实战笔记"/>
OAuth2实战笔记
1 在父级工程下新建mudule,mudule名称为auth-server
2 在config包下新建两个配置类
OAuth2Config.java
package com.auth.config;import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer; import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter; import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer; import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer; import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer; import org.springframework.security.oauth2.provider.token.TokenStore; import org.springframework.security.oauth2.provider.token.store.InMemoryTokenStore;@Configuration @EnableAuthorizationServer public class OAuth2Config extends AuthorizationServerConfigurerAdapter {@Autowiredprivate AuthenticationManager authenticationManager;private static final String CLIENT_ID = "cms";private static final String SECRET_CHAR_SEQUENCE = "{noop}secret";private static final String ALL = "all";private static final int ACCESS_TOKEN_VALIDITY_SECONDS = 30*60;// 密码模式授权模式private static final String GRANT_TYPE_PASSWORD = "password";//授权码模式private static final String AUTHORIZATION_CODE = "authorization_code";//简化授权模式private static final String IMPLICIT = "implicit";//客户端模式private static final String CLIENT_CREDENTIALS="client_credentials";@Overridepublic void configure(ClientDetailsServiceConfigurer clients) throws Exception {clients.inMemory().withClient(CLIENT_ID).secret(SECRET_CHAR_SEQUENCE).autoApprove(false).redirectUris("http://127.0.0.1:8081/user/login") //重定向uri.scopes(ALL).accessTokenValiditySeconds(ACCESS_TOKEN_VALIDITY_SECONDS).authorizedGrantTypes(AUTHORIZATION_CODE, IMPLICIT, GRANT_TYPE_PASSWORD, CLIENT_CREDENTIALS);}@Overridepublic void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {endpoints.authenticationManager(authenticationManager).tokenStore(memoryTokenStore());}/*** 认证服务器的安全配置** @param security* @throws Exception*/@Overridepublic void configure(AuthorizationServerSecurityConfigurer security) throws Exception {security// 开启/oauth/check_token验证端口认证权限访问,checkTokenAccess("isAuthenticated()")设置授权访问.checkTokenAccess("permitAll()")//允许表单认证.allowFormAuthenticationForClients();}@Beanpublic TokenStore memoryTokenStore() {return new InMemoryTokenStore();}}
application.yml配置如下:
server:port: 8888spring:application:name: auth-server-onecloud:nacos:config:server-addr: localhost:8848file-extension: yml
SecurityConfig.java
package com.auth.config;import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.core.annotation.Order; import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.builders.WebSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;@Configuration @EnableWebSecurity @Order(1) public class SecurityConfig extends WebSecurityConfigurerAdapter {@Overrideprotected void configure(AuthenticationManagerBuilder auth) throws Exception { //auth.inMemoryAuthentication()auth.inMemoryAuthentication().withUser("lxs").password("{noop}123") //使用springsecurity5,需要加上{noop}指定使用NoOpPasswordEncoder给DelegatingPasswordEncoder去校验密码.roles("admin");}@Overridepublic void configure(WebSecurity web) throws Exception {//解决静态资源被拦截的问题 // web.ignoring().antMatchers("/asserts/**");}@Overrideprotected void configure(HttpSecurity http) throws Exception {http.formLogin().permitAll().and().logout().logoutUrl("/logout").logoutSuccessUrl("/").and().authorizeRequests().antMatchers("/oauth/**", "/login/**", "/logout/**", "/api/**").permitAll().anyRequest().authenticated()// 关闭跨域保护;.and().csrf().disable();}@Bean@Overridepublic AuthenticationManager authenticationManagerBean() throws Exception {return super.authenticationManagerBean();}}
