0. 前言

  之前帐号认证用过自己写的进行匹配,现在要学会使用标准了。准备了解和使用这个OAuth2.0协议。

1. 配置

1.1 配置pom.xml

  有些可能会用不到,我把我项目中用到的所有包都贴出来。

         <dependency>

             <groupId>org.springframework.boot</groupId>

             <artifactId>spring-boot-starter-data-redis</artifactId>

         </dependency>

         <dependency>

             <groupId>org.springframework.boot</groupId>

             <artifactId>spring-boot-starter-security</artifactId>

         </dependency>

         <dependency>

             <groupId>org.springframework.security.oauth</groupId>

             <artifactId>spring-security-oauth2</artifactId>

             <version>2.3.3.RELEASE</version>

         </dependency>

         <dependency>

             <groupId>org.springframework.boot</groupId>

             <artifactId>spring-boot-starter-web</artifactId>

         </dependency>

         <dependency>

             <groupId>org.mybatis.spring.boot</groupId>

             <artifactId>mybatis-spring-boot-starter</artifactId>

             <version>1.3.2</version>

         </dependency>

         <!-- https://mvnrepository.com/artifact/com.github.pagehelper/pagehelper-spring-boot-starter -->

         <dependency>

             <groupId>com.github.pagehelper</groupId>

             <artifactId>pagehelper-spring-boot-starter</artifactId>

             <version>1.2.5</version>

         </dependency>

         <dependency>

             <groupId>org.springframework.cloud</groupId>

             <artifactId>spring-cloud-starter-oauth2</artifactId>

         </dependency>

         <dependency>

             <groupId>org.springframework.cloud</groupId>

             <artifactId>spring-cloud-starter-security</artifactId>

         </dependency>

         <dependency>

             <groupId>org.springframework.boot</groupId>

             <artifactId>spring-boot-devtools</artifactId>

             <scope>runtime</scope>

         </dependency>

         <dependency>

             <groupId>org.postgresql</groupId>

             <artifactId>postgresql</artifactId>

             <scope>runtime</scope>

         </dependency>

         <dependency>

             <groupId>org.springframework.boot</groupId>

             <artifactId>spring-boot-starter-test</artifactId>

             <scope>test</scope>

         </dependency>

         <dependency>

             <groupId>org.springframework.security</groupId>

             <artifactId>spring-security-test</artifactId>

             <scope>test</scope>

         </dependency>

1.2 配置application.properties

 #server

 server.port=8080

 server.servlet.session.timeout=2520000

 #redis

 spring.redis.database=0

 spring.redis.host=172.16.23.203

 spring.redis.port=6379

 spring.redis.password=

 spring.redis.jedis.pool.max-active=8

 spring.redis.jedis.pool.max-wait=60

 spring.redis.jedis.pool.max-idle=8

 spring.redis.jedis.pool.min-idle=0

 spring.redis.timeout=10000

1.3 资源服务器配置

 /**

  * OAuth 资源服务器配置

  * @author

  * @date 2018-05-29

  */

 @Configuration

 @EnableResourceServer

 public class ResourceServerConfiguration extends ResourceServerConfigurerAdapter {

     private static final String DEMO_RESOURCE_ID = "order";

     @Override

     public void configure(ResourceServerSecurityConfigurer resources) {

         resources.resourceId(DEMO_RESOURCE_ID).stateless(true);

     }

     @Override

     public void configure(HttpSecurity http) throws Exception {

         // Since we want the protected resources to be accessible in the UI as well we need

         // session creation to be allowed (it's disabled by default in 2.0.6)

         http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)

             .and()

             .requestMatchers().anyRequest()

             .and()

             .anonymous()

             .and()

             .authorizeRequests()

             .antMatchers("/order/**").authenticated();//配置order访问控制,必须认证过后才可以访问

     }

 }

1.4 授权服务器配置

 /**

  * OAuth 授权服务器配置

  * @author

  * @date 2018-05-29

  */

 @Configuration

 @EnableAuthorizationServer

 public class AuthorizationServerConfiguration extends AuthorizationServerConfigurerAdapter {

     private static final String DEMO_RESOURCE_ID = "order";

