springCloud oauth demo
This commit is contained in:
xjs
parent
d96475b965
commit
0b6a41fba6
|
|
@ -32,6 +32,11 @@
|
|||
<groupId>org.springframework.cloud</groupId>
|
||||
<artifactId>spring-cloud-starter-openfeign</artifactId>
|
||||
</dependency>
|
||||
|
||||
<dependency>
|
||||
<groupId>org.springframework.cloud</groupId>
|
||||
<artifactId>spring-cloud-starter-sleuth</artifactId>
|
||||
</dependency>
|
||||
</dependencies>
|
||||
|
||||
</project>
|
||||
|
|
|
|||
|
|
@ -17,3 +17,9 @@ eureka:
|
|||
instance:
|
||||
prefer-ip-address: true #服务实例中显示ip,而不是显示主机名
|
||||
instance-id: ${spring.cloud.client.ip-address}:${spring.application.name}:${server.port} #实例名称
|
||||
|
||||
|
||||
logging:
|
||||
level:
|
||||
org.springframework.cloud.sleuth: debug
|
||||
org.springframework.web.servlet.DispatcherServlet: debug
|
||||
|
|
|
|||
|
|
@ -27,6 +27,11 @@
|
|||
<groupId>org.springframework.boot</groupId>
|
||||
<artifactId>spring-boot-starter-web</artifactId>
|
||||
</dependency>
|
||||
|
||||
<dependency>
|
||||
<groupId>org.springframework.cloud</groupId>
|
||||
<artifactId>spring-cloud-starter-sleuth</artifactId>
|
||||
</dependency>
|
||||
</dependencies>
|
||||
|
||||
</project>
|
||||
|
|
|
|||
|
|
@ -21,3 +21,9 @@ eureka:
|
|||
#自定义元数据
|
||||
metadata-map:
|
||||
now: 2022
|
||||
|
||||
|
||||
logging:
|
||||
level:
|
||||
org.springframework.cloud.sleuth: debug
|
||||
org.springframework.web.servlet.DispatcherServlet: debug
|
||||
|
|
|
|||
|
|
@ -0,0 +1,45 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<project xmlns="http://maven.apache.org/POM/4.0.0"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
|
||||
<parent>
|
||||
<artifactId>springcloud-project</artifactId>
|
||||
<groupId>com.xjs</groupId>
|
||||
<version>1.0</version>
|
||||
</parent>
|
||||
<modelVersion>4.0.0</modelVersion>
|
||||
<name>oauth2认证授权</name>
|
||||
|
||||
<artifactId>oauth2</artifactId>
|
||||
|
||||
<properties>
|
||||
<maven.compiler.source>11</maven.compiler.source>
|
||||
<maven.compiler.target>11</maven.compiler.target>
|
||||
</properties>
|
||||
|
||||
<dependencies>
|
||||
<dependency>
|
||||
<groupId>org.springframework.cloud</groupId>
|
||||
<artifactId>spring-cloud-starter-netflix-eureka-client</artifactId>
|
||||
</dependency>
|
||||
|
||||
<dependency>
|
||||
<groupId>org.springframework.boot</groupId>
|
||||
<artifactId>spring-boot-starter-web</artifactId>
|
||||
</dependency>
|
||||
|
||||
<dependency>
|
||||
<groupId>org.springframework.cloud</groupId>
|
||||
<artifactId>spring-cloud-starter-oauth2</artifactId>
|
||||
<version>2.2.5.RELEASE</version>
|
||||
</dependency>
|
||||
|
||||
<dependency>
|
||||
<groupId>org.springframework.security.oauth</groupId>
|
||||
<artifactId>spring-security-oauth2</artifactId>
|
||||
<version>2.3.4.RELEASE</version>
|
||||
</dependency>
|
||||
|
||||
</dependencies>
|
||||
|
||||
</project>
|
||||
|
|
@ -0,0 +1,18 @@
|
|||
package com.xjs;
|
||||
|
||||
import org.springframework.boot.SpringApplication;
|
||||
import org.springframework.boot.autoconfigure.SpringBootApplication;
|
||||
import org.springframework.cloud.client.discovery.EnableDiscoveryClient;
|
||||
|
||||
/**
|
||||
* @author xiejs
|
||||
* @since 2022-05-30
|
||||
*/
|
||||
@SpringBootApplication
|
||||
@EnableDiscoveryClient
|
||||
public class OAuthServerApplication9898 {
|
||||
|
||||
public static void main(String[] args) {
|
||||
SpringApplication.run(OAuthServerApplication9898.class, args);
|
||||
}
|
||||
}
|
||||
|
|
@ -0,0 +1,121 @@
|
|||
package com.xjs.config;
|
||||
