很多人在进行项目开发时都会用到Oauth2.0结合SpringSecurity或者Shiro进行权限拦截以及用户验证,网上也有很多的案例,前几天项目里边需要用到,顺便整合了进来,特此写篇博客,记录下过程。

项目结构如下:

首先准备pom.xml

  1. <?xml version="1.0" encoding="UTF-8"?>
  2. <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  3. 	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
  4. 	<modelVersion>4.0.0</modelVersion>
  5. 	<parent>
  6. 		<groupId>org.springframework.boot</groupId>
  7. 		<artifactId>spring-boot-starter-parent</artifactId>
  8. 		<version>2.0.3.RELEASE</version>
  9. 		<relativePath /> <!-- lookup parent from repository -->
  10. 	</parent>
  11. 	<groupId>com.xz.springcloud</groupId>
  12. 	<artifactId>f-oauth2-pwd-mode</artifactId>
  13. 	<version>0.0.1-SNAPSHOT</version>
  14. 	<name>f-oauth2-pwd-mode</name>
  15. 	<description>Demo project for Spring Boot</description>
  17. 	<properties>
  18. 		<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
  19. 		<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
  20. 		<java.version>1.8</java.version>
  21. 		<spring-cloud.version>Finchley.RELEASE</spring-cloud.version>
  22. 		<oauth.version>2.3.3.RELEASE</oauth.version>
  23. 	</properties>
  25. 	<dependencies>
  26.         <dependency>
  27.             <groupId>org.springframework.boot</groupId>
  28.             <artifactId>spring-boot-starter-web</artifactId>
  29.         </dependency>
  31.         <dependency>
  32.             <groupId>org.springframework.security.oauth</groupId>
  33.             <artifactId>spring-security-oauth2</artifactId>
  34.             <version>2.2.1.RELEASE</version>
  35.         </dependency>
  37.          <dependency>
  38.             <groupId>org.springframework.boot</groupId>
  39.             <artifactId>spring-boot-starter-security</artifactId>
  40.         </dependency>
  42.         <dependency>
  43.             <groupId>org.springframework.boot</groupId>
  44.             <artifactId>spring-boot-starter-test</artifactId>
  45.             <scope>test</scope>
  46.         </dependency>
  48.     </dependencies>
  50. 	<dependencyManagement>
  51. 		<dependencies>
  52. 			<dependency>
  53. 				<groupId>org.springframework.cloud</groupId>
  54. 				<artifactId>spring-cloud-dependencies</artifactId>
  55. 				<version>${spring-cloud.version}</version>
  56. 				<type>pom</type>
  57. 				<scope>import</scope>
  58. 			</dependency>
  59. 		</dependencies>
  60. 	</dependencyManagement>
  62. 	<build>
  63. 		<plugins>
  64. 			<plugin>
  65. 				<groupId>org.springframework.boot</groupId>
  66. 				<artifactId>spring-boot-maven-plugin</artifactId>
  67. 			</plugin>
  68. 		</plugins>
  69. 	</build>
  71. </project>

MyUserDetailService.java

  1. package com.oauth.config;
  3. import java.util.ArrayList;
  4. import java.util.List;
  6. import org.springframework.security.core.GrantedAuthority;
  7. import org.springframework.security.core.authority.SimpleGrantedAuthority;
  8. import org.springframework.security.core.userdetails.User;
  9. import org.springframework.security.core.userdetails.UserDetails;
  10. import org.springframework.security.core.userdetails.UserDetailsService;
  11. import org.springframework.security.core.userdetails.UsernameNotFoundException;
  12. import org.springframework.stereotype.Component;
  14. /**
  15.  *
  16.  * @author yuxuan
  17.  *
  18.  */
  19. @Component
  20. public class MyUserDetailsService implements UserDetailsService {
  21.     @Override
  22.     public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
  23.         // TODO 这个地方可以通过username从数据库获取正确的用户信息,包括密码和权限等。
  24.         List<GrantedAuthority> grantedAuthorityList = new ArrayList<>();
  25.         grantedAuthorityList.add(new SimpleGrantedAuthority("ROLE_USER"));
  26.         grantedAuthorityList.add(new SimpleGrantedAuthority("ROLE_ADMIN"));
  27.         return new User(username, "{noop}123456", grantedAuthorityList);
  28.     }
  29. }

