SpringBoot Security的oauth2 sso的实现和使用

最新推荐文章于 2024-07-26 06:45:00 发布
最新推荐文章于 2024-07-26 06:45:00 发布
阅读量2.2k 收藏 1
点赞数
分类专栏: springboot 文章标签: oauth2 sso springboot springsecurity
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/zyt807/article/details/103385871
版权

sso oauth2 的使用

接口获取方式

1、 页面输入如下地址:
http://localhost:8000/oauth/authorize?response_type=code&client_id=client_id_1&redirect_uri=http://localhost:8001/code&scope=write
2、 拦截跳转到登陆页面:
http://localhost:8000/login(当然你也可以通过oauth密码方式获取access_token,将access_token作为上一步中授权接口消息头)
3、 登陆成功后会获取如下内容:
http://localhost:8001/code?code=2tBHA3
4、通过授权码获取token:
http://localhost:8000/oauth/token?grant_type=authorization_code&client_id=client_id_1&client_secret=123456&redirect_uri=http://localhost:8001/code&code=2tBHA3
5、结果如下:
{
  access_token: "ae7e6bbd-0603-4e22-b9be-546c9a673025",
  token_type: "bearer",
  refresh_token: "fb882868-68c7-4532-ba79-4bc368b1b6f0",
  expires_in: 3599,
  scope: "write"
 }

页面跳转方式

1、 页面输入如下地址:
http://localhost:8001/index  ==》 login
2、拦截跳转到登陆页面:
http://localhost:8000/login
3、 登陆成功后会跳转到:
http://localhost:8001/securedPage

Jwt增强版

客户端从认证服务中获取令牌,然后通过令牌访问资源服务。认证服务和资源服务作为独立服务的情况下,资源服务从消息头中拿到令牌是需要通过check_token接口(RemoteTokenServices,具体实现在此类中)访问认证服务,验证令牌的。这里就会有个问题,如果资源服务请求过于频繁、又或者资源服务很多,认证服务资源有限、网络请求效率损耗,势必影响服务性能,所以Jwt解决这个痛点,通过Jwt,我们把常用信息(用户信息)加密写入令牌中,令牌在网络中传递,到达资源服务,只需要通过相同的规则解密令牌就能拿到常用信息,而不需要在请求认证服务的接口在获取了。

关键代码片段

@Order(0)
@Configuration
public class JwtTokenConfig {

    private static final String SIGN_KEY = "qazxsw";

    @Bean
    public TokenStore jwtTokenStore() {
        return new JwtTokenStore(jwtAccessTokenConverter());
    }

    private JwtAccessTokenConverter jwtAccessTokenConverter() {
        JwtAccessTokenConverter jwtAccessTokenConverter = new JwtAccessTokenConverter();
        jwtAccessTokenConverter.setSigningKey(SIGN_KEY);  // 签名密钥
        jwtAccessTokenConverter.setVerifier(new MacSigner(SIGN_KEY));  // 验证时使用的密钥,和签名密钥保持一致

        DefaultAccessTokenConverter tokenConverter = new DefaultAccessTokenConverter() {
            @Override
            public Map<String, ?> convertAccessToken(OAuth2AccessToken token, OAuth2Authentication authentication) {
                // 获取到request对象
                HttpServletRequest request = ((ServletRequestAttributes) (Objects.requireNonNull(RequestContextHolder.getRequestAttributes()))).getRequest();
                // 获取客户端ip(注意:如果是经过代理之后到达当前服务的话,那么这种方式获取的并不是真实的浏览器客户端ip)
                String remoteAddr = request.getRemoteAddr();
                Map<String, String> stringMap = (Map<String, String>) super.convertAccessToken(token, authentication);
                stringMap.put("clientIp", remoteAddr);
                return stringMap;
            }
        };

        jwtAccessTokenConverter.setAccessTokenConverter(tokenConverter);
        return jwtAccessTokenConverter;
    }

