• spring-oauthorization-server整合

    Spring Authorization Server 是一个框架,它提供了 OAuth 2.1和 OpenID Connect 1.0规范以及其他相关规范的实现。它构建在 Spring Security 之上,为构建 OpenID Connect 1.0 Identity Provider 和 OAuth2 Authorization Server 产品提供安全、轻量级和可定制的基础。

    操作流程

    1. http://127.0.0.1:8080/oauth2/authorization/oidc-client
    2. http://127.0.0.1:8080/oauth2/authorization/github-idp

    登录流程:参考

    1. 浏览器登录认证
      http://127.0.0.1:9000/oauth2/authorize?response_type=code&client_id=oidc-client&scope=openid&redirect_uri=http://127.0.0.1:8080/login/oauth2/code/oidc-client

    2. 点击同意,然后携带code跳转backUrl,并记录下登录成功后的请求cookie
      https://www.baidu.com/?code=HUGjsssss

    3. 使用携带的code获取jwt
      使用postman请求

      • 设置header
        • Authorization: Basic b2lkYy1jbGllbnQ6c2VjcmV0Mg==
      • 开始POST请求
        http://localhost:9000/oauth2/token?redirect_uri=http://www.baidu.com&grant_type=authorization_code&code=HUGjsssss
      • 说明:
        将 clientId 和 clientSecret 通过 ‘:’ 号拼接,( clientId 和 clientSecret 都在上面配置中,)并使用 Base64 进行编码得到一串字符,再在前面加个 注意有个 Basic 前缀(Basic后有一个空格), 即得到上面参数中的 Basic b2lkYy1jbGllbnQ6c2VjcmV0
      • 结果
      {
"access_token": "eyJraWQiOiI1ZDAwYWY2Ny1iNmIzLTQ1MTctOGE3Ny0zMTZlNjdhMzZmYzIiLCJhbGciOiJSUzI1NiJ9.eyJzdWIiOiIwMDAwMDAwIiwiYXVkIjoib2lkYy1jbGllbnQiLCJuYmYiOjE2OTM5OTMyMDUsInNjb3BlIjpbIm9wZW5pZCIsIm1lc3NhZ2UucmVhZCJdLCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjkwMDAiLCJleHAiOjE2OTM5OTY4MDUsImlhdCI6MTY5Mzk5MzIwNX0.GjtBALGt2UWsG4U364NyV7kML8fpHLAryl2Puji5N3JG1y-Z5jBptZKnOENgY_u18RtA1Pf5slPvPyU0ohZJKFM5rAW057OoC6wZ8X2F8ingNJtXU4cO5wie3S3f2XrY3kIkqkX2tSJZMa_YsmSq5JF-B8ERCpN1ajN-0x9kcsSSbNgV0PTGxckbLJ-t87vvsTBfMPT5eMXSQuMYWGsdZOEPajvTeVSI-eