• Security-OAuth2.0 密码模式之服务端实现


    第一步:配置数据库 ,固定创建三张表 ,OAuth2 框架需要默认使用这三张表

    我使用的时Mysql,工具为navcat

    CREATE TABLE `oauth_access_token` (
      `token_id` varchar(256) DEFAULT NULL,
      `token` blob,
      `authentication_id` varchar(250) NOT NULL,
      `user_name` varchar(256) DEFAULT NULL,
      `client_id` varchar(256) DEFAULT NULL,
      `authentication` blob,
      `refresh_token` varchar(256) DEFAULT NULL,
      PRIMARY KEY (`authentication_id`)
    ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
    ----------
    CREATE TABLE `oauth_client_details` (
      `client_id` varchar(250) NOT NULL,
      `resource_ids` varchar(256) DEFAULT NULL,
      `client_secret` varchar(256) DEFAULT NULL,
      `scope` varchar(256) DEFAULT NULL,
      `authorized_grant_types` varchar(256) DEFAULT NULL,
      `web_server_redirect_uri` varchar(256) DEFAULT NULL,
      `authorities` varchar(256) DEFAULT NULL,
      `access_token_validity` int(11) DEFAULT NULL,
      `refresh_token_validity` int(11) DEFAULT NULL,
      `additional_information` varchar(4096) DEFAULT NULL,
      `autoapprove` varchar(256) DEFAULT NULL,
      PRIMARY KEY (`client_id`)
    ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
    ----------
    CREATE TABLE `oauth_refresh_token` (
      `token_id` varchar(256) DEFAULT NULL,
      `token` blob,
      `authentication` blob
    ) ENGINE=InnoDB DEFAULT CHARSET=utf8;

    第二步:IDEA+maven+springboot 集成OAuth2
    这是服务器工程目录

     1.pom中配置

    <?xml version="1.0" encoding="UTF-8"?>
    <project xmlns="http://maven.apache.org/POM/4.0.0"
             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
             xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
        <parent>
            <artifactId>OauthText</artifactId>
            <groupId>OauthText</groupId>
            <version>1.0-SNAPSHOT</version>
        </parent>
        <modelVersion>4.0.0</modelVersion>
    
        <artifactId>OAuthService</artifactId>
        <build>
            <plugins>
                <plugin>
                    <groupId>org.apache.maven.plugins</groupId>
                    <artifactId>maven-compiler-plugin</artifactId>
                    <configuration>
                        <source>1.7</source>
                        <target>1.7</target>
                    </configuration>
                </plugin>
            </plugins>
        </build>
        <dependencies>
              <!-- Spring Security Oauth2 -->
              <dependency>
                  <groupId>org.springframework.security.oauth</groupId>
                  <artifactId>spring-security-oauth2</artifactId>
              </dependency>
    
          </dependencies>
    
    </project>

     2.进行AuthorizationServerConfiguration.java 进行基本配置

    @Configuration
    @EnableAuthorizationServer
    public class AuthorizationServerConfiguration extends AuthorizationServerConfigurerAdapter {
    
        @Autowired
        private DataSource dataSource;
    
        @Bean // 声明TokenStore实现
        public TokenStore tokenStore() {
            return new JdbcTokenStore(dataSource);
        }
    
        @Bean // 声明 ClientDetails实现
        public ClientDetailsService clientDetails() {
            return new JdbcClientDetailsService(dataSource);
        }
    
        @Autowired
        private TokenStore tokenStore;
    
        @Autowired
        private AuthenticationManager authenticationManager;
    
        @Autowired
        private UserService userService;
    
        @Override
        public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
            clients
                .jdbc(dataSource);
        }
    
        @Override // 配置框架应用上述实现
        public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
            endpoints.authenticationManager(authenticationManager);
            endpoints.tokenStore(tokenStore());
            endpoints.userDetailsService(userService);
    //         配置TokenServices参数
            DefaultTokenServices tokenServices = new DefaultTokenServices();
            tokenServices.setTokenStore(endpoints.getTokenStore());
            tokenServices.setSupportRefreshToken(true);
            tokenServices.setClientDetailsService(endpoints.getClientDetailsService());
            tokenServices.setTokenEnhancer(endpoints.getTokenEnhancer());
            tokenServices.setAccessTokenValiditySeconds( (int) TimeUnit.DAYS.toSeconds(1)); // 1天
            endpoints.tokenServices(tokenServices);
        }
    
        @Bean
        @Primary
        public DefaultTokenServices tokenServices() {
            DefaultTokenServices tokenServices = new DefaultTokenServices();
            tokenServices.setSupportRefreshToken(true); // support refresh token
            tokenServices.setTokenStore(tokenStore); // use jdbc token store
            return tokenServices;
        }

     3.ResourceServerConfiguration.java 进行配置

    @Configuration
    @EnableResourceServer
    public class ResourceServerConfiguration extends ResourceServerConfigurerAdapter {
    
        @Override
        public void configure(HttpSecurity http) throws Exception {
            http.authorizeRequests().antMatchers("/**").authenticated()
                    .anyRequest().authenticated();
        }
    
    }

     4.WebSecurityConfiguration.java 进行配置

    @Configuration
    public class WebSecurityConfiguration extends GlobalAuthenticationConfigurerAdapter {
    
        private final UserService userService;
    
        @Autowired
        public WebSecurityConfiguration(UserService userService) {
            this.userService = userService;
        }
    
        @Override
        public void init(AuthenticationManagerBuilder auth) throws Exception {
            auth.userDetailsService(userService);
    
        }
    
    }

     5.进行自定义拦截配置
    在service接口中

    service 简单实现代码

    @Service
    public class UserServiceImpl implements UserService {
        @Override
        public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
            System.out.println("===================获取到token已进入自定义验证:"+username);
            // 可以进行数据库请求,这里进行模拟
                  User user = new User();
                  user.setUsername("110");
                  user.setPassword("110119");
            if (user == null) {
                System.out.println("==================="+username);
                throw new UsernameNotFoundException("Could not find the user '" + username + "'");
            }
            return new CustomUserDetails(user, true, true, true, true, null);
        }
    }

    6.CustomUserDetails OAuth2 提供方法进行配置

    public class CustomUserDetails extends User implements UserDetails {
    
        private static final long serialVersionUID = 1702923242319850756L;
    
        private final boolean enabled;
        private final boolean accountNonExpired;
        private final boolean credentialsNonExpired;
        private final boolean accountNonLocked;
        private final Set<GrantedAuthority> authorities;
    
        public CustomUserDetails(User user, boolean enabled, boolean accountNonExpired, boolean credentialsNonExpired, boolean accountNonLocked, Collection<? extends GrantedAuthority> authorities) {
            if (user != null
                    && !StringUtils.isBlank(user.getUsername())
                    && !StringUtils.isBlank(user.getPassword())) {
                setUsername(user.getUsername());
                setPassword(user.getPassword());
                this.enabled = enabled;
                this.accountNonExpired = accountNonExpired;
                this.credentialsNonExpired = credentialsNonExpired;
                this.accountNonLocked = accountNonLocked;
                this.authorities = Collections.unmodifiableSet(new HashSet<>(CollectionUtils.emptyIfNull(authorities)));
            } else {
                throw new IllegalArgumentException("Cannot pass null or empty values to constructor");
            }
        }
    
        public static long getSerialVersionUID() {
            return serialVersionUID;
        }
    
        @Override
        public boolean isEnabled() {
            return enabled;
        }
    
        @Override
        public boolean isAccountNonExpired() {
            return accountNonExpired;
        }
    
        @Override
        public boolean isCredentialsNonExpired() {
            return credentialsNonExpired;
        }
    
        @Override
        public boolean isAccountNonLocked() {
            return accountNonLocked;
        }
    
        @Override
        public Set<GrantedAuthority> getAuthorities() {
            return authorities;
        }
    }

    这是Controller 配置只要访问log 就会被OAuth2 进行拦截验证

    @RestController
    @RequestMapping("/")
    public class TextController {
    
        @PostMapping(value = "/log")
        public String  saveCuringEvidence(@RequestBody User user){
            System.out.println("---------------------user:"+user.getUsername());
            return user.getUsername();
        }
    
    }

     第三部:好了接下来进行postmain工具 模拟进行请求 url为你的域名+/oauth/token 获取token
    1.首先配置客户端密码

    2.而username和password 需要在刚刚建立的数据库进行自定义配置

     3.模仿form表单进行配置

     4.上面的账户和密码是自定义验证时需要的信息要和service里的账户和密码一致
    成功之后
    获取的access_token,复制下来

     5.模仿客户端根据token请求数据

     成功请求到数据 收工。。。。
    OAuth2.0 配套客户端实现 :http://www.cnblogs.com/memoryXudy/p/7805217.html

     源码:https://gitee.com/xdymemory00/Security-OAuth2-MiMaMoShi.git

  • 相关阅读:
    搭建基本的React Native开发环境
    Java跨平台原理
    MySQL主从复制与Atlas读写分离
    自动生成和安装requirements.txt依赖
    Mac 证书错误
    zabbix报警信息设置
    zabbix自定义监控项数据类型错误
    Centos7.6 双网卡,修改默认路由
    linux 安装 websocketd
    土豆聊天 机器人
  • 原文地址:https://www.cnblogs.com/memoryXudy/p/7805178.html
Copyright © 2020-2023  润新知