    @Bean
    @Primary
    public DefaultTokenServices defaultTokenServices() {
        // 使用默认实现
        DefaultTokenServices defaultTokenServices = new DefaultTokenServices();
        defaultTokenServices.setSupportRefreshToken(true); // 是否开启令牌刷新
        defaultTokenServices.setTokenStore(jwtTokenStore());
        // 针对jwt令牌的添加
        defaultTokenServices.setTokenEnhancer(jwtAccessTokenConverter());
        // 设置令牌有效时间(一般设置为2个小时)
        defaultTokenServices.setAccessTokenValiditySeconds(7200); // access_token就是我们请求资源需要携带的令牌
        // 设置刷新令牌的有效时间
        defaultTokenServices.setRefreshTokenValiditySeconds(259200); // 3天
        return defaultTokenServices;
    }

}

ResourceServerConfig 需要改变为我们定义好的 tokenServices 和 tokenStore

    @Override
    public void configure(ResourceServerSecurityConfigurer resources) {
        resources.resourceId(RESOURCE_ID).tokenServices(defaultTokenServices).tokenStore(tokenStore).stateless(true);
    }

AuthorizationServerConfig 需要改变为我们定义好的 tokenServices 和 tokenStore

 @Override
    public void configure(AuthorizationServerEndpointsConfigurer endpoints) {
        endpoints.userDetailsService(detailsService)
                .tokenStore(tokenStore)
                .tokenServices(defaultTokenServices)
                .authenticationManager(authenticationManager)
                .allowedTokenEndpointRequestMethods(HttpMethod.GET, HttpMethod.POST);
    }

其他

遇到的问题

1、Possible CSRF detected - state parameter was required but no state could be found

方案解决

server.servlet.session.cookie.name=OAUTH2SESSION

https://blog.csdn.net/JasonYang8088/article/details/80896486

关于权限拦截的使用

  关于ResourceServerConfigurerAdapter和WebSecurityConfigurerAdapter的configure(HttpSecurity http)方法使用,ResourceServerConfigurerAdapter比WebSecurityConfigurerAdapter的优先级要高(鉴于ResourceServerConfiguration的order=3,WebSecurityConfigurerAdapter的order=100)
所以如果是针对状态的请求(需要配置token消息头)过滤优先配置在ResourceServerConfigurerAdapter里面,而后才是针对有状态的请求需要在WebSecurityConfigurerAdapter配置

