spring cloud security oauth2单点登录

1.maven依赖关系

pom.xml中添加 

     

<!--身份验证服务器>
<dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-web</artifactId> </dependency>
<dependency>
        <groupId>org.springframework.security.oauth</groupId>
        <artifactId>spring-security-oauth2</artifactId>
</dependency>


<dependency> 
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>

  <dependency>
          <groupId>org.springframework.boot</groupId>
          <artifactId>spring-boot-starter-thymeleaf</artifactId>
  </dependency>

2.客户端应用程序的安全配置

/**
 * spring boot 启动类
 */
@EnableFeignClients
// 注册和发现服务
// 需要设置 eureka.client.serviceUrl.defaultZone
@EnableDiscoveryClient
// 断路由
// 开启 hystrix 支持 必须启用此注解
@EnableCircuitBreaker
@EnableOAuth2Sso
@SpringBootApplication
public class AdminWebApplication extends WebSecurityConfigurerAdapter {
    public static void main(String[] args) {
        SpringApplication.run(AdminWebApplication.class, args);
    }

    @Override
    public void configure(HttpSecurity http) throws Exception {
        // @formatter:off
        http.logout().logoutSuccessUrl("/").and().authorizeRequests().anyRequest()
        .authenticated().and().csrf().csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse());
        // @formatter:on
    }
    
    
    @Override
    public void configure(WebSecurity web) throws Exception {
        web.ignoring().antMatchers("/userInfo.xhtml");
    }
}

3.application.yml

server:
  port: ${service.server.port:9091}
  session:
    cookie:
      domain: ifa.com
spring:
  application:
    name: admin-web
  devtools:
    restart:
      enabled: true
  aop:
    proxy-target-class: true

security:
  oauth2:
    sso:
      login-path: /login.xhtml
    client:
      client-id: channel
      client-secret: b8a9cb1c-cc63-4999-8702-983d246c2d66
      access-token-uri: http://passport.auth.com/oauth/token  #URI获取访问令牌
      user-authorization-uri: http://passport.auth.com/oauth/authorize   #授权的URI,用户将被重定向到
      client-authentication-scheme: form  
      scope: app
    resource:
      user-info-uri: http://passport.auth.com/userInfo     #用户端点的URI来获得当前用户详细信息

4.oauth配置

 * 
 */
package com.ifa.cloud.channel;



import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.cloud.client.circuitbreaker.EnableCircuitBreaker;
import org.springframework.cloud.client.discovery.EnableDiscoveryClient;
import org.springframework.cloud.netflix.feign.EnableFeignClients;

@EnableFeignClients
//注册和发现服务
//需要设置 eureka.client.serviceUrl.defaultZone
@EnableDiscoveryClient
//断路由
//开启 hystrix 支持 必须启用此注解
@EnableCircuitBreaker
@SpringBootApplication
public class SSOWebApplication {
    public static void main(String[] args) {
        SpringApplication.run(SSOWebApplication.class, args);
    }
    
}

 

5.配置授权服务器

package com.ifa.cloud.channel.config;




import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.security.oauth2.authserver.AuthorizationServerProperties;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.data.redis.connection.RedisConnectionFactory;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;
import org.springframework.security.oauth2.provider.ClientDetailsService;
import org.springframework.security.oauth2.provider.token.TokenStore;
import org.springframework.security.oauth2.provider.token.store.redis.RedisTokenStore;

import com.ifa.cloud.channel.config.oauth2.ClientDetailsServiceImpl;

import lombok.extern.slf4j.Slf4j;

@Slf4j
@Configuration
@EnableResourceServer
@EnableAuthorizationServer
@EnableConfigurationProperties(AuthorizationServerProperties.class)
public class Oauth2ServerConfig extends AuthorizationServerConfigurerAdapter{
    
    @Bean
    public ResourceServerConfigurer resourceServerConfigurer() {
        return new ResourceServerConfigurer() {
            @Override
            public void configure(HttpSecurity http) throws Exception {
                log.debug("loadding resource server configurer http ...");
                http.antMatcher("/userInfo").authorizeRequests()
                .anyRequest().authenticated();
            }