OAuth2ServerConfig.java

  1. package com.oauth.config;
  3. import org.springframework.beans.factory.annotation.Autowired;
  4. import org.springframework.context.annotation.Configuration;
  5. import org.springframework.http.HttpMethod;
  6. import org.springframework.security.authentication.AuthenticationManager;
  7. import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
  8. import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
  9. import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
  10. import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
  11. import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;
  13. @Configuration
  14. @EnableAuthorizationServer
  15. public class OAuth2ServerConfig extends AuthorizationServerConfigurerAdapter {
  17. 	 @Override
  18. 	    public void configure(AuthorizationServerSecurityConfigurer oauthServer) throws Exception {
  19. 	        oauthServer
  20. 	                .tokenKeyAccess("permitAll()") //url:/oauth/token_key,exposes public key for token verification if using JWT tokens
  21. 	                .checkTokenAccess("isAuthenticated()") //url:/oauth/check_token allow check token
  22. 	                .allowFormAuthenticationForClients();
  23. 	    }
  25. 	    /**
  26. 	     * 注入authenticationManager
  27. 	     * 来支持 password grant type
  28. 	     */
  29. 	    @Autowired
  30. 	    private AuthenticationManager authenticationManager;
  32. 	    @Override
  33. 	    public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
  34. 	        endpoints.authenticationManager(authenticationManager);
  35. 	        endpoints.allowedTokenEndpointRequestMethods(HttpMethod.GET, HttpMethod.POST);
  36. 	    }
  38. 	    @Override
  39. 	    public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
  40. 	        clients.inMemory()
  41. 	                .withClient("client")
  42. 	                .secret("{noop}secret")
  43. 	                .authorizedGrantTypes("client_credentials", "password", "refresh_token")
  44. 	                .scopes("all")
  45. 	                .resourceIds("resourcesId")
  46. 	                .accessTokenValiditySeconds(1200)
  47. 	                .refreshTokenValiditySeconds(50000);
  48. 	}
  50. }

ResourceServerConfig.java

  1. package com.oauth.config;
  3. import org.springframework.context.annotation.Configuration;
  4. import org.springframework.security.config.annotation.web.builders.HttpSecurity;
  5. import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
  6. import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
  7. import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;
  9. @Configuration
  10. @EnableResourceServer
  11. public class ResourceServerConfig extends ResourceServerConfigurerAdapter {
  13. 	@Override
  14. 	public void configure(HttpSecurity http) throws Exception {
  15. 		http.requestMatchers().antMatchers("/api/**").and().authorizeRequests().antMatchers("/api/**").authenticated();
  16. 	}
  18. 	@Override
  19. 	public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
  20. 		resources.resourceId("resourcesId").stateless(true);
  21. 	}
  23. }

WebConfig.java

  1. package com.oauth.config;
  3. import org.springframework.context.annotation.Bean;
  4. import org.springframework.security.authentication.AuthenticationManager;
  5. import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
  6. import org.springframework.security.config.annotation.web.builders.HttpSecurity;
  7. import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
  8. import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
  10. @EnableWebSecurity
  11. @EnableGlobalMethodSecurity(prePostEnabled = true, proxyTargetClass = true)
  12. public class WebConfig extends WebSecurityConfigurerAdapter {
  14. 	 @Override
  15. 	 protected void configure(HttpSecurity http) throws Exception {
  16. 		 http.csrf().disable();
  17. 	    http.requestMatchers().antMatchers("/oauth/**")
  18. 	    .and()
  19. 	    .authorizeRequests()
  20. 	    .antMatchers("/oauth/**").authenticated();
  21. 	 }
  23. 	/**
  24. 	 * 需要配置这个支持password模式 support password grant type
  25. 	 * @return
  26. 	 * @throws Exception
  27. 	 */
  28. 	@Override
  29. 	@Bean
  30. 	public AuthenticationManager authenticationManagerBean() throws Exception {
  31. 		return super.authenticationManagerBean();
  32. 	}
  34. }

IndexCtrl.java

  1. package com.oauth.ctrl;
  3. import org.springframework.web.bind.annotation.GetMapping;
  4. import org.springframework.web.bind.annotation.RestController;
  6. @RestController
  7. public class IndexCtrl {
  9. 	@GetMapping("hello")
  10. 	public String hello() {
  11. 		return "Hello World";
  12. 	}
  14. 	@GetMapping("api/hello")
  15. 	public String apiHello() {
  16. 		return "Hello World";
  17. 	}
  19. }

App.java

  1. package com.oauth;
  3. import org.springframework.boot.SpringApplication;
  4. import org.springframework.boot.autoconfigure.SpringBootApplication;
  6. @SpringBootApplication
  7. public class App {
  9. 	public static void main(String[] args) {
  10. 		SpringApplication.run(App.class, args);
  12. 	}
  13. }

以上就是一个代码的配置,下面启动App类,运行main函数。项目启动完成后用rest client访问hello接口

可以看到提示无效的token,接下我们请求获取token。利用CURL命令请求如下:

curl -i -X POST -d "username=admin&password=123456&grant_type=password&client_id=client&client_secret=secret" http://localhost:8888/oauth/token

可以看到,至此已经访问成功了。

也可以利用GET方式直接访问,如下:

http://localhost:8888/api/hello?access_token=cca911c0-532f-475b-83e6-3a2671a8fe07

有问题可以在下面评论,技术问题可以私聊我。

SpringBoot2.x版本整合SpringSecurity、Oauth2进行password认证的更多相关文章

  1. springboot2.x版本整合redis(单机/集群)(使用lettuce)

    在springboot1.x系列中,其中使用的是jedis,但是到了springboot2.x其中使用的是Lettuce. 此处springboot2.x,所以使用的是Lettuce.关于jedis跟 ...