如下是针对/index请求配置permitAll的日志打印

2019-12-04 10:59:19.907  INFO 8680 --- [nio-8001-exec-1] o.a.c.c.C.[Tomcat].[localhost].[/]       : Initializing Spring DispatcherServlet 'dispatcherServlet'
2019-12-04 10:59:19.907  INFO 8680 --- [nio-8001-exec-1] o.s.web.servlet.DispatcherServlet        : Initializing Servlet 'dispatcherServlet'
2019-12-04 10:59:19.915  INFO 8680 --- [nio-8001-exec-1] o.s.web.servlet.DispatcherServlet        : Completed initialization in 8 ms
2019-12-04 10:59:19.946 DEBUG 8680 --- [nio-8001-exec-1] o.s.s.web.util.matcher.OrRequestMatcher  : Trying to match using Ant [pattern='/user/**']
2019-12-04 10:59:19.946 DEBUG 8680 --- [nio-8001-exec-1] o.s.s.w.u.matcher.AntPathRequestMatcher  : Checking match of request : '/index'; against '/user/**'
2019-12-04 10:59:19.946 DEBUG 8680 --- [nio-8001-exec-1] o.s.s.web.util.matcher.OrRequestMatcher  : No matches found
2019-12-04 10:59:19.946 DEBUG 8680 --- [nio-8001-exec-1] o.s.s.w.u.matcher.AntPathRequestMatcher  : Request '/index' matched by universal pattern '/**'
2019-12-04 10:59:19.947 DEBUG 8680 --- [nio-8001-exec-1] o.s.security.web.FilterChainProxy        : /index at position 1 of 14 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
2019-12-04 10:59:19.948 DEBUG 8680 --- [nio-8001-exec-1] o.s.security.web.FilterChainProxy        : /index at position 2 of 14 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
2019-12-04 10:59:19.948 DEBUG 8680 --- [nio-8001-exec-1] w.c.HttpSessionSecurityContextRepository : No HttpSession currently exists
2019-12-04 10:59:19.948 DEBUG 8680 --- [nio-8001-exec-1] w.c.HttpSessionSecurityContextRepository : No SecurityContext was available from the HttpSession: null. A new one will be created.
2019-12-04 10:59:19.950 DEBUG 8680 --- [nio-8001-exec-1] o.s.security.web.FilterChainProxy        : /index at position 3 of 14 in additional filter chain; firing Filter: 'HeaderWriterFilter'
2019-12-04 10:59:19.951 DEBUG 8680 --- [nio-8001-exec-1] o.s.security.web.FilterChainProxy        : /index at position 4 of 14 in additional filter chain; firing Filter: 'LogoutFilter'
2019-12-04 10:59:19.951 DEBUG 8680 --- [nio-8001-exec-1] o.s.s.web.util.matcher.OrRequestMatcher  : Trying to match using Ant [pattern='/logout', GET]
2019-12-04 10:59:19.951 DEBUG 8680 --- [nio-8001-exec-1] o.s.s.w.u.matcher.AntPathRequestMatcher  : Checking match of request : '/index'; against '/logout'
2019-12-04 10:59:19.951 DEBUG 8680 --- [nio-8001-exec-1] o.s.s.web.util.matcher.OrRequestMatcher  : Trying to match using Ant [pattern='/logout', POST]
2019-12-04 10:59:19.951 DEBUG 8680 --- [nio-8001-exec-1] o.s.s.w.u.matcher.AntPathRequestMatcher  : Request 'GET /index' doesn't match 'POST /logout'
2019-12-04 10:59:19.951 DEBUG 8680 --- [nio-8001-exec-1] o.s.s.web.util.matcher.OrRequestMatcher  : Trying to match using Ant [pattern='/logout', PUT]