3 启动nacos,默认端口是8848
在postman中测试四种模式,以下是从postman中导出json文件
{
"info": {
"_postman_id": "0d5da656-39bc-4606-8628-dfd120a77845",
"name": "T31",
"schema": ".1.0/collection.json"
},
"item": [
{
"name": "oauth2",
"item": [
{
"name": "授权码模式-获取授权码",
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://localhost:8888/oauth/authorize?client_id=cms&client_secret=secret&response_type=code",
"protocol": "http",
"host": [
"localhost"
],
"port": "8888",
"path": [
"oauth",
"authorize"
],
"query": [
{
"key": "client_id",
"value": "cms"
},
{
"key": "client_secret",
"value": "secret"
},
{
"key": "response_type",
"value": "code"
}
]
}
},
"response": []
},
{
"name": "授权模式-通过授权码获得令牌",
"request": {
"auth": {
"type": "basic",
"basic": [
{
"key": "password",
"value": "secret",
"type": "string"
},
{
"key": "username",
"value": "cms",
"type": "string"
}
]
},
"method": "POST",
"header": [],
"url": {
"raw": "http://localhost:8888/oauth/token?code=Ww8fv7&grant_type=authorization_code&redirect_uri=http://127.0.0.1:8084/cms/login&scope=all",
"protocol": "http",
"host": [
"localhost"
],
"port": "8888",
"path": [
"oauth",
"token"
],
"query": [
{
"key": "code",
"value": "Ww8fv7"
},
{
"key": "grant_type",
"value": "authorization_code"
},
{
"key": "redirect_uri",
"value": "http://127.0.0.1:8084/cms/login"
},
{
"key": "scope",
"value": "all"
}
]
}
},
"response": []
},
{
"name": "访问微服务-access_token",
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://localhost:8084/cms/index?access_token=64e77f6b-7cf9-4300-9dcc-eec0695e5756",
"protocol": "http",
"host": [
"localhost"
],
"port": "8084",
"path": [
"cms",
"index"
],
"query": [
{
"key": "access_token",
"value": "64e77f6b-7cf9-4300-9dcc-eec0695e5756"
}
]
}
},
"response": []
},
{
"name": "访问微服务-bearer",
"request": {
"auth": {
"type": "bearer",
"bearer": [
{
"key": "token",
"value": "222490ef-e832-4b84-a893-e9c7403cccb6",
"type": "string"
}
]
},
"method": "GET",
"header": [],
"url": {
"raw": "http://localhost:8084/cms/index",
"protocol": "http",
"host": [
"localhost"
],
"port": "8084",
"path": [
"cms",
"index"
]
}
},
"response": []
},
{
"name": "getCurrent-获得身份认证",
"request": {
"auth": {
"type": "bearer",
"bearer": [
{
"key": "token",
"value": "300d374b-635c-43b8-a11a-0ab64af70b5f",
"type": "string"
}
]
},
"method": "GET",
"header": [],
"url": {
"raw": "http://localhost:8084/cms/getCurrentUser",
"protocol": "http",
"host": [
"localhost"
],
"port": "8084",
"path": [
"cms",
"getCurrentUser"
],
"query": [
{
"key": "access_token",
"value": "300d374b-635c-43b8-a11a-0ab64af70b5f",
"disabled": true
}
]
}
},
"response": []
},
{
"name": "密码模式-获得token",
"request": {
"auth": {
"type": "basic",
"basic": [
{
"key": "username",
"value": "cms",
"type": "string"
},
{
"key": "password",
"value": "secret",
"type": "string"
}
]
},
"method": "POST",
"header": [],
"url": {
