigurer.class).matches(request) || this.getRequestMatcher(OAuth2TokenEndpointConfigurer.class).matches(request) || this.getRequestMatcher(OAuth2TokenIntrospectionEndpointConfigurer.class).matches(request) || this.getRequestMatcher(OAuth2TokenRevocationEndpointConfigurer.class).matches(request) || this.getRequestMatcher(OidcConfigurer.class).matches(request) || this.jwkSetEndpointMatcher.matches(request) || this.authorizationServerMetadataEndpointMatcher.matches(request);
    };

    public OAuth2AuthorizationServerConfigurer() {
    }

    public OAuth2AuthorizationServerConfigurer<B> registeredClientRepository(RegisteredClientRepository registeredClientRepository) {
    public OAuth2AuthorizationServerConfigurer<B> authorizationService(OAuth2AuthorizationService authorizationService) {
    public OAuth2AuthorizationServerConfigurer<B> authorizationConsentService(OAuth2AuthorizationConsentService authorizationConsentService) {

    public OAuth2AuthorizationServerConfigurer<B> tokenGenerator(OAuth2TokenGenerator<? extends OAuth2Token> tokenGenerator) {

    public OAuth2AuthorizationServerConfigurer<B> providerSettings(ProviderSettings providerSettings) {

    public OAuth2AuthorizationServerConfigurer<B> clientAuthentication(Customizer<OAuth2ClientAuthenticationConfigurer> clientAuthenticationCustomizer) {

    public OAuth2AuthorizationServerConfigurer<B> authorizationEndpoint(Customizer<OAuth2AuthorizationEndpointConfigurer> authorizationEndpointCustomizer) {

    public OAuth2AuthorizationServerConfigurer<B> tokenEndpoint(Customizer<OAuth2TokenEndpointConfigurer> tokenEndpointCustomizer) {
    public OAuth2AuthorizationServerConfigurer<B> tokenIntrospectionEndpoint(Customizer<OAuth2TokenIntrospectionEndpointConfigurer> tokenIntrospectionEndpointCustomizer) {
    public OAuth2AuthorizationServerConfigurer<B> tokenRevocationEndpoint(Customizer<OAuth2TokenRevocationEndpointConfigurer> tokenRevocationEndpointCustomizer) {

    public OAuth2AuthorizationServerConfigurer<B> oidc(Customizer<OidcConfigurer> oidcCustomizer) {


    public void init(B builder) {
    public void configure(B builder) {
    public RequestMatcher getEndpointsMatcher() {


    private <T> T getConfigurer(Class<T> type) {
    private void initEndpointMatchers(ProviderSettings providerSettings) {
    private static void validateProviderSettings(ProviderSettings providerSettings) {
    private <T extends AbstractOAuth2Configurer> RequestMatcher getRequestMatcher(Class<T> configurerType) {
    private Map<Class<? extends AbstractOAuth2Configurer>, AbstractOAuth2Configurer> createConfigurers() {

        

                 

                                         

客户端信息

        

RegisteredClient

public class RegisteredClient implements Serializable {
    private static final long serialVersionUID;
    private String id;
    private String clientId;
    private Instant clientIdIssuedAt;
    private String clientSecret;
    private Instant clientSecretExpiresAt;
    private String clientName;
    private Set<ClientAuthenticationMethod> clientAuthenticationMethods;
    private Set<AuthorizationGrantType> authorizationGrantTypes;
    private Set<String> redirectUris;
    private Set<String> scopes;
    private ClientSettings clientSettings;
    private TokenSettings tokenSettings;

    protected RegisteredClient() {
    }

    public String getId() {
    public String getClientId() {
    public String getClientName() {

    public Set<String> getScopes() {
    public Set<String> getRedirectUris() {
    public TokenSettings getTokenSettings() {
    public ClientSettings getClientSettings() {

    @Nullable
    public Instant getClientIdIssuedAt() {

    @Nullable
    public String getClientSecret() {

    @Nullable
    public Instant getClientSecretExpiresAt() {

    public Set<AuthorizationGrantType> getAuthorizationGrantTypes() {
    public Set<ClientAuthenticationMethod> getClientAuthenticationMethods() {

    public boolean equals(Object obj) {
    public int hashCode() {
    public String toString() {


    public static RegisteredClient.Builder withId(String id) {   //创建构造类
        Assert.hasText(id, "id cannot be empty");
        return new RegisteredClient.Builder(id);
    }

    public static RegisteredClient.Builder from(RegisteredClient registeredClient) {
        Assert.notNull(registeredClient, "registeredClient cannot be null");
        return new RegisteredClient.Builder(registeredClient);
    }

