使用SpringSecurityOAuth2配置自定义Token实现OAuth2授权示例

  本文记录一下使用SpringSecurityOAuth2配置自定义Token实现OAuth2授权的步骤

  1、相关知识

  OAuth协议简介:https://www.cnblogs.com/javasl/p/13054133.html

  OAuth 2.0官网:https://oauth.net/2/

  使用SpringSecurityOAuth2默认实现OAuth2授权示例:https://www.cnblogs.com/javasl/p/13060284.html

  2、构建项目

  本文使用的springboot版本是2.0.4.RELEASE,不同版本可能会有所区别。下面是主要的配置文件和类:

  1)pom依赖

<dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-security</artifactId>
    </dependency>
<dependency>
    <groupId>org.springframework.security.oauth.boot</groupId>
    <artifactId>spring-security-oauth2-autoconfigure</artifactId>
    <version>2.1.3.RELEASE</version>
</dependency>

  2)application.properties

#不需要,暂时写死在代码中,重构时移植到此处即可

  3)主配置类

@EnableWebSecurity
@Configuration
public class WebSecurityConfig extends WebSecurityConfigurerAdapter{
    
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.httpBasic().and().csrf().disable();
    }
    @Bean("authenticationManager")
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }
    @Bean
    public PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }
}

  4)用户认证类

@Component
public class MyUserDetailsService implements UserDetailsService{ @Autowired private PasswordEncoder passwordEncoder; @Override public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException { System.out.println("登录用户名:"+username); String password = passwordEncoder.encode("123456"); return new User(username,password,true,true,true,true, AuthorityUtils.commaSeparatedStringToAuthorityList("admin,ROLE_USER")); } }

  5)认证服务类

@Configuration
@EnableAuthorizationServer
public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter{

    @Autowired
    private AuthenticationManager authenticationManager;
    @Autowired
    private UserDetailsService userDetailsService;
    @Autowired
    private PasswordEncoder passwordEncoder;
    
    @Override
    public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
        endpoints
                 .authenticationManager(authenticationManager)
                 .userDetailsService(userDetailsService);
    }
    @Override
    public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
        clients
               .inMemory()//Token保存在内存中
               .withClient("MyProject").secret(passwordEncoder.encode("MyProject_123"))//指明client-id和client-secret
               .accessTokenValiditySeconds(7200)//令牌有效时间,单位秒
               .authorizedGrantTypes("refresh_token","password","authorization_code")//支持刷新令牌、密码模式、授权码模式
               .scopes("all","read","write")//权限有哪些,如果这两配置了该参数,客户端发请求可以不带参数,使用配置的参数
               .redirectUris("http://127.0.0.1:8080/login");
    }
}

  说明:

  a)client-secret必须加密,否则在后面测试中,总是弹出让输入用户名、密码。

  b)代码中配置了权限,客户端可以不携带scopes参数,如果携带必须是all、read、write或者其组合。

  c)使用授权码模式,必须配置redirectUris,使用密码模式可以不配置,去掉该语句即可。

  6)启动类

@SpringBootApplication
public class App {
    public static void main(String[] args) {
        SpringApplication.run(App.class, args);
    }
}

  3、测试验证

  1)验证默认scope情况获取Token

  

  

  2)验证指定scope情况获取Token

  

  说明:

  a)发送参数是all write,返回scope是all write

  b)发送参数是write read,返回scope是read write

  c)发送除了all read write以外的任何scope值,都返回"Invalid scope",不能用逗号分隔。

  3)验证授权码模式

  a)浏览器输入:http://localhost:8080/oauth/authorize?response_type=code&client_id=MyProject&scope=all

  

  b)输入用户名任意,密码123456

  

  c)点击Authorize,浏览器跳转如下地址,授权码为GPLd04

  

  d)获取Token

  

  

  4、给多个应用发送Token

  修改认证服务类中configure方法,如下,模拟给两个应用发送令牌:

@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
InMemoryClientDetailsServiceBuilder builder
= clients.inMemory(); List<String> list = new ArrayList<String>(); String app1 = "MyProject,MyProject_123,7200"; String app2 = "Test,Test123,10"; list.add(app1); list.add(app2);
String client
= ""; String secret = ""; int accessTokenValiditySeconds; for(String str:list) { client = str.split(",")[0]; secret = str.split(",")[1]; accessTokenValiditySeconds = Integer.valueOf(str.split(",")[2]); builder.withClient(client).secret(passwordEncoder.encode(secret))      .accessTokenValiditySeconds(accessTokenValiditySeconds)
.refreshTokenValiditySeconds(2592000)      .authorizedGrantTypes("refresh_token","password")      .scopes("all","read","write"); } }

  5、使用Redis存储Token

  使用Redis存储Token,当应用重启后,Token不会改变。

  1)引入Redis依赖,并添加配置

<dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-data-redis</artifactId>
</dependency>
spring.redis.host = 192.168.7.151
spring.redis.port = 637

  2)配置TokenStore为Redis

@Configuration
public class TokenStoreConfig {

    @Autowired
    private RedisConnectionFactory redisConnectionFactory;
    
    @Bean
    public TokenStore redisTokenStore() {
        return new RedisTokenStore(redisConnectionFactory);
    }
}

  3)修改认证服务类中configure方法,给endpoints指定Token存储方式为Redis

@Autowired
private TokenStore tokenStore;

@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
        endpoints
             .tokenStore(tokenStore)
             .authenticationManager(authenticationManager)
             .userDetailsService(userDetailsService);
}

  4)演示,初始时候Redis的key为空,当Rest插件请求一次Token后,Redis中写入了数据。重启应用再访问,Token不改变。

  

 

 

 

 

 

  

 

posted @ 2020-06-13 17:52  雷雨客  阅读(9182)  评论(0编辑  收藏  举报