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.http.HttpMethod;
|
||||
import org.springframework.security.authentication.AuthenticationManager;
|
||||
import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
|
||||
import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
|
||||
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
|
||||
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
|
||||
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;
|
||||
import org.springframework.security.oauth2.provider.token.AuthorizationServerTokenServices;
|
||||
import org.springframework.security.oauth2.provider.token.DefaultTokenServices;
|
||||
import org.springframework.security.oauth2.provider.token.TokenStore;
|
||||
import org.springframework.security.oauth2.provider.token.store.InMemoryTokenStore;
|
||||
|
||||
/**
|
||||
* 授权服务
|
||||
*
|
||||
* @author xiejs
|
||||
* @since 2022-05-30
|
||||
*/
|
||||
@Configuration
|
||||
@EnableAuthorizationServer
|
||||
public class OauthServerConfiger extends AuthorizationServerConfigurerAdapter {
|
||||
|
||||
|
||||
@Autowired
|
||||
private AuthenticationManager authenticationManager;
|
||||
|
||||
/**
|
||||
* 认证服务器最终是以api接口的方式对外提供服务(校验合法性并生成令牌,校验令牌等)<br>
|
||||
* 那么,以api接口方式对外的话,就涉及到接口的访问权限,我们需要在这里进行必要的配置
|
||||
*
|
||||
* @param security 配置
|
||||
* @throws Exception 异常
|
||||
*/
|
||||
@Override
|
||||
public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
|
||||
super.configure(security);
|
||||
|
||||
//相当于打开endpoints,访问接口的开关,这样的话后期我们能够访问该接口
|
||||
security
|
||||
//允许客户端表单认证
|
||||
.allowFormAuthenticationForClients()
|
||||
//开启端口 oauth/token_key的访问权限
|
||||
.tokenKeyAccess("permitAll()")
|
||||
//开启端口 oauth/check_token的访问权限
|
||||
.checkTokenAccess("permitAll()")
|
||||
;
|
||||
}
|
||||
|
||||
/**
|
||||
* 客户端详情配置<br>
|
||||
* 比如client_id,secret<br>
|
||||
* 当前这个服务如同QQ平台,服务作为客户端需要QQ平台进行登录授权认证等,提前需要到QQ平台注册,QQ平台会给服务颁发client_id等必要参数,表明客户端是谁
|
||||
*
|
||||
* @param clients 客户端
|
||||
* @throws Exception 异常
|
||||
*/
|
||||
@Override
|
||||
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
|
||||
super.configure(clients);
|
||||
|
||||
|
||||
clients.inMemory() //客户端信息存储到什么地方,可以再内存中,也可以再数据库里
|
||||
.withClient("client_A") //添加一份client配置,指定client_id
|
||||
.secret("xjs666") //指定客户端的密码/安全码
|
||||
.resourceIds("autodeliver") //指定客户端所能访问的资源id清单,此处的资源id是需要在具体的资源服务
|
||||
.authorizedGrantTypes("password", "refresh_token") //认证类型/令牌颁发模式,可以配置多个,需要客户端调用的时候传递参数
|
||||
.scopes("all") //客户端权限范围
|
||||
;
|
||||
}
|
||||
|
||||
/**
|
||||
* 配置token令牌管理相关
|
||||
*
|
||||
* @param endpoints 令牌
|
||||
* @throws Exception 异常
|
||||
*/
|
||||
@Override
|
||||
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
|
||||
super.configure(endpoints);
|
||||
|
||||
endpoints.tokenStore(this.tokenStore()) //指定token的存储方法
|
||||
.tokenServices(this.authorizationServerTokenServices()) //token服务的一个描述,可以认为是token生成细节的描述
|
||||
.authenticationManager(authenticationManager) //指定认证管理器,随后注入一个到当前类使用即可
|
||||
.allowedTokenEndpointRequestMethods(HttpMethod.GET, HttpMethod.POST)
|
||||
;
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* 该方法用于创建tokenStore对象(令牌存储对象)<br>
|
||||
* token以什么形式存储
|
||||
*/
|
||||
public TokenStore tokenStore() {
|
||||
return new InMemoryTokenStore();
|
||||
}
|
||||
|
||||
/**
|
||||
* 该方法用户获取一个token服务对象(该对象描述了token有效期等信息)
|
||||
*/
|
||||
public AuthorizationServerTokenServices authorizationServerTokenServices() {
|
||||
DefaultTokenServices defaultTokenServices = new DefaultTokenServices();
|
||||
//是否开启令牌刷新
|
||||
defaultTokenServices.setSupportRefreshToken(true);
