• Security-OAuth2.0 密码模式之客户端实现


    我的OAuth2.0 客户端项目目录

    pom 的配置

    <?xml version="1.0" encoding="UTF-8"?>
    <project xmlns="http://maven.apache.org/POM/4.0.0"
             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
             xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
        <parent>
            <artifactId>OauthText</artifactId>
            <groupId>OauthText</groupId>
            <version>1.0-SNAPSHOT</version>
        </parent>
        <modelVersion>4.0.0</modelVersion>
    
        <artifactId>OAuthClient</artifactId>
    
         <dependencies>
    
             <dependency>
                 <groupId>org.springframework.security.oauth</groupId>
                 <artifactId>spring-security-oauth2</artifactId>
             </dependency>
             <dependency>
                 <groupId>org.springframework.boot</groupId>
                 <artifactId>spring-boot-starter-security</artifactId>
             </dependency>
    
         </dependencies>
    
    </project>

    核心配置UlegalZCConfiger

        @Bean
        public OAuth2RestOperations restTemplate() {
            AccessTokenRequest atr = new DefaultAccessTokenRequest();
            OAuth2RestTemplate template = new OAuth2RestTemplate(resource(), new DefaultOAuth2ClientContext(atr));
            ResourceOwnerPasswordAccessTokenProvider provider = new ResourceOwnerPasswordAccessTokenProvider();
            template.setAccessTokenProvider(provider);
            return template;
        }
    
        private ResourceOwnerPasswordResourceDetails resource() {
            ResourceOwnerPasswordResourceDetails resource = new ResourceOwnerPasswordResourceDetails();
            resource.setClientId("000000");
            resource.setClientSecret("0000000");
            resource.setAccessTokenUri("http://192.168.100.1000:56/oauth/token");// Oauth2.0 服务端链接
            resource.setScope(Arrays.asList("read","write"));// 读写权限
            resource.setUsername("0000000");
            resource.setPassword("0000000");
            resource.setGrantType("password");// Oauth2.0 使用的模式 为密码模式
            return resource;
        }

      上图username 和password 要与服务端自定义验证的账户和密码相同。setClientId和setClientSecret要与服务端数据库配置一样。如下字段

     之后为前端拦截验证

    package cn.xudy.sso.config;
    
    import cn.xudy.sso.Tool.MyAuthenticationProvider;
    import org.springframework.beans.factory.annotation.Autowired;
    import org.springframework.context.annotation.Bean;
    import org.springframework.context.annotation.Configuration;
    import org.springframework.security.authentication.AuthenticationManager;
    import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
    import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
    import org.springframework.security.config.annotation.web.builders.HttpSecurity;
    import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
    
    /**
     * Created by Joe on 2017/8/8.
     */
    @Configuration
    @EnableGlobalMethodSecurity(prePostEnabled = true)//开启security注解
    public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
    
        @Bean
        @Override
        protected AuthenticationManager authenticationManager() throws Exception {
            return super.authenticationManager();
        }
    
        @Autowired
        private MyAuthenticationProvider provider;//自定义验证
    
    
        @Override
        protected void configure(HttpSecurity http) throws Exception {
    
            // 全部通过
    //        http.csrf().disable().authorizeRequests()
    //                .anyRequest()
    //                .permitAll();
    
            //允许所有用户访问"/"和"/home" 条件判断
            http.csrf().disable()
                    .authorizeRequests()
                    .antMatchers("/login", "/page-login.html").permitAll()
                    //其他地址的访问均需验证权限
                    .antMatchers("/*.html").authenticated()
                    .and()
                    .formLogin()
                    //指定登录页是"/login"
                    .loginPage("/login")
                    .defaultSuccessUrl("/otherPage")//登录成功后默认跳转到"/index.html"
                    .permitAll()
                    .and()
                    .logout()
                    .logoutUrl("/logout")
                    .logoutSuccessUrl("/login")//退出登录后的默认url是"/login"
                    .invalidateHttpSession(true)
                    .permitAll();
    
        }
        @Autowired
        public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
            //将验证过程交给自定义验证工具
            auth.authenticationProvider(provider);
        }
    
    }

     如果为条件验证,前端请求的话经过次方法,自定义验证代码WebSecurityConfig

     /**
         * 自定义验证方式
         */
        @Override
        public Authentication authenticate(Authentication authentication) throws AuthenticationException {
            String username = authentication.getName();
            String password = (String) authentication.getCredentials();
            System.out.println("=-=-=-=-=:"+username);
    
              // 假装请求数据库
    
            User user=new User();
    
    
            Collection<? extends GrantedAuthority> authorities = AuthorityUtils.commaSeparatedStringToAuthorityList("USER");
            return new UsernamePasswordAuthenticationToken(user, password, authorities);
        }
    
        @Override
        public boolean supports(Class<?> arg0) {
            return true;
        }

     这是ClientControlled 请求

    @RestController
    public class ClientControlled {
    
        @Autowired
        private OAuth2RestOperations oauthRestTemplate;
    
        @PostMapping(value = "/login")
        public String  saveCuringEvidence(@RequestBody User user ){
            System.out.println("---------------------Client"+user.getUsername());
            //  重点请求服务端
            oauthRestTemplate.postForEntity("http://192.168.1.100:9595/log",user,String.class);
    
            return user.getUsername();
        }
    
    }

     最后建议先看看我写的服务端 两方配套使用

     http://www.cnblogs.com/memoryXudy/p/7805178.html

  • 相关阅读:
    String Kernel SVM
    基因组印记
    用Js的eval解析JSON中的注意点
    struts2中<s:select>标签的使用
    如何在Linux中使用cron命令
    怎样解决MySQL数据库主从复制延迟的问题
    PMON failed to acquire latch, see PMON dump
    java中对List中对象排序实现
    C语言typedef关键字
    企业级内部信息统一搜索解决方案
  • 原文地址:https://www.cnblogs.com/memoryXudy/p/7805217.html
Copyright © 2020-2023  润新知