Spring Security Oauth2入门实践

刘斩仙
148 阅读1分钟

1.引入相关依赖

<dependencies>
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-web</artifactId>
    </dependency>
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-devtools</artifactId>
        <scope>runtime</scope>
        <optional>true</optional>
    </dependency>
    <dependency>
        <groupId>org.springframework.cloud</groupId>
        <artifactId>spring-cloud-starter-security</artifactId>
    </dependency>
    <dependency>
        <groupId>org.springframework.cloud</groupId>
        <artifactId>spring-cloud-starter-oauth2</artifactId>
    </dependency>
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-configuration-processor</artifactId>
        <optional>true</optional>
    </dependency>
    <dependency>
        <groupId>org.projectlombok</groupId>
        <artifactId>lombok</artifactId>
        <optional>true</optional>
    </dependency>
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-test</artifactId>
        <scope>test</scope>
    </dependency>
</dependencies>

<dependencyManagement>
    <dependencies>
        <!-- spring boot 依赖 -->
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-dependencies</artifactId>
            <version>2.3.12.RELEASE</version>
            <type>pom</type>
            <scope>import</scope>
        </dependency>
        <!-- spring cloud 依赖 -->
        <dependency>
            <groupId>org.springframework.cloud</groupId>
            <artifactId>spring-cloud-dependencies</artifactId>
            <version>Hoxton.SR12</version>
            <type>pom</type>
            <scope>import</scope>
        </dependency>
    </dependencies>
</dependencyManagement>

2、 基本配置

2.1、 SpringSecurity配置

@EnableWebSecurity(debug = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests().antMatchers("/oauth/**", "/login/**", "logout/**").permitAll()
                .anyRequest().authenticated()
                .and().formLogin().permitAll()
                .and().csrf().disable();
    }

    @Bean
    public PasswordEncoder getPasswordEncoder() {
        return new BCryptPasswordEncoder();
    }
}

2.2、授权服务器配置

@Configuration
@EnableAuthorizationServer
public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {
    @Autowired
    private PasswordEncoder passwordEncoder;
    @Override
    public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
        clients.inMemory()
                //客户端ID
                .withClient("lzq")
                //密钥
                .secret(passwordEncoder.encode("666"))
                //授权范围
                .scopes("all")
                //重定向地址
                .redirectUris("http://www.baidu.com")
                //授权类型 authorization_code:授权码模式
                .authorizedGrantTypes("authorization_code");
    }
}

2.3、资源服务器配置

@Configuration
@EnableResourceServer
public class ResourceServerConfig extends ResourceServerConfigurerAdapter {

    @Override
    public void configure(HttpSecurity http) throws Exception {
        http.csrf().disable()
                .authorizeRequests()
                .anyRequest()
                .authenticated()
                .and()
                .requestMatchers()
                .antMatchers("/user/**");
    }
}

2.4、自定义User类

@AllArgsConstructor
public class MyUser implements UserDetails {

    private String username;
    private String password;
    private List<GrantedAuthority> authorities;


    @Override
    public Collection<? extends GrantedAuthority> getAuthorities() {
        return authorities;
    }

    @Override
    public String getPassword() {
        return password;
    }

    @Override
    public String getUsername() {
        return username;
    }

    @Override
    public boolean isAccountNonExpired() {
        return true;
    }

    @Override
    public boolean isAccountNonLocked() {
        return true;
    }

    @Override
    public boolean isCredentialsNonExpired() {
        return true;
    }

    @Override
    public boolean isEnabled() {
        return true;
    }
}

2.5、测试授权码模式

2.5.1、添加测试资源接口

//测试接口
@RestController("/user")
public class UserController {

    @RequestMapping("/get")
    public Object getUser(Authentication authentication) {
        return authentication.getPrincipal();
    }
}

2.5.2、获取授权码url:

http://localhost:8080/oauth/authorize?response_type=code&client_id=lzq&redirect_uri=http://www.baidu.com&scope=all

2.5.3、登录后选择ALL(全部授权)跳转到百度并得到code:

屏幕截图 2022-10-29 182013.png

2.5.4、使用apifox测试:

注意:用户名和密码使用的是自定义的clientId和secret

屏幕截图 2022-10-29 182842.png 屏幕截图 2022-10-29 183256.png 屏幕截图 2022-10-29 183519.png

2.5.5、使用返回的token请求测试的资源接口即可获得资源:

屏幕截图 2022-10-29 183804.png

2.6、测试密码模式

2.6.1、授权服务器添加密码授权配置

/**
 * 授权类型 authorization_code:授权码模式
 *         password:密码模式
 */
.authorizedGrantTypes("authorization_code","password");
//重写configure方法,并配置授权管理器及UserDetailService
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
    endpoints.authenticationManager(authenticationManager).userDetailsService(myUserDetailService);
}

在原有参数上添加username和password并填上自定义的值 屏幕截图 2022-10-30 025720.png

avatar
文章
阅读
粉丝