spring authorization server使用说明
相关依赖
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<!-- 授权客户端 -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-oauth2-client</artifactId>
</dependency>
<!-- 授权服务器 -->
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-oauth2-authorization-server</artifactId>
<version>0.3.1</version>
</dependency>
授权组件注册
OAuth2AuthorizationServerConfigurer:注册授权组件
public final class OAuth2AuthorizationServerConfigurer<B extends HttpSecurityBuilder<B>> extends AbstractHttpConfigurer<OAuth2AuthorizationServerConfigurer<B>, B> {
private final Map<Class<? extends AbstractOAuth2Configurer>, AbstractOAuth2Configurer> configurers = this.createConfigurers();
private RequestMatcher jwkSetEndpointMatcher;
private RequestMatcher authorizationServerMetadataEndpointMatcher;
private final RequestMatcher endpointsMatcher = (request) -> {
return this.getRequestMatcher(OAuth2AuthorizationEndpointConfigurer.class).matches(request) || this.getRequestMatcher(OAuth2TokenEndpointConfigurer.class).matches(request) || this.getRequestMatcher(OAuth2TokenIntrospectionEndpointConfigurer.class).matches(request) || this.getRequestMatcher(OAuth2TokenRevocationEndpointConfigurer.class).matches(request) || this.getRequestMatcher(OidcConfigurer.class).matches(request) || this.jwkSetEndpointMatcher.matches(request) || this.authorizationServerMetadataEndpointMatcher.matches(request);
};
public OAuth2AuthorizationServerConfigurer() {
}
public OAuth2AuthorizationServerConfigurer<B> registeredClientRepository(RegisteredClientRepository registeredClientRepository) {
public OAuth2AuthorizationServerConfigurer<B> authorizationService(OAuth2AuthorizationService authorizationService) {
public OAuth2AuthorizationServerConfigurer<B> authorizationConsentService(OAuth2AuthorizationConsentService authorizationConsentService) {
public OAuth2AuthorizationServerConfigurer<B> tokenGenerator(OAuth2TokenGenerator<? extends OAuth2Token> tokenGenerator) {
public OAuth2AuthorizationServerConfigurer<B> providerSettings(ProviderSettings providerSettings) {
public OAuth2AuthorizationServerConfigurer<B> clientAuthentication(Customizer<OAuth2ClientAuthenticationConfigurer> clientAuthenticationCustomizer) {
public OAuth2AuthorizationServerConfigurer<B> authorizationEndpoint(Customizer<OAuth2AuthorizationEndpointConfigurer> authorizationEndpointCustomizer) {
public OAuth2AuthorizationServerConfigurer<B> tokenEndpoint(Customizer<OAuth2TokenEndpointConfigurer> tokenEndpointCustomizer) {
public OAuth2AuthorizationServerConfigurer<B> tokenIntrospectionEndpoint(Customizer<OAuth2TokenIntrospectionEndpointConfigurer> tokenIntrospectionEndpointCustomizer) {
public OAuth2AuthorizationServerConfigurer<B> tokenRevocationEndpoint(Customizer<OAuth2TokenRevocationEndpointConfigurer> tokenRevocationEndpointCustomizer) {
public OAuth2AuthorizationServerConfigurer<B> oidc(Customizer<OidcConfigurer> oidcCustomizer) {
public void init(B builder) {
public void configure(B builder) {
public RequestMatcher getEndpointsMatcher() {
private <T> T getConfigurer(Class<T> type) {
private void initEndpointMatchers(ProviderSettings providerSettings) {
private static void validateProviderSettings(ProviderSettings providerSettings) {
private <T extends AbstractOAuth2Configurer> RequestMatcher getRequestMatcher(Class<T> configurerType) {
private Map<Class<? extends AbstractOAuth2Configurer>, AbstractOAuth2Configurer> createConfigurers() {
客户端信息
RegisteredClient
public class RegisteredClient implements Serializable {
private static final long serialVersionUID;
private String id;
private String clientId;
private Instant clientIdIssuedAt;
private String clientSecret;
private Instant clientSecretExpiresAt;
private String clientName;
private Set<ClientAuthenticationMethod> clientAuthenticationMethods;
private Set<AuthorizationGrantType> authorizationGrantTypes;
private Set<String> redirectUris;
private Set<String> scopes;
private ClientSettings clientSettings;
private TokenSettings tokenSettings;
protected RegisteredClient() {
}
public String getId() {
public String getClientId() {
public String getClientName() {
public Set<String> getScopes() {
public Set<String> getRedirectUris() {
public TokenSettings getTokenSettings() {
public ClientSettings getClientSettings() {
@Nullable
public Instant getClientIdIssuedAt() {
@Nullable
