OAUTH2概念里有资源服务器与授权服务器
先看授权服务的配置
通常,我们会写一个AuthorizationServerConfiguration类继承自AuthorizationServerConfigurerAdapter,并且在类上加@Configuration
注解
- 授权服务器的配置
@Configuration
@EnableAuthorizationServer
public class AuthorizationServerConfiguration extends AuthorizationServerConfigurerAdapter {
}
- 其中
@EnableAuthorizationServer
是开启授权服务器,这是一个复合注解,利用@Import
引入了AuthorizationServerSecurityConfiguration类,而该类继承了WebSecurityConfigurerAdapter类,这个类很熟悉,是前一篇文章说的Security配置入口
public class AuthorizationServerSecurityConfiguration extends WebSecurityConfigurerAdapter {
protected void configure(HttpSecurity http) throws Exception {
AuthorizationServerSecurityConfigurer configurer = new AuthorizationServerSecurityConfigurer();
FrameworkEndpointHandlerMapping handlerMapping = endpoints.oauth2EndpointHandlerMapping();
http.setSharedObject(FrameworkEndpointHandlerMapping.class, handlerMapping);
// 这里开放了配置AuthorizationServerSecurityConfigurer的入口
configure(configurer);
// 将AuhtorizationServerSecurityConfigurer应用到httpSecurity,通过这种方式开放了httpSecurity部分配置给用户
http.apply(configurer);
String tokenEndpointPath = handlerMapping.getServletPath("/oauth/token");
String tokenKeyPath = handlerMapping.getServletPath("/oauth/token_ke