    static {
        serialVersionUID = Version.SERIAL_VERSION_UID;
    }


**********
Builder:客户端构造类

    public static class Builder implements Serializable {
        private static final long serialVersionUID;
        private String id;
        private String clientId;
        private Instant clientIdIssuedAt;
        private String clientSecret;
        private Instant clientSecretExpiresAt;
        private String clientName;
        private final Set<ClientAuthenticationMethod> clientAuthenticationMethods = new HashSet();
        private final Set<AuthorizationGrantType> authorizationGrantTypes = new HashSet();
        private final Set<String> redirectUris = new HashSet();
        private final Set<String> scopes = new HashSet();
        private ClientSettings clientSettings;
        private TokenSettings tokenSettings;

        protected Builder(String id) {
        protected Builder(RegisteredClient registeredClient) {

        public RegisteredClient.Builder id(String id) {
        public RegisteredClient.Builder clientId(String clientId) {
        public RegisteredClient.Builder clientName(String clientName) {
        public RegisteredClient.Builder clientSecret(String clientSecret) {
        public RegisteredClient.Builder clientIdIssuedAt(Instant clientIdIssuedAt) {
        public RegisteredClient.Builder clientSecretExpiresAt(Instant clientSecretExpiresAt) {

        public RegisteredClient.Builder clientAuthenticationMethod(ClientAuthenticationMethod clientAuthenticationMethod) {
        public RegisteredClient.Builder clientAuthenticationMethods(Consumer<Set<ClientAuthenticationMethod>> clientAuthenticationMethodsConsumer) {

        public RegisteredClient.Builder authorizationGrantType(AuthorizationGrantType authorizationGrantType) {
        public RegisteredClient.Builder authorizationGrantTypes(Consumer<Set<AuthorizationGrantType>> authorizationGrantTypesConsumer) {

        public RegisteredClient.Builder redirectUri(String redirectUri) {
        public RegisteredClient.Builder redirectUris(Consumer<Set<String>> redirectUrisConsumer) {

        public RegisteredClient.Builder scope(String scope) {
        public RegisteredClient.Builder scopes(Consumer<Set<String>> scopesConsumer) {

        public RegisteredClient.Builder clientSettings(ClientSettings clientSettings) {
        public RegisteredClient.Builder tokenSettings(TokenSettings tokenSettings) {


        public RegisteredClient build() {

        private void validateScopes() {
        private RegisteredClient create() {
        private void validateRedirectUris() {
        private boolean isPublicClientType() {

        private static boolean validateScope(String scope) {
        private static boolean validateRedirectUri(String redirectUri) {
        private static boolean withinTheRangeOf(int c, int min, int max) {

        static {
            serialVersionUID = Version.SERIAL_VERSION_UID;
        }

           

RegisteredClientRepository

public interface RegisteredClientRepository {
    void save(RegisteredClient registeredClient);

    @Nullable
    RegisteredClient findById(String id);

    @Nullable
    RegisteredClient findByClientId(String clientId);
}

                 

                        

InMemoryRegisteredClientRepository:内存中存储客户端信息

public final class InMemoryRegisteredClientRepository implements RegisteredClientRepository {
    private final Map<String, RegisteredClient> idRegistrationMap;       //key为id
    private final Map<String, RegisteredClient> clientIdRegistrationMap; //key为clientId

    public InMemoryRegisteredClientRepository(RegisteredClient... registrations) {
        this(Arrays.asList(registrations));
    }

    public InMemoryRegisteredClientRepository(List<RegisteredClient> registrations) {
        Assert.notEmpty(registrations, "registrations cannot be empty");
        ConcurrentHashMap<String, RegisteredClient> idRegistrationMapResult = new ConcurrentHashMap();
        ConcurrentHashMap<String, RegisteredClient> clientIdRegistrationMapResult = new ConcurrentHashMap();
        Iterator var4 = registrations.iterator();

