Spring Security OAuth2-基於JDBC儲存令牌
初始化 OAuth2相關表:
https://github.com/spring-projects/spring-security-oauth/blob/master/spring-security-oauth2/src/test/resources/schema.sql由於我們使用的是 MySQL 資料庫,預設建表語句中主鍵為 VARCHAR(256),這超過了最大的主鍵長度,請手動修改為 128,並用 BLOB 替換語句中的 LONGVARBINARY 型別,修改後的建表指令碼如下(一共七張表):
CREATE TABLE `clientdetails` (
`appId` varchar(128) NOT NULL,
`resourceIds` varchar(256) DEFAULT NULL,
`appSecret` varchar(256) DEFAULT NULL,
`scope` varchar(256) DEFAULT NULL,
`grantTypes` varchar(256) DEFAULT NULL,
`redirectUrl` varchar(256) DEFAULT NULL,
`authorities` varchar(256) DEFAULT NULL,
`access_token_validity` int(11) DEFAULT NULL,
`refresh_token_validity` int(11) DEFAULT NULL,
`additionalInformation` varchar(4096) DEFAULT NULL,
`autoApproveScopes` varchar(256) DEFAULT NULL,
PRIMARY KEY (`appId`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
CREATE TABLE `oauth_access_token` (
`token_id` varchar(256) DEFAULT NULL,
`token` blob,
`authentication_id` varchar(128) NOT NULL,
`user_name` varchar(256) DEFAULT NULL,
`client_id` varchar(256) DEFAULT NULL,
`authentication` blob,
`refresh_token` varchar(256) DEFAULT NULL,
PRIMARY KEY (`authentication_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
CREATE TABLE `oauth_approvals` (
`userId` varchar(256) DEFAULT NULL,
`clientId` varchar(256) DEFAULT NULL,
`scope` varchar(256) DEFAULT NULL,
`status` varchar(10) DEFAULT NULL,
`expiresAt` timestamp NULL DEFAULT NULL,
`lastModifiedAt` timestamp NULL DEFAULT NULL
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
CREATE TABLE `oauth_client_details` (
`client_id` varchar(128) NOT NULL,
`resource_ids` varchar(256) DEFAULT NULL,
`client_secret` varchar(256) DEFAULT NULL,
`scope` varchar(256) DEFAULT NULL,
`authorized_grant_types` varchar(256) DEFAULT NULL,
`web_server_redirect_uri` varchar(256) DEFAULT NULL,
`authorities` varchar(256) DEFAULT NULL,
`access_token_validity` int(11) DEFAULT NULL,
`refresh_token_validity` int(11) DEFAULT NULL,
`additional_information` varchar(4096) DEFAULT NULL,
`autoapprove` varchar(256) DEFAULT NULL,
PRIMARY KEY (`client_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
CREATE TABLE `oauth_client_token` (
`token_id` varchar(256) DEFAULT NULL,
`token` blob,
`authentication_id` varchar(128) NOT NULL,
`user_name` varchar(256) DEFAULT NULL,
`client_id` varchar(256) DEFAULT NULL,
PRIMARY KEY (`authentication_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
CREATE TABLE `oauth_code` (
`code` varchar(256) DEFAULT NULL,
`authentication` blob
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
CREATE TABLE `oauth_refresh_token` (
`token_id` varchar(256) DEFAULT NULL,
`token` blob,
`authentication` blob
) ENGINE=InnoDB DEFAULT CHARSET=utf8;對secret進行加密:
public static void main(String[] args) {
System.out.println(new BCryptPasswordEncoder().encode("secret"));
}建立資料(在表oauth_client_details中):
yml:
spring:
application:
name: oauth2-server
datasource:
type: com.zaxxer.hikari.HikariDataSource
driver-class-name: com.mysql.cj.jdbc.Driver
jdbc-url: jdbc:mysql://192.168.141.128:3307/oauth2?useUnicode=true&characterEncoding=utf-8&useSSL=false
username: root
password: 123456
hikari:
minimum-idle: 5
idle-timeout: 600000
maximum-pool-size: 10
auto-commit: true
pool-name: MyHikariCP
max-lifetime: 1800000
connection-timeout: 30000
connection-test-query: SELECT 1
server:
port: 8080
1.配置資料來源
2.告訴oauth2用哪種方式去做
