基于spring-boot-2.0.0

1,在pom.xml中添加:

        <!-- security -->

        <!-- https://mvnrepository.com/artifact/org.springframework.security.oauth/spring-security-oauth2 -->

        <dependency>

            <groupId>org.springframework.security.oauth</groupId>

            <artifactId>spring-security-oauth2</artifactId>

            <version>2.3.0.RELEASE</version>

        </dependency>

        <dependency>

            <groupId>org.springframework.boot</groupId>

            <artifactId>spring-boot-starter-security</artifactId>

        </dependency>

2,ServerConfig

package com.italkbb.homesecurity.alertmessage.security;

import org.springframework.beans.factory.annotation.Autowired;

import org.springframework.context.annotation.Bean;

import org.springframework.context.annotation.Configuration;

import org.springframework.security.crypto.password.PasswordEncoder;

import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;

import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;

import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;

import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;

@Configuration

@EnableAuthorizationServer

//提供/oauth/authorize,/oauth/token,/oauth/check_token,/oauth/confirm_access,/oauth/error

public class OAuth2ServerConfig extends AuthorizationServerConfigurerAdapter {

    @Autowired

    PasswordEncoder bCryptPasswordEncoder;//定义在SecurityConfig 中@Bean public PasswordEncoder passwordEncoder()

    @Override

    public void configure(AuthorizationServerSecurityConfigurer oauthServer) throws Exception {

        oauthServer.tokenKeyAccess("permitAll()")

        .checkTokenAccess("isAuthenticated()") //allow check token

        .allowFormAuthenticationForClients();

    }

    @Override

    public void configure(ClientDetailsServiceConfigurer clients) throws Exception {

        clients.inMemory()

            .withClient("app")

            .secret(bCryptPasswordEncoder.encode("app"))

            .authorizedGrantTypes("client_credentials", "password", "refresh_token")

            .scopes("all")

            .resourceIds("oauth2-resource")

            .and()

            .withClient("app1")

            .secret(bCryptPasswordEncoder.encode("app1"))

            .authorizedGrantTypes("client_credentials", "password", "refresh_token")

            .scopes("all")

            .resourceIds("oauth2-resource1")

            .accessTokenValiditySeconds(1200)

            .refreshTokenValiditySeconds(50000)

        ;

    }

}

3,ResourceServerConfig

package com.italkbb.homesecurity.alertmessage.security;

import org.springframework.context.annotation.Configuration;

import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;

import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;

@Configuration

@EnableResourceServer

public class ResourceServerConfig extends ResourceServerConfigurerAdapter {

}

4,SecurityConfig

package com.italkbb.homesecurity.alertmessage.security;

import org.springframework.beans.factory.annotation.Autowired;

import org.springframework.boot.web.servlet.FilterRegistrationBean;

import org.springframework.context.annotation.Bean;

import org.springframework.context.annotation.Configuration;

import org.springframework.security.authentication.AuthenticationManager;

import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;

import org.springframework.security.config.annotation.web.builders.HttpSecurity;

import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

import org.springframework.security.core.userdetails.User;

import org.springframework.security.core.userdetails.UserDetails;

import org.springframework.security.core.userdetails.UserDetailsService;

import org.springframework.security.core.userdetails.UsernameNotFoundException;

import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;

import org.springframework.security.crypto.factory.PasswordEncoderFactories;

import org.springframework.security.crypto.password.PasswordEncoder;

import org.springframework.web.cors.CorsConfiguration;

import org.springframework.web.cors.UrlBasedCorsConfigurationSource;

import org.springframework.web.filter.CorsFilter;

/**

 * Created by wangyunfei on 2017/6/9.

