碼上歡樂
相關內容    簡體    繁體

用戶權限模塊之oauth2.0

本文轉載自   查看原文   2017-06-01 10:48   2386    其他

主要是在springsecurity上面擴展即可,所以內容也是基於上一個,

sql:

CREATE TABLE `auth_access_token` (
`id` int(11) NOT NULL AUTO_INCREMENT COMMENT 'id',
`token_id` varchar(255) DEFAULT NULL COMMENT 'token id',
`token` blob COMMENT 'token',
`authentication_id` varchar(255) DEFAULT NULL COMMENT '認證id',
`user_name` varchar(100) DEFAULT NULL COMMENT '用戶名',
`client_id` varchar(100) DEFAULT NULL COMMENT '終端id',
`authentication` blob COMMENT '認證',
`refresh_token` varchar(255) DEFAULT NULL COMMENT '刷新token',
`created_by` int(11) DEFAULT NULL COMMENT '創建人',
`created_dt` datetime DEFAULT NULL COMMENT '創建時間',
`last_update_by` int(11) DEFAULT NULL COMMENT '最后更新人',
`last_update_dt` datetime DEFAULT NULL COMMENT '最后更新時間',
`sts` char(1) DEFAULT NULL COMMENT '狀態',
PRIMARY KEY (`id`)
) ENGINE=InnoDB AUTO_INCREMENT=2122 DEFAULT CHARSET=utf8 COMMENT='認證token表';

 

CREATE TABLE `auth_client_details` (
`id` int(11) NOT NULL AUTO_INCREMENT COMMENT 'id',
`client_id` varchar(255) DEFAULT NULL COMMENT '終端碼',
`resource_ids` varchar(255) DEFAULT NULL COMMENT '資源id',
`client_secret` varchar(255) DEFAULT NULL COMMENT '終端密鑰',
`scope` varchar(255) DEFAULT 'read,write,trust' COMMENT 'scope',
`authorized_grant_types` varchar(255) DEFAULT 'password,refresh_token,authorization_code,client_credentials' COMMENT '授權類型',
`web_server_redirect_uri` varchar(255) DEFAULT NULL COMMENT '跳轉地址',
`authorities` varchar(255) DEFAULT 'ROLE_CLIENT' COMMENT '權限',
`access_token_validity` int(11) DEFAULT NULL,
`refresh_token_validity` int(11) DEFAULT NULL,
`additional_information` varchar(500) DEFAULT NULL,
`archived` tinyint(1) DEFAULT '0',
`trusted` tinyint(1) DEFAULT '0',
`autoapprove` varchar(255) DEFAULT 'false',
`created_by` int(11) DEFAULT NULL COMMENT '創建人',
`created_dt` datetime DEFAULT NULL COMMENT '創建時間',
`last_update_by` int(11) DEFAULT NULL COMMENT '最后更新人',
`last_update_dt` datetime DEFAULT NULL COMMENT '最后更新時間',
`sts` char(1) DEFAULT NULL COMMENT '狀態',
PRIMARY KEY (`id`)
) ENGINE=InnoDB AUTO_INCREMENT=11 DEFAULT CHARSET=utf8 COMMENT='認證client配置表';

 

CREATE TABLE `auth_code` (
`id` int(11) NOT NULL AUTO_INCREMENT COMMENT 'id',
`code` varchar(255) DEFAULT NULL,
`authentication` blob,
`created_by` int(11) DEFAULT NULL COMMENT '創建人',
`created_dt` datetime DEFAULT NULL COMMENT '創建時間',
`last_update_by` int(11) DEFAULT NULL COMMENT '最后更新人',
`last_update_dt` datetime DEFAULT NULL COMMENT '最后更新時間',
`sts` char(1) DEFAULT NULL COMMENT '狀態',
PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COMMENT='認證代碼碼';

 

