springcloud Oauth2授權,四種授權型別
建立認證伺服器:
pom依賴:
- <?xml version="1.0" encoding="UTF-8"?>
- <project xmlns="http://maven.apache.org/POM/4.0.0"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
- <parent>
- <artifactId>springcloud1</artifactId>
- <groupId>org.example</groupId>
- <version>1.0-SNAPSHOT</version>
- </parent>
- <modelVersion>4.0.0</modelVersion>
- <artifactId>springcloud-oauth-uaa-8003</artifactId>
- <dependencies>
- <dependency>
- <groupId>org.springframework.cloud</groupId>
- <artifactId>spring-cloud-dependencies</artifactId>
- <version>Finchley.RELEASE</version>
- <type>pom</type>
- <scope>import</scope>
- </dependency>
- <dependency>
- <groupId>org.springframework.boot</groupId>
- <artifactId>spring-boot-starter-web</artifactId>
- <version>2.1.4.RELEASE</version>
- </dependency>
- <dependency>
- <groupId>org.springframework.boot</groupId>
- <artifactId>spring-boot-test</artifactId>
- </dependency>
- <dependency>
- <groupId>org.springframework.cloud</groupId>
- <artifactId>spring-cloud-netflix-eureka-client</artifactId>
- </dependency>
- <!-- https://mvnrepository.com/artifact/org.springframework.boot/spring-boot-starter-security -->
- <dependency>
- <groupId>org.springframework.boot</groupId>
- <artifactId>spring-boot-starter-security</artifactId>
- </dependency>
- <!-- https://mvnrepository.com/artifact/org.springframework.cloud/spring-cloud-starter-oauth2 -->
- <dependency>
- <groupId>org.springframework.cloud</groupId>
- <artifactId>spring-cloud-starter-oauth2</artifactId>
- </dependency>
- <!-- https://mvnrepository.com/artifact/org.springframework.security/spring-security-jwt -->
- <dependency>
- <groupId>org.springframework.security</groupId>
- <artifactId>spring-security-jwt</artifactId>
- </dependency>
- </dependencies>
- </project>
建立認證伺服器配置類AuthorizationServerConfigurerAdapter:
- package com.shen.config;
- import jdk.nashorn.internal.parser.Token;
- import org.springframework.beans.factory.annotation.Autowired;
- import org.springframework.context.annotation.Bean;
- import org.springframework.context.annotation.Configuration;
- import org.springframework.http.HttpMethod;
- import org.springframework.security.authentication.AuthenticationManager;
- import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
- import org.springframework.security.crypto.factory.PasswordEncoderFactories;
- import org.springframework.security.crypto.password.PasswordEncoder;
- import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
- import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
- import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
- import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
- import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;
- import org.springframework.security.oauth2.provider.ClientDetailsService;
- import org.springframework.security.oauth2.provider.code.AuthorizationCodeServices;
- import org.springframework.security.oauth2.provider.code.InMemoryAuthorizationCodeServices;
- import org.springframework.security.oauth2.provider.token.AuthorizationServerTokenServices;
- import org.springframework.security.oauth2.provider.token.DefaultTokenServices;
- import org.springframework.security.oauth2.provider.token.TokenStore;
- import org.springframework.security.oauth2.provider.token.store.InMemoryTokenStore;
- @Configuration
- @EnableAuthorizationServer
- public class AuthorizationServer extends AuthorizationServerConfigurerAdapter {
- @Bean
- public PasswordEncoder passwordEncoder() {
- return new BCryptPasswordEncoder();
- }
- @Bean
- public AuthorizationCodeServices authorizationCodeServices(){
- // 配置授權碼服務
- return new InMemoryAuthorizationCodeServices();
- }
- @Bean
- public TokenStore tokenStore(){
- return new InMemoryTokenStore();
- }
- @Autowired
- private TokenStore tokenStore;
- @Autowired
- private AuthorizationCodeServices authorizationCodeServices;
- @Autowired
- private AuthenticationManager authenticationManager;
- @Override
- public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
- clients.inMemory()
- .withClient("client1")
- .secret(new BCryptPasswordEncoder().encode("secret"))
- .authorizedGrantTypes("client_credentials", "password", "refresh_token", "authorization_code")
- .scopes("all")
- .resourceIds("all")
- .autoApprove(false)
- .redirectUris("http://www.baidu.com")
- .accessTokenValiditySeconds(1200)
- .refreshTokenValiditySeconds(50000);
- }
- @Autowired
- private ClientDetailsService clientDetailsService;
- @Bean
- public AuthorizationServerTokenServices tokenServices(){
- DefaultTokenServices services = new DefaultTokenServices();
- services.setClientDetailsService(clientDetailsService);
- services.setSupportRefreshToken(true);
- services.setTokenStore(tokenStore);
- services.setAccessTokenValiditySeconds(7200);
- services.setRefreshTokenValiditySeconds(36000);
- return services;
- }
- @Override
- public void configure(AuthorizationServerSecurityConfigurer oauthServer) throws Exception {
- oauthServer
- .tokenKeyAccess("permitAll()")
- //allow check token
- .checkTokenAccess("permitAll()")
- .allowFormAuthenticationForClients();
- }
- @Override
- public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
- endpoints.
