SpringCloud(四) 微服务安全实战环境认证和OAuth四种认证模式

最新推荐文章于 2023-07-22 20:39:28 发布

xy294636185

最新推荐文章于 2023-07-22 20:39:28 发布

阅读量332

点赞数

分类专栏：后端开发（偏java向）经验交流 springcloud微服务安全框架文章标签： java

本文链接：https://blog.csdn.net/xy294636185/article/details/115496514

版权

后端开发（偏java向）经验交流同时被 2 个专栏收录

42 篇文章 3 订阅

订阅专栏

springcloud微服务安全框架

8 篇文章 2 订阅

订阅专栏

前后端分离：

| 进化 |

架构图：

后端code 1-4步：

Credentials：
/**
 * @author aric
 * @create 2021-04-09-16:39
 * @fun
 */
@Data
public class Credentials {
  private String username;
  private String password;
}

TokenInfo：
/**
 * @author aric
 * @create 2021-04-09-16:47
 * @fun
 */
@Data
public class TokenInfo {
  private String access_token;
  private String token_type;
  private String expires_in;
  private String Scope;
}

AdminApplication：
/**
 * @author aric
 * @create 2021-04-08-18:56
 * @fun
 */
@SpringBootApplication
@RestController
public class AdminApplication {

  private RestTemplate restTemplate = new RestTemplate();

  @PostMapping("/login")
  public void login(@RequestBody Credentials credentials, HttpServletRequest request){

    String oauthServiceUrl = "http://localhost:9070/token/oauth/check_token";

    HttpHeaders httpHeaders = new HttpHeaders();
    httpHeaders.setContentType(MediaType.APPLICATION_FORM_URLENCODED);
    httpHeaders.setBasicAuth("admin","123456");

    LinkedMultiValueMap<String, String> params = new LinkedMultiValueMap<String, String>();
    params.add("username",credentials.getUsername());
    params.add("password",credentials.getPassword());
    params.add("grant_type","password");
    params.add("scope","read write");

    HttpEntity<MultiValueMap<String, String>> ent = new HttpEntity<MultiValueMap<String, String>>(params,httpHeaders);

    ResponseEntity<TokenInfo> response = restTemplate.exchange(oauthServiceUrl, HttpMethod.POST,ent,TokenInfo.class);
    request.getSession().setAttribute("token",response.getBody());
  }

  public static void main(String[] args) {
    SpringApplication.run(AdminApplication.class,args);
  }
}

后端code 5-8步：

application.yml:
zuul:
  routes:
    api:
      url: http://getway.imooc.com:9070
  sensitive-headers:

spring:
  application:
    name: gateway


SessionTokenFilter：
/**
 * @author aric
 * @create 2021-04-09-17:41
 * @fun
 */
@Component
public class SessionTokenFilter extends ZuulFilter {
  public String filterType() {
    return "pre";
  }

  public int filterOrder() {
    return 0;
  }

  public boolean shouldFilter() {
    return true;
  }

  public Object run() throws ZuulException {
    RequestContext requestContext = RequestContext.getCurrentContext();
    HttpServletRequest request = requestContext.getRequest();

    TokenInfo token = (TokenInfo) request.getSession().getAttribute("token");
    if(token!=null){
      requestContext.addZuulRequestHeader("Authorization","bearer "+token.getAccess_token());
    }
    return null;
  }
}

AdminApplication:
/**
 * @author aric
 * @create 2021-04-08-18:56
 * @fun
 */
@SpringBootApplication
@RestController
@EnableZuulProxy
public class AdminApplication {

  private RestTemplate restTemplate = new RestTemplate();

  @PostMapping("/logout")
  public void logout(HttpServletRequest request){
    request.getSession().invalidate();
  }

  @PostMapping("/login")
  public void login(@RequestBody Credentials credentials, HttpServletRequest request){

    String oauthServiceUrl = "http://localhost:9070/token/oauth/check_token";

    HttpHeaders httpHeaders = new HttpHeaders();
    httpHeaders.setContentType(MediaType.APPLICATION_FORM_URLENCODED);
    httpHeaders.setBasicAuth("admin","123456");

    LinkedMultiValueMap<String, String> params = new LinkedMultiValueMap<String, String>();
    params.add("username",credentials.getUsername());
    params.add("password",credentials.getPassword());
    params.add("grant_type","password");
    params.add("scope","read write");

    HttpEntity<MultiValueMap<String, String>> ent = new HttpEntity<MultiValueMap<String, String>>(params,httpHeaders);

    ResponseEntity<TokenInfo> response = restTemplate.exchange(oauthServiceUrl, HttpMethod.POST,ent,TokenInfo.class);
    request.getSession().setAttribute("token",response.getBody());
  }

以上方式前端都会获取到密码，有安全性问题，每一个客户端应用都需要处理登录逻辑，耦合，我们希望的场景：

OAuth2四种授权：

Resource owner password（使用于APP，客户端应用我们信任的）以上例子基于此种模式。

Authorization code grant授权码模式（适合基于浏览器web）

@GetMapping("/oauth/callback")
public void callback(@RequestParam String code,String state,HttpServletRequest request){
    String oauthServceUrl = "http://dateway.xuyu.com:9070/token/oauth/token";
    
    HttoHeaders headers = new HttpHeaders();
    headers.setContentType(MediaType.APPLICATION_FORM_URLECODED);
    headers.setBasicAuth("admin","123456");

    MultiCalueMap<String,String> params = new LinkedMultiValueMap<>();
    params.add("code",code);
    params.add("grant_type","authorization_code");
    params.add("redirect_uri","http://admin.xuyu.com:8080/oauth/callback");

    HttpEntity<MultiValueMap<String,String>> entity = new HttpEntity<>(params,headers);

    ResponseEntity<TokenInfo> token = restTemplate.exhcange(oauthServiceUrl,HttpMethod.POST,ent,TokenInfo.class);
    request.getSession().setAttribute("token",token.getBody());

    response.sendRedirect("/");
}

@GetMapping("/me")  //判断当前有没有登录
public TokenInfo me(HttpServletRequest request){
    TokenInfo info = (TokenInfo)request.getSession().getAttribute("token");
    return info;
}