|
||||
|
||||
defaultTokenServices.setTokenStore(this.tokenStore());
|
||||
|
||||
//设置令牌有效时间
|
||||
defaultTokenServices.setAccessTokenValiditySeconds(10 /** 60*/);
|
||||
|
||||
//设置刷新令牌的有效时间
|
||||
defaultTokenServices.setRefreshTokenValiditySeconds(3 * 60 * 60 * 24);
|
||||
|
||||
return defaultTokenServices;
|
||||
}
|
||||
|
||||
|
||||
}
|
||||
|
|
@ -0,0 +1,66 @@
|
|||
package com.xjs.config;
|
||||
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.security.authentication.AuthenticationManager;
|
||||
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
|
||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
||||
import org.springframework.security.core.userdetails.User;
|
||||
import org.springframework.security.core.userdetails.UserDetails;
|
||||
import org.springframework.security.crypto.password.NoOpPasswordEncoder;
|
||||
import org.springframework.security.crypto.password.PasswordEncoder;
|
||||
|
||||
import java.util.ArrayList;
|
||||
|
||||
/**
|
||||
* 该配置类主要处理用户名和密码的校验等
|
||||
*
|
||||
* @author xiejs
|
||||
* @since 2022-05-30
|
||||
*/
|
||||
@Configuration
|
||||
public class SecurityConfiger extends WebSecurityConfigurerAdapter {
|
||||
|
||||
@Autowired
|
||||
private PasswordEncoder passwordEncoder;
|
||||
|
||||
|
||||
/**
|
||||
* 注册一个认证管理器到容器
|
||||
*/
|
||||
@Override
|
||||
@Bean
|
||||
public AuthenticationManager authenticationManagerBean() throws Exception {
|
||||
return super.authenticationManagerBean();
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* 处理用户名和密码验证
|
||||
* <li>
|
||||
* <ul>客户端传递username和password参数到认证服务器</ul>
|
||||
* <ul>一般来说,username和password会存储在数据库中的用户表中</ul>
|
||||
* <ul>根据用户表中数据,验证当前传递过来的用户信息的合法性</ul>
|
||||
* </li>
|
||||
*/
|
||||
@Override
|
||||
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
|
||||
super.configure(auth);
|
||||
|
||||
//把用户信息配置在内存中,实例化一个用户对象
|
||||
UserDetails user = new User("admin", "123456", new ArrayList<>());
|
||||
|
||||
auth.inMemoryAuthentication()
|
||||
.withUser(user)
|
||||
.passwordEncoder(passwordEncoder)
|
||||
;
|
||||
|
||||
}
|
||||
|
||||
|
||||
@Bean
|
||||
public PasswordEncoder passwordEncoder() {
|
||||
return NoOpPasswordEncoder.getInstance();
|
||||
}
|
||||
}
|
||||
|
|
@ -0,0 +1,18 @@
|
|||
server:
|
||||
port: 9898
|
||||
|
||||
spring:
|
||||
application:
|
||||
name: oauth-server
|
||||
|
||||
#注册到Eureka服务中心
|
||||
eureka:
|
||||
client:
|
||||
service-url:
|
||||
# 注册到集群,就把多个Eureka Server 地址使用逗号连接起来即可,注册到单实例,就写一个
|
||||
defaultZone: http://localhost:8761/eureka,http://localhost:8762/eureka,http://localhost:8763/eureka
|
||||
|
||||
instance:
|
||||
prefer-ip-address: true #服务实例中显示ip,而不是显示主机名
|
||||
instance-id: ${spring.cloud.client.ip-address}:${spring.application.name}:${server.port} #实例名称
|
||||
|
||||
|
|
@ -13,6 +13,7 @@
|
|||
<modules>
|
||||
<module>eureka</module>
|
||||
<module>stream</module>
|
||||
<module>oauth2</module>
|
||||
</modules>
|
||||
|
||||
<artifactId>springcloud-project</artifactId>
|
||||
|
|
|
|||
|
|
@ -28,8 +28,8 @@ eureka:
|
|||
client:
|
||||
serviceUrl: # eureka server的路径
|
||||
defaultZone: http://localhost:8761/eureka,http://localhost:8762/eureka,http://localhost:8763/eureka
|
||||
instance:
|
||||
prefer-ip-address: true #使用ip注册
|
||||
instance-id: ${spring.cloud.client.ip-address}:${spring.application.name}:${server.port} #实例名称
|
||||
instance:
|
||||
prefer-ip-address: true #使用ip注册
|
||||
instance-id: ${spring.cloud.client.ip-address}:${spring.application.name}:${server.port} #实例名称
|
||||
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue