0. 前言
之前帐号认证用过自己写的进行匹配,现在要学会使用标准了。准备了解和使用这个OAuth2.0协议。
1. 配置
1.1 配置pom.xml
有些可能会用不到,我把我项目中用到的所有包都贴出来。
1 <dependency> 2 <groupId>org.springframework.boot</groupId> 3 <artifactId>spring-boot-starter-data-redis</artifactId> 4 </dependency> 5 <dependency> 6 <groupId>org.springframework.boot</groupId> 7 <artifactId>spring-boot-starter-security</artifactId> 8 </dependency> 9 <dependency> 10 <groupId>org.springframework.security.oauth</groupId> 11 <artifactId>spring-security-oauth2</artifactId> 12 <version>2.3.3.RELEASE</version> 13 </dependency> 14 <dependency> 15 <groupId>org.springframework.boot</groupId> 16 <artifactId>spring-boot-starter-web</artifactId> 17 </dependency> 18 <dependency> 19 <groupId>org.mybatis.spring.boot</groupId> 20 <artifactId>mybatis-spring-boot-starter</artifactId> 21 <version>1.3.2</version> 22 </dependency> 23 <!-- https://mvnrepository.com/artifact/com.github.pagehelper/pagehelper-spring-boot-starter --> 24 <dependency> 25 <groupId>com.github.pagehelper</groupId> 26 <artifactId>pagehelper-spring-boot-starter</artifactId> 27 <version>1.2.5</version> 28 </dependency> 29 <dependency> 30 <groupId>org.springframework.cloud</groupId> 31 <artifactId>spring-cloud-starter-oauth2</artifactId> 32 </dependency> 33 <dependency> 34 <groupId>org.springframework.cloud</groupId> 35 <artifactId>spring-cloud-starter-security</artifactId> 36 </dependency> 37 38 <dependency> 39 <groupId>org.springframework.boot</groupId> 40 <artifactId>spring-boot-devtools</artifactId> 41 <scope>runtime</scope> 42 </dependency> 43 <dependency> 44 <groupId>org.postgresql</groupId> 45 <artifactId>postgresql</artifactId> 46 <scope>runtime</scope> 47 </dependency> 48 <dependency> 49 <groupId>org.springframework.boot</groupId> 50 <artifactId>spring-boot-starter-test</artifactId> 51 <scope>test</scope> 52 </dependency> 53 <dependency> 54 <groupId>org.springframework.security</groupId> 55 <artifactId>spring-security-test</artifactId> 56 <scope>test</scope> 57 </dependency>
1.2 配置application.properties
1 #server 2 server.port=8080 3 server.servlet.session.timeout=2520000 4 #redis 5 spring.redis.database=0 6 spring.redis.host=172.16.23.203 7 spring.redis.port=6379 8 spring.redis.password= 9 spring.redis.jedis.pool.max-active=8 10 spring.redis.jedis.pool.max-wait=60 11 spring.redis.jedis.pool.max-idle=8 12 spring.redis.jedis.pool.min-idle=0 13 spring.redis.timeout=10000
1.3 资源服务器配置
1 /** 2 * OAuth 资源服务器配置 3 * @author 4 * @date 2018-05-29 5 */ 6 @Configuration 7 @EnableResourceServer 8 public class ResourceServerConfiguration extends ResourceServerConfigurerAdapter { 9 10 private static final String DEMO_RESOURCE_ID = "order"; 11 12 @Override 13 public void configure(ResourceServerSecurityConfigurer resources) { 14 resources.resourceId(DEMO_RESOURCE_ID).stateless(true); 15 } 16 17 @Override 18 public void configure(HttpSecurity http) throws Exception { 19 // Since we want the protected resources to be accessible in the UI as well we need 20 // session creation to be allowed (it's disabled by default in 2.0.6) 21 http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED) 22 .and() 23 .requestMatchers().anyRequest() 24 .and() 25 .anonymous() 26 .and() 27 .authorizeRequests() 28 .antMatchers("/order/**").authenticated();//配置order访问控制,必须认证过后才可以访问 29 } 30 }
1.4 授权服务器配置
