注意:要想使用jwt,必须要使用私密钥,自行生成,谢谢!!!!!!!
1、pom(核心依赖)
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-oauth2</artifactId>
</dependency>
<!-- web-->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
2、启动类
package com.mysave.authorization;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration;
/**
* @author zhz
* @create 2021-03-13 17:27
*/
@SpringBootApplication(exclude = {DataSourceAutoConfiguration.class})//加exclude = {DataSourceAutoConfiguration.class这个是因为我的依赖里面有mysql相关的,但是我这里不用
public class AuthorizationApplication {
public static void main(String[] args) {
SpringApplication.run(AuthorizationApplication.class,args);
}
}
3、配置文件application.yml
server:
port: 9999
spring:
application:
name: authorization
4、配置授权服务器
注意:我里面的coinexchange.jks是我自己用java生成的私钥
package com.mysave.authorization.config.auth;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.io.ClassPathResource;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
import org.springframework.security.oauth2.provider.token.TokenStore;
import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter;
import org.springframework.security.oauth2.provider.token.store.JwtTokenStore;
import org.springframework.security.oauth2.provider.token.store.KeyStoreKeyFactory;
/**
* @author zhz
* @create 2021-03-13 18:04
*/
@Configuration
@EnableAuthorizationServer//开启授权服务器功能
public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {
@Autowired
private PasswordEncoder passwordEncoder;
@Autowired
private AuthenticationManager authenticationManager;
// @Qualifier("userServiceDetailsServiceImpl")
@Autowired
private UserDetailsService userDetailsService;
// @Autowired
// private RedisConnectionFactory redisConnectionFactory;
/**
* 添加第三方的客户端
*/
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients.inMemory()
.withClient("coin-api") // 第三方客户端的名称
.secret(passwordEncoder.encode("coin-secret")) // 第三方客户端的密钥
.scopes("all") //第三方客户端的授权范围
.accessTokenValiditySeconds(7 * 24 *3600) // token的有效期
.refreshTokenValiditySeconds(30 * 24 * 3600)// refresh_token的有效期
;
super.configure(clients);
}
/**
* 配置验证管理器,UserdetailService
*/
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
endpoints.authenticationManager(authenticationManager)
.userDetailsService(userDetailsService)
.tokenStore(jwtTokenStore())//数据存储在jwt中
.tokenEnhancer(jwtAccessTokenConverter());
super.configure(endpoints);
}
private TokenStore jwtTokenStore() {
return new JwtTokenStore(jwtAccessTokenConverter());
}
public JwtAccessTokenConverter jwtAccessTokenConverter() {
JwtAccessTokenConverter tokenConverter = new JwtAccessTokenConverter();
//加载私钥
ClassPathResource classPathResource = new ClassPathResource("coinexchange.jks");
KeyStoreKeyFactory keyStoreKeyFactory = new KeyStoreKeyFactory(classPathResource, "coinexchange".toCharArray());
tokenConverter.setKeyPair(keyStoreKeyFactory.getKeyPair("coinexchange", "coinexchange".toCharArray()));
return tokenConverter;
}
}
5、安全配置
package com.mysave.authorization.config.auth;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.password.NoOpPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
import java.util.Arrays;
/**
* @author :zhz
* @date :Created in 2021/03/14
* @version: V1.0
* @slogan: 天下风云出我辈,一入代码岁月催
* @description:
**/
@Configuration
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable();
http.authorizeRequests().anyRequest().authenticated();
}
@Bean
protected AuthenticationManager authenticationManager() throws Exception {
return super.authenticationManager();
}
@Bean
protected UserDetailsService userDetailsService(){
InMemoryUserDetailsManager inMemoryUserDetailsManager=new InMemoryUserDetailsManager();
User user=new User("admin","123456", Arrays.asList(new SimpleGrantedAuthority("Role_Admin")));
inMemoryUserDetailsManager.createUser(user);
return inMemoryUserDetailsManager;
}
/**
* 密码加密
* @return
*/
@Bean
public PasswordEncoder passwordEncoder(){
return NoOpPasswordEncoder.getInstance();//设置不加密方式
}
/*public static void main(String[] args) {
BCryptPasswordEncoder encoder=new BCryptPasswordEncoder();
String encode = encoder.encode("123456");
System.out.println(encode);
}*/
}
6、配置资源服务器
package com.mysave.authorization.config.auth;
import lombok.extern.slf4j.Slf4j;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.io.ClassPathResource;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;
import org.springframework.security.oauth2.provider.token.TokenStore;
import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter;
import org.springframework.security.oauth2.provider.token.store.JwtTokenStore;
import org.springframework.util.FileCopyUtils;
import java.io.IOException;
/**
* @author zhz
* @create 2021-03-13 17:54
*/
@EnableResourceServer
@Configuration
public class ResourceServerConfig extends ResourceServerConfigurerAdapter {
}
7、测试资源服务器
package com.mysave.authorization.controller;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RestController;
import java.security.Principal;
/**
* @author :zhz
* @date :Created in 2021/03/15
* @version: V1.0
* @slogan: 天下风云出我辈,一入代码岁月催
* @description:
**/
@RestController
public class UserInfoController {
/**
* 当前的登录的用户对象
*/
@GetMapping("/user/info")
public Principal userInfo(Principal principal){
//底层是使用ThreadLocal实现的
//这里也可以用下面来替换principal
// Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
return principal;
}
}
我是小白弟弟,一个在互联网行业的小白,立志成为一名架构师
https://blog.csdn.net/zhouhengzhe?t=1