- authenticationManager(authenticationManager)
- .authorizationCodeServices(authorizationCodeServices)
- .tokenServices(tokenServices())
- .allowedTokenEndpointRequestMethods(HttpMethod.POST);
- }
- }
建立security配置實現類WebSecurityConfigurerAdapter:
- package com.shen.config;
- import org.springframework.context.annotation.Bean;
- import org.springframework.context.annotation.Configuration;
- import org.springframework.security.authentication.AuthenticationManager;
- import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
- import org.springframework.security.config.annotation.web.builders.HttpSecurity;
- import org.springframework.security.config.annotation.web.builders.WebSecurity;
- import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
- import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
- import org.springframework.security.crypto.password.PasswordEncoder;
- @Configuration
- public class MySecurityConfig extends WebSecurityConfigurerAdapter {
- private PasswordEncoder passwordEncoder() {
- return new BCryptPasswordEncoder();
- }
- @Override
- @Bean
- public AuthenticationManager authenticationManagerBean() throws Exception {
- return super.authenticationManagerBean();
- }
- @Override
- protected void configure(AuthenticationManagerBuilder auth) throws Exception {
- // Spring Security提供了一套基於記憶體的驗證
- auth.inMemoryAuthentication()
- .passwordEncoder(new BCryptPasswordEncoder())
- .withUser("admin").password(new BCryptPasswordEncoder()
- .encode("123456")).roles("r1");
- }
- @Override
- protected void configure(HttpSecurity http) throws Exception {
- // 決定那些請求被攔截
- http
- .authorizeRequests()
- .antMatchers("/css/**", "/js/**", "/fonts/**", "/index").permitAll() //都可以訪問
- // .antMatchers("").permitAll()// 主路徑放行
- .anyRequest().permitAll()// 其他請求需經過驗證
- .and()
- .formLogin()
- .loginProcessingUrl("/login")
- .permitAll()// 表單登入允許任意許可權訪問
- .and()
- .logout().permitAll();// 登出操作允許任意許可權訪問
- http.csrf().disable();// 關閉預設的csrf認證
- }
- // @Override
- // public void configure(WebSecurity web) throws Exception {
- // web.ignoring().antMatchers("/js'/**", "/css/**", "/images/**");// 對js、css、images不做攔截
- // }
- }
獲取授權碼方式:
授權碼模式:
訪問此連結獲取授權碼:http://localhost:8003/oauth/authorize?response_type=code&client_id=client1&redirect_uri=http://www.baidu.com
這個就是授權碼:
然後通過授權碼獲取token:
密碼模式(直接通過賬號密碼獲取token):
相關文章
- SpringCloud如何配置Eureka授權SpringGCCloud
- OAuth2.0的四種授權模式OAuth模式
- spring security oauth2 password授權模式SpringOAuth模式
- 授權機制與授權模型研究模型
- 認證授權:IdentityServer4 - 各種授權模式應用IDEServer模式
- 管理者的四種不同授權風格
- Ocelot(四)- 認證與授權
- 認證授權方案之授權初識
- oracle顯式授權和隱式授權Oracle
- OAuth的幾種授權方式OAuth
- mysql 授權MySql
- oracle授權Oracle
- 表列授權
- 認證授權方案之授權揭祕 (上篇)
- ASP.NET Core策略授權和 ABP 授權ASP.NET
- 使用釘釘Oauth2授權登入Odoo配置OAuthOdoo
- shiro授權和認證(四)
- 授權物件許可權後的授權者顯示問題物件
- 【認證與授權】Spring Security的授權流程Spring
- 前端微信授權前端
- Laravel授權策略Laravel
- 授權指令碼指令碼
- 對列授權
- 動態授權
- 認證授權
- abp授權原理
- Spring Security OAuth2.0認證授權四:分散式系統認證授權SpringOAuth分散式
- Oauth2認證模式之授權碼模式實現OAuth模式
- 搞定了!OAuth2使用驗證碼進行授權OAuth
- 關於微信公眾號靜默授權和非靜默授權的區別
- 使用java操作ranger,hdfs ranger授權操作,hive ranger授權操作JavaRangerHive
- spring boot 2.0 整合 oauth2 authorization code授權碼模式Spring BootOAuth模式
- OAUTH開放授權OAuth
- 微信網頁授權網頁
- Shiro(授權Authorization)
- 微信小程式——授權微信小程式
- 微信授權(Net Mvc)MVC
- 微信授權管理功能