package com.joe.security.distributed.auth.config;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;
import org.springframework.security.oauth2.provider.ClientDetailsService;
import org.springframework.security.oauth2.provider.client.JdbcClientDetailsService;
import org.springframework.security.oauth2.provider.code.AuthorizationCodeServices;
import org.springframework.security.oauth2.provider.code.JdbcAuthorizationCodeServices;
import org.springframework.security.oauth2.provider.token.AuthorizationServerTokenServices;
import org.springframework.security.oauth2.provider.token.DefaultTokenServices;
import org.springframework.security.oauth2.provider.token.TokenEnhancerChain;
import org.springframework.security.oauth2.provider.token.TokenStore;
import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter;
import javax.annotation.Resource;
import javax.sql.DataSource;
import java.util.Collections;
/**
* @Description
* @Author 高建伟-joe
* @Date 2023-11-09
*/
@Configuration
@EnableAuthorizationServer
public class AuthorizationServer extends AuthorizationServerConfigurerAdapter {
@Resource
private TokenStore tokenStore;
@Resource
private ClientDetailsService clientDetailsService;
@Resource
private AuthorizationCodeServices authorizationCodeServices;
@Resource
private AuthenticationManager authenticationManager;
@Resource
private JwtAccessTokenConverter accessTokenConverter;
@Resource
private PasswordEncoder passwordEncoder;
/**
* 用来配置令牌端点的安全约束
* @param security
*/
@Override
public void configure(AuthorizationServerSecurityConfigurer security) {
// 使 /oauth/token_key 接口公开
security.tokenKeyAccess("permitAll()")
// 检查令牌的接口是公开的 /oauth/check_token
.checkTokenAccess("permitAll")
// 允许表单认证,申请令牌
.allowFormAuthenticationForClients();
}
/**
* 用来配置客户端详情服务(ClientDetailsService),客户端详情信息在这里进行初始化,你能够把客户详情信息写死在这里或者是通过数据库来存储调取详情信息
* @param clients
* @throws Exception
*/
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
// 使用 in memory 存储
/*clients.inMemory()
// client id
.withClient("c1")
// 客户端的密钥
.secret(new BCryptPasswordEncoder().encode("secret"))
// 资源列表
.resourceIds("res1")
// 该 client 允许的授权类型 `authorization_code, password, client_credentials, implicit, refresh_token`
.authorizedGrantTypes("authorization_code", "password", "client_credentials", "implicit", "refresh_token")
// 允许的授权范围
.scopes("all")
// 跳转到授权页面
.autoApprove(false)
// 加上验证回调地址
.redirectUris("http://www.baidu.com");
*/
clients.withClientDetails(clientDetailsService);
}
/**
* 用来配置令牌 (token) 的访问端点和令牌服务(token service)
* @param endpoints
*/
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) {
// 密码模式需要的 认证管理器
endpoints.authenticationManager(authenticationManager)
// 授权码模式需要的
.authorizationCodeServices(authorizationCodeServices)
// 令牌管理服务
.tokenServices(tokenServices())
// 允许post提交
.allowedTokenEndpointRequestMethods(HttpMethod.POST);
}
/**
* 令牌管理服务
* @return
*/
@Bean
public AuthorizationServerTokenServices tokenServices() {
DefaultTokenServices services = new DefaultTokenServices();
// 客户端信息服务
services.setClientDetailsService(clientDetailsService);
// 是否产生刷新令牌
services.setSupportRefreshToken(true);
// 令牌存储策略
services.setTokenStore(tokenStore);
// 设置令牌增强
TokenEnhancerChain tokenEnhancerChain = new TokenEnhancerChain();
tokenEnhancerChain.setTokenEnhancers(Collections.singletonList(accessTokenConverter));
services.setTokenEnhancer(tokenEnhancerChain);
// 令牌默认有效期 2 小时
services.setAccessTokenValiditySeconds(7200);
// 刷新令牌默认有效期 3 天
services.setRefreshTokenValiditySeconds(259200);
return services;
}
/**
* 设置授权码模式的授权码如何存取,暂时采用内存方式
* @return
*/
// @Bean
// public AuthorizationCodeServices authorizationCodeServices() {
// return new InMemoryAuthorizationCodeServices();
// }
@Bean
public AuthorizationCodeServices authorizationCodeServices(DataSource dataSource) {
return new JdbcAuthorizationCodeServices(dataSource);
}
@Bean
public ClientDetailsService clientDetailsService(DataSource dataSource){
ClientDetailsService clientDetailsService = new JdbcClientDetailsService(dataSource);
((JdbcClientDetailsService)clientDetailsService).setPasswordEncoder(passwordEncoder);
return clientDetailsService;
}
}
没有合适的资源?快使用搜索试试~ 我知道了~
温馨提示
分布式系统的认证和授权 分布式架构采用 Spring Cloud Alibaba 认证和授权采用 Spring Security OAuth2.0 实现方法级权限控制 网关采用 gateway 中间件 服务注册和发现采用 nacos
资源推荐
资源详情
资源评论
收起资源包目录
distributed-security.zip (35个子文件)
distributed-security
pom.xml 5KB
.idea
jarRepositories.xml 879B
uiDesigner.xml 9KB
runConfigurations.xml 346B
vcs.xml 185B
workspace.xml 8KB
misc.xml 698B
compiler.xml 1KB
.gitignore 184B
encodings.xml 725B
distributed-security-gateway
pom.xml 3KB
src
test
java
main
resources
application.yml 666B
java
com
joe
security
distributed
gateway
filter
AuthGlobalFilter.java 2KB
GatewayApplication.java 524B
config
ResourceServerConfig.java 1KB
distributed-security-auth
pom.xml 3KB
src
test
java
main
resources
application.yml 1KB
java
com
joe
security
distributed
auth
dao
UserDao.java 2KB
service
SpringDataUserDetailsService.java 2KB
AuthApplication.java 654B
model
UserDto.java 325B
PermissionDto.java 299B
config
WebSecurityConfig.java 2KB
TokenConfig.java 1KB
AuthorizationServer.java 6KB
distributed-security-order
pom.xml 2KB
src
test
java
main
resources
application.yml 1KB
java
com
joe
security
distributed
order
OrderApplication.java 518B
controller
OrderController.java 833B
dao
service
filter
TokenAuthenticationFilter.java 2KB
model
UserDto.java 326B
config
ResourceServerConfig.java 2KB
WebSecurityConfig.java 883B
TokenConfig.java 1KB
db
security_springboot.sql 7KB
共 35 条
- 1
资源评论
高建伟-joe
- 粉丝: 112
- 资源: 17
上传资源 快速赚钱
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功