• Springboot利用Security做OAuth2授权验证

    OAuth2获取授权令牌(token)通常有四种方式:授权码模式,简化模式,客户端模式,和密码模式。针对自己系统内用户的登录,通常使用密码模式进行授权。

    我们利用Spring Security OAuth2来制作一个授权服务器。

    第一步 添加依赖

    pom文件中添加如下依赖,引入oauth2相关框架

    1.         <dependency>
    2.             <groupId>org.springframework.bootgroupId>
    3.             <artifactId>spring-boot-starter-webartifactId>
    4.         dependency>
    5.         <dependency>
    6.             <groupId>org.springframework.cloudgroupId>
    7.             <artifactId>spring-cloud-starter-securityartifactId>
    8.         dependency>
    9.         <dependency>
    10.             <groupId>org.springframework.cloudgroupId>
    11.             <artifactId>spring-cloud-starter-oauth2artifactId>
    12.         dependency>

    我还是用到了数据库进行存储,我用的jpa连接数据库,使用其他持久层框架(MyBatis)也可以。

    引入数据库依赖

    1.         <dependency>
    2.             <groupId>org.springframework.bootgroupId>
    3.             <artifactId>spring-boot-starter-data-jpaartifactId>
    4.         dependency>
    5.         
    6.         <dependency>
    7.             <groupId>mysqlgroupId>
    8.             <artifactId>mysql-connector-javaartifactId>
    9.         dependency>

    第二步 添加代码

    1 实现UserDetailsService,获取用户

    1. @Service
    2. public class MyUserDetailsService implements UserDetailsService {
    3.  
    4.     @Resource
    5.     private UserService userService;
    6.  
    7.     @Override
    8.     public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
    9.         //根据用户名获取用户,并验证用户是否有效及权限
    10.         //从数据库中获取用户
    11.         TUser user = userService.findByUsername(username);
    12.         if (user == null) {
    13.             throw new UsernameNotFoundException("用户不存在");
    14.         }
    15.         Set grantedAuthorities = new HashSet<>();
    16.         boolean enabled = user.getStatus() == 1; // 可用性 :true:可用 false:不可用
    17.         boolean accountNonExpired = true; // 过期性 :true:没过期 false:过期
    18.         boolean credentialsNonExpired = true; // 有效性 :true:凭证有效 false:凭证无效
    19.         boolean accountNonLocked = true; // 锁定性 :true:未锁定 false:已锁定
    20.         //配置权限
    21.         GrantedAuthority grantedAuthority = new SimpleGrantedAuthority("ADMIN");
    22.         grantedAuthorities.add(grantedAuthority);
    23.  
    24.         //将用户名和密码及其他配置返还个spring security 进行验证
    25.         return new User(username, user.getPassword(),
    26.                 enabled, accountNonExpired, credentialsNonExpired, accountNonLocked, grantedAuthorities);
    27.     }
    28.  
    29. }

    2 添加WebSecurityConfigurerAdapter

    1. @Configuration
    2. @EnableWebSecurity
    3. public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
    4.  
    5.     @Bean
    6.     public PasswordEncoder passwordEncoder() {
    7.         return new BCryptPasswordEncoder();
    8.     }
    9.  
    10.     @Override
    11.     @Bean
    12.     public AuthenticationManager authenticationManagerBean() throws Exception {
    13.         return super.authenticationManagerBean();
    14.     }
    15.  
    16.  
    17. }

    3 添加AuthorizationServerConfigurerAdapter

    1. @Configuration
    2. @EnableAuthorizationServer
    3. public class Oauth2ServerConfig extends AuthorizationServerConfigurerAdapter {
    4.  
    5.     //验证管理器
    6.     @Resource
    7.     private AuthenticationManager authenticationManager;
    8.  
    9.     //获取用户,自己实现获取用户的相关功能
    10.     @Resource
    11.     private MyUserDetailsService userService;
    12.  
    13.     //数据库配置
    14.     @Resource
    15.     private DataSource dataSource;
    16.  
    17.     /**
    18.      * 自定义授权服务配置
    19.      */
    20.     @Override
    21.     public void configure(AuthorizationServerEndpointsConfigurer endpoints) {
    22.         endpoints.authenticationManager(authenticationManager)
    23.                 .userDetailsService(userService)
    24.                 .tokenStore(new JdbcTokenStore(dataSource));
    25.  
    26.         // 配置TokenServices参数
    27.         DefaultTokenServices tokenServices = new DefaultTokenServices();
    28.         tokenServices.setTokenStore(endpoints.getTokenStore());
    29.         tokenServices.setSupportRefreshToken(true);
    30.         tokenServices.setClientDetailsService(endpoints.getClientDetailsService());
    31.         tokenServices.setTokenEnhancer(endpoints.getTokenEnhancer());
    32.         tokenServices.setAccessTokenValiditySeconds((int) TimeUnit.HOURS.toSeconds(12)); // 12小时
    33.         tokenServices.setRefreshTokenValiditySeconds((int) TimeUnit.DAYS.toSeconds(30));// 30天
    34.         endpoints.tokenServices(tokenServices);
    35.     }
    36.  
    37.     /**
    38.      * 配置认证客户端
    39.      * @param clients
    40.      * @throws Exception
    41.      */
    42.     @Override
    43.     public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
    44.         //自定义客户端配置
    45.         clients.withClientDetails(clientDetails());
    46.     }
    47.  
    48.     //从数据库中获取客户端的配置
    49.     public ClientDetailsService clientDetails() {
    50.         return new JdbcClientDetailsService(dataSource);
    51.     }
    52.  
    53.     /**
    54.      * 自定义授权令牌端点的安全约束
    55.      * @param security
    56.      */
    57.     @Override
    58.     public void configure(AuthorizationServerSecurityConfigurer security) {
    59.         //自定义安全约束
    60.         security.allowFormAuthenticationForClients();
    61.     }
    62.  
    63. }