     @Autowired

     AuthenticationManager authenticationManager;

     @Autowired

     RedisConnectionFactory redisConnectionFactory;

     @Override

     public void configure(ClientDetailsServiceConfigurer clients) throws Exception {

         String finalSecret = "{bcrypt}"+new BCryptPasswordEncoder().encode("123456");

         //配置两个客户端,一个用于password认证一个用于client认证

         clients.inMemory()

             .withClient("client_1")

             .resourceIds(DEMO_RESOURCE_ID)

             .authorizedGrantTypes("client_credentials", "refresh_token")

             .scopes("select")

             .authorities("oauth2")

             .secret(finalSecret)

             .and()

             .withClient("client_2")

             .resourceIds(DEMO_RESOURCE_ID)

             .authorizedGrantTypes("password", "refresh_token")

             .scopes("select")

             .authorities("oauth2")

             .secret(finalSecret);

     }

     @Override

     public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {

         endpoints

                 .tokenStore(new RedisTokenStore(redisConnectionFactory))

                 .authenticationManager(authenticationManager)

                 .allowedTokenEndpointRequestMethods(HttpMethod.GET, HttpMethod.POST);

     }

     @Override

     public void configure(AuthorizationServerSecurityConfigurer oauthServer) throws Exception {

         //允许表单认证

         oauthServer.allowFormAuthenticationForClients();

     }

 }

1.5 Spring Security配置

 /**

  * Spring-Security 配置<br>

  * 具体参考: https://github.com/lexburner/oauth2-demo

  * @author

  * @date 2018-05-28

  */

 @Configuration

 @EnableWebSecurity

 public class SecurityConfiguration extends WebSecurityConfigurerAdapter {

     @Bean

     @Override

     protected UserDetailsService userDetailsService(){

         InMemoryUserDetailsManager manager = new InMemoryUserDetailsManager();

         BCryptPasswordEncoder bCryptPasswordEncoder = new BCryptPasswordEncoder();

         String finalPassword = "{bcrypt}"+bCryptPasswordEncoder.encode("123456");

         manager.createUser(User.withUsername("user_1").password(finalPassword).authorities("USER").build());

         finalPassword = "{noop}123456";

         manager.createUser(User.withUsername("user_2").password(finalPassword).authorities("USER").build());

         return manager;

     }

     @Override

     protected void configure(HttpSecurity http) throws Exception {

         http

             .requestMatchers().anyRequest()

             .and()

                 .authorizeRequests()

                 .antMatchers("/oauth/*").permitAll();

     }

     /**

      * Spring Boot 2 配置,这里要bean 注入

      */

     @Bean

     @Override

     public AuthenticationManager authenticationManagerBean() throws Exception {

         AuthenticationManager manager = super.authenticationManagerBean();

         return manager;

     }

     @Bean

     PasswordEncoder passwordEncoder() {

         return PasswordEncoderFactories.createDelegatingPasswordEncoder();

     }

1.6 定义一个资源点

 @RestController

 @RequestMapping(value="/")

 public class TestController {

     @RequestMapping(value="order/demo")

     public YYModel getDemo() {

         Authentication auth = SecurityContextHolder.getContext().getAuthentication();

         System.out.println(auth);

         YYModel yy = new YYModel();

         yy.setYy("中文");

         yy.setZz(3);

         return yy;

     }

     @GetMapping("/test")

     public String getTest() {

         YYModel yy = new YYModel();

         yy.setYy("中文");

         yy.setZz(3);

         return yy.toJSONString();

     }

 }

2. 工具测试

  

  

  参考: http://blog.didispace.com/spring-security-oauth2-xjf-1/

Spring Boot 2.0 利用 Spring Security 实现简单的OAuth2.0认证方式1的更多相关文章

  1. Spring Boot 2.0 利用 Spring Security 实现简单的OAuth2.0认证方式2

    0.前言 经过前面一小节已经基本配置好了基于SpringBoot+SpringSecurity+OAuth2.0的环境.这一小节主要对一些写固定InMemory的User和Client进行扩展.实现动 ...