package com.kejin.oauth2.server.config;
import org.springframework.boot.context.properties.ConfigurationProperties;
import org.springframework.boot.jdbc.DataSourceBuilder;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Primary;
import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
import org.springframework.security.oauth2.provider.ClientDetailsService;
import org.springframework.security.oauth2.provider.client.JdbcClientDetailsService;
import org.springframework.security.oauth2.provider.token.TokenStore;
import org.springframework.security.oauth2.provider.token.store.JdbcTokenStore;
import javax.sql.DataSource;
@Configuration
@EnableAuthorizationServer
public class AuthorizationServerConfiguration extends AuthorizationServerConfigurerAdapter {
@Bean
@Primary
@ConfigurationProperties(prefix = "spring.datasource")
public DataSource dataSource() {
// 配置資料來源(注意,我使用的是 HikariCP 連線池),以上註解是指定資料來源,否則會有衝突
return DataSourceBuilder.create().build();
}
@Bean
public TokenStore tokenStore() {
// 基於 JDBC 實現,令牌儲存到資料
return new JdbcTokenStore(dataSource());
}
@Bean
public ClientDetailsService jdbcClientDetails() {
// 基於 JDBC 實現,需要事先在資料庫配置客戶端資訊
return new JdbcClientDetailsService(dataSource());
}
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
// 設定令牌
endpoints.tokenStore(tokenStore());
}
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
// 讀取客戶端配置
clients.withClientDetails(jdbcClientDetails());
}
}
yml:
spring:
application:
name: oauth2-server
datasource:
type: com.zaxxer.hikari.HikariDataSource
driver-class-name: com.mysql.cj.jdbc.Driver
jdbc-url: jdbc:mysql://192.168.141.128:3307/oauth2?useUnicode=true&characterEncoding=utf-8&useSSL=false
username: root
password: 123456
hikari:
minimum-idle: 5
idle-timeout: 600000
maximum-pool-size: 10
auto-commit: true
pool-name: MyHikariCP
max-lifetime: 1800000
connection-timeout: 30000
connection-test-query: SELECT 1
server:
port: 8080
相關文章
- Spring整合Quartz案例使用JDBC儲存方式SpringquartzJDBC
- spring5.0 security oauth2 token 儲存失敗SpringOAuth
- Spring Security OAuth2.0認證授權三:使用JWT令牌SpringOAuthJWT
- 使用 Spring Security JWT 令牌簽名實現 REST API 安全性SpringJWTRESTAPI
- Spring Security 基於URL的許可權判斷Spring
- 浪潮儲存基於智慧運維技術,加速儲存自治運維
- kunbernetes-基於NFS的儲存NFS
- 基於Spring Security實現許可權管理系統Spring
- 爬蟲資料儲存--基於MonogoDB爬蟲MonoGo
- spring security oauth2搭建resource-server demo及token改造成JWT令牌SpringOAuthServerJWT
- 基於多 goroutine 實現令牌桶Go
- jdbc使用call呼叫儲存過程報錯JDBC儲存過程
- 基於Spring Security Role過濾Jackson JSON輸出內容SpringJSON
- KingbaseRAC部署案例之---基於SAN儲存部署
- 基於Ceph物件儲存構建實踐物件
- 基於滴滴雲搭 SeaweedFS 儲存系統
- Spring Boot Security OAuth2 實現支援JWT令牌的授權伺服器Spring BootOAuthJWT伺服器
- 基於RBAC的許可權控制淺析(結合Spring Security)Spring
- 基於Spring Security和 JWT的許可權系統設計SpringJWT
- Spring Security——基於表單登入認證原理及實現Spring
- 基於spring和swagger寫了個引數校驗的方法在此做個儲存SpringSwagger
- 【Spring】jdbcSpringJDBC
- 981. 基於時間的鍵值儲存
- 基於LSM樹的儲存機制簡述
- 981-基於時間的鍵值儲存
- Spring Cloud Alibaba基礎教程:Sentinel使用Apollo儲存規則SpringCloud
- Spring Cloud Alibaba基礎教程:Sentinel使用Nacos儲存規則SpringCloud
- 關於Spring的JDBC連線mysql(與傳統jdbc比較)SpringJDBCMySql
- Spring SecuritySpring
- Spring Boot —— Spring SecuritySpring Boot
- Spring Security原始碼分析八:Spring Security 退出Spring原始碼
- Elasticsearch 基於物件儲存使用快照資料遷移Elasticsearch物件
- 基於EF Core儲存的國際化服務
- 基於TRIZ理論的筷子儲存盒設計
- 基於MFS高可用的分散式儲存架構分散式架構
- Spring Security 6.3基於JWT身份驗證與授權開源專案SpringJWT
- Spring Security 實戰乾貨:基於配置的介面角色訪問控制Spring
- Spring Cloud Alibaba基礎教程:Sentinel Dashboard同步Apollo儲存規則SpringCloud