Spring Cloud Alibaba 集成 Spring Security OAuth2.0 实现认证和授权

package com.joe.security.distributed.auth.config; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.http.HttpMethod; import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.crypto.password.PasswordEncoder; import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer; import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter; import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer; import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer; import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer; import org.springframework.security.oauth2.provider.ClientDetailsService; import org.springframework.security.oauth2.provider.client.JdbcClientDetailsService; import org.springframework.security.oauth2.provider.code.AuthorizationCodeServices; import org.springframework.security.oauth2.provider.code.JdbcAuthorizationCodeServices; import org.springframework.security.oauth2.provider.token.AuthorizationServerTokenServices; import org.springframework.security.oauth2.provider.token.DefaultTokenServices; import org.springframework.security.oauth2.provider.token.TokenEnhancerChain; import org.springframework.security.oauth2.provider.token.TokenStore; import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter; import javax.annotation.Resource; import javax.sql.DataSource; import java.util.Collections; /** * @Description * @Author 高建伟-joe * @Date 2023-11-09 */ @Configuration @EnableAuthorizationServer public class AuthorizationServer extends AuthorizationServerConfigurerAdapter { @Resource private TokenStore tokenStore; @Resource private ClientDetailsService clientDetailsService; @Resource private AuthorizationCodeServices authorizationCodeServices; @Resource private AuthenticationManager authenticationManager; @Resource private JwtAccessTokenConverter accessTokenConverter; @Resource private PasswordEncoder passwordEncoder; /** * 用来配置令牌端点的安全约束 * @param security */ @Override public void configure(AuthorizationServerSecurityConfigurer security) { // 使 /oauth/token_key 接口公开 security.tokenKeyAccess("permitAll()") // 检查令牌的接口是公开的 /oauth/check_token .checkTokenAccess("permitAll") // 允许表单认证，申请令牌 .allowFormAuthenticationForClients(); } /** * 用来配置客户端详情服务(ClientDetailsService),客户端详情信息在这里进行初始化，你能够把客户详情信息写死在这里或者是通过数据库来存储调取详情信息 * @param clients * @throws Exception */ @Override public void configure(ClientDetailsServiceConfigurer clients) throws Exception { // 使用 in memory 存储 /*clients.inMemory() // client id .withClient("c1") // 客户端的密钥 .secret(new BCryptPasswordEncoder().encode("secret")) // 资源列表 .resourceIds("res1") // 该 client 允许的授权类型 `authorization_code, password, client_credentials, implicit, refresh_token` .authorizedGrantTypes("authorization_code", "password", "client_credentials", "implicit", "refresh_token") // 允许的授权范围 .scopes("all") // 跳转到授权页面 .autoApprove(false) // 加上验证回调地址 .redirectUris("http://www.baidu.com"); */ clients.withClientDetails(clientDetailsService); } /** * 用来配置令牌 (token) 的访问端点和令牌服务(token service) * @param endpoints */ @Override public void configure(AuthorizationServerEndpointsConfigurer endpoints) { // 密码模式需要的 认证管理器 endpoints.authenticationManager(authenticationManager) // 授权码模式需要的 .authorizationCodeServices(authorizationCodeServices) // 令牌管理服务 .tokenServices(tokenServices()) // 允许post提交 .allowedTokenEndpointRequestMethods(HttpMethod.POST); } /** * 令牌管理服务 * @return */ @Bean public AuthorizationServerTokenServices tokenServices() { DefaultTokenServices services = new DefaultTokenServices(); // 客户端信息服务 services.setClientDetailsService(clientDetailsService); // 是否产生刷新令牌 services.setSupportRefreshToken(true); // 令牌存储策略 services.setTokenStore(tokenStore); // 设置令牌增强 TokenEnhancerChain tokenEnhancerChain = new TokenEnhancerChain(); tokenEnhancerChain.setTokenEnhancers(Collections.singletonList(accessTokenConverter)); services.setTokenEnhancer(tokenEnhancerChain); // 令牌默认有效期 2 小时 services.setAccessTokenValiditySeconds(7200); // 刷新令牌默认有效期 3 天 services.setRefreshTokenValiditySeconds(259200); return services; } /** * 设置授权码模式的授权码如何存取，暂时采用内存方式 * @return */ // @Bean // public AuthorizationCodeServices authorizationCodeServices() { // return new InMemoryAuthorizationCodeServices(); // } @Bean public AuthorizationCodeServices authorizationCodeServices(DataSource dataSource) { return new JdbcAuthorizationCodeServices(dataSource); } @Bean public ClientDetailsService clientDetailsService(DataSource dataSource){ ClientDetailsService clientDetailsService = new JdbcClientDetailsService(dataSource); ((JdbcClientDetailsService)clientDetailsService).setPasswordEncoder(passwordEncoder); return clientDetailsService; } }