    第三步 初始化数据库

    在数据库中创建三个表 oauth_access_token (存储token),oauth_client_details(允许请求授权的客户端),oauth_refresh_token(存储refreshToken)

    为了测试,我还建了一个t_user的用户表,这个表可以不导入

    1. CREATE TABLE `oauth_access_token`  (
    2.   `token_id` varchar(256) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL,
    3.   `token` blob NULL,
    4.   `authentication_id` varchar(250) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL,
    5.   `user_name` varchar(256) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL,
    6.   `client_id` varchar(256) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL,
    7.   `authentication` blob NULL,
    8.   `refresh_token` varchar(256) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL,
    9.   PRIMARY KEY (`authentication_id`) USING BTREE
    10. ) ENGINE = InnoDB CHARACTER SET = utf8 COLLATE = utf8_general_ci ROW_FORMAT = DYNAMIC;
    11.  
    12.  
    13. CREATE TABLE `oauth_client_details`  (
    14.   `client_id` varchar(250) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL,
    15.   `resource_ids` varchar(256) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL,
    16.   `client_secret` varchar(256) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL,
    17.   `scope` varchar(256) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL,
    18.   `authorized_grant_types` varchar(256) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL,
    19.   `web_server_redirect_uri` varchar(256) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL,
    20.   `authorities` varchar(256) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL,
    21.   `access_token_validity` int(11) NULL DEFAULT NULL,
    22.   `refresh_token_validity` int(11) NULL DEFAULT NULL,
    23.   `additional_information` varchar(4096) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL,
    24.   `autoapprove` varchar(256) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL,
    25.   PRIMARY KEY (`client_id`) USING BTREE
    26. ) ENGINE = InnoDB CHARACTER SET = utf8 COLLATE = utf8_general_ci ROW_FORMAT = DYNAMIC;
    27.  
    28. -- 初始化了一个客户端的数据
    29. INSERT INTO `oauth_client_details` VALUES ('client', '', '$2a$10$My8G.sWJs/WQN8hdYS862.BsUuoL4p51xyfTIJu2NMMrIQ/JXRc2a', 'web', 'authorization_code,password,refresh_token,client_credentials', NULL, NULL, NULL, NULL, '{\"code\":\"test\"}', NULL);
    30.  
    31. DROP TABLE IF EXISTS `oauth_refresh_token`;
    32. CREATE TABLE `oauth_refresh_token`  (
    33.   `token_id` varchar(256) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL,
    34.   `token` blob NULL,
    35.   `authentication` blob NULL
    36. ) ENGINE = InnoDB CHARACTER SET = utf8 COLLATE = utf8_general_ci ROW_FORMAT = DYNAMIC;
    37.  
    38.  
    39. -- 我自己测试用的用户表,这个可以不导入,使用自己系统的用户表
    40. DROP TABLE IF EXISTS `t_user`;
    41. CREATE TABLE `t_user`  (
    42.   `id` bigint(20) NOT NULL AUTO_INCREMENT COMMENT '自增主键',
    43.   `username` varchar(255) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL COMMENT '用户名',
    44.   `nickname` varchar(255) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL COMMENT '昵称',
    45.   `password` varchar(255) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL COMMENT '密码',
    46.   `status` int(11) NULL DEFAULT NULL COMMENT '状态 1正常 2停用',
    47.   `e_mail` varchar(255) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL COMMENT '电子邮箱',
    48.   `phone` varchar(255) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL COMMENT '手机号',
    49.   PRIMARY KEY (`id`) USING BTREE
    50. ) ENGINE = InnoDB AUTO_INCREMENT = 2 CHARACTER SET = utf8 COLLATE = utf8_general_ci ROW_FORMAT = Dynamic;
    51.  
    52. INSERT INTO `t_user` VALUES (1, 'admin', '管理员', '$2a$10$gD1u5uXEmCFmlvg.hgN7P.zv.sbCOEmX1sFNRHEBRIx6Ad.qydceu', 1, 'admin@admin.com', '15812345678');
    53.

    在application中配置数据库信息

    1. spring:
    2.   application:
    3.     name: HelloSecurity
    4.   #数据库配置连接
    5.   datasource:
    6.     url: jdbc:mysql://127.0.0.1:3306/hello_security?useUnicode=true&characterEncoding=utf-8&serverTimezone=Asia/Shanghai
    7.     username: root
    8.     password: "123456"
    9.     driver-class-name: com.mysql.cj.jdbc.Driver
    10.   jpa:
    11.     show-sql: true
    12.  
    13. server:
    14.   port: 8080

    完成以上步骤后,一个简单的OAuth2授权验证服务器就搭建完成了,我们启动项目,进行测试。

    获取token的接口是 http://127.0.0.1:8080/oauth/token

     源码地址:https://gitee.com/xiaobailovejiajia/hello-security

  • 相关阅读:
    动态代理jdk和cglib
    【面试必刷TOP101】链表相加 & 单链表的排序
    【直播笔记0629】 并发编程二:锁
    postgresql之integerset
    java-net-php-python-springtboot校园信息交流互助系统计算机毕业设计程序
    Windows 安装DotNet Core运行时库
    锁的优化机制了解吗?
    机械硬盘,Win10系统,磁盘100%
    Spine2D骨骼动画播放器 - 微信小程序版
    计算二进制中1的个数
  • 原文地址:https://blog.csdn.net/dengdaijc/article/details/128168388