Spring boot for Eclipse 开发指南第五节 Oauth 2.0 技术指南

折腾了一天. 终于在晚上 7点半搞定了

1.废话不说 pom.xml 增加依赖主要就是security 和 oauth2.0 的包

        <dependency> 			<groupId>org.springframework.boot</groupId> 			<artifactId>spring-boot-starter-security</artifactId> 		</dependency>          <dependency>             <groupId>org.springframework.security</groupId>             <artifactId>spring-security-config</artifactId>         </dependency> 		 		<!-- security oauth2 --> 		<dependency> 	        <groupId>org.springframework.cloud</groupId> 	        <artifactId>spring-cloud-starter-oauth2</artifactId> 		</dependency>

2.继承 WebSecurityConfigurerAdapter 的配置类中主配置文件

    @Override       protected void configure(AuthenticationManagerBuilder auth) throws Exception {           auth.inMemoryAuthentication().withUser("shili").password("zzz123").roles("ADMIN");       }

@Override       protected void configure(HttpSecurity http) throws Exception {       	http.csrf().disable() 		.anonymous().disable() 	  	.authorizeRequests() 	  	.antMatchers("/oauth/token").permitAll().and().formLogin();     }

这里主要配置了登录的用户名和密码以及开放 /oauth/token 的路径

3. 继承 ResourceServerConfigurerAdapter 的配置类中

@Configuration @EnableResourceServer @Order(6) public class ResourceServerConfiguration extends ResourceServerConfigurerAdapter { 	 	private static final String RESOURCE_ID = "my_rest_api"; 	 	@Override 	public void configure(ResourceServerSecurityConfigurer resources) { 		resources.resourceId(RESOURCE_ID).stateless(false); 	}  	@Override 	public void configure(HttpSecurity http) throws Exception { 		http. 		anonymous().disable() 		.requestMatchers().antMatchers("/sayhello") 		.and().authorizeRequests() 		.antMatchers("/sayhello").access("hasRole('ADMIN')") 		.and().exceptionHandling().accessDeniedHandler(new OAuth2AccessDeniedHandler());		  	} }

4.最后是继承 AuthorizationServerConfigurerAdapter 的配置类

@Configuration @EnableAuthorizationServer public class SecurityOauth2Config extends AuthorizationServerConfigurerAdapter { 	 	private static String REALM="MY_OAUTH_REALM"; 		 	@Override     public void configure(ClientDetailsServiceConfigurer clients) throws Exception { 		//客户端详情服务 		clients.inMemory()         .withClient("13890999")         .authorizedGrantTypes("password", "authorization_code", "refresh_token", "implicit")         .authorities("ROLE_CLIENT", "ROLE_TRUSTED_CLIENT")         .scopes("read", "write", "trust")         .secret("secret")         .accessTokenValiditySeconds(120).//Access token is only valid for 2 minutes.         refreshTokenValiditySeconds(600);//Refresh token is only valid for 10 minutes. 	} 	     @Override       public void configure(AuthorizationServerSecurityConfigurer oauthServer) throws Exception {           oauthServer.allowFormAuthenticationForClients();       }   }

5.测试步骤首先访问以下地址

http://localhost:8080/oauth/authorize?client_id=13890999&response_type=code&redirect_uri=http://localhost:8080

就会跳转到登录页面然后登录会跳转到授权确认页面最后会跳转到 http://localhost:8080/code=XXXXX

其中的XXXXX就是我们需要的code

然后使用curl开始POST我们的token 地址

curl "http://localhost:8080/oauth/token" -d "client_id=13890999&client_secret=secret&grant_type=authorization_code&code=XXXXX&redirect_uri=http://localhost:8080"

命令中的CODE 你要修改成你上一步获取到CODE

他就会返回如下代码表示已经成功了!

{"access_token":"5905c5da-0925-4752-8b6a-423936cfac71","token_type":"bearer","re fresh_token":"9ebff67a-8a1d-462c-bf74-4a0a66f2980b","expires_in":119,"scope":"tr ust read write"}

有了这个access_token 就可以访问 ResourceServerConfigurerAdapter 配置的url了

curl "http://localhost:8080/sayhello" -d "access_token=5905c5da- 0925-4752-8b6a-423936cfac71" -v

出现网页源代码表示访问成功到这里 Auth2.0 完成了一半了

明天把那个很丑的授权页改一改就OK了

本文发表于2017年10月13日 04:13
(c)注：本文转载自https://my.oschina.net/u/659068/blog/1549853，转载目的在于传递更多信息，并不代表本网赞同其观点和对其真实性负责。如有侵权行为，请联系我们，我们会及时删除.

阅读 2238 讨论 0 喜欢 0

快捷链接
网站地图
提交友链

Spring boot for Eclipse 开发指南第五节 Oauth 2.0

Y2lvbkBjaGluYWNpb24uY24=