 */

@Configuration

public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired

    private DomainUserDetailsService userDetailsService;

    @Override

    protected void configure(HttpSecurity http) throws Exception {

        http

                .csrf().disable()

                .anonymous().disable()

                .authorizeRequests()

                .antMatchers("/api-docs/**")//至少需要一个

                .permitAll();

    }

    @Bean

    public FilterRegistrationBean corsFilter() {

        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();

        CorsConfiguration config = new CorsConfiguration();

        config.setAllowCredentials(true);

        config.addAllowedOrigin("*");

        config.addAllowedHeader("*");

        config.addAllowedMethod("*");

        source.registerCorsConfiguration("/**", config);

        FilterRegistrationBean bean = new FilterRegistrationBean(new CorsFilter(source));

        bean.setOrder(0);

        return bean;

    }

    @Bean

    public DomainUserDetailsService userDetailsService(){

        return new DomainUserDetailsService();

    }

    @Bean

    public PasswordEncoder passwordEncoder() {

        System.out.println("============================passwordEncoder  ");

//        return PasswordEncoderFactories.createDelegatingPasswordEncoder();

        return new BCryptPasswordEncoder();

    }

    @Override

    protected void configure(AuthenticationManagerBuilder auth) throws Exception {

        System.out.println("============================configure  ");

        auth.userDetailsService(userDetailsService()).passwordEncoder(passwordEncoder());

    }

    //不定义没有password grant_type

    @Override

    @Bean

    public AuthenticationManager authenticationManagerBean() throws Exception {

        return super.authenticationManagerBean();

    }

    class DomainUserDetailsService implements UserDetailsService {

        @Autowired

        PasswordEncoder bCryptPasswordEncoder;

        @Override

        public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {

            System.out.println("============================loadUserByUsername  "+username);

             return new User("app",bCryptPasswordEncoder.encode("app"),null);

        }

    }

}

现在随便访问你的controller mapping,都说无权限。需要先获取token:

$ curl -H "Accept: application/json" http://localhost/oauth/token -d "grant_type=client_credentials&client_id=app&client_secret=app"

然后再去访问:

http://localhost/api/order/11?access_token=32f044cd-48ef-4382-9a77-7ee35bd9a824

参考:

https://blog.csdn.net/wiselyman/article/details/84901713   用redis保存token。

https://github.com/bigben0123/uaa-zuul

https://atom.peg.ink/blog/2018/04/11/ji-yu-springbootde-api-keyshi-xian/ 自己实现

https://blog.csdn.net/yingziisme/article/details/82635190 报错问题

https://github.com/spring-projects/spring-security-oauth spring官方 oauth2

https://github.com/spring-projects/spring-security-oauth/blob/master/spring-security-oauth2/src/test/resources/schema.sql 自己建立的用户存放库

https://github.com/spring-projects/spring-security-oauth/blob/master/docs/oauth2.md oauth2 developer guide

https://github.com/spring-projects/spring-security-oauth/tree/master/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider 源码,client目录下面有 jdbc和in-mem的实现。

https://github.com/spring-projects/spring-security-oauth/blob/master/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/builders/ClientDetailsServiceBuilder.java withClient, and等方法的实现

http://blog.didispace.com/spring-security-oauth2-xjf-1/ 程序员dd的最全介绍oauth

http://www.tianshouzhi.com/api/tutorials/spring_security_4/266  翻译官方的 spring security。不错!

Spring security oauth2 client_credentials认证 最简单示例代码的更多相关文章

  1. spring security oauth2 client_credentials模

    spring security oauth2 client_credentials模 https://www.jianshu.com/p/1c3eea71410e 序 本文主要简单介绍一下spring ...

  2. Spring Security OAuth2.0认证授权三:使用JWT令牌

    Spring Security OAuth2.0系列文章: Spring Security OAuth2.0认证授权一:框架搭建和认证测试 Spring Security OAuth2.0认证授权二: ...

  3. Spring Security OAuth2.0认证授权四:分布式系统认证授权

    Spring Security OAuth2.0认证授权系列文章 Spring Security OAuth2.0认证授权一:框架搭建和认证测试 Spring Security OAuth2.0认证授 ...

  4. Spring Security OAuth2.0认证授权五:用户信息扩展到jwt

    历史文章 Spring Security OAuth2.0认证授权一:框架搭建和认证测试 Spring Security OAuth2.0认证授权二:搭建资源服务 Spring Security OA ...

  5. Spring Security OAuth2.0认证授权二:搭建资源服务

    在上一篇文章[Spring Security OAuth2.0认证授权一:框架搭建和认证测试](https://www.cnblogs.com/kuangdaoyizhimei/p/14250374. ...

