我们有一个扩展 AuthorizationServerConfigurerAdapter 的专用授权服务器,我们在其中设置了权限覆盖 void configure(ClientDetailsServiceConfigurer clients) 方法.
We have a dedicated authorization server extending AuthorizationServerConfigurerAdapter, where we have set authorities overriding void configure(ClientDetailsServiceConfigurer clients) method.
@Configuration @EnableAuthorizationServer protected static class OAuth2Config extends AuthorizationServerConfigurerAdapter { @Value('${oauth.clientId}') private String clientId @Value('${oauth.secret:}') private String secret @Value('${oauth.resourceId}') private String resourceId @Autowired @Qualifier('authenticationManagerBean') private AuthenticationManager authenticationManager @Bean public JwtAccessTokenConverter accessTokenConverter() { return new JwtAccessTokenConverter(); } @Override public void configure(AuthorizationServerSecurityConfigurer oauthServer) throws Exception { oauthServer.checkTokenAccess("permitAll()") oauthServer.allowFormAuthenticationForClients() } @Override public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception { endpoints.authenticationManager(authenticationManager) .accessTokenConverter(accessTokenConverter()) } @Override public void configure(ClientDetailsServiceConfigurer clients) throws Exception { clients.inMemory() .withClient(clientId) .secret(secret) .authorizedGrantTypes("password", "authorization_code", "refresh_token", "implicit") .authorities("USER", "ADMIN") .scopes("read", "write", "trust") .resourceIds(resourceId) }现在如何使用资源服务器中的权限进行基于角色的授权.我们能够通过授权服务器生成的令牌进行身份验证.需要帮助.
Now how to use the authorities in the resource server for role based authorization. We are able to authenticate via authorization server generated token. Need help.
推荐答案在资源服务器中,您应该扩展 ResourceServerConfigurerAdapter 来配置 requestMatchers 并为每个资源设置角色.
In the resource server you should extend the ResourceServerConfigurerAdapter to configure the requestMatchers and set the role for each resource.
@Configuration @EnableResourceServer public class OAuth2Config extends ResourceServerConfigurerAdapter { @Value("${keys.public}") private String publicKey; @Override public void configure(HttpSecurity http) throws Exception { http .requestMatchers() .antMatchers("/**") .and() .authorizeRequests() .antMatchers("/service1/**").access("#oauth2.hasScope('ADMIN')") .antMatchers("/service2/**").access("#oauth2.hasScope('USER')"); } @Override public void configure(ResourceServerSecurityConfigurer resources) throws Exception { resources.tokenStore(tokenStore()); } @Bean public TokenStore tokenStore() { return new JwtTokenStore(jwtAccessTokenConverter()); } @Bean public JwtAccessTokenConverter jwtAccessTokenConverter() { JwtAccessTokenConverter tokenConverter = new JwtAccessTokenConverter(); tokenConverter.setVerifierKey(publicKey); return tokenConverter; } }更多推荐
spring boot OAuth2 基于角色的授权
发布评论