        while(var4.hasNext()) {
            RegisteredClient registration = (RegisteredClient)var4.next();
最低0.47元/天 解锁文章
o_瓜田李下_o
关注
专栏目录
Spring Authorization Server 授权服务器
xxxzzzqqq_的博客
03-07 2672
Spring Authorization Server 遵循Oauth2.1和OpenID Connect 1.0,它建立在Spring Security之上。 ​
AD20 Altium designer——如何快速批量调整丝印位置、大小_ad丝印层怎么设置
2401_85013850的博客
05-16 1127
如果我们不需要进行批量调整,可以参考一下步骤在一些复杂的PCB,我们可以在选择丝印层后,按下Shift+S键,可以更清楚地看清丝印布局,效果如下所示。
微服务安全——OAuth2.1详解、授权码模式、SpringAuthorizationServer实战、SSO单点登录、Gateway整合OAuth2
最新发布
qq_44027353的博客
07-23 3663
Spring Authorization Server 是一个框架,它提供了 和 规范以及其他相关规范的实现。它建立在 Spring Security 之上,为构建 OpenID Connect 1.0 身份提供者和 OAuth2 授权服务器产品提供了一个安全、轻量级和可定制的基础。说白了,Spring Authorization Server 就是一个认证(授权)服务器。官方主页:https://spring.io/projects/spring-authorization-server因为随着网络和
spring官网授权服务器spring-authorization-server
小小白兔兔
06-03 1497
https://github.com/spring-projects-experimental/spring-authorization-server 目前最新的spring-authorization-server的信息 <!-- https://mvnrepository.com/artifact/org.springframework.security.experimental/spring-security-oauth2-authorization-server --> <depe
spring-authorization-server:由Spring Security团队领导的社区驱动项目,致力于为Spring社区提供Authorization Server支持
03-20
Spring授权服务器 Spring Authorization Server是由团队领导的社区驱动的项目,致力于向Spring社区提供支持。 该项目将作为独立项目在Spring的实验项目中开始,以便它可以更快地发展。 该项目的最终目标是取代提供的Authorization Server支持。 在我们社区的急需帮助下,该项目将以与原始Spring Security OAuth项目相同的方式增长。 功能规划 该项目使用来确定功能路线图的优先级,并帮助组织项目计划。可以在访问项目板。建议安装ZenHub因为它在GitHub的用户界面中本地集成。 可以在查看已完成和即将发布的功能列表。 入门 首先要阅读的是以深入了解如何构建授权服务器。这是至关重要的第一步,因为实现必须符合OAuth 2.0授权框架中定义的规范以及。 第二个开始是要非常熟悉以下Spring Security模块中的代码库: (
使用 Spring Authorization Server
semicolon_hello的专栏
02-20 1485
如果你想要自定义默认配置(无论你是否使用Spring Boot),你可以在一个Spring @Configuration中将最小必需组件定义为@Bean。这些组件可以定义如下:try {} }try {} }KeyPair;
spring-security-oauth2-authorization-server.zip
08-25
本文以最简配置搭建一个授权服务,让大家初步了解授权服务及相关表。 token 存于数据库中 例子基于Spring Boot 2.1.7.RELEASE ,使用mysql数据库
spring authorization server sso android 登录演示
何虎军
11-22 930
spring authorization server 0.3.1 sso Android端的登录演示
spring authorization server 0.3.1 - 默认示例
何虎军
11-20 937
Spring Authorization Server 0.3.1 示例代码
全新的Spring Authorization Server快速入门
2301_76225404的博客
04-19 752
总的来说,面试是有套路的,一面基础,二面架构,三面个人。最后,小编这里收集整理了一些资料,其中包括面试题(含答案)、书籍、视频等。希望也能帮助想进大厂的朋友《互联网大厂面试真题解析、进阶开发核心学习笔记、全套讲解视频、实战项目源码讲义》点击传送门即可获取![外链图片转存中…(img-RRdMgEjg-1713527934330)]《互联网大厂面试真题解析、进阶开发核心学习笔记、全套讲解视频、实战项目源码讲义》点击传送门即可获取!
spring-reactive-authorization-server
03-07
支持具有较旧版本的spring的支持项目,这些项目希望转换为响应式和/或等待使用响应式实现发布Spring Authorization Server项目。 笔记 我无意声称Pivotal作品是我自己的作品。 我只创建旧的Spring授权服务器的React...
spring-authorization-server入门
qq_42126105的博客
12-16 579
Spring Authorization Server服务整合
Spring Authorization Server 1.1 扩展实现 OAuth2 密码模式与 Spring Cloud 的整合实战
有来技术
10-24 9859
本文基于开源微服务商城项目 youlai-mall、Spring Boot 3 和 Spring Authorization Server 1.1 版本,演示了如何扩展密码模式,以及如何将其应用于 Spring Cloud 微服务实战。
(一)学习spring-cloud:2021之spring-authorization-server
热门推荐
qq_37182370的博客
05-27 1万+
1. 前言 1.1为什么使用spring-authorization-server? 真实原因:原先是因为个人原因,需要研究新版鉴权服务,看到了spring-authorization-server使用过程中,想着能不能整合新版本cloud,因此此处先以springboot搭建spring-authorization-server,后续再替换为springcloud。 官方原因:原先使用Spring Security OAuth,而该项目已经逐渐被淘汰,虽然网上.............
Spring Authorization Server入门(一)
读书人的博客
07-26 277
基于 Spring Framework 的开源项目,用于构建身份验证和授权服务器。