  2. SpringBoot2.0整合SpringSecurity实现WEB JWT认证

    相信很多做技术的朋友都做过前后端分离项目,项目分离后认证就靠JWT,费话不多说,直接上干活(写的不好还请多多见谅,大牛请绕行) 直接上代码,项目为Maven项目,结构如图: 包分类如下: com.ap ...

  3. SpringBoot整合Thymeleaf-基于SpringBoot2.X版本

    1.为啥要用Thymeleaf模板引擎?现在不都前后端分离了么? 熊dei们,别着急,我们先来谈谈为啥开始用Thymeleaf模板引擎,先照顾照顾下我们这些可爱的小白童鞋.... 为啥开始用Thyme ...

  4. 使用Spring Security Oauth2完成RESTful服务password认证的过程

            摘要:Spring Security与Oauth2整合步骤中详细描述了使用过程,但它对于入门者有些重量级,比如将用户信息.ClientDetails.token存入数据库而非内存.配置 ...

  5. 厉害!我带的实习生仅用四步就整合好SpringSecurity+JWT实现登录认证!

    小二是新来的实习生,作为技术 leader,我还是很负责任的,有什么锅都想甩给他,啊,不,一不小心怎么把心里话全说出来了呢?重来! 小二是新来的实习生,作为技术 leader,我还是很负责任的,有什么 ...

  6. Springboot2+SpringSecurity+Oauth2+Mysql数据库实现持久化客户端数据

    目录 介绍 建表,初始化数据 工程配置 Authorization Server - Spring Security配置 Authorization Server - 授权服务器 Resource S ...

  7. java框架之SpringBoot(15)-安全及整合SpringSecurity

    SpringSecurity介绍 Spring Security 是针对 Spring 项目的安全框架,也是 Spring Boot 底层安全模块默认的技术选型.它可以实现强大的 Web 安全控制.对 ...

  8. springboot2.1.7整合mybati3.5.2与mysql8.0.13

    springboot2.x已经发布一段时间,博主在这里使用springboot2.1.7整合mybatis3.5.2,使用的数据库为mysql8.0.13 1. 导入依赖 <!--mysql-- ...

  9. SpringBoot:整合SpringSecurity

    目录 SpringSecurity(安全) 搭建环境 使用 用户认证和授权 注销及权限控制 记住我及登录页面定制 SpringBoot 整合 SpringSecurity: 用户认证和授权.注销及权限 ...

随机推荐

  1. xtu summer individual 3 F - Opening Portals

    Opening Portals Time Limit: 2000ms Memory Limit: 262144KB This problem will be judged on CodeForces. ...

  2. Window Pains(poj 2585)

    题意: 一个屏幕要同时打开9个窗口,每个窗口是2*2的矩阵,整个屏幕大小是9*9,每个窗口位置固定. 但是是否被激活(即完整显示出来)不确定. 给定屏幕状态,问是否可以实现显示. 分析:拓扑排序,把完 ...

  3. idea使用之maven中央仓库索引更新

    接着上篇,上篇是更新本地已有的索引,这样在编写pom文件的时候,可以自动提示,但如果我们能够把整个中央仓库的索引更新下来,那不是更方便啦. 打开settings-->Build,Executio ...

  4. Spring3.2+mybatis3.2+Struts2.3整合配置文件大全

    0.配置文件目录 1.Spring配置 applicationContext-dao.xml <?xml version="1.0" encoding="UTF-8 ...

  5. PHP 关键词

    PHP 关键词 TCP 传输层通信协议 面向连接的.可靠的.基于字节流的 建立链接需要三次握手 Socket(套接字) 一个工具,一个接口 封装了TCP/IP协议 建立长链接的基础 HTTP 一个应用 ...

  6. PHP上传文件限制修改

    php.ini里面查看如下行: upload_max_filesize post_max_size memory_limit

  7. Less Time, More profit 最大权闭合子图(最大流最小割)

    The city planners plan to build N plants in the city which has M shops. Each shop needs products fro ...

  8. [bzoj2208][Jsoi2010]连通数_bitset_传递闭包floyd

    连通数 bzoj-2208 Jsoi-2010 题目大意:给定一个n个节点的有向图,问每个节点可以到达的点的个数和. 注释:$1\le n\le 2000$. 想法:网上有好多tarjan+拓扑序dp ...

  9. SQL PATINDEX检索

    语法格式:PATINDEX ( '%pattern%' , expression ) 返回pattern字符串在表达式expression里第一次出现的位置,起始值从1开始算. pattern字符串在 ...

  10. hdu 5288 OO’s Sequence(2015 Multi-University Training Contest 1)

    OO's Sequence                                                          Time Limit: 4000/2000 MS (Jav ...