spring boot OAuth2 基于角色的授权

本文介绍了spring boot OAuth2 基于角色的授权的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！ 问题描述

我们有一个扩展 AuthorizationServerConfigurerAdapter 的专用授权服务器，我们在其中设置了权限覆盖 v​​oid configure(ClientDetailsS​​erviceConfigurer clients) 方法.

We have a dedicated authorization server extending AuthorizationServerConfigurerAdapter, where we have set authorities overriding void configure(ClientDetailsServiceConfigurer clients) method.

@Configuration @EnableAuthorizationServer protected static class OAuth2Config extends AuthorizationServerConfigurerAdapter { @Value('${oauth.clientId}') private String clientId @Value('${oauth.secret:}') private String secret @Value('${oauth.resourceId}') private String resourceId @Autowired @Qualifier('authenticationManagerBean') private AuthenticationManager authenticationManager @Bean public JwtAccessTokenConverter accessTokenConverter() { return new JwtAccessTokenConverter(); } @Override public void configure(AuthorizationServerSecurityConfigurer oauthServer) throws Exception { oauthServer.checkTokenAccess("permitAll()") oauthServer.allowFormAuthenticationForClients() } @Override public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception { endpoints.authenticationManager(authenticationManager) .accessTokenConverter(accessTokenConverter()) } @Override public void configure(ClientDetailsServiceConfigurer clients) throws Exception { clients.inMemory() .withClient(clientId) .secret(secret) .authorizedGrantTypes("password", "authorization_code", "refresh_token", "implicit") .authorities("USER", "ADMIN") .scopes("read", "write", "trust") .resourceIds(resourceId) }

现在如何使用资源服务器中的权限进行基于角色的授权.我们能够通过授权服务器生成的令牌进行身份验证.需要帮助.

Now how to use the authorities in the resource server for role based authorization. We are able to authenticate via authorization server generated token. Need help.

推荐答案

在资源服务器中，您应该扩展 ResourceServerConfigurerAdapter 来配置 requestMatchers 并为每个资源设置角色.

In the resource server you should extend the ResourceServerConfigurerAdapter to configure the requestMatchers and set the role for each resource.

@Configuration @EnableResourceServer public class OAuth2Config extends ResourceServerConfigurerAdapter { @Value("${keys.public}") private String publicKey; @Override public void configure(HttpSecurity http) throws Exception { http .requestMatchers() .antMatchers("/**") .and() .authorizeRequests() .antMatchers("/service1/**").access("#oauth2.hasScope('ADMIN')") .antMatchers("/service2/**").access("#oauth2.hasScope('USER')"); } @Override public void configure(ResourceServerSecurityConfigurer resources) throws Exception { resources.tokenStore(tokenStore()); } @Bean public TokenStore tokenStore() { return new JwtTokenStore(jwtAccessTokenConverter()); } @Bean public JwtAccessTokenConverter jwtAccessTokenConverter() { JwtAccessTokenConverter tokenConverter = new JwtAccessTokenConverter(); tokenConverter.setVerifierKey(publicKey); return tokenConverter; } }