(一)学习spring-cloud2021之spring-authorization-server
m0_67402125的博客
07-30 2024
至此,spring-authorization-server的基础使用已完成,总体上和原SpringSecurityOAuth大差不差,个别配置项不同。由于不太会写文章,我就直接贴出代码,代码中我有加上注释,所以上述文章中,没有很具体的描述,基本就是个人开发流程,若文中有那里写不对,欢迎指教,不喜勿喷。关于升级springcloud2021.0.x部分,请查看后续相关文章先自我介绍一下,小编13年上师交大毕业,曾经在小公司待过,去过华为OPPO等大厂,18年进入阿里,直到现在。https。...
Spring Authorization Server 正式加入 Spring Projects | Spring Security
邓超的博客
08-17 291
Spring Authorization Server 已正式退出实验状态并进入Spring 项目的产品组合
Spring Authorization Server入门 (十六) Spring Cloud Gateway对接认证服务
云逸的博客
08-27 5243
之前虽然单独讲过Security Client和Resource Server的对接,但是都是基于Spring webmvc的,Gateway这种非阻塞式的网关是基于webflux的,对于集成Security相关内容略有不同,且涉及到代理其它微服务,所以会稍微比较麻烦些,今天就带大家来实现Gateway网关对接OAuth2认证服务。
public class AuthorizationServerConfig { @Bean @Order(Ordered.HIGHEST_PRECEDENCE) public SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception { OAuth2AuthorizationServerConfiguration.applyDefaultSecurity(http); return http.formLogin(Customizer.withDefaults()).build(); } //用于监管客户端的实例 @Bean public RegisteredClientRepository registeredClientRepository(JdbcTemplate jdbcTemplate) { RegisteredClient client = RegisteredClient.withId("baidu") .clientId("baidu") .clientSecret("{noop}baidu") .clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_BASIC) .authorizationGrantTypes(authorizationGrantTypes -> { authorizationGrantTypes.add(AuthorizationGrantType.AUTHORIZATION_CODE); authorizationGrantTypes.add(AuthorizationGrantType.REFRESH_TOKEN); }) .tokenSettings(TokenSettings.builder().accessTokenFormat(OAuth2TokenFormat.REFERENCE).build()) .redirectUri("https://www.baidu.com") .build(); // Save registered client in db as if in-memory JdbcRegisteredClientRepository registeredClientRepository = new JdbcRegisteredClientRepository(jdbcTemplate); registeredClientRepository.save(client); return registeredClientRepository; } // @formatter:on @Bean public OAuth2AuthorizationService authorizationService(JdbcTemplate jdbcTemplate, RegisteredClientRepository registeredClientRepository) { return new JdbcOAuth2AuthorizationService(jdbcTemplate, registeredClientRepository); } @Bean public OAuth2AuthorizationConsentService authorizationConsentService(JdbcTemplate jdbcTemplate, RegisteredClientRepository registeredClientRepository) { return new JdbcOAuth2AuthorizationConsentService(jdbcTemplate, registeredClientRepository); } @Bean public JWKSource<SecurityContext> jwkSource() { RSAKey rsaKey = Jwks.generateRsa(); JWKSet jwkSet = new JWKSet(rsaKey); return (jwkSelector, securityContext) -> jwkSelector.select(jwkSet); } @Bean public JwtDecoder jwtDecoder(JWKSource<SecurityContext> jwkSource) { return OAuth2AuthorizationServerConfiguration.jwtDecoder(jwkSource); } @Bean public ProviderSettings providerSettings() { return ProviderSettings.builder().build(); } } 如何设置匿名路径
06-10
要设置匿名路径,可以在 `HttpSecurity` 中使用 `permitAll()` 方法来允许匿名访问,例如: ``` http.authorizeRequests() .antMatchers("/public/**").permitAll() .anyRequest().authenticated() .and() .formLogin().and() .httpBasic(); ``` 上面的代码片段中,`.antMatchers("/public/**").permitAll()` 表示 `/public` 路径下的所有请求都可以匿名访问。`.anyRequest().authenticated()` 表示其他请求需要进行身份验证。`.formLogin().and().httpBasic()` 则表示使用表单登录和 HTTP 基本认证两种方式进行身份验证。
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值