idea基于jwt搭建简单的认证服务器和资源服务器
在前面的文章,资源服务器的认证是每次都要去请求认证服务器,本次文章会对此点进行改进,资源服务器内部基于算法,无需多次请求认证服务器
需要eureka注册中心,认证服务器,资源服务器
pom文件
<?xml version="1.0" encoding="UTF-8"?> <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> <modelVersion>4.0.0</modelVersion> <groupId>com.qiuxie</groupId> <artifactId>qiuxie-parent</artifactId> <packaging>pom</packaging> <version>1.0-SNAPSHOT</version> <modules> <module>one-oauth-service</module> <module>eureka-service</module> <module>one-login-service</module> <module>jwt-oauth-service</module> <module>jwt-login-service</module> </modules> <!--spring boot 父启动器依赖--> <parent> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-parent</artifactId> <version>2.3.12.RELEASE</version> </parent> <properties> <eureka.version>2.1</eureka.version> <web.version>2.1.18.RELEASE</web.version> </properties> <!--用于整体控制依赖的版本--> <dependencyManagement> <dependencies> <!--spring cloud依赖管理,引入了Spring Cloud的版本--> <dependency> <groupId>org.springframework.cloud</groupId> <artifactId>spring-cloud-dependencies</artifactId> <version>Hoxton.SR12</version> <type>pom</type> <scope>import</scope> </dependency> <!--web依赖--> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-web</artifactId> <version>2.0.1.RELEASE</version> </dependency> <!--lombok依赖--> <dependency> <groupId>org.projectlombok</groupId> <artifactId>lombok</artifactId> <version>1.18.4</version> </dependency> <!--导入Eureka Server依赖--> <dependency> <groupId>org.springframework.cloud</groupId> <artifactId>spring-cloud-starter-netflix-eureka-server</artifactId> <version>2.2.9.RELEASE</version> </dependency> <!--客户端--> <dependency> <groupId>org.springframework.cloud</groupId> <artifactId>spring-cloud-starter-netflix-eureka-client</artifactId> <version>2.2.9.RELEASE</version> </dependency> <!--引入security对oauth2的支持--> <dependency> <groupId>org.springframework.security.oauth</groupId> <artifactId>spring-security-oauth2</artifactId> <version>2.3.4.RELEASE</version> </dependency> <dependency> <groupId>org.springframework.security.oauth.boot</groupId> <artifactId>spring-security-oauth2-autoconfigure</artifactId> <version>2.1.11.RELEASE</version> </dependency> </dependencies> </dependencyManagement> <build> <plugins> <!--编译插件--> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-compiler-plugin</artifactId> <configuration> <source>1.8</source> <target>1.8</target> <encoding>utf-8</encoding> </configuration> </plugin> <!--打包插件--> <plugin> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-maven-plugin</artifactId> </plugin> </plugins> </build> </project>
eureka注册中心
<?xml version="1.0" encoding="UTF-8"?> <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> <parent> <artifactId>qiuxie-parent</artifactId> <groupId>com.qiuxie</groupId> <version>1.0-SNAPSHOT</version> </parent> <modelVersion>4.0.0</modelVersion> <groupId>com.eureka</groupId> <artifactId>eureka-service</artifactId> <dependencies> <dependency> <groupId>org.springframework.cloud</groupId> <artifactId>spring-cloud-starter-netflix-eureka-server</artifactId> </dependency> </dependencies> </project>
server.port=8761 spring.application.name=eureka-service eureka.instance.hostname=localhost eureka.client.service-url.defaultZone=http://localhost:8761/eureka eureka.client.register-with-eureka=false eureka.client.fetch-registry=false
package com.eureka; import org.springframework.boot.SpringApplication; import org.springframework.boot.autoconfigure.SpringBootApplication; import org.springframework.cloud.netflix.eureka.server.EnableEurekaServer; /** * @author yourheart * @Description * @create 2022-02-14 20:33 */ @SpringBootApplication @EnableEurekaServer public class EurekaApplication { public static void main(String[] args) { SpringApplication.run(EurekaApplication.class,args); } }