2019-12-04 10:59:19.951 DEBUG 8680 --- [nio-8001-exec-1] o.s.s.w.u.matcher.AntPathRequestMatcher  : Request 'GET /index' doesn't match 'PUT /logout'
2019-12-04 10:59:19.951 DEBUG 8680 --- [nio-8001-exec-1] o.s.s.web.util.matcher.OrRequestMatcher  : Trying to match using Ant [pattern='/logout', DELETE]
2019-12-04 10:59:19.951 DEBUG 8680 --- [nio-8001-exec-1] o.s.s.w.u.matcher.AntPathRequestMatcher  : Request 'GET /index' doesn't match 'DELETE /logout'
2019-12-04 10:59:19.952 DEBUG 8680 --- [nio-8001-exec-1] o.s.s.web.util.matcher.OrRequestMatcher  : No matches found
2019-12-04 10:59:19.952 DEBUG 8680 --- [nio-8001-exec-1] o.s.security.web.FilterChainProxy        : /index at position 5 of 14 in additional filter chain; firing Filter: 'OAuth2ClientAuthenticationProcessingFilter'
2019-12-04 10:59:19.952 DEBUG 8680 --- [nio-8001-exec-1] o.s.s.w.u.matcher.AntPathRequestMatcher  : Checking match of request : '/index'; against '/login'
2019-12-04 10:59:19.952 DEBUG 8680 --- [nio-8001-exec-1] o.s.security.web.FilterChainProxy        : /index at position 6 of 14 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
2019-12-04 10:59:19.952 DEBUG 8680 --- [nio-8001-exec-1] o.s.s.w.u.matcher.AntPathRequestMatcher  : Request 'GET /index' doesn't match 'POST /login'
2019-12-04 10:59:19.952 DEBUG 8680 --- [nio-8001-exec-1] o.s.security.web.FilterChainProxy        : /index at position 7 of 14 in additional filter chain; firing Filter: 'DefaultLoginPageGeneratingFilter'
2019-12-04 10:59:19.952 DEBUG 8680 --- [nio-8001-exec-1] o.s.security.web.FilterChainProxy        : /index at position 8 of 14 in additional filter chain; firing Filter: 'DefaultLogoutPageGeneratingFilter'
2019-12-04 10:59:19.952 DEBUG 8680 --- [nio-8001-exec-1] o.s.s.w.u.matcher.AntPathRequestMatcher  : Checking match of request : '/index'; against '/logout'
2019-12-04 10:59:19.952 DEBUG 8680 --- [nio-8001-exec-1] o.s.security.web.FilterChainProxy        : /index at position 9 of 14 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
2019-12-04 10:59:19.952 DEBUG 8680 --- [nio-8001-exec-1] o.s.s.w.s.HttpSessionRequestCache        : saved request doesn't match
2019-12-04 10:59:19.952 DEBUG 8680 --- [nio-8001-exec-1] o.s.security.web.FilterChainProxy        : /index at position 10 of 14 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
2019-12-04 10:59:19.953 DEBUG 8680 --- [nio-8001-exec-1] o.s.security.web.FilterChainProxy        : /index at position 11 of 14 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
2019-12-04 10:59:19.955 DEBUG 8680 --- [nio-8001-exec-1] o.s.s.w.a.AnonymousAuthenticationFilter  : Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@cf8cb311: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS'
2019-12-04 10:59:19.955 DEBUG 8680 --- [nio-8001-exec-1] o.s.security.web.FilterChainProxy        : /index at position 12 of 14 in additional filter chain; firing Filter: 'SessionManagementFilter'
