一、Oauth 2.0 授權模式
1. 授權碼模式(Authorization code)
2. 隱式授權模式(Implicit)
3. 密碼模式(Resource owner password credentials)
4. 客戶端模式(Client credentials)
二、 創建Oauth2.0 認證服務
基於SpringBoot ,搭建過程在此不做講解。
1. pom.xml
引入security 和 oauth2 相關包
2. 啟動類添加@EnableResourceServer和@EnableAuthorizationServer注解
@EnableResourceServer 表示這是一個需要認證的資源服務
@EnableAuthorizationServer 表示這也是一個認證服務
3. 創建Controller訪問
4. 創建WebSecurityConfig配置類
/**
* 配置Security配置類
* @author xuyanqi
* @date 2020-08-30
*/
@Configuration
@Order(1)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
/**
* 處理驗證
* @return
* @throws Exception
*/
@Override
@Bean
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
/**
* 處理返回的用戶信息,用戶信息將由Security返回
* @return
* @throws Exception
*/
@Override
@Bean
public UserDetailsService userDetailsServiceBean() throws Exception {
return super.userDetailsServiceBean();
}
/**
* 配置用戶及權限
* @param auth
* @throws Exception
*/
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication()
.withUser("xuyanqi")
.password(passwordEncoder().encode("xuyanqi"))
.roles("admin");
}
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
/**
* 配置攔截機制
* @param http
* @throws Exception
*/
@Override
protected void configure(HttpSecurity http) throws Exception {
http.antMatcher("/oauth/**")
.authorizeRequests()
.antMatchers("/oauth/**").permitAll()
.and().csrf().disable();
}
}
5. 創建Oauth2.0 AuthorizationServerConfig認證配置類
/**
* 配置Oauth2配置類
* @author xuyanqi
* @date 2020-08-30
*/
@Configuration
@Order(2)
public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {
@Autowired
private AuthenticationManager authenticationManagerBean;
@Autowired
private UserDetailsService userDetailsServiceBean;
@Autowired
private PasswordEncoder passwordEncoder;
/**
* 定義客戶端
* @param clients
* @throws Exception
*/
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients.inMemory()
//應用名稱
.withClient("test")
//應用秘鑰
.secret(passwordEncoder.encode("test"))
// 授權類型
.authorizedGrantTypes(
"refresh_token",
"password",
"client_credentials"
)
// 令牌可操作性的范圍
.scopes("webclient", "mobileclient");
}
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
endpoints.authenticationManager(authenticationManagerBean)
.userDetailsService(userDetailsServiceBean);
}
@Override
public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
// 允許Form表單身份驗證
security.allowFormAuthenticationForClients();
}
}
6. 創建ResourceServiceConfig資源權限配置類
/**
* 資源權限配置類
* @author xuyanqi
*/
@Configuration
public class ResourceServiceConfig extends ResourceServerConfigurerAdapter {
@Override
public void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/spnuser/**")
.hasAnyRole("admin")
.anyRequest().authenticated();
}
}
三、 創建資源服務
1. pom.xml
2. 啟動類配置
表示該服務是需要授權的資源服務
3. 配置appliction.yml
server:
port: 8081
security:
oauth2:
client:
client-id: test
client-secret: test
user-authorization-uri: http://localhost:8080/oauth/authorize
access-token-uri: http://localhost:8080/oauth/token
resource:
user-info-uri: http://localhost:8080/spnuser/user
4. 創建Controller訪問