  6. Spring Security OAuth2.0认证授权六:前后端分离下的登录授权

    历史文章 Spring Security OAuth2.0认证授权一:框架搭建和认证测试 Spring Security OAuth2.0认证授权二:搭建资源服务 Spring Security OA ...

  7. Spring Security OAuth2.0认证授权一:框架搭建和认证测试

    一.OAuth2.0介绍 OAuth(开放授权)是一个开放标准,允许用户授权第三方应用访问他们存储在另外的服务提供者上的信息,而不 需要将用户名和密码提供给第三方应用或分享他们数据的所有内容. 1.s ...

  8. spring security oauth2 jwt 认证和资源分离的配置文件(java类配置版)

    最近再学习spring security oauth2.下载了官方的例子sparklr2和tonr2进行学习.但是例子里包含的东西太多,不知道最简单最主要的配置有哪些.所以决定自己尝试搭建简单版本的例 ...

  9. spring security 3 自定义认证,授权示例

    1,建一个web project,并导入所有需要的lib. 2,配置web.xml,使用Spring的机制装载: <?xml version="1.0" encoding=& ...

随机推荐

  1. Visual Studio无法调试

    一.最近Visual studio调试不起来,运行完报错 二.解决方法 打开  调试>>>>选项>>>>常规>>>对ASP.NET启用 ...

  2. Android 使用Glide加载网络图片等比例缩放

    在做android图片加载的时候,由于手机屏幕受限,很多大图加载过来的时候,我们要求等比例缩放,比如按照固定的宽度,等比例缩放高度,使得图片的尺寸比例得到相应的缩放,但图片没有变形.显然按照andro ...

  3. C# 进程间通讯

    扩展阅读:http://www.cnblogs.com/joye-shen/archive/2012/06/16/2551864.html 一.进程间通讯的方式 1)共享内存 包括:内存映射文件,共享 ...

  4. location.origin不兼容IE8解决方案

    最近项目中遇到一个问题,在ajax跟后台交互时需要传一个全路径url.项目上线后,在谷歌,火狐,360等浏览器访问一切正常.但唯独IE8下出现问题,提示url:undefined ! 这就尴尬了!!! ...

  5. 前后端分离djangorestframework—— 在线视频平台接入第三方加密防盗录视频

    加密视频 在以后的开发项目中,很可能有做在线视频的,而在线视频就有个问题,因为在线播放,就很有可能视频数据被抓包,如果这个在线视频平台有付费视频的话,这样就会有人做点倒卖视频的生意了,针对这个问题,目 ...

  6. 货车运输-洛谷-1967-LCA+最大生成树(kruskal(并查集))

    传送门 一道:LCA+最大生成树 个人认为把这两个的板子写好(并熟练掌握了之后)就没什么难的 (但我还是de了好久bug)qwq 最大生成树:其实就是最小生成树的变形 我用的是kruskal (个人觉 ...

  7. Atcoder Dwango Programming Contest V

    模拟,做了ABC三题. D难一些,就不会了. 中规中矩的吧... Atcoder DPCV B 题意:给一个序列,求出所有的子串和中AND值最大的k个数的AND. 思路:既然要求AND,那么肯定按位考 ...

  8. Spring Cloud:统一异常处理

    在启动应用时会发现在控制台打印的日志中出现了两个路径为 {[/error]} 的访问地址,当系统中发送异常错误时,Spring Boot 会根据请求方式分别跳转到以 JSON 格式或以界面显示的 /e ...

  9. iOS开发基础篇-手写控件

    一.手写控件的步骤 1)使用相应的控件类创建控件对象: 2)设置该控件的各种属性: 3)添加空间到视图中: 4)如果是 UIButton 等控件,还需考虑控件的单击事件等: 二.添加 UIButton ...

  10. SpringBoot中各配置文件的优先级及加载顺序

    我们在写程序的时候会碰到各种环境(开发.测试.生产),因而,在我们切换环境的时候,我们需要手工切换配置文件的内容.这大大的加大了运维人员的负担,同时会带来一定的安全隐患. 为此,为了能更合理地重写各属 ...