Spring security oauth2 client_credentials认证 最简单示例代码
基于spring-boot-2.0.0
1,在pom.xml中添加:
<!-- security -->
<!-- https://mvnrepository.com/artifact/org.springframework.security.oauth/spring-security-oauth2 -->
<dependency>
<groupId>org.springframework.security.oauth</groupId>
<artifactId>spring-security-oauth2</artifactId>
<version>2.3.0.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
2,ServerConfig
package com.italkbb.homesecurity.alertmessage.security; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer; @Configuration
@EnableAuthorizationServer
//提供/oauth/authorize,/oauth/token,/oauth/check_token,/oauth/confirm_access,/oauth/error
public class OAuth2ServerConfig extends AuthorizationServerConfigurerAdapter {
@Autowired
PasswordEncoder bCryptPasswordEncoder;//定义在SecurityConfig 中@Bean public PasswordEncoder passwordEncoder() @Override
public void configure(AuthorizationServerSecurityConfigurer oauthServer) throws Exception {
oauthServer.tokenKeyAccess("permitAll()")
.checkTokenAccess("isAuthenticated()") //allow check token
.allowFormAuthenticationForClients();
} @Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients.inMemory()
.withClient("app")
.secret(bCryptPasswordEncoder.encode("app"))
.authorizedGrantTypes("client_credentials", "password", "refresh_token")
.scopes("all")
.resourceIds("oauth2-resource") .and() .withClient("app1")
.secret(bCryptPasswordEncoder.encode("app1"))
.authorizedGrantTypes("client_credentials", "password", "refresh_token")
.scopes("all")
.resourceIds("oauth2-resource1") .accessTokenValiditySeconds(1200)
.refreshTokenValiditySeconds(50000) ; } }
3,ResourceServerConfig
package com.italkbb.homesecurity.alertmessage.security; import org.springframework.context.annotation.Configuration;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter; @Configuration
@EnableResourceServer
public class ResourceServerConfig extends ResourceServerConfigurerAdapter { }
4,SecurityConfig
package com.italkbb.homesecurity.alertmessage.security; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.factory.PasswordEncoderFactories;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
import org.springframework.web.filter.CorsFilter; /**
* Created by wangyunfei on 2017/6/9.
*/
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private DomainUserDetailsService userDetailsService; @Override
protected void configure(HttpSecurity http) throws Exception {
http
.csrf().disable()
.anonymous().disable()
.authorizeRequests()
.antMatchers("/api-docs/**")//至少需要一个
.permitAll();
} @Bean
public FilterRegistrationBean corsFilter() {
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
CorsConfiguration config = new CorsConfiguration();
config.setAllowCredentials(true);
config.addAllowedOrigin("*");
config.addAllowedHeader("*");
config.addAllowedMethod("*");
source.registerCorsConfiguration("/**", config);
FilterRegistrationBean bean = new FilterRegistrationBean(new CorsFilter(source));
bean.setOrder(0);
return bean;
} @Bean
public DomainUserDetailsService userDetailsService(){
return new DomainUserDetailsService();
} @Bean
public PasswordEncoder passwordEncoder() {
System.out.println("============================passwordEncoder ");
// return PasswordEncoderFactories.createDelegatingPasswordEncoder();
return new BCryptPasswordEncoder();
} @Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
System.out.println("============================configure ");
auth.userDetailsService(userDetailsService()).passwordEncoder(passwordEncoder());
} //不定义没有password grant_type
@Override
@Bean
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
} class DomainUserDetailsService implements UserDetailsService {
@Autowired
PasswordEncoder bCryptPasswordEncoder; @Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
System.out.println("============================loadUserByUsername "+username);
return new User("app",bCryptPasswordEncoder.encode("app"),null);
}
} }
现在随便访问你的controller mapping,都说无权限。需要先获取token:
$ curl -H "Accept: application/json" http://localhost/oauth/token -d "grant_type=client_credentials&client_id=app&client_secret=app"
然后再去访问:
http://localhost/api/order/11?access_token=32f044cd-48ef-4382-9a77-7ee35bd9a824
参考:
https://blog.csdn.net/wiselyman/article/details/84901713 用redis保存token。
https://github.com/bigben0123/uaa-zuul
https://atom.peg.ink/blog/2018/04/11/ji-yu-springbootde-api-keyshi-xian/ 自己实现
https://blog.csdn.net/yingziisme/article/details/82635190 报错问题
https://github.com/spring-projects/spring-security-oauth spring官方 oauth2
https://github.com/spring-projects/spring-security-oauth/blob/master/spring-security-oauth2/src/test/resources/schema.sql 自己建立的用户存放库
https://github.com/spring-projects/spring-security-oauth/blob/master/docs/oauth2.md oauth2 developer guide
https://github.com/spring-projects/spring-security-oauth/tree/master/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider 源码,client目录下面有 jdbc和in-mem的实现。
https://github.com/spring-projects/spring-security-oauth/blob/master/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/builders/ClientDetailsServiceBuilder.java withClient, and等方法的实现
http://blog.didispace.com/spring-security-oauth2-xjf-1/ 程序员dd的最全介绍oauth
http://www.tianshouzhi.com/api/tutorials/spring_security_4/266 翻译官方的 spring security。不错!