1 /** 2 * OAuth 授权服务器配置 3 * @author 4 * @date 2018-05-29 5 */ 6 @Configuration 7 @EnableAuthorizationServer 8 public class AuthorizationServerConfiguration extends AuthorizationServerConfigurerAdapter { 9 10 private static final String DEMO_RESOURCE_ID = "order"; 11 12 @Autowired 13 AuthenticationManager authenticationManager; 14 @Autowired 15 RedisConnectionFactory redisConnectionFactory; 16 17 @Override 18 public void configure(ClientDetailsServiceConfigurer clients) throws Exception { 19 String finalSecret = "{bcrypt}"+new BCryptPasswordEncoder().encode("123456"); 20 //配置两个客户端,一个用于password认证一个用于client认证 21 clients.inMemory() 22 .withClient("client_1") 23 .resourceIds(DEMO_RESOURCE_ID) 24 .authorizedGrantTypes("client_credentials", "refresh_token") 25 .scopes("select") 26 .authorities("oauth2") 27 .secret(finalSecret) 28 .and() 29 .withClient("client_2") 30 .resourceIds(DEMO_RESOURCE_ID) 31 .authorizedGrantTypes("password", "refresh_token") 32 .scopes("select") 33 .authorities("oauth2") 34 .secret(finalSecret); 35 } 36 37 @Override 38 public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception { 39 endpoints 40 .tokenStore(new RedisTokenStore(redisConnectionFactory)) 41 .authenticationManager(authenticationManager) 42 .allowedTokenEndpointRequestMethods(HttpMethod.GET, HttpMethod.POST); 43 } 44 45 @Override 46 public void configure(AuthorizationServerSecurityConfigurer oauthServer) throws Exception { 47 //允许表单认证 48 oauthServer.allowFormAuthenticationForClients(); 49 } 50 }
1.5 Spring Security配置
1 /** 2 * Spring-Security 配置<br> 3 * 具体参考: https://github.com/lexburner/oauth2-demo 4 * @author 5 * @date 2018-05-28 6 */ 7 @Configuration 8 @EnableWebSecurity 9 public class SecurityConfiguration extends WebSecurityConfigurerAdapter { 10 11 @Bean 12 @Override 13 protected UserDetailsService userDetailsService(){ 14 InMemoryUserDetailsManager manager = new InMemoryUserDetailsManager(); 15 BCryptPasswordEncoder bCryptPasswordEncoder = new BCryptPasswordEncoder(); 16 String finalPassword = "{bcrypt}"+bCryptPasswordEncoder.encode("123456"); 17 manager.createUser(User.withUsername("user_1").password(finalPassword).authorities("USER").build()); 18 finalPassword = "{noop}123456"; 19 manager.createUser(User.withUsername("user_2").password(finalPassword).authorities("USER").build()); 20 return manager; 21 } 22 23 @Override 24 protected void configure(HttpSecurity http) throws Exception { 25 http 26 .requestMatchers().anyRequest() 27 .and() 28 .authorizeRequests() 29 .antMatchers("/oauth/*").permitAll(); 30 } 31 32 /** 33 * Spring Boot 2 配置,这里要bean 注入 34 */ 35 @Bean 36 @Override 37 public AuthenticationManager authenticationManagerBean() throws Exception { 38 AuthenticationManager manager = super.authenticationManagerBean(); 39 return manager; 40 } 41 42 @Bean 43 PasswordEncoder passwordEncoder() { 44 return PasswordEncoderFactories.createDelegatingPasswordEncoder(); 45 }
1.6 定义一个资源点
1 @RestController 2 @RequestMapping(value="/") 3 public class TestController { 4 5 @RequestMapping(value="order/demo") 6 public YYModel getDemo() { 7 Authentication auth = SecurityContextHolder.getContext().getAuthentication(); 8 System.out.println(auth); 9 YYModel yy = new YYModel(); 10 yy.setYy("中文"); 11 yy.setZz(3); 12 return yy; 13 } 14 15 @GetMapping("/test") 16 public String getTest() { 17 YYModel yy = new YYModel(); 18 yy.setYy("中文"); 19 yy.setZz(3); 20 return yy.toJSONString(); 21 } 22 }
2. 工具测试
参考: http://blog.didispace.com/spring-security-oauth2-xjf-1/