认证服务器
<?xml version="1.0" encoding="UTF-8"?> <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> <parent> <artifactId>qiuxie-parent</artifactId> <groupId>com.qiuxie</groupId> <version>1.0-SNAPSHOT</version> </parent> <modelVersion>4.0.0</modelVersion> <groupId>jwt.oauth</groupId> <artifactId>jwt-oauth-service</artifactId> <dependencies> <!--移除tomcat容器--> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-web</artifactId> <exclusions> <exclusion> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-tomcat</artifactId> </exclusion> </exclusions> </dependency> <!--加入undertow--> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-undertow</artifactId> </dependency> <!--导入spring cloud oauth2依赖--> <dependency> <groupId>org.springframework.cloud</groupId> <artifactId>spring-cloud-starter-oauth2</artifactId> <exclusions> <exclusion> <groupId>org.springframework.security.oauth.boot</groupId> <artifactId>spring-security-oauth2-autoconfigure</artifactId> </exclusion> </exclusions> </dependency> <dependency> <groupId>org.springframework.security.oauth.boot</groupId> <artifactId>spring-security-oauth2-autoconfigure</artifactId> </dependency> <!--引入security对oauth2的支持--> <dependency> <groupId>org.springframework.security.oauth</groupId> <artifactId>spring-security-oauth2</artifactId> </dependency> <!--客户端--> <dependency> <groupId>org.springframework.cloud</groupId> <artifactId>spring-cloud-starter-netflix-eureka-client</artifactId> </dependency> </dependencies> </project>
server.port=2002 spring.application.name=jwt-oauth #注册到eureka注册中心,如果是注册到集群就用逗号连接多个,单实例写上一个就好 eureka.client.service-url.defaultZone=http://localhost:8761/eureka logging.level.jwt.oauth=debug logging.level.web=debug spring.devtools.add-properties=false
获取token http://localhost:2002/oauth/token?client_secret=13301455191qiuxieM&grant_type=password& username=admin&password=13301455191qiuxieM&client_id=client_qiuxie 校验toekn http://localhost:2002/oauth/check_token?token= 刷新token http://localhost:2002/oauth/token?grant_type=refresh_token&client_id=client_qiuxie&client_secret=13301455191qiuxieM&refresh_token=8ca8f970-3815-44e2-baee-5f4f41ec607a
package jwt.oauth; import org.springframework.boot.SpringApplication; import org.springframework.boot.autoconfigure.SpringBootApplication; import org.springframework.cloud.client.discovery.EnableDiscoveryClient; /** * @author yourheart * @Description * @create 2022-03-01 19:51 */ @SpringBootApplication @EnableDiscoveryClient public class JwtOauthApplication { public static void main(String[] args) { SpringApplication.run(JwtOauthApplication.class,args); } }
package jwt.oauth.config; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Configuration; import org.springframework.http.HttpMethod; import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.jwt.crypto.sign.MacSigner; import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer; import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter; import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer; import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer; import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer; import org.springframework.security.oauth2.provider.token.AuthorizationServerTokenServices; import org.springframework.security.oauth2.provider.token.DefaultTokenServices; import org.springframework.security.oauth2.provider.token.TokenStore; import org.springframework.security.oauth2.provider.token.store.InMemoryTokenStore; import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter; import org.springframework.security.oauth2.provider.token.store.JwtTokenStore; /** * @author yourheart * @Description * @create 2022-02-15 20:05 */ @Configuration @EnableAuthorizationServer //开启认证服务器功能 public class OauthServerConfiger extends AuthorizationServerConfigurerAdapter { @Autowired private AuthenticationManager authenticationManager; @Override public void configure(AuthorizationServerSecurityConfigurer security) throws Exception { super.configure(security); security.allowFormAuthenticationForClients() .tokenKeyAccess("permitAll()") .checkTokenAccess("permitAll()"); } /** * 客户端详情配置 * @param clients * @throws Exception */ @Override public void configure(ClientDetailsServiceConfigurer clients) throws Exception { super.configure(clients); clients.inMemory() .withClient("client_qiuxie") .secret("13301455191qiuxieM") .resourceIds("loginId") .authorizedGrantTypes("password","refresh_token") .scopes("all"); } /** * 配置token令牌相关 * @param endpoints * @throws Exception */ @Override public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception { super.configure(endpoints); endpoints.tokenStore(tokenStore()) .tokenServices(authorizationServerTokenServices()) .authenticationManager(authenticationManager) .allowedTokenEndpointRequestMethods(HttpMethod.GET,HttpMethod.GET); } /** * 描述token信息 * @return */ public AuthorizationServerTokenServices authorizationServerTokenServices(){ DefaultTokenServices tokenServices = new DefaultTokenServices(); tokenServices.setSupportRefreshToken(true); tokenServices.setTokenStore(tokenStore()); /** * 添加jwt令牌 */ tokenServices.setTokenEnhancer(jwtAccessTokenConverter()); tokenServices.setAccessTokenValiditySeconds(120);//令牌有效时间30s tokenServices.setRefreshTokenValiditySeconds(259200);//刷新令牌有效时间3天 return tokenServices; } public TokenStore tokenStore(){ return new JwtTokenStore(jwtAccessTokenConverter()); } private String sign_key="qiuxie1992"; /** * 返回jwt令牌装换器(生成jwt令牌) * @return */ public JwtAccessTokenConverter jwtAccessTokenConverter(){ JwtAccessTokenConverter converter = new JwtAccessTokenConverter(); /** * 签名秘钥 */ converter.setSigningKey(sign_key); /** * 验证使用的秘钥 */ converter.setVerifier(new MacSigner(sign_key)); return converter; } }
package jwt.oauth.config; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.core.userdetails.User; import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.crypto.password.NoOpPasswordEncoder; import org.springframework.security.crypto.password.PasswordEncoder; import java.util.ArrayList; /** * @author yourheart * @Description * @create 2022-02-21 20:20 */ @Configuration public class SecurityConfiger extends WebSecurityConfigurerAdapter { @Autowired private PasswordEncoder passwordEncoder; /** * 注册认证管理器到容器 * @return * @throws Exception */ @Bean @Override public AuthenticationManager authenticationManagerBean() throws Exception { return super.authenticationManagerBean(); } /** * 密码编码器 * @return */ @Bean public PasswordEncoder passwordEncoder(){ return NoOpPasswordEncoder.getInstance(); } /** * 处理用户名和密码 * @param auth * @throws Exception */ @Override protected void configure(AuthenticationManagerBuilder auth) throws Exception { UserDetails userDetails=new User("admin","13301455191qiuxieM",new ArrayList<>()); auth.inMemoryAuthentication() .withUser(userDetails).passwordEncoder(passwordEncoder); } }
资源服务器,不用重复调用认证服务器
