oauth2概念
https://www.cnblogs.com/LQBlog/p/16996125.html
环境搭建
1.引入依赖
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-oauth2</artifactId>
</dependency>
凭证模式
package com.yxt.datax.auth;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;
/*
[/oauth/authorize]
[/oauth/token]
[/oauth/check_token]
[/oauth/confirm_access]
[/oauth/token_key]
[/oauth/error]
*/
@Configuration
@EnableAuthorizationServer
public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {
private final BCryptPasswordEncoder passwordEncoder= new BCryptPasswordEncoder();
/**
* :用来配置客户端详情信息,一般使用数据库来存储或读取应用配置的详情信息(client_id ,client_secret,redirect_uri 等配置信息)。
* @param clients
* @throws Exception
*/
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
super.configure(clients);
//基于内存模式定义一个oauth2客户端
clients.inMemory()
.withClient("client_1") //客户端id
.authorizedGrantTypes("client_credentials")//oatuh2 凭证模式
.scopes("all","read", "write")
.authorities("client_credentials")//oatuh2 凭证模式
.accessTokenValiditySeconds(7200)//token有效期
//使用passwordEncoder对密码进行加密,正常是存在数据库里面
.secret(passwordEncoder.encode("123456"));//客户端secret
}
/**
* 用来配置令牌端点(Token Endpoint)的安全与权限访问。
* @param security
* @throws Exception
*/
@Override
public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
super.configure(security);
//后续根据用户输入的密码来做encode后做比较
security.passwordEncoder(passwordEncoder);
}
/**
* 用来配置授权以及令牌(Token)的访问端点和令牌服务(比如:配置令牌的签名与存储方式)
* @param endpoints
* @throws Exception
*/
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
super.configure(endpoints);
}
}
posman调用
crul
curl --location 'http://localhost:8080/oauth/token' \ --header 'Authorization: Basic Y2xpZW50XzE6MTIzNDU2' \ --header 'Content-Type: application/x-www-form-urlencoded' \ --header 'Cookie: JSESSIONID=E1211820CB66DAA0880897446BEEB01A' \ --data-urlencode 'grant_type=client_credentials' \ --data-urlencode 'scope=read'View Code
标签:oauth2,securty,spring,springframework,import,oauth,org,security From: https://www.cnblogs.com/LQBlog/p/18162078