auto2
auto2
demo展示
1,建项目导包org.springframework.bootspring-boot-starter-parent2.2.5.RELEASE
<maven.compiler.source>8</maven.compiler.source><maven.compiler.target>8</maven.compiler.target><spring-cloud.version>Hoxton.SR12</spring-cloud.version>org.springframework.bootspring-boot-starter-web
org.springframework.cloudspring-cloud-starter-oauth2
org.springframework.cloudspring-cloud-starter-securityorg.springframework.cloudspring-cloud-dependencies${spring-cloud.version}pomimport
1. securityconfig配置
import org.springframework.context.annotation.Bean;import org.springframework.context.annotation.Configuration;import org.springframework.security.config.annotation.web.builders.HttpSecurity;import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;import org.springframework.security.crypto.password.PasswordEncoder;
@Configuration@EnableWebSecurity//启动WebSecuritypublic class SercurityConfig extends WebSecurityConfigurerAdapter {
@Beanpublic PasswordEncoder passwordEncoder() {//密码加密return new BCryptPasswordEncoder();}
@Overrideprotected void configure(HttpSecurity http) throws Exception {http.csrf()//关闭.disable().authorizeRequests().antMatchers(“/oauth/“,”/login/,/logout/**”)//放行.permitAll().anyRequest()// 认证.authenticated()//继续关联配置,就不需要,重新另外用http…and()//相当于表单登录的认证全部放行.formLogin().permitAll();}}
3.授权服务器配置import org.springframework.beans.factory.annotation.Autowired;import org.springframework.context.annotation.Configuration;import org.springframework.security.crypto.password.PasswordEncoder;import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;/*** 授权服务器配置*///获取授权码地址//http://localhost:8080/oauth/authorize?response_type=code&client_id=admin&redirect_uri=http://www.baidu.com&scope=all@Configuration//授权服务器认证
@EnableAuthorizationServerpublic class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {@Autowiredprivate PasswordEncoder passwordEncoder;//授权服务器配置
@Overridepublic void configure(ClientDetailsServiceConfigurer clients) throws Exception {clients.inMemory()//配置client 客户端的 id.withClient(“admin”)//配置client secret, 客户端的密码//需要加密,所以用了passwordEncoder进行加密.secret(passwordEncoder.encode(“112233”))//配置访问令牌访问的有效期// .accessTokenValiditySeconds(3600)//配置 重定向,主要用于授权成功后跳转,(跳转客户端一般).redirectUris(“http://www.baidu.com”)//配置申请的权限范围.scopes(“all”)//配置,grantType,表示授权类型,这里配置授权码模式.authorizedGrantTypes(“authorization_code”);}}
4.资源服务器配置import org.springframework.context.annotation.Configuration;import org.springframework.security.config.annotation.web.builders.HttpSecurity;import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;/资源服务器配置/
@Configuration//开启资源服务器配置@EnableResourceServerpublic class ResourceServerConfig extends ResourceServerConfigurerAdapter {
@Overridepublic void configure(HttpSecurity http) throws Exception {http.authorizeRequests()//所有的访问.anyRequest()//都需要授权后,才能访问.authenticated().and().requestMatchers()//唯独放行了/user下面的相应的资源,否则即使获取到令牌,没有资源,也拿不到.antMatchers(“/user/**”);}}
5.usercontroller,接口import com.qf.pojo.User;import org.springframework.security.core.Authentication;import org.springframework.web.bind.annotation.GetMapping;import org.springframework.web.bind.annotation.RequestMapping;import org.springframework.web.bind.annotation.RestController;@RestController@RequestMapping(“/user”)//这个下面的所有的方法都能在服务器里请求获取public class UserController {//获取当前用户@RequestMapping(“/getCurrentUser”)public Object getCurrentUser(Authentication authentication){User user = (User) authentication.getPrincipal();return user;}}
6.启动项目请求授权码地址http://localhost:8080/oauth/authorize?response_type=code&client_id=admin&redirect_uri=http://www.baidu.com&scope=all
输入账号密码后发现 请求到了重定向资源 但是地址后面多了个code
7.postman 测