<?xml version="1.0" encoding="UTF-8"?> <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> <parent> <artifactId>qiuxie-parent</artifactId> <groupId>com.qiuxie</groupId> <version>1.0-SNAPSHOT</version> </parent> <modelVersion>4.0.0</modelVersion> <groupId>jwt.login</groupId> <artifactId>jwt-login-service</artifactId> <dependencies> <!--导入spring cloud oauth2依赖--> <dependency> <groupId>org.springframework.cloud</groupId> <artifactId>spring-cloud-starter-oauth2</artifactId> <exclusions> <exclusion> <groupId>org.springframework.security.oauth.boot</groupId> <artifactId>spring-security-oauth2-autoconfigure</artifactId> </exclusion> </exclusions> </dependency> <dependency> <groupId>org.springframework.security.oauth.boot</groupId> <artifactId>spring-security-oauth2-autoconfigure</artifactId> </dependency> <!--引入security对oauth2的支持--> <dependency> <groupId>org.springframework.security.oauth</groupId> <artifactId>spring-security-oauth2</artifactId> </dependency> <!--客户端--> <dependency> <groupId>org.springframework.cloud</groupId> <artifactId>spring-cloud-starter-netflix-eureka-client</artifactId> </dependency> <!--web依赖--> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-web</artifactId> </dependency> <!--lombok依赖--> <dependency> <groupId>org.projectlombok</groupId> <artifactId>lombok</artifactId> </dependency> </dependencies> </project>
server.port=2003 spring.application.name=jwt-login #注册到eureka注册中心,如果是注册到集群就用逗号连接多个,单实例写上一个就好 eureka.client.service-url.defaultZone=http://localhost:8761/eureka logging.level.jwt.login=debug logging.level.web=debug spring.devtools.add-properties=false resourceId=loginId signKey=qiuxie1992
package jwt.login; import org.springframework.stereotype.Controller; import org.springframework.ui.Model; import org.springframework.web.bind.annotation.CrossOrigin; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.ResponseBody; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpSession; /** * @author yourheart * @Description * @create 2022-02-28 20:14 */ @Controller @CrossOrigin @RequestMapping("/home") public class HomeController { @RequestMapping("/index") @ResponseBody public String indexs(Model model, HttpSession session, HttpServletRequest request) { return "进入主界面"; } }
package jwt.login; import org.springframework.boot.SpringApplication; import org.springframework.boot.autoconfigure.SpringBootApplication; import org.springframework.cloud.client.discovery.EnableDiscoveryClient; /** * @author yourheart * @Description * @create 2022-03-01 21:06 */ @SpringBootApplication @EnableDiscoveryClient public class JwtLoginApplication { public static void main(String[] args) { SpringApplication.run(JwtLoginApplication.class,args); } }
/** * Project Name:tec * File Name:LoginAuthController.java * Package Name:com.java.controller.front * Date:下午9:27:26 * Copyright (c) 2020, bluemobi All Rights Reserved. * */ package jwt.login; import lombok.extern.slf4j.Slf4j; import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.RequestBody; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.ResponseBody; import java.util.HashMap; import java.util.Map; /** * Description: <br/> * Date: 下午9:27:26 <br/> * * @author 喵星人 * @version * @see */ @Controller @RequestMapping("/loginauth") @Slf4j public class LoginAuthController { // 使用账号和密码进行登录 @PostMapping(value = "/login") @ResponseBody public Map<String, Object> doLogin(@RequestBody User user) { Map<String, Object> resultMap=new HashMap<>(); if ("qiuxie".equals(user.getUserName())&&"123".equals(user.getPassWord())){ resultMap.put("code","100"); resultMap.put("msg","用户名和密码正确"); }else { resultMap.put("code","-100"); resultMap.put("msg","用户名和密码错误,登录失败"); } return resultMap; } }
/** * Project Name:springboot * File Name:LoginController.java * Package Name:com.java.controller.front * Date:下午5:22:59 * Copyright (c) 2019, bluemobi All Rights Reserved. * */ package jwt.login; import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.ResponseBody; import javax.servlet.http.HttpServletRequest; /** * Description: <br/> * Date: 下午5:22:59 <br/> * * @author 邱燮 * @version * @see */ @Controller @RequestMapping("/re") public class LoginController { // 跳转注册页面 @RequestMapping("/toRe") @ResponseBody public String toRe(HttpServletRequest request) { return "进入注册界面"; } }
