Spring Cloud(6.3):搭建OAuth2 Resource Server
配置web.xml
添加spring-cloud-starter-security,spring-security-oauth2-autoconfigure2个依赖。
<!-- Spring cloud starter: Security --> <!-- Include: web, actuator, security, zuul, etc. --> <dependency> <groupId>org.springframework.cloud</groupId> <artifactId>spring-cloud-starter-security</artifactId> </dependency> <!-- Spring Security OAuth2 Autoconfigure (optional in spring-cloud-security after 2.1) --> <dependency> <groupId>org.springframework.security.oauth.boot</groupId> <artifactId>spring-security-oauth2-autoconfigure</artifactId> </dependency>
此外,它还是一个Eureka Client和Config Client,如何配置Eureka Client和Config Client请看前面章节。
配置Application
添加@EnableResourceServer注解,声明为OAuth2 Resource Server。
@SpringBootApplication @EnableResourceServer // Enable OAuth2 Resource Server public class ResourceServerApplication { public static void main(String[] args) { SpringApplication.run(ResourceServerApplication.class, args); } }
配置Configer及参数
ResourceServerConfigurer.java
package com.mytools.config; import org.springframework.context.annotation.Configuration; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter; @Configuration public class ResourceServerConfigurer extends ResourceServerConfigurerAdapter { @Override public void configure(HttpSecurity http) throws Exception { //@formatter:off http.authorizeRequests() .antMatchers("/structure-search/**", "/data-search/**").hasAnyRole("SQL_USER") .anyRequest().authenticated(); //@formatter:on } }
application.yml
## Security info security: oauth2: resource: # 定义一个回调URL调用Authorization Server来查看令牌是否有效 # use zuul to replace 'http://server-auth/server-auth/user' userInfoUri: http://localhost:10020/server-zuul/s3/server-auth/user