0%

spring-security-auth2

基于内存的使用

认证服务器

ServerConfig.class

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
/**
* @ClassName ServerConfig
* @Description
* @Author yilongwu
* @DATE 2020-04-07 10:09
* @Version 1.0.0
**/
@EnableAuthorizationServer
@Configuration
public class ServerConfig extends AuthorizationServerConfigurerAdapter {


@Autowired
private PasswordEncoder passwordEncoder;

@Override
public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
// 需要允许和客户端认证,要不访问/oauth/token时会出现401
security.allowFormAuthenticationForClients();
}

@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients.inMemory()
.withClient("client")
.secret(passwordEncoder.encode("123456"))
.authorizedGrantTypes("authorization_code")
.scopes("app")
.redirectUris("http://wuyilong.cc")
.resourceIds("wyl");

}


@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
super.configure(endpoints);
}
}

SecurityConfig.class

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
**
* @ClassName SecurityConfig
* @Description
* @Author yilongwu
* @DATE 2020-04-07 10:57
* @Version 1.0.0
**/
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

@Bean
@Override
public UserDetailsService userDetailsServiceBean() throws Exception {
UserDetails details = User.withUsername("admin").password("$2a$10$p1eNmA1Ypwi1CygeA3l8I.qG.sWuPgpAnTRkWBaiNmVcA0EFNZqGK").authorities("p1").build();
return new InMemoryUserDetailsManager(details);
}

@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}

@Override
public void configure(WebSecurity web) throws Exception {
// 需要忽略,要不访问资源服务器的时候会出现403
web.ignoring().antMatchers("/oauth/check_token");
}
}

资源服务器

ResourceConfig.java

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
/**
* @ClassName ResourceServerConfigurer
* @Description
* @Author yilongwu
* @DATE 2020-04-07 14:29
* @Version 1.0.0
**/

@EnableResourceServer
@EnableGlobalMethodSecurity(prePostEnabled = true)
@Configuration
public class ResourceConfig extends ResourceServerConfigurerAdapter {

@Override
public void configure(ResourceServerSecurityConfigurer resources) throws Exception {

// 不能在yml中配置资源id
resources.resourceId("wyl");
}

@Override
public void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/").permitAll()
.antMatchers("/view").hasAuthority("p1");
}
}

application.yml

1
2
3
4
5
6
7
8
9
10
11
server:
port: 8081

security:
oauth2:
client:
client-id: client
client-secret: 123456
scope: app
resource:
token-info-uri: http://localhost:8080/oauth/check_token

项目github地址

springboot-spring-secuity-auth2-inMemory

基于jdbc的使用

认证服务器

SecurityConfig.class

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
/**
* @ClassName SecurityConfig
* @Description
* @Author yilongwu
* @DATE 2020-04-07 10:57
* @Version 1.0.0
**/
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

@Bean
@Override
public UserDetailsService userDetailsServiceBean() throws Exception {
UserDetails details = User.withUsername("admin").password("$2a$10$p1eNmA1Ypwi1CygeA3l8I.qG.sWuPgpAnTRkWBaiNmVcA0EFNZqGK").authorities("p1").build();
return new InMemoryUserDetailsManager(details);
}

@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}

@Override
public void configure(WebSecurity web) throws Exception {
// 需要忽略,要不访问资源服务器的时候会出现403
web.ignoring().antMatchers("/oauth/check_token");
}
}

ServerConfig.class

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
/**
* @ClassName ServerConfig
* @Description
* @Author yilongwu
* @DATE 2020-04-07 10:09
* @Version 1.0.0
**/
@EnableAuthorizationServer
@Configuration
public class ServerConfig extends AuthorizationServerConfigurerAdapter {


@Autowired
private PasswordEncoder passwordEncoder;

@Autowired
private DataSource dataSource;

@Autowired
private UserDetailsService userDetailsServiceBean;


@Bean
public TokenStore tokenStore() {
return new JdbcTokenStore(dataSource);
}

@Bean
public AuthorizationCodeServices authorizationCodeServices() {
return new JdbcAuthorizationCodeServices(dataSource);
}

@Bean
public ApprovalStore approvalStore() {
return new JdbcApprovalStore(dataSource);
}

// @Bean
// public ClientDetailsService clientDetailsService() {
// return new JdbcClientDetailsService(dataSource);
// }



@Override
public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
// 需要允许和客户端认证,要不访问/oauth/token时会出现401
// security.allowFormAuthenticationForClients();
security
.checkTokenAccess("isAuthenticated()")
.allowFormAuthenticationForClients();
}

@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
//
clients.inMemory()
.withClient("client")
.secret(passwordEncoder.encode("123456"))
.authorizedGrantTypes("authorization_code","refresh_token")
.scopes("app")
.redirectUris("http://wuyilong.cc")
.resourceIds("wyl");

// 保存oauth_client_details
// clients.withClientDetails(clientDetailsService());

}


@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {


endpoints// 保存oauth_access_token,oauth_refresh_token
.tokenStore(tokenStore()).userDetailsService(userDetailsServiceBean)
// 保存auth_code
.authorizationCodeServices(authorizationCodeServices())
// 保存oauth_approvals
.approvalStore(approvalStore());
}
}

application.yml

1
2
3
4
5
6
7
8
9
server:
port: 8080

spring:
datasource:
username: root
password: mysqlpwd
url: jdbc:mysql://localhost:3306/oauth2?serverTimezone=UTC&useUnicode=true&characterEncoding=utf-8&useSSL=false
driver-class-name: com.mysql.cj.jdbc.Driver

资源服务器

同上面的内存一样不变

项目地址

springboot-spring-security-auth2-jdbc

  • 上面使用的是官网的数据库
    sql.db

-------------本文结束感谢你的阅读---------