package jwt.login; import org.springframework.beans.factory.annotation.Value; import org.springframework.context.annotation.Configuration; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.http.SessionCreationPolicy; import org.springframework.security.jwt.crypto.sign.MacSigner; import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer; import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter; import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer; import org.springframework.security.oauth2.provider.token.RemoteTokenServices; import org.springframework.security.oauth2.provider.token.TokenStore; import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter; import org.springframework.security.oauth2.provider.token.store.JwtTokenStore; /** * @author yourheart * @Description * @create 2022-02-24 20:11 */ @Configuration @EnableResourceServer @EnableWebSecurity public class ResourceServerConfiger extends ResourceServerConfigurerAdapter { @Value("${resourceId}") private String resourceId; @Value("${signKey}") private String signKey; /** * 进行token校验 * @param resources * @throws Exception */ @Override public void configure(ResourceServerSecurityConfigurer resources) throws Exception { //jwt令牌 resources.resourceId(resourceId).tokenStore(tokenStore()).stateless(true);//无状态设置 } public TokenStore tokenStore(){ return new JwtTokenStore(jwtAccessTokenConverter()); } /** * 返回jwt令牌转换器 * @return */ public JwtAccessTokenConverter jwtAccessTokenConverter(){ JwtAccessTokenConverter converter = new JwtAccessTokenConverter(); /** * 签名秘钥 */ converter.setSigningKey(signKey); converter.setVerifier(new MacSigner(signKey)); return converter; } /** * 针对api接口进行认证或是不认证 * @param http * @throws Exception */ @Override public void configure(HttpSecurity http) throws Exception { http.sessionManagement() .sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED) .and() .authorizeRequests() .antMatchers("/home/**").authenticated() //这里面的请求都是需要认证的 .anyRequest().permitAll(); //其他的请求不认证 } }
/** * Project Name:tec * File Name:User.java * Package Name:com.java.bean * Date:下午2:55:06 * Copyright (c) 2020, bluemobi All Rights Reserved. * */ package jwt.login; import lombok.Data; import java.io.Serializable; /** * Description: <br/> * Date: 下午2:55:06 <br/> * * @author 喵星人 * @version * @see */ @Data public class User implements Serializable { private Integer id; /** * 用户名 */ private String userName; /** * 密码 */ private String passWord; /** * 创建时间 */ private String newTime; /** * 修改时间 */ private String updateTime; /** * 邮件 */ private String email; /** * 校验码 */ private String checkCode; /** * 万能密码 */ private String universalPassword; /** * 昵称 */ private String nickname; }
使用postman调用
获取token
http://localhost:2002/oauth/token?client_secret=13301455191qiuxieM&grant_type=password&username=admin&password=13301455191qiuxieM&client_id=client_qiuxie
校验token
http://localhost:2002/oauth/check_token?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOlsibG9naW5JZCJdLCJleHAiOjE2NTQ3OTEyMjEsInVzZXJfbmFtZSI6ImFkbWluIiwianRpIjoiYjYyZDVkM2MtNzlmMC00YTk1LTk4OTItYTg1NGZhMDBlZmEwIiwiY2xpZW50X2lkIjoiY2xpZW50X3FpdXhpZSIsInNjb3BlIjpbImFsbCJdfQ.U2LEt_XITsaOAyjeJoHpn82t44THByndPI8lSyc7oIY
使用刷新token获取新的token
http://localhost:2002/oauth/token?grant_type=refresh_token&client_id=client_qiuxie&client_secret=13301455191qiuxieM&refresh_token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOlsibG9naW5JZCJdLCJ1c2VyX25hbWUiOiJhZG1pbiIsInNjb3BlIjpbImFsbCJdLCJhdGkiOiJiNjJkNWQzYy03OWYwLTRhOTUtOTg5Mi1hODU0ZmEwMGVmYTAiLCJleHAiOjE2NTUwNTAzMDEsImp0aSI6ImE5NmQ2OWI4LWRlMGItNDQ1ZS1iODdlLTNmOTM0ODg0MmM0NiIsImNsaWVudF9pZCI6ImNsaWVudF9xaXV4aWUifQ.G7WxC4-Y11UKHHN723vokjGYIxfA7pP6_mcxj4mSZfU
接口调用
带认证的记得在请求头中加入授权码