oauth2-客户端模式案例

x33g5p2x  于2022-04-17 转载在 其他  
字(14.5k)|赞(0)|评价(0)|浏览(341)

1.项目结构

2.搭建授权服务器(auth-server)

1.pom.xml

  1. <?xml version="1.0" encoding="UTF-8"?>
  2. <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  3.          xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
  4.     <modelVersion>4.0.0</modelVersion>
  5.     <parent>
  6.         <groupId>org.springframework.boot</groupId>
  7.         <artifactId>spring-boot-starter-parent</artifactId>
  8.         <version>2.2.5.RELEASE</version>
  9.         <relativePath/> <!-- lookup parent from repository -->
  10.     </parent>
  11.     <groupId>com.yl</groupId>
  12.     <artifactId>auth-server</artifactId>
  13.     <version>0.0.1-SNAPSHOT</version>
  14.     <name>auth-server</name>
  15.     <description>Demo project for Spring Boot</description>
  16.     <properties>
  17.         <java.version>11</java.version>
  18.     </properties>
  19.     <dependencies>
  20.         <dependency>
  21.             <groupId>org.springframework.boot</groupId>
  22.             <artifactId>spring-boot-starter-web</artifactId>
  23.         </dependency>
  24.         <dependency>
  25.             <groupId>org.springframework.boot</groupId>
  26.             <artifactId>spring-boot-starter-jdbc</artifactId>
  27.         </dependency>
  28.         <dependency>
  29.             <groupId>com.alibaba</groupId>
  30.             <artifactId>druid-spring-boot-starter</artifactId>
  31.             <version>1.1.10</version>
  32.         </dependency>
  33.         <dependency>
  34.             <groupId>mysql</groupId>
  35.             <artifactId>mysql-connector-java</artifactId>
  36.             <scope>runtime</scope>
  37.         </dependency>
  38.         <dependency>
  39.             <groupId>org.springframework.boot</groupId>
  40.             <artifactId>spring-boot-starter-data-redis</artifactId>
  41.         </dependency>
  42.         <dependency>
  43.             <groupId>org.springframework.cloud</groupId>
  44.             <artifactId>spring-cloud-security</artifactId>
  45.             <version>2.2.5.RELEASE</version>
  46.         </dependency>
  47.         <dependency>
  48.             <groupId>org.springframework.cloud</groupId>
  49.             <artifactId>spring-cloud-starter-oauth2</artifactId>
  50.             <version>2.2.5.RELEASE</version>
  51.         </dependency>
  53.         <dependency>
  54.             <groupId>org.springframework.boot</groupId>
  55.             <artifactId>spring-boot-starter-test</artifactId>
  56.             <scope>test</scope>
  57.         </dependency>
  59.     </dependencies>
  61.     <build>
  62.         <plugins>
  63.             <plugin>
  64.                 <groupId>org.springframework.boot</groupId>
  65.                 <artifactId>spring-boot-maven-plugin</artifactId>
  66.             </plugin>
  67.         </plugins>
  68.     </build>
  70. </project>

2.application.properties

  1. spring.datasource.url=jdbc:mysql://localhost:3306/demo?useUnicode=true&characterEncoding=utf8&useSSL=false&serverTimezone=Asia/Shanghai
  2. spring.datasource.type=com.alibaba.druid.pool.DruidDataSource
  3. spring.datasource.driver-class-name = com.mysql.cj.jdbc.Driver
  4. spring.datasource.username=root
  5. spring.datasource.password=root
  6. spring.main.allow-bean-definition-overriding=true
  8. # redis的配置
  9. spring.redis.host=192.168.244.138
  10. spring.redis.port=6379
  11. spring.redis.password=root123
  12. spring.redis.database=0

3.token的配置

  1. package com.yl.authserver.config;
  3. import org.springframework.beans.factory.annotation.Autowired;
  4. import org.springframework.context.annotation.Bean;
  5. import org.springframework.context.annotation.Configuration;
  6. import org.springframework.data.redis.connection.RedisConnectionFactory;
  7. import org.springframework.security.oauth2.provider.token.TokenStore;
  8. import org.springframework.security.oauth2.provider.token.store.InMemoryTokenStore;
  9. import org.springframework.security.oauth2.provider.token.store.redis.RedisTokenStore;
  11. // Token暂时保存在内存中
  12. @Configuration
  13. public class AccessTokenConfig {
  14.     //token存储方式一:存在内存中
  15. //    @Bean
  16. //    TokenStore tokenStore() {
  17. //        return new InMemoryTokenStore();
  18. //    }
  20.     //token存储方式二:存在redis中,由于redis中,可以设置过期时间,所以在redis中存储token有一种天然的优势
  21.     @Autowired
  22.     RedisConnectionFactory redisConnectionFactory;
  23.     @Bean
  24.     TokenStore tokenStore() {
  25.         return new RedisTokenStore(redisConnectionFactory);
  26.     }
  27. }