            @Override
            public void configure(ResourceServerSecurityConfigurer resources) throws Exception {

                
            }
        };
    }
    
    @Autowired
    public RedisConnectionFactory redisConnectionFactory;
    
    @Bean
    public TokenStore tokenStore() {
        log.debug("loadding redis token store ...");
        return new RedisTokenStore(redisConnectionFactory);
    }
    
    @Bean
    public ClientDetailsService clientDetailsService() {
        return new ClientDetailsServiceImpl();
    }
    
    private final AuthenticationManager authenticationManager;

    private final AuthorizationServerProperties properties;
    
    public Oauth2ServerConfig(AuthenticationManager authenticationManager,AuthorizationServerProperties properties) {
        this.authenticationManager = authenticationManager;
        this.properties = properties;
    }
    
    @Override
    public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
        clients.withClientDetails(clientDetailsService());
    }

    @Override
    public void configure(AuthorizationServerEndpointsConfigurer endpoints)
            throws Exception {
        endpoints.tokenStore(tokenStore());
        endpoints.authenticationManager(this.authenticationManager);
    }

    @Override
    public void configure(AuthorizationServerSecurityConfigurer security)
            throws Exception {
        if (this.properties.getCheckTokenAccess() != null) {
            security.checkTokenAccess(this.properties.getCheckTokenAccess());
        }
        if (this.properties.getTokenKeyAccess() != null) {
            security.tokenKeyAccess(this.properties.getTokenKeyAccess());
        }
        if (this.properties.getRealm() != null) {
            security.realm(this.properties.getRealm());
        }
        security.allowFormAuthenticationForClients();
    }
}

 

6.安全配置

/**
 * 
 */
package com.ifa.cloud.channel.config;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

@Configuration
@Order(-20)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
    
    @Autowired
    private AuthenticationManager authenticationManager;
    
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        // @formatter:off
        http
            .formLogin().loginPage("/login.html").failureUrl("/login.html?error").defaultSuccessUrl("/").usernameParameter("username")
            .passwordParameter("password").permitAll()
        .and()
            .requestMatchers().antMatchers("/login.html", "/oauth/authorize", "/oauth/confirm_access")
        .and()
            //除以上路径都需要验证
            .authorizeRequests().anyRequest().authenticated();
        // @formatter:on

//        http.authorizeRequests().antMatchers("/oauth/token").anonymous().antMatchers("/login.html").permitAll()
//                .antMatchers("/**").authenticated().and().httpBasic().and().formLogin().loginPage("/login.html")
//                .failureUrl("/login.html?error").defaultSuccessUrl("/").usernameParameter("username")
//                .passwordParameter("password").and().sessionManagement()
//                .sessionCreationPolicy(SessionCreationPolicy.NEVER);

    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.authenticationProvider(authenticationProvider).parentAuthenticationManager(authenticationManager);
        //auth.inMemoryAuthentication().withUser("admin").password("admin").roles("USER").and().withUser("user")
        //        .password("user").roles("USER");
    }

    @Override
    public void configure(WebSecurity web) throws Exception {
        web.ignoring().antMatchers("/style/**", "/script/**", "/font-awesome/**", "/fonts/**", "/webjars/**");
    }


    @Autowired
    private AuthenticationProvider authenticationProvider;
}

7.用户终端

/**
 * 
 */
package com.ifa.cloud.channel.web.controller;

import java.security.Principal;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
import org.springframework.web.servlet.ModelAndView;

import lombok.extern.slf4j.Slf4j;

@Slf4j
@RestController
public class UserLoginController {
    
    @RequestMapping("/login.html")
    public ModelAndView login(HttpServletRequest request,HttpServletResponse response) {
        return new ModelAndView("login");
    }

    @RequestMapping("/userInfo")
    public Object userinfo(Principal principal) {
        return principal;
    }
}

返回的JSON表示的用户数据。

posted on 2018-03-09 18:00  沫菲  阅读(4084)  评论(0编辑  收藏  举报

导航