2019-12-04 10:59:19.955 DEBUG 8680 --- [nio-8001-exec-1] o.s.security.web.FilterChainProxy        : /index at position 13 of 14 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
2019-12-04 10:59:19.955 DEBUG 8680 --- [nio-8001-exec-1] o.s.security.web.FilterChainProxy        : /index at position 14 of 14 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
2019-12-04 10:59:19.956 DEBUG 8680 --- [nio-8001-exec-1] o.s.s.web.util.matcher.OrRequestMatcher  : Trying to match using Ant [pattern='/logout', GET]
2019-12-04 10:59:19.956 DEBUG 8680 --- [nio-8001-exec-1] o.s.s.w.u.matcher.AntPathRequestMatcher  : Checking match of request : '/index'; against '/logout'
2019-12-04 10:59:19.956 DEBUG 8680 --- [nio-8001-exec-1] o.s.s.web.util.matcher.OrRequestMatcher  : Trying to match using Ant [pattern='/logout', POST]
2019-12-04 10:59:19.956 DEBUG 8680 --- [nio-8001-exec-1] o.s.s.w.u.matcher.AntPathRequestMatcher  : Request 'GET /index' doesn't match 'POST /logout'
2019-12-04 10:59:19.956 DEBUG 8680 --- [nio-8001-exec-1] o.s.s.web.util.matcher.OrRequestMatcher  : Trying to match using Ant [pattern='/logout', PUT]
2019-12-04 10:59:19.956 DEBUG 8680 --- [nio-8001-exec-1] o.s.s.w.u.matcher.AntPathRequestMatcher  : Request 'GET /index' doesn't match 'PUT /logout'
2019-12-04 10:59:19.956 DEBUG 8680 --- [nio-8001-exec-1] o.s.s.web.util.matcher.OrRequestMatcher  : Trying to match using Ant [pattern='/logout', DELETE]
2019-12-04 10:59:19.956 DEBUG 8680 --- [nio-8001-exec-1] o.s.s.w.u.matcher.AntPathRequestMatcher  : Request 'GET /index' doesn't match 'DELETE /logout'
2019-12-04 10:59:19.956 DEBUG 8680 --- [nio-8001-exec-1] o.s.s.web.util.matcher.OrRequestMatcher  : No matches found
2019-12-04 10:59:19.956 DEBUG 8680 --- [nio-8001-exec-1] o.s.s.w.u.matcher.AntPathRequestMatcher  : Checking match of request : '/index'; against '/index'
2019-12-04 10:59:19.956 DEBUG 8680 --- [nio-8001-exec-1] o.s.s.w.a.i.FilterSecurityInterceptor    : Secure object: FilterInvocation: URL: /index; Attributes: [permitAll]
2019-12-04 10:59:19.956 DEBUG 8680 --- [nio-8001-exec-1] o.s.s.w.a.i.FilterSecurityInterceptor    : Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@cf8cb311: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS
2019-12-04 10:59:19.962 DEBUG 8680 --- [nio-8001-exec-1] o.s.s.access.vote.AffirmativeBased       : Voter: org.springframework.security.web.access.expression.WebExpressionVoter@4b9b85a4, returned: 1
2019-12-04 10:59:19.962 DEBUG 8680 --- [nio-8001-exec-1] o.s.s.w.a.i.FilterSecurityInterceptor    : Authorization successful
2019-12-04 10:59:19.962 DEBUG 8680 --- [nio-8001-exec-1] o.s.s.w.a.i.FilterSecurityInterceptor    : RunAsManager did not change Authentication object
2019-12-04 10:59:19.963 DEBUG 8680 --- [nio-8001-exec-1] o.s.security.web.FilterChainProxy        : /index reached end of additional filter chain; proceeding with original chain

