spring-securty-oauth2使用例子

oauth2概念

https://www.cnblogs.com/LQBlog/p/16996125.html

環境搭建

1.引入依賴

   <dependency>
            <groupId>org.springframework.cloud</groupId>
            <artifactId>spring-cloud-starter-oauth2</artifactId>
        </dependency>

憑證模式

package com.yxt.datax.auth;

import org.springframework.context.annotation.Configuration;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;

/*
[/oauth/authorize]
[/oauth/token]
[/oauth/check_token]
[/oauth/confirm_access]
[/oauth/token_key]
[/oauth/error]
*/
@Configuration
@EnableAuthorizationServer
public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {

    private final BCryptPasswordEncoder passwordEncoder= new BCryptPasswordEncoder();
    /**
     * ：用來配置客戶端詳情資訊，一般使用資料庫來儲存或讀取應用配置的詳情資訊（client_id ，client_secret，redirect_uri 等配置資訊）。
     * @param clients
     * @throws Exception
     */
    @Override
    public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
        super.configure(clients);
        //基於記憶體模式定義一個oauth2客戶端
        clients.inMemory()
                .withClient("client_1") //客戶端id
                .authorizedGrantTypes("client_credentials")//oatuh2 憑證模式
                .scopes("all","read", "write")
                .authorities("client_credentials")//oatuh2 憑證模式
                .accessTokenValiditySeconds(7200)//token有效期
                 //使用passwordEncoder對密碼進行加密，正常是存在資料庫裡面
                .secret(passwordEncoder.encode("123456"));//客戶端secret
    }

    /**
     * 用來配置令牌端點(Token Endpoint)的安全與許可權訪問。
     * @param security
     * @throws Exception
     */
    @Override
    public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
        super.configure(security);
        //後續根據使用者輸入的密碼來做encode後做比較
        security.passwordEncoder(passwordEncoder);
    }

    /**
     * 用來配置授權以及令牌（Token）的訪問端點和令牌服務（比如：配置令牌的簽名與儲存方式）
     * @param endpoints
     * @throws Exception
     */
    @Override
    public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
        super.configure(endpoints);
    }
}

posman呼叫

crul

curl --location 'http://localhost:8080/oauth/token' \
--header 'Authorization: Basic Y2xpZW50XzE6MTIzNDU2' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Cookie: JSESSIONID=E1211820CB66DAA0880897446BEEB01A' \
--data-urlencode 'grant_type=client_credentials' \
--data-urlencode 'scope=read'