public String getClientSecret() {
@Nullable
public Instant getClientSecretExpiresAt() {
public Set<AuthorizationGrantType> getAuthorizationGrantTypes() {
public Set<ClientAuthenticationMethod> getClientAuthenticationMethods() {
public boolean equals(Object obj) {
public int hashCode() {
public String toString() {
public static RegisteredClient.Builder withId(String id) { //创建构造类
Assert.hasText(id, "id cannot be empty");
return new RegisteredClient.Builder(id);
}
public static RegisteredClient.Builder from(RegisteredClient registeredClient) {
Assert.notNull(registeredClient, "registeredClient cannot be null");
return new RegisteredClient.Builder(registeredClient);
}
static {
serialVersionUID = Version.SERIAL_VERSION_UID;
}
**********
Builder:客户端构造类
public static class Builder implements Serializable {
private static final long serialVersionUID;
private String id;
private String clientId;
private Instant clientIdIssuedAt;
private String clientSecret;
private Instant clientSecretExpiresAt;
private String clientName;
private final Set<ClientAuthenticationMethod> clientAuthenticationMethods = new HashSet();
private final Set<AuthorizationGrantType> authorizationGrantTypes = new HashSet();
private final Set<String> redirectUris = new HashSet();
private final Set<String> scopes = new HashSet();
private ClientSettings clientSettings;
private TokenSettings tokenSettings;
protected Builder(String id) {
protected Builder(RegisteredClient registeredClient) {
public RegisteredClient.Builder id(String id) {
public RegisteredClient.Builder clientId(String clientId) {
public RegisteredClient.Builder clientName(String clientName) {
public RegisteredClient.Builder clientSecret(String clientSecret) {
public RegisteredClient.Builder clientIdIssuedAt(Instant clientIdIssuedAt) {
public RegisteredClient.Builder clientSecretExpiresAt(Instant clientSecretExpiresAt) {
public RegisteredClient.Builder clientAuthenticationMethod(ClientAuthenticationMethod clientAuthenticationMethod) {
public RegisteredClient.Builder clientAuthenticationMethods(Consumer<Set<ClientAuthenticationMethod>> clientAuthenticationMethodsConsumer) {
public RegisteredClient.Builder authorizationGrantType(AuthorizationGrantType authorizationGrantType) {
public RegisteredClient.Builder authorizationGrantTypes(Consumer<Set<AuthorizationGrantType>> authorizationGrantTypesConsumer) {
public RegisteredClient.Builder redirectUri(String redirectUri) {
public RegisteredClient.Builder redirectUris(Consumer<Set<String>> redirectUrisConsumer) {
public RegisteredClient.Builder scope(String scope) {
public RegisteredClient.Builder scopes(Consumer<Set<String>> scopesConsumer) {
public RegisteredClient.Builder clientSettings(ClientSettings clientSettings) {
public RegisteredClient.Builder tokenSettings(TokenSettings tokenSettings) {
public RegisteredClient build() {
private void validateScopes() {
private RegisteredClient create() {
private void validateRedirectUris() {
private boolean isPublicClientType() {
private static boolean validateScope(String scope) {
private static boolean validateRedirectUri(String redirectUri) {
private static boolean withinTheRangeOf(int c, int min, int max) {
static {
serialVersionUID = Version.SERIAL_VERSION_UID;
}
RegisteredClientRepository
public interface RegisteredClientRepository {
void save(RegisteredClient registeredClient);
@Nullable
RegisteredClient findById(String id);
@Nullable
RegisteredClient findByClientId(String clientId);
}
InMemoryRegisteredClientRepository:内存中存储客户端信息
public final class InMemoryRegisteredClientRepository implements RegisteredClientRepository {
private final Map<String, RegisteredClient> idRegistrationMap; //key为id
private final Map<String, RegisteredClient> clientIdRegistrationMap; //key为clientId
public InMemoryRegisteredClientRepository(RegisteredClient... registrations) {
this(Arrays.asList(registrations));
}
public InMemoryRegisteredClientRepository(List<RegisteredClient> registrations) {
Assert.notEmpty(registrations, "registrations cannot be empty");
ConcurrentHashMap<String, RegisteredClient> idRegistrationMapResult = new ConcurrentHashMap();
ConcurrentHashMap<String, RegisteredClient> clientIdRegistrationMapResult = new ConcurrentHashMap();
Iterator var4 = registrations.iterator();
while(var4.hasNext()) {
RegisteredClient registration = (RegisteredClient)var4.next();