Spring security oauth2 client_credentials认证 最简单示例代码的更多相关文章
- spring security oauth2 client_credentials模
spring security oauth2 client_credentials模 https://www.jianshu.com/p/1c3eea71410e 序 本文主要简单介绍一下spring ...
- Spring Security OAuth2.0认证授权三:使用JWT令牌
Spring Security OAuth2.0系列文章: Spring Security OAuth2.0认证授权一:框架搭建和认证测试 Spring Security OAuth2.0认证授权二: ...
- Spring Security OAuth2.0认证授权四:分布式系统认证授权
Spring Security OAuth2.0认证授权系列文章 Spring Security OAuth2.0认证授权一:框架搭建和认证测试 Spring Security OAuth2.0认证授 ...
- Spring Security OAuth2.0认证授权五:用户信息扩展到jwt
历史文章 Spring Security OAuth2.0认证授权一:框架搭建和认证测试 Spring Security OAuth2.0认证授权二:搭建资源服务 Spring Security OA ...
- Spring Security OAuth2.0认证授权二:搭建资源服务
在上一篇文章[Spring Security OAuth2.0认证授权一:框架搭建和认证测试](https://www.cnblogs.com/kuangdaoyizhimei/p/14250374. ...
- Spring Security OAuth2.0认证授权六:前后端分离下的登录授权
历史文章 Spring Security OAuth2.0认证授权一:框架搭建和认证测试 Spring Security OAuth2.0认证授权二:搭建资源服务 Spring Security OA ...
- Spring Security OAuth2.0认证授权一:框架搭建和认证测试
一.OAuth2.0介绍 OAuth(开放授权)是一个开放标准,允许用户授权第三方应用访问他们存储在另外的服务提供者上的信息,而不 需要将用户名和密码提供给第三方应用或分享他们数据的所有内容. 1.s ...
- spring security oauth2 jwt 认证和资源分离的配置文件(java类配置版)
最近再学习spring security oauth2.下载了官方的例子sparklr2和tonr2进行学习.但是例子里包含的东西太多,不知道最简单最主要的配置有哪些.所以决定自己尝试搭建简单版本的例 ...
- spring security 3 自定义认证,授权示例
1,建一个web project,并导入所有需要的lib. 2,配置web.xml,使用Spring的机制装载: <?xml version="1.0" encoding=& ...
随机推荐
- Spring 事务与脏读、不可重复读、幻读
索引: 目录索引 参看代码 GitHub: 1.Spring 事务 2.事务行为 一.Spring 事务: Spring 的事务机制是用统一的机制来处理不同数据访问技术的事务处理. Spring 的事 ...
- 使用VBScript 脚本 开机播放声音
前言:环境Window 10 第一步写一个 VBScript 脚本 新建一个文本文档,将下面的代码复制到文本文档中,Ctrl+S保存 将文本文档的.txt 后缀 改为.vbs即可 最后,双击这个 vb ...
- VScode:保存格式化问题,ESLint插件和编辑器本身冲突
我喜欢使用ESLint来保持我的代码的规范性,但是最近遇到问题:就是ctrl+s后变得如下: 我已经解决了:发现原来是编辑器本身的格式化和插件带的格式化起冲突,因为我把两者同时启用:FormatOnS ...
- laravel学习笔记二
代码编写提示工具
- typescript 学习笔记
错的写法 枚举 错误写法 方法可选参 类 子类没有找父类
- 012_call和apply区别
一. function fn(a,b) { console.log(this); } fn.call(null,1,2); //call为参数方式 fn.apply(null,[1,2]); //ap ...
- http协议进阶(五)连接管理
几乎所有的HTTP通信都是由TCP/IP承载的,TCP/IP是全球计算机网络设备都在使用的一种分组交换网络分层协议集. 它的特点是只要连接建立,客户端与服务器之间的报文交换就永远不会丢失.受损或失序. ...
- 判断语句之if...else
判断语句之if...else if语句第二种格式: if...else: 格式: 执行流程 首先判断关系表达式看其结果是true还是false 如果是true就执行语句体1 如果是false就执行语句 ...
- java基础-开发工具IDEA
常用快捷键 查找 查找:Ctrl + F Find In Path: Ctrl + F + Shift (比普通查找多了一个shift) Search EveryWhere : 双击Shift 视图 ...
- PS绘制飘逸彩色丝带教程
一.新建一个大小适当的图像,点击工具栏上的钢笔工具,使用形状图层来绘制出下图的形状. 二.把形状所在层的填充设为0%,填充设成0是不会影响到图层的,不像不透明度那样会影响图层样式的效果. 三.双击丝带 ...