CREATE TABLE `auth_client_details` (
`id` int(11) NOT NULL AUTO_INCREMENT COMMENT 'id',
`client_id` varchar(255) DEFAULT NULL COMMENT '終端碼',
`resource_ids` varchar(255) DEFAULT NULL COMMENT '資源id',
`client_secret` varchar(255) DEFAULT NULL COMMENT '終端密鑰',
`scope` varchar(255) DEFAULT 'read,write,trust' COMMENT 'scope',
`authorized_grant_types` varchar(255) DEFAULT 'password,refresh_token,authorization_code,client_credentials' COMMENT '授權類型',
`web_server_redirect_uri` varchar(255) DEFAULT NULL COMMENT '跳轉地址',
`authorities` varchar(255) DEFAULT 'ROLE_CLIENT' COMMENT '權限',
`access_token_validity` int(11) DEFAULT NULL,
`refresh_token_validity` int(11) DEFAULT NULL,
`additional_information` varchar(500) DEFAULT NULL,
`archived` tinyint(1) DEFAULT '0',
`trusted` tinyint(1) DEFAULT '0',
`autoapprove` varchar(255) DEFAULT 'false',
`created_by` int(11) DEFAULT NULL COMMENT '創建人',
`created_dt` datetime DEFAULT NULL COMMENT '創建時間',
`last_update_by` int(11) DEFAULT NULL COMMENT '最后更新人',
`last_update_dt` datetime DEFAULT NULL COMMENT '最后更新時間',
`sts` char(1) DEFAULT NULL COMMENT '狀態',
PRIMARY KEY (`id`)
) ENGINE=InnoDB AUTO_INCREMENT=11 DEFAULT CHARSET=utf8 COMMENT='認證client配置表';

 

CREATE TABLE `auth_refresh_token` (
`id` int(11) NOT NULL AUTO_INCREMENT COMMENT 'id',
`token_id` varchar(255) DEFAULT NULL,
`token` blob,
`authentication` blob,
`created_by` int(11) DEFAULT NULL COMMENT '創建人',
`created_dt` datetime DEFAULT NULL COMMENT '創建時間',
`last_update_by` int(11) DEFAULT NULL COMMENT '最后更新人',
`last_update_dt` datetime DEFAULT NULL COMMENT '最后更新時間',
`sts` char(1) DEFAULT NULL COMMENT '狀態',
PRIMARY KEY (`id`)
) ENGINE=InnoDB AUTO_INCREMENT=535 DEFAULT CHARSET=utf8 COMMENT='認證授權碼表';

 ======================

application-security.xml中加上oauth配置

<sec:http pattern="/oauth/token" create-session="stateless"
          authentication-manager-ref="clientAuthenticationManager"
          entry-point-ref="oauth2AuthenticationEntryPoint">
    <sec:intercept-url pattern="/oauth/token" access="IS_AUTHENTICATED_FULLY" />
    <sec:anonymous enabled="false" />
    <sec:http-basic entry-point-ref="oauth2AuthenticationEntryPoint" />
    <sec:custom-filter ref="clientCredentialsTokenEndpointFilter"
                       before="BASIC_AUTH_FILTER" />
    <sec:access-denied-handler ref="oauthAccessDeniedHandler" />
</sec:http>



<sec:http pattern="/api/**" create-session="never" access-decision-manager-ref="oauth2AccessDecisionManager"
          entry-point-ref="oauth2AuthenticationEntryPoint">
    <sec:anonymous enabled="false" />
    <sec:custom-filter ref="filterSecurityInterceptor" before="FILTER_SECURITY_INTERCEPTOR" />
    <sec:custom-filter ref="mobileResourceServer" before="PRE_AUTH_FILTER"/>
    <sec:access-denied-handler ref="oauthAccessDeniedHandler" />
</sec:http>


<oauth2:authorization-server
        client-details-service-ref="clientDetailsService" token-services-ref="tokenServices"
        user-approval-handler-ref="oauthUserApprovalHandler"
        user-approval-page="approval" error-page="/403">
    <oauth2:authorization-code authorization-code-services-ref="codeServices"/>
    <oauth2:implicit />
    <oauth2:refresh-token />
    <oauth2:client-credentials />
    <oauth2:password />
</oauth2:authorization-server>


<oauth2:resource-server id="mobileResourceServer" resource-id="mobile-resource" token-services-ref="tokenServices"/>