我们会发现如下依次过滤器链

WebAsyncManagerIntegrationFilter
SecurityContextPersistenceFilter
HeaderWriterFilter
LogoutFilter
OAuth2ClientAuthenticationProcessingFilter(配置在ResourceServerConfiguration需要拦截的请求)
UsernamePasswordAuthenticationFilter
DefaultLoginPageGeneratingFilter
DefaultLogoutPageGeneratingFilter
SecurityContextHolderAwareRequestFilter
AnonymousAuthenticationFilter
SessionManagementFilter
ExceptionTranslationFilter
FilterSecurityInterceptor

实现代码

https://github.com/mozovw/delicacy-durian/tree/master/durian-oauth-sso

香酥蟹
关注
  • 0
    点赞
  • 1
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
专栏目录
SpringBoot-OAuth2
azto的博客
04-26 533
OAuth2协议什么是OAuth2协议OAuth2的基本角色Spirng Security 结合 OAuth2 什么是OAuth2协议 OAuth2是一个开放的标准,允许第三方用户访问该用户在某一个网站上存储的私密资源。 最常见的使用场景,各种第三方登录,如登录网易云音乐使用QQ登录等等,一般这种都会设计OAuth协议。 无需将用户和密码提供给第三方应用 如上述的登录网易云音乐。第三方就是网易云音...
SpringCloud+SpringBoot+OAuth2+Spring Security+Redis实现的微服务统一认证授权.doc
04-01
SpringCloud+SpringBoot+OAuth2+Spring Security+Redis实现的微服务统一认证授权
Spring Security OAuth2 SSO 单点登录
热门推荐
leone的博客
11-01 1万+
基于 Spring Security OAuth2 SSO 单点登录系统 SSO简介 单点登录(英语:Single sign-on,缩写为 SSO),又译为单一签入,一种对于许多相互关连,但是又是各自独立的软件系统,提供访问控制的属性。当拥有这项属性时,当用户登录时,就可以获取所有系统的访问权限,不用对每个单一系统都逐一登录。这项功能通常是以轻型目录访问协议(LDAP)来实现,在服务器上会将用户信...
Spring Boot中实现OAuth2.0认证
最新发布
微赚开发者技术分享博客
07-26 680
配置 OAuth2.0 客户端、设置 Spring SecurityOAuth2.0 配置、创建控制器和视图都是实现这一认证流程的关键步骤。OAuth2.0 是一种用于授权的协议,它使得用户可以授权第三方应用程序访问他们在某服务提供商上的资源,而无需共享他们的凭据。在这个视图中,我们创建了一个登录链接,当用户点击时会重定向到 Google 的登录页面。大家好,我是微赚淘客系统3.0的小编,是个冬天不穿秋裤,天冷也要风度的程序猿!现在,可以运行 Spring Boot 应用程序,并在浏览器中访问。
Spring Security OAuth2 SSO
一起记录GIS学习
05-22 404
通常公司肯定不止一个系统,每个系统都需要进行认证和权限控制,不可能每个每个系统都自己去写,这个时候需要把登录单独提出来 登录和授权是统一的 业务系统该怎么写还怎么写 最近学习了一下Spring Security,今天用Spring Security OAuth2简单写一个单点登录的示例 在此之前,需要对OAuth2有一点了解 这里有几篇文章可能会对你有帮助 《Spring Boot ...
springboot OAuth2
无术不学的博客
02-20 273
https://www.baidu.com/s?ie=utf-8&f=8&rsv_bp=1&tn=monline_3_dg&wd=springboot%20OAuth2&oq=%25E5%25BE%25AE%25E6%259C%258D%25E5%258A%25A1OAuth2&rsv_pq=95d022f900074b4f&rsv_t=36c9EQREOiyL8A2aczntQ%2Fr81%2FYVTHEwOYWtIjXd3KG%2BMLsjDmN%
springboot整合Oauth2,GateWay实现网关登录授权验证
12-14
SpringBoot整合OAuth2和Gateway实现网关登录授权验证是一个复杂而关键的过程,它涉及到现代微服务架构中的安全性设计。OAuth2是一种授权框架,用于保护API并允许第三方应用访问受保护的资源,而Spring Gateway作为...
springboot+oauth2单点登录.rar
04-13
springboot2.0+oauth搭建的SSO单点登录的源码,仅仅实现登录功能,无需积分即可下载,如有问题请留言
springboot-oauth:Spring boot 2 + Spring security 5 实现 SSO + OAuth认证
05-01
client-2:资源服务器,使用RemoteTokenServices进行token验证(无法同时使用SSOOAuth来保护同一资源) client-3:调用客户端,放开所有访问权限,通过OAuth2RestTemplate调用client-4(client_credentials模式) ...
spring-boot集成spring-securityoauth2实现github登录网站的示例
08-28
Spring Boot 集成 Spring SecurityOAuth2 实现 GitHub 登录网站的示例 本篇文章主要介绍了 Spring Boot 集成 Spring SecurityOAuth2 实现 GitHub 登录网站的示例,非常具有实用价值,需要的朋友可以参考下...
spring boot oauth2
10-24
springboot2 + security+ oauth2 进行认证,并将令牌存储到数据库中。
oauth2_spring_boot
02-25
OAuth2 钥匙斗篷 Keycloak是适用于现代应用程序和服务的开源身份和访问管理解决方案。 跑步 docker-compose -f keycloak-postgres.yml up 默认情况下,服务器将在 管理员用户 用户名: admin 密码: password 领域和客户示例 领域: app 用户帐户 用户[app]: user1 [user1 ,12345] 客户: client_id:应用程序代码流客户端 client_secret:56807fdb-be60-4787-87e6-0bb2cccf848b 访问类型:机密 标准流程:已启用 直接访问授予:已禁用 (可选)PKCE-代码的证明密钥:S256 重定向uri: 要求: curl --request GET ' http://localhost:8080/auth/realms/app/prot
