SpringSecurityOAuth认证配置及Token的存储
⒈pom依赖
1 <dependency> 2 <groupId>org.springframework.boot</groupId> 3 <artifactId>spring-boot-starter-security</artifactId> 4 </dependency> 5 <dependency> 6 <groupId>org.springframework.boot</groupId> 7 <artifactId>spring-boot-starter-data-redis</artifactId> 8 </dependency> 9 <dependency> 10 <groupId>org.springframework.boot</groupId> 11 <artifactId>spring-boot-starter-web</artifactId> 12 </dependency> 13 <dependency> 14 <groupId>org.springframework.security.oauth</groupId> 15 <artifactId>spring-security-oauth2</artifactId> 16 <version>2.3.5.RELEASE</version> 17 </dependency> 18 <dependency> 19 <groupId>commons-collections</groupId> 20 <artifactId>commons-collections</artifactId> 21 <version>3.2.2</version> 22 </dependency> 23 <dependency> 24 <groupId>org.springframework.boot</groupId> 25 <artifactId>spring-boot-starter-test</artifactId> 26 <scope>test</scope> 27 </dependency> 28 <dependency> 29 <groupId>org.springframework.security</groupId> 30 <artifactId>spring-security-test</artifactId> 31 <scope>test</scope> 32 </dependency>
⒉OAuth配置
1 package cn.coreqi.config; 2 3 import org.springframework.beans.factory.annotation.Autowired; 4 import org.springframework.beans.factory.annotation.Qualifier; 5 import org.springframework.context.annotation.Bean; 6 import org.springframework.context.annotation.Configuration; 7 import org.springframework.data.redis.connection.RedisConnectionFactory; 8 import org.springframework.security.authentication.AuthenticationManager; 9 import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration; 10 import org.springframework.security.core.userdetails.UserDetailsService; 11 import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer; 12 import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter; 13 import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer; 14 import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer; 15 import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer; 16 import org.springframework.security.oauth2.provider.token.TokenStore; 17 import org.springframework.security.oauth2.provider.token.store.redis.RedisTokenStore; 18 19 @Configuration 20 @EnableAuthorizationServer //开启认证服务器 21 public class CoreqiAuthorizationServerConfig extends AuthorizationServerConfigurerAdapter { 22 23 @Autowired 24 //@Qualifier("authenticationManagerBean") 25 private AuthenticationManager authenticationManager; 26 27 @Autowired 28 private UserDetailsService userDetailsService; 29 30 /** 31 * TokenStore 负责令牌的存取 32 * @param redisConnectionFactory 33 * @return 34 */ 35 @Bean 36 public TokenStore redisTokenStore(RedisConnectionFactory redisConnectionFactory){ 37 return new RedisTokenStore(redisConnectionFactory); 38 } 39 40 @Autowired 41 private TokenStore redisTokenStore; 42 43 // @Autowired 44 // private AuthenticationConfiguration authenticationConfiguration; 45 46 /** 47 * 针对端点的配置 48 * @param authorizationServerEndpointsConfigurer 49 * @throws Exception 50 */ 51 @Override 52 public void configure(AuthorizationServerEndpointsConfigurer authorizationServerEndpointsConfigurer) throws Exception { 53 //authorizationServerEndpointsConfigurer.authenticationManager(authenticationConfiguration.getAuthenticationManager()); 54 authorizationServerEndpointsConfigurer.tokenStore(redisTokenStore) //将Token存放到Redis中 55 .authenticationManager(authenticationManager) 56 .userDetailsService(userDetailsService); 57 } 58 59 /** 60 * 第三方应用客户端的有关配置 61 * @param clientDetailsServiceConfigurer 62 * @throws Exception 63 */ 64 @Override 65 public void configure(ClientDetailsServiceConfigurer clientDetailsServiceConfigurer) throws Exception { 66 clientDetailsServiceConfigurer.inMemory() 67 .withClient("coreqi") //client_id 68 .secret("coreqiSecret") //client_id的密码 69 .accessTokenValiditySeconds(7200) //令牌的有效时间(单位秒) 70 .redirectUris("https://www.baidu.com") 71 .scopes("all","read","write") //所支持的权限有那些 72 .authorities("COREQI_READ") 73 .authorizedGrantTypes("authorization_code","password"); //针对当前client所支持的授权模式 74 } 75 76 /** 77 * 针对安全性有关的配置 78 * @param security 79 * @throws Exception 80 */ 81 @Override 82 public void configure(AuthorizationServerSecurityConfigurer security) throws Exception { 83 super.configure(security); 84 } 85 }