SpringSecurity集成Oauth2.0 实现服务统一管理

一、Oauth 2.0 授权模式

1. 授权码模式(Authorization code)
2. 隐式授权模式(Implicit)
3. 密码模式(Resource owner password credentials)
4. 客户端模式(Client credentials)

二、 创建Oauth2.0 认证服务

基于SpringBoot ,搭建过程在此不做讲解。

1. pom.xml

​ 引入security 和 oauth2 相关包

2. 启动类添加@EnableResourceServer和@EnableAuthorizationServer注解

@EnableResourceServer 表示这是一个需要认证的资源服务

@EnableAuthorizationServer 表示这也是一个认证服务

3. 创建Controller访问

4. 创建WebSecurityConfig配置类



/**
 * 配置Security配置类
 * @author xuyanqi
 * @date 2020-08-30
 */
@Configuration
@Order(1)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    /**
     * 处理验证
     * @return
     * @throws Exception
     */
    @Override
    @Bean
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }


    /**
     * 处理返回的用户信息,用户信息将由Security返回
     * @return
     * @throws Exception
     */
    @Override
    @Bean
    public UserDetailsService userDetailsServiceBean() throws Exception {
        return super.userDetailsServiceBean();
    }

    /**
     * 配置用户及权限
     * @param auth
     * @throws Exception
     */
    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.inMemoryAuthentication()
                .withUser("xuyanqi")
                .password(passwordEncoder().encode("xuyanqi"))
                .roles("admin");
    }


    @Bean
    public  PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }
    /**
     * 配置拦截机制
     * @param http
     * @throws Exception
     */
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.antMatcher("/oauth/**")
                .authorizeRequests()
                .antMatchers("/oauth/**").permitAll()
                .and().csrf().disable();
    }
}

5. 创建Oauth2.0 AuthorizationServerConfig认证配置类


/**
 * 配置Oauth2配置类
 * @author xuyanqi
 * @date 2020-08-30
 */
@Configuration
@Order(2)
public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {
    @Autowired
    private AuthenticationManager authenticationManagerBean;

    @Autowired
    private UserDetailsService userDetailsServiceBean;

    @Autowired
    private PasswordEncoder passwordEncoder;

    /**
     * 定义客户端
     * @param clients
     * @throws Exception
     */
    @Override
    public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
        clients.inMemory()
                //应用名称
                .withClient("test")
                //应用秘钥
                .secret(passwordEncoder.encode("test"))
                // 授权类型
                .authorizedGrantTypes(
                        "refresh_token",
                        "password",
                        "client_credentials"
                )
                // 令牌可操作性的范围
                .scopes("webclient", "mobileclient");
    }

    @Override
    public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
        endpoints.authenticationManager(authenticationManagerBean)
                .userDetailsService(userDetailsServiceBean);
    }

    @Override
    public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
        // 允许Form表单身份验证
        security.allowFormAuthenticationForClients();
    }
}

6. 创建ResourceServiceConfig资源权限配置类

/**
 * 资源权限配置类
 * @author xuyanqi
 */
@Configuration
public class ResourceServiceConfig extends ResourceServerConfigurerAdapter {
    @Override
    public void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests()
                .antMatchers("/spnuser/**")
                .hasAnyRole("admin")
                .anyRequest().authenticated();
    }
}

三、 创建资源服务

1. pom.xml

2. 启动类配置

表示该服务是需要授权的资源服务

3. 配置appliction.yml

server:
  port: 8081
security:
  oauth2:
    client:
      client-id: test
      client-secret: test
      user-authorization-uri: http://localhost:8080/oauth/authorize
      access-token-uri: http://localhost:8080/oauth/token
    resource:
      user-info-uri: http://localhost:8080/spnuser/user

4. 创建Controller访问

posted @ 2020-08-30 22:28  许言琪  阅读(671)  评论(0编辑  收藏  举报