4.security的配置

  1. package com.yl.authserver.config;
  3. import org.springframework.context.annotation.Bean;
  4. import org.springframework.context.annotation.Configuration;
  5. import org.springframework.security.authentication.AuthenticationManager;
  6. import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
  7. import org.springframework.security.config.annotation.web.builders.HttpSecurity;
  8. import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
  9. import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
  10. import org.springframework.security.crypto.password.PasswordEncoder;
  12. @Configuration
  13. public class SecurityConfig extends WebSecurityConfigurerAdapter {
  15.     @Bean
  16.     PasswordEncoder passwordEncoder() {
  17.         return new BCryptPasswordEncoder();
  18.     }
  20.     @Bean
  21.     @Override
  22.     public AuthenticationManager authenticationManagerBean() throws Exception {
  23.         return super.authenticationManagerBean();
  24.     }
  26.     @Override
  27.     protected void configure(AuthenticationManagerBuilder auth) throws Exception {
  28.         auth.inMemoryAuthentication()
  29.                 .withUser("admin")
  30.                 .password(passwordEncoder().encode("123"))
  31.                 .roles("admin")
  32.                 .and()
  33.                 .withUser("root")
  34.                 .password(passwordEncoder().encode("123"))
  35.                 .roles("root");
  36.     }
  38.     @Override
  39.     protected void configure(HttpSecurity http) throws Exception {
  40.         http.csrf().disable().formLogin();
  41.     }
  42. }

5.授权服务器的配置

  1. package com.yl.authserver.config;
  3. import org.springframework.beans.factory.annotation.Autowired;
  4. import org.springframework.context.annotation.Bean;
  5. import org.springframework.context.annotation.Configuration;
  6. import org.springframework.security.authentication.AuthenticationManager;
  7. import org.springframework.security.crypto.password.PasswordEncoder;
  8. import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
  9. import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
  10. import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
  11. import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
  12. import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;
  13. import org.springframework.security.oauth2.provider.ClientDetailsService;
  14. import org.springframework.security.oauth2.provider.client.JdbcClientDetailsService;
  15. import org.springframework.security.oauth2.provider.code.AuthorizationCodeServices;
  16. import org.springframework.security.oauth2.provider.code.InMemoryAuthorizationCodeServices;
  17. import org.springframework.security.oauth2.provider.token.AuthorizationServerTokenServices;
  18. import org.springframework.security.oauth2.provider.token.DefaultTokenServices;
  19. import org.springframework.security.oauth2.provider.token.TokenStore;
  21. import javax.sql.DataSource;
  23. //配置授权服务器
  24. @Configuration
  25. @EnableAuthorizationServer
  26. public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {
  27.     @Autowired
  28.     TokenStore tokenStore;
  29.     // 客户端信息
  30.     @Autowired
  31.     ClientDetailsService clientDetailsService;
  32.     @Autowired
  33.     PasswordEncoder passwordEncoder;
  34.     @Autowired
  35.     AuthenticationManager authenticationManager;
  36. //    @Autowired
  37. //    DataSource dataSource;
  38. //
  39. //    @Bean
  40. //    ClientDetailsService clientDetailsService() {
  41. //        return new JdbcClientDetailsService(dataSource);
  42. //    }
  44.     //配置Token服务
  45.     AuthorizationServerTokenServices authorizationServerTokenServices() {
  46.         DefaultTokenServices tokenServices = new DefaultTokenServices();
  47.         tokenServices.setClientDetailsService(clientDetailsService);
  48.         tokenServices.setSupportRefreshToken(true);
  49.         tokenServices.setAccessTokenValiditySeconds(60 * 60 * 2); //token有限期设置为2小时
  50.         tokenServices.setTokenStore(tokenStore);
  51.         tokenServices.setRefreshTokenValiditySeconds(60 * 60 * 24 * 7);//
  52.         return tokenServices;
  53.     }
  55.     //配置token
  56.     @Override
  57.     public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
  58.         security.checkTokenAccess("permitAll()")// /oauth/check_token   带时候会调用这个请求来校验token
  59.                 .checkTokenAccess("isAuthenticated()")
  60.                 .allowFormAuthenticationForClients();
  62.     }
  64.     //配置客户端的信息(客户端信息存于内存)
  65.     @Override
  66.     public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
  67.         clients.inMemory()
  68.                 .withClient("yl") //客户端名
  69.                 .secret(passwordEncoder.encode("123")) //客户端密码
  70.                 .scopes("all")
  71.                 .resourceIds("res1") //资源id
  72.                 .authorizedGrantTypes("authorization_code","refresh_token","implicit","password","client_credentials")
  73.                 // authorization_code授权码模式,password密码模式,implicit简化模式,client_credentials客户端模式,可以设置同时支持多种模式
  74.                 .autoApprove(true) //自动授权
  75. //                .redirectUris("http://localhost:8082/index.html"); //授权码模式界面
  76. //                .redirectUris("http://localhost:8082/01.html");//简化模式界面
  77.                 .redirectUris("http://localhost:8082/02.html");//密码模式界面
  78.     }
  80. //    //配置客户端的信息(客户端信息存于数据库)
  81. //    @Override
  82. //    public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
  83. //       clients.withClientDetails(clientDetailsService());
  84. //    }
  86.     //配置端点信息(主要获取授权码,要先拿到授权码,然后再根据授权码去获取token)
  87.     @Override
  88.     public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
  89.         endpoints.authorizationCodeServices(authorizationCodeServices())
  90.                 .authenticationManager(authenticationManager)
  91.                 .tokenServices(authorizationServerTokenServices());
  92.     }
  94.     @Bean
  95.     AuthorizationCodeServices authorizationCodeServices() {
  96.         return new InMemoryAuthorizationCodeServices();
  97.     }
  98. }

