依赖
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-redis</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-oauth2</artifactId>
</dependency>
配置文件
spring:
application:
name: oauth2-server
redis:
host: localhost
port: 6379
database: 1
server:
port: 80
TokenStore
@Configuration
public class RedisTokenStoreConfig {
@Bean
public TokenStore redisTokenStore(RedisConnectionFactory redisConnectionFactory) {
return new RedisTokenStore(redisConnectionFactory);
}
}
WebSecuritry
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
// 登陆页
.formLogin().permitAll()
// 登出页
.and().logout().logoutUrl("/logout").logoutSuccessUrl("/")
// 其余所有请求全部需要鉴权认证
.and().authorizeRequests().anyRequest().authenticated()
// 关闭csrf
.and().csrf().disable();
}
@Bean
public PasswordEncoder passwordEncoder() {
return NoOpPasswordEncoder.getInstance();// new BCryptPasswordEncoder();
}
@Bean
@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
@Bean
public UserDetailsService userDetailsService() {
return new UserDetailsServiceImpl();
}
public static class UserDetailsServiceImpl implements UserDetailsService {
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
...
}
}
}
AuthorizationServer
@Configuration
@EnableAuthorizationServer
public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {
AuthenticationManager authenticationManager;
PasswordEncoder passwordEncoder;
ClientRepository clientRepo;
TokenStore redisTokenStore;
public AuthorizationServerConfig(AuthenticationManager authenticationManager,
PasswordEncoder passwordEncoder,
ClientRepository clientRepo,
TokenStore redisTokenStore
) {
this.authenticationManager = authenticationManager;
this.passwordEncoder = passwordEncoder;
this.clientRepo = clientRepo;
this.redisTokenStore = redisTokenStore;
}
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
// 集成websecurity认证
endpoints.authenticationManager(authenticationManager);
// 注册redis令牌仓库
endpoints.tokenStore(redisTokenStore);
}
@Override
public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
// 允许通过form提交客户端认证信息(client_id,client_secret),默认为basic方式认证
security.allowFormAuthenticationForClients();
// "/oauth/check_token"端点默认不允许访问
security.checkTokenAccess("isAuthenticated()");
// "/oauth/token_key"断点默认不允许访问
security.tokenKeyAccess("isAuthenticated()");
// 配置密码编码器
security.passwordEncoder(passwordEncoder);
}
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
// 注册自定义客户端信息服务
clients.withClientDetails(new ClientDetailsServiceImpl(clientRepo));
}
public static class ClientDetailsServiceImpl implements ClientDetailsService {
@Override
public ClientDetails loadClientByClientId(String clientId) throws ClientRegistrationException {
// 实现客户端信息查询逻辑
}
}
}