"raw": "http://localhost:8888/oauth/token?password=123&grant_type=password&username=lxs&scope=all",
"protocol": "http",
"host": [
"localhost"
],
"port": "8888",
"path": [
"oauth",
"token"
],
"query": [
{
"key": "password",
"value": "123"
},
{
"key": "grant_type",
"value": "password"
},
{
"key": "username",
"value": "lxs"
},
{
"key": "scope",
"value": "all"
}
]
}
},
"response": []
},
{
"name": "简化模式-获得token",
"request": {
"auth": {
"type": "noauth"
},
"method": "GET",
"header": [],
"url": {
"raw": "http://localhost:8888/oauth/authorize?client_id=cms&redirect_uri=http://127.0.0.1:8084/cms/login&response_type=token&scope=all",
"protocol": "http",
"host": [
"localhost"
],
"port": "8888",
"path": [
"oauth",
"authorize"
],
"query": [
{
"key": "client_id",
"value": "cms"
},
{
"key": "redirect_uri",
"value": "http://127.0.0.1:8084/cms/login"
},
{
"key": "response_type",
"value": "token"
},
{
"key": "scope",
"value": "all"
}
]
}
},
"response": []
},
{
"name": "授权模式-客户端模式",
"request": {
"auth": {
"type": "noauth"
},
"method": "POST",
"header": [],
"url": {
"raw": "http://localhost:8888/oauth/token?client_id=cms&client_secret=secret&grant_type=client_credentials&scope=all",
"protocol": "http",
"host": [
"localhost"
],
"port": "8888",
"path": [
"oauth",
"token"
],
"query": [
{
"key": "client_id",
"value": "cms"
},
{
"key": "client_secret",
"value": "secret"
},
{
"key": "grant_type",
"value": "client_credentials"
},
{
"key": "scope",
"value": "all"
}
]
}
},
"response": []
},
{
"name": "验证令牌",
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://localhost:8888/oauth/check_token?token=66b05a2e-c277-4fab-81d3-aee74635c2fd",
"protocol": "http",
"host": [
"localhost"
],
"port": "8888",
"path": [
"oauth",
"check_token"
],
"query": [
{
"key": "token",
"value": "66b05a2e-c277-4fab-81d3-aee74635c2fd"
}
]
}
},
"response": []
}
]
},
{
"name": "1-密码模式-获得token",
"request": {
"auth": {
"type": "basic",
"basic": [
{
"key": "password",
"value": "123456",
"type": "string"
},
{
"key": "username",
"value": "client",
"type": "string"
}
]
},
"method": "POST",
"header": [],
"url": {
"raw": "http://localhost:9098/oauth/token?password=admin&grant_type=password&username=liuguoliang&scope=read",
"protocol": "http",
"host": [
"localhost"
],
"port": "9098",
"path": [
"oauth",
"token"
],
"query": [
{
"key": "password",
"value": "admin"
},
{
"key": "grant_type",
"value": "password"
},
{
"key": "username",
"value": "liuguoliang"
},
{
"key": "scope",
"value": "read"
}
]
}
},
"response": []
},
{
"name": "2-授权测试-order",
"request": {
"auth": {
"type": "bearer",
"bearer": [
{
"key": "token",
"value": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE2MzY2MTkzMzQsInVzZXJfbmFtZSI6ImxpdWd1b2xpYW5nIiwianRpIjoiMjJjYzIyOWQtZDRjZS00NWY1LTkyOGUtOWRkZTc1YjA1ZGNiIiwiY2xpZW50X2lkIjoiY2xpZW50Iiwic2NvcGUiOlsicmVhZCJdfQ.mXpIMRJYx08VmD7OHpdAEtEWNwLuMPH5n4DcF11NBbr6-VkWdDrmXt1axakhKdtJlZTSis-Rslq0bO4m3aH4QxMT2kAaizxRfPTSDu-vPwNkZPI5XmNCAAm_iuC559Z2ew8EEfQ8tMDP8sWWMjeOELj_0nutBa5NdOWUJEsEaVocRKeau6Hht9KXMsDM1cVmgdPbRCX8eGkvVJuXwaWrXuTPbBHhFpVG6flZGH86N_kFcGHehDPkqB-JdUe3EE9X2aroXuluAbSu6YVqEr4QtFaPR2YZ_m_rdEZuJ4Z1oHWXMN2mbqOj1tzkkBaDDEzIADxEHNu_uuNsW7jRJpiSrw",
"type": "string"
}
]
},
"method": "GET",
"header": [],
"url": {
"raw": "http://localhost:9001/order/123",