3.搭建资源服务器(user-server)

1.pom.xml

  1. <?xml version="1.0" encoding="UTF-8"?>
  2. <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  3.          xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
  4.     <modelVersion>4.0.0</modelVersion>
  5.     <parent>
  6.         <groupId>org.springframework.boot</groupId>
  7.         <artifactId>spring-boot-starter-parent</artifactId>
  8.         <version>2.2.5.RELEASE</version>
  9.         <relativePath/> <!-- lookup parent from repository -->
  10.     </parent>
  11.     <groupId>com.yl</groupId>
  12.     <artifactId>user-server</artifactId>
  13.     <version>0.0.1-SNAPSHOT</version>
  14.     <name>user-server</name>
  15.     <description>Demo project for Spring Boot</description>
  16.     <properties>
  17.         <java.version>11</java.version>
  18.     </properties>
  19.     <dependencies>
  20.         <dependency>
  21.             <groupId>org.springframework.boot</groupId>
  22.             <artifactId>spring-boot-starter-web</artifactId>
  23.         </dependency>
  24.         <dependency>
  25.             <groupId>org.springframework.cloud</groupId>
  26.             <artifactId>spring-cloud-security</artifactId>
  27.             <version>2.2.5.RELEASE</version>
  28.         </dependency>
  29.         <dependency>
  30.             <groupId>org.springframework.cloud</groupId>
  31.             <artifactId>spring-cloud-starter-oauth2</artifactId>
  32.             <version>2.2.5.RELEASE</version>
  33.         </dependency>
  34.         <dependency>
  35.             <groupId>org.springframework.boot</groupId>
  36.             <artifactId>spring-boot-starter-test</artifactId>
  37.             <scope>test</scope>
  38.         </dependency>
  39.     </dependencies>
  41.     <build>
  42.         <plugins>
  43.             <plugin>
  44.                 <groupId>org.springframework.boot</groupId>
  45.                 <artifactId>spring-boot-maven-plugin</artifactId>
  46.             </plugin>
  47.         </plugins>
  48.     </build>
  50. </project>