<bean id="oauthUserApprovalHandler" class="org.springframework.security.oauth2.provider.approval.TokenStoreUserApprovalHandler">
    <property name="tokenStore" ref="tokenStore"/>
    <property name="clientDetailsService" ref="clientDetailsService"/>
    <property name="requestFactory" ref="oAuth2RequestFactory"/>
</bean>


<bean class="org.springframework.security.oauth2.provider.request.DefaultOAuth2RequestFactory"
      id="oAuth2RequestFactory">
    <constructor-arg name="clientDetailsService" ref="clientDetailsService"/>
</bean>


<bean id="oauth2ClientDetailsUserService"
      class="org.springframework.security.oauth2.provider.client.ClientDetailsUserDetailsService">
    <constructor-arg ref="clientDetailsService" />
</bean>
<sec:authentication-manager id="clientAuthenticationManager">
    <sec:authentication-provider user-service-ref="oauth2ClientDetailsUserService" />
</sec:authentication-manager>


<bean id="oauth2AuthenticationEntryPoint"
      class="org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint" />
<bean id="clientCredentialsTokenEndpointFilter"
      class="org.springframework.security.oauth2.provider.client.ClientCredentialsTokenEndpointFilter">
    <property name="authenticationManager" ref="clientAuthenticationManager" />
</bean>


<bean id="oauthAccessDeniedHandler"
      class="org.springframework.security.oauth2.provider.error.OAuth2AccessDeniedHandler" />


<bean id="tokenServices" class="org.springframework.security.oauth2.provider.token.DefaultTokenServices">
    <property name="tokenStore" ref="tokenStore"/>
    <property name="clientDetailsService" ref="clientDetailsService"/>
    <property name="supportRefreshToken" value="true"/>
</bean>


<bean id="clientDetailsService" class="com.linxingall.auth.security.oauth.CustomClientDetailsService"/>

<bean id="tokenStore" class="com.linxingall.auth.security.oauth.CustomTokenStore"/>
<bean id="codeServices" class="com.linxingall.auth.security.oauth.AuthCodeService"/>


<bean id="oauth2AccessDecisionManager" class="org.springframework.security.access.vote.UnanimousBased">
    <constructor-arg>
        <list>
            <bean class="org.springframework.security.oauth2.provider.vote.ScopeVoter"/>
            <bean class="org.springframework.security.access.vote.RoleVoter"/>
            <bean class="org.springframework.security.access.vote.AuthenticatedVoter"/>
        </list>
    </constructor-arg>
</bean>

java代碼
CustomClientDetailsService
public class CustomClientDetailsService implements ClientDetailsService {

    protected MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor();
    @Autowired
    private ClientDetailsDao clientDetailsDao;
    @Override
    public ClientDetails loadClientByClientId(String client) throws ClientRegistrationException {
        
        List<ClientDetailsDo> clientDetailsDos = clientDetailsDao.query(client);

        if(CollectionUtils.isNotEmpty(clientDetailsDos)){
            return new TmsClientDetails(clientDetailsDos.get(0)) ;
        }else{
            throw new UsernameNotFoundException(this.messages.getMessage("DigestAuthenticationFilter.usernameNotFound",new Object[]{client}, "Client {0} not found"));
        }
    }
}
CustomTokenStore
CustomTokenStore implements TokenStore
重寫token的保存 刷新 讀取方法

AuthCodeService
AuthCodeService extends RandomValueAuthorizationCodeServices 
重寫保存和移除code方法



免責聲明!

本站轉載的文章為個人學習借鑒使用,本站對版權不負任何法律責任。如果侵犯了您的隱私權益,請聯系本站郵箱yoyou2525@163.com刪除。



猜您在找 OAuth2.0學習(1-13)oauth2.0 的概念:資源、權限(角色)和scope 【Oauth2.0】Oauth2.0 理解OAuth2.0 OAuth2.0詳解 OAuth2.0 知多少 OAuth2.0 的簡介 理解OAuth2.0 OAuth2.0 python(oauth2.0) OAuth2.0 原理流程及其單點登錄和權限控制
 
粵ICP備18138465號   © 2018-2025 CODEPRJ.COM