SpringBoot OAuth2
cn_yaojin
05-19 305
一. IDEA 新建module(我是在原有的项目里面建的,因此创建module就行):oauth2,然后在pom文件中引入资源: <!-- springboot 的版本 --> <parent> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-parent</artifactId>
Spring Boot Oauth2
Glory丶笨小孩
05-22 1万+
Spring Boot Oauth2 pom.xml &amp;amp;lt;dependency&amp;amp;gt; &amp;amp;lt;groupId&amp;amp;gt;org.springframework.boot&amp;amp;lt;/groupId&amp;amp;gt; &amp;amp;lt;artifactId&amp;amp;gt;spring-boot-star
Spring Boot OAuth2
zzpf2007的专栏
07-27 1万+
Spring Boot OAuth2 简要实现
SpringBootOauth2
const_
09-27 312
微服务接入oauth2_微服务权限终极解决方案,Spring Cloud Gateway+Oauth2 实现统一认证和鉴权 https://blog.csdn.net/weixin_33716865/article/details/112339860 springboot-安全认证security+jwt+OAuth2.0关系梳理 https://blog.csdn.net/shishuai4206/article/details/111504155 Spring SecurityOAuth2(介绍)
Spring Boot 中的OAuth 2
探索er的博客
05-12 8052
Spring Boot 中的OAuth 2
基于SpringBoot整合oauth2实现token认证
07-08
Sure! 我可以帮你解答关于SpringBoot整合oauth2实现token认证的问题。 首先,你需要在你的SpringBoot项目中添加以下依赖: ```xml <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-security</artifactId> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-oauth2-client</artifactId> </dependency> ``` 接下来,你需要在你的application.properties文件中进行一些配置,包括oauth2的客户端信息和授权服务器信息。例如: ```properties spring.security.oauth2.client.registration.my-client-id.client-id=your-client-id spring.security.oauth2.client.registration.my-client-id.client-secret=your-client-secret spring.security.oauth2.client.registration.my-client-id.redirect-uri=http://localhost:8080/login/oauth2/code/my-client-id spring.security.oauth2.client.provider.my-client-id.authorization-uri=https://oauth2-provider.com/oauth2/authorize spring.security.oauth2.client.provider.my-client-id.token-uri=https://oauth2-provider.com/oauth2/token spring.security.oauth2.client.provider.my-client-id.user-info-uri=https://oauth2-provider.com/oauth2/userinfo spring.security.oauth2.client.provider.my-client-id.user-name-attribute=name ``` 请替换以上配置中的"your-client-id"、"your-client-secret"、"http://localhost:8080/login/oauth2/code/my-client-id"、"https://oauth2-provider.com/oauth2/authorize"、"https://oauth2-provider.com/oauth2/token"和"https://oauth2-provider.com/oauth2/userinfo"为你实际使用的值。 接下来,你可以创建一个Controller来处理登录和回调的请求。例如: ```java @RestController public class OAuth2Controller { @GetMapping("/login") public RedirectView login() { return new RedirectView("/oauth2/authorization/my-client-id"); } @GetMapping("/login/oauth2/code/my-client-id") public String callback() { return "callback"; } } ``` 在以上示例中,"/login"端点用于触发登录流程,"/login/oauth2/code/my-client-id"端点用于处理认证服务器的回调。 最后,你可以在需要进行token认证的地方使用`@EnableOAuth2Sso`注解来保护你的资源。例如: ```java @Configuration @EnableOAuth2Sso public class SecurityConfig extends WebSecurityConfigurerAdapter { @Override protected void configure(HttpSecurity http) throws Exception { http .authorizeRequests() .antMatchers("/secured-resource").authenticated() .anyRequest().permitAll(); } } ``` 在以上示例中,"/secured-resource"端点需要进行认证,其他端点允许匿名访问。 这就是基于SpringBoot整合oauth2实现token认证的基本步骤。当用户访问受保护的资源时,将会被重定向到认证服务器进行认证,并获得一个有效的访问令牌。 希望以上信息对你有帮助!如果你还有其他问题,请随时提问。
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值