2.application.properties

  1. server.port=8081

3.controller

  1. package com.yl.userserver.controller;
  3. import org.springframework.web.bind.annotation.CrossOrigin;
  4. import org.springframework.web.bind.annotation.GetMapping;
  5. import org.springframework.web.bind.annotation.RestController;
  7. @RestController
  8. @CrossOrigin(value = "*")
  9. public class HelloController {
  11.     @GetMapping("/hello")
  12.     public String hello() {
  13.         return "hello";
  14.     }
  16.     @GetMapping("/admin")
  17.     public String admin() {
  18.         return "hello admin";
  19.     }
  20. }

4.资源服务器的配置

  1. package com.yl.userserver.config;
  3. import org.springframework.context.annotation.Bean;
  4. import org.springframework.context.annotation.Configuration;
  5. import org.springframework.security.config.annotation.web.builders.HttpSecurity;
  6. import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
  7. import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
  8. import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;
  9. import org.springframework.security.oauth2.provider.token.RemoteTokenServices;
  11. //配置资源服务器
  12. @Configuration
  13. @EnableResourceServer
  14. public class ResourceServerConfig extends ResourceServerConfigurerAdapter {
  15.     @Bean
  16.     RemoteTokenServices remoteTokenServices() {
  17.         RemoteTokenServices services = new RemoteTokenServices();
  18.         services.setCheckTokenEndpointUrl("http://localhost:8080/oauth/check_token");
  19.         services.setClientId("yl");
  20.         services.setClientSecret("123");
  21.         return services;
  22.     }
  24.     @Override
  25.     public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
  26.         resources.resourceId("res1")
  27.                 .tokenServices(remoteTokenServices())
  28.                 .stateless(true);
  30.     }
  32.     @Override
  33.     public void configure(HttpSecurity http) throws Exception {
  34.         http.authorizeRequests()
  35.                 .antMatchers("/admin/**")
  36.                 .hasRole("admin")
  37.                 .anyRequest().authenticated()
  38.                 .and().cors();
  39.     }
  40. }

4.测试

1.启动redis
2.启动授权服务器和资源服务器

3.在client-app里的Test里测试

  1. package com.yl.clientapp;
  3. import org.junit.jupiter.api.Test;
  4. import org.springframework.beans.factory.annotation.Autowired;
  5. import org.springframework.boot.test.context.SpringBootTest;
  6. import org.springframework.http.HttpEntity;
  7. import org.springframework.http.HttpHeaders;
  8. import org.springframework.http.HttpMethod;
  9. import org.springframework.http.ResponseEntity;
  10. import org.springframework.util.LinkedMultiValueMap;
  11. import org.springframework.util.MultiValueMap;
  12. import org.springframework.web.client.RestTemplate;
  14. import java.util.Map;
  16. @SpringBootTest
  17. class ClientAppApplicationTests {
  18.     @Autowired
  19.     RestTemplate restTemplate;
  21.     @Test
  22.     void contextLoads() {
  23.         MultiValueMap<String,String> map = new LinkedMultiValueMap<>();
  24.         map.add("client_id","yl");
  25.         map.add("grant_type","client_credentials");
  26.         map.add("client_secret","123");
  27.         //调用授权服务器接口,获取token
  28.         Map resp = restTemplate.postForObject("http://localhost:8080/oauth/token", map, Map.class);
  29.         HttpHeaders headers = new HttpHeaders();
  30.         //传入token
  31.         headers.add("Authorization","Bearer "+resp.get("access_token"));
  32.         HttpEntity<Object> httpEntity = new HttpEntity<>(headers);
  33.         //调用资源服务器获取资源
  34.         ResponseEntity<String> entity = restTemplate.exchange("http://localhost:8081/hello", HttpMethod.GET, httpEntity, String.class);
  35.         System.out.println(entity.getBody());
  36.     }
  38. }

4.结果可以看到能访问资源服务器的hello接口

版权说明 : 本文为转载文章, 版权归原作者所有 版权申明

原文链接 : https://blog.csdn.net/weixin_41359273/article/details/124215725

内容来源于网络,如有侵权,请联系作者删除!

spring

相关文章

    查看更多

    热门标签

    更多
    JavaquerypythonNode开发语言requestUtil数据库Table后端算法LoggerMessageElementParser

    最新文章

    更多
    • 蜀ICP备13028337号-1 大数据知识库 https://www.saoniuhuo.com © All rights reserved
    • 本站内容来源互联网,如果侵犯您的权益请联系我们删除, 联系方式:448109455@qq.com