  2. Spring Boot 2(一):Spring Boot 2.0新特性

    Spring Boot 2(一):Spring Boot 2.0新特性 Spring Boot依赖于Spring,而Spring Cloud又依赖于Spring Boot,因此Spring Boot2 ...

  3. Spring Boot 多站点利用 Redis 实现 Session 共享

    如何在不同站点(web服务进程)之间共享会话 Session 呢,原理很简单,就是把这个 Session 独立存储在一个地方,所有的站点都从这个地方读取 Session. 通常我们使用 Redis 来 ...

  4. spring boot 是如何利用jackson进行序列化的?

    接上一篇:spring boot 是如何利用jackson进行反序列化的? @RestController public class HelloController { @RequestMapping ...

  5. spring boot rest 接口集成 spring security(2) - JWT配置

    Spring Boot 集成教程 Spring Boot 介绍 Spring Boot 开发环境搭建(Eclipse) Spring Boot Hello World (restful接口)例子 sp ...

  6. spring boot rest 接口集成 spring security(1) - 最简配置

    Spring Boot 集成教程 Spring Boot 介绍 Spring Boot 开发环境搭建(Eclipse) Spring Boot Hello World (restful接口)例子 sp ...

  7. Spring Boot配置篇(基于Spring Boot 2.0系列)

    1:概述 SpringBoot支持外部化配置,配置文件格式如下所示: properties files yaml files environment variables command-line ar ...

  8. (转)Spring Boot 2 (八):Spring Boot 集成 Memcached

    http://www.ityouknow.com/springboot/2018/09/01/spring-boot-memcached.html Memcached 介绍 Memcached 是一个 ...

  9. Spring Boot 2 (八):Spring Boot 集成 Memcached

    Spring Boot 2 (八):Spring Boot 集成 Memcached 一.Memcached 介绍 Memcached 是一个高性能的分布式内存对象缓存系统,用于动态Web应用以减轻数 ...

随机推荐

  1. django之创建第10个项目-图片上传方式1

    1.upload.HTMl <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang=& ...

  2. C#让控制台程序不显示闪退窗口的方法

    新建一个控制台程序,然后编译为 窗体程序.即可........

  3. KVM安装和配置

    [未验证部分] kvm安装前检查 # 总核数 = 物理CPU个数 X 每颗物理CPU的核数 # 总逻辑CPU数 = 物理CPU个数 X 每颗物理CPU的核数 X 超线程数 # 查看物理CPU个数 ca ...

  4. ios中封装网络和tableview的综合运用

    1:封装网络请求 类 #import <Foundation/Foundation.h> #import "ASIFormDataRequest.h" #import ...

  5. Swift3 颜色转换成图片Image

    Swift3下的转换写法: /// 将颜色转换为图片 /// /// - Parameter color: <#color description#> /// - Returns: < ...

  6. null的数据类型

    Oracle的NULL代表的含义是不确定,那么不确定的东西也会有确定的数据类型吗?或者换个说法,NULL在Oracle中的默认数据类型是什么,下面就来探讨这个问题. 首先公布答案,NULL的默认类型是 ...

  7. ActiveMQ持久化及测试(转)

    转:http://blog.csdn.net/xyw_blog/article/details/9128219 ActiveMQ持久化 消息持久性对于可靠消息传递来说应该是一种比较好的方法,有了消息持 ...

  8. Python 由list转为dictionary

    Python 由list转为dictionary 例如: 原始的 list 形式为: session_item_data=[[100, [10, 11], [12, 13]], [101, [11, ...

  9. C/C++函数指针(typedef简化定义)

    学习要点:        1,函数地址的一般定义和typedef简化定义;        2,函数地址的获取;        3,A函数地址作为B函数参数的传递;    函数存放在内存的代码区域内,它 ...

  10. Http网络协议

    目录结构: contents structure [-] 什么是HTTP协议 Http协议的发展历史 Http的报文结构 客户端请求 服务端响应消息 Content-Type application/ ...