"protocol": "http",
"host": [
"localhost"
],
"port": "9001",
"path": [
"order",
"123"
]
}
},
"response": []
},
{
"name": "3-授权测试-admin",
"request": {
"auth": {
"type": "bearer",
"bearer": [
{
"key": "token",
"value": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE2MzY2MTkyODksInVzZXJfbmFtZSI6ImFkbWluIiwiYXV0aG9yaXRpZXMiOlsiUk9MRV9BRE1JTiJdLCJqdGkiOiJjMTMzMDMzZS1jNTg4LTRmZTQtOTFiZC0yOTQzZjVjNTNhMDAiLCJjbGllbnRfaWQiOiJjbGllbnQiLCJzY29wZSI6WyJyZWFkIl19.CVjqhtBWDyYVy6nVc-fGmRpF78I9qD-RtQh6aEZFMmD9AMnjPMdBSSWoQAaH3DLjEBoKKIPVglZfRKz9pdI2KWB3_sDoDvmXiDKsuaFMV2KrBe_YF0Dh6ll_qf6DcKZVeeG4O4lr2ENeDPROOP6ArUnrSxxPSxuyeQgZNDLj7WpMH4uKpAjNippSQ-qItuHXFPQpKhm-6DPzrdoxR778IavVYcQ7rQXmGC-3Ur74X-hdlU1pIAvMp36qMgxUmLdRPVm7d7b9mCgTf7IaWZWz2RvTdbZFAkud85Sy5MQuY8DiGT46wNcRj_ivKToyNVd9ApvxiIhzxEv5Lyxdf_0Ecg",
"type": "string"
}
]
},
"method": "GET",
"header": [],
"url": {
"raw": "http://localhost:9001/admin/123",
"protocol": "http",
"host": [
"localhost"
],
"port": "9001",
"path": [
"admin",
"123"
]
}
},
"response": []
},
{
"name": "4-授权测试-hello",
"request": {
"auth": {
"type": "bearer",
"bearer": [
{
"key": "token",
"value": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE2MzY2MTkzMzQsInVzZXJfbmFtZSI6ImxpdWd1b2xpYW5nIiwianRpIjoiMjJjYzIyOWQtZDRjZS00NWY1LTkyOGUtOWRkZTc1YjA1ZGNiIiwiY2xpZW50X2lkIjoiY2xpZW50Iiwic2NvcGUiOlsicmVhZCJdfQ.mXpIMRJYx08VmD7OHpdAEtEWNwLuMPH5n4DcF11NBbr6-VkWdDrmXt1axakhKdtJlZTSis-Rslq0bO4m3aH4QxMT2kAaizxRfPTSDu-vPwNkZPI5XmNCAAm_iuC559Z2ew8EEfQ8tMDP8sWWMjeOELj_0nutBa5NdOWUJEsEaVocRKeau6Hht9KXMsDM1cVmgdPbRCX8eGkvVJuXwaWrXuTPbBHhFpVG6flZGH86N_kFcGHehDPkqB-JdUe3EE9X2aroXuluAbSu6YVqEr4QtFaPR2YZ_m_rdEZuJ4Z1oHWXMN2mbqOj1tzkkBaDDEzIADxEHNu_uuNsW7jRJpiSrw",
"type": "string"
}
]
},
"method": "GET",
"header": [],
"url": {
"raw": "http://localhost:9001/hello",
"protocol": "http",
"host": [
"localhost"
],
"port": "9001",
"path": [
"hello"
]
}
},
"response": []
},
{
"name": "5-授权测试-获得登录用户",
"request": {
"auth": {
"type": "bearer",
"bearer": [
{
"key": "token",
"value": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE2MzY2MTkyODksInVzZXJfbmFtZSI6ImFkbWluIiwiYXV0aG9yaXRpZXMiOlsiUk9MRV9BRE1JTiJdLCJqdGkiOiJjMTMzMDMzZS1jNTg4LTRmZTQtOTFiZC0yOTQzZjVjNTNhMDAiLCJjbGllbnRfaWQiOiJjbGllbnQiLCJzY29wZSI6WyJyZWFkIl19.CVjqhtBWDyYVy6nVc-fGmRpF78I9qD-RtQh6aEZFMmD9AMnjPMdBSSWoQAaH3DLjEBoKKIPVglZfRKz9pdI2KWB3_sDoDvmXiDKsuaFMV2KrBe_YF0Dh6ll_qf6DcKZVeeG4O4lr2ENeDPROOP6ArUnrSxxPSxuyeQgZNDLj7WpMH4uKpAjNippSQ-qItuHXFPQpKhm-6DPzrdoxR778IavVYcQ7rQXmGC-3Ur74X-hdlU1pIAvMp36qMgxUmLdRPVm7d7b9mCgTf7IaWZWz2RvTdbZFAkud85Sy5MQuY8DiGT46wNcRj_ivKToyNVd9ApvxiIhzxEv5Lyxdf_0Ecg",
"type": "string"
}
]
},
"method": "GET",
"header": [],
"url": {
"raw": "http://localhost:9001/principle",
"protocol": "http",
"host": [
"localhost"
],
"port": "9001",
"path": [
"principle"
]
}
},
"response": []
},
{
"name": "6-登录-获得token",
"request": {
"auth": {
"type": "noauth"
},
"method": "POST",
"header": [],
"url": {
"raw": "http://localhost:9001/user/login?username=malong&password=admin",
"protocol": "http",
"host": [
"localhost"
],
"port": "9001",
"path": [
"user",
"login"
],
"query": [
{
"key": "username",
"value": "malong"
},
{
"key": "password",
"value": "admin"
}
]
}
},
"response": []
}
]
}
更多推荐
OAuth2实战笔记
发布评论