springboot(二十一)oauth2

遨翔在知识的海洋里
114 阅读1分钟

实现使用github登录

github

image.png

image.png

依赖

        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-oauth2-client</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-security</artifactId>
        </dependency>

配置

spring:
  security:
    oauth2:
      client:
        registration:
          github:
            clientId: xxxxx
            clientSecret: xxxxx

security&oauth

@Configuration
@EnableWebSecurity
public class SecurityConfig {

    @Bean
    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
        http
                .csrf(AbstractHttpConfigurer::disable)
                .authorizeHttpRequests(auth -> auth
                        .anyRequest().authenticated()
                )
                .oauth2Login(withDefaults());
        return http.build();
    }
}

测试

@RestController
public class HomeController {
    @GetMapping("/")
    public String index() {
        return "index";
    }
}

进阶

登录前能访问/ /other

登录后能访问 /user

@Configuration
@EnableWebSecurity
public class SecurityConfig {

    @Bean
    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
        http
                .csrf(AbstractHttpConfigurer::disable)
                .authorizeHttpRequests(auth -> auth
                        .requestMatchers("/", "/other").permitAll()
                        .requestMatchers("/user/**").authenticated()
                        .anyRequest().authenticated()
                )
                .oauth2Login(withDefaults())
                .logout(logout -> logout
                        .logoutUrl("/logout")
                        .logoutSuccessUrl("/")
                        .invalidateHttpSession(true)
                        .deleteCookies("JSESSIONID")
                );
        return http.build();
    }
}

密码加密

配置类中配置 PasswordEncoder Bean:

@Configuration
public class SecurityConfig {

    @Bean
    public PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }

}

使用 PasswordEncoder 对密码进行加密:

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RestController;

@RestController
public class MainController {

    @Autowired
    PasswordEncoder passwordEncoder;

    @GetMapping("/")
    public String index() {
        String password = "aa";
        String passwrod2 = passwordEncoder.encode(password);
        System.out.println("passwrod2"+passwrod2);
        return "index";
    }
}

不推荐写法

import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RestController;

@RestController
public class MainController {
    
    @GetMapping("/")
    public String index() {
        String password = "aa";
        BCryptPasswordEncoder bCryptPasswordEncoder = new BCryptPasswordEncoder();
        String passwrod2 = bCryptPasswordEncoder.encode(password);
        System.out.println("passwrod2:"+passwrod2);
        return "index";
    }
}

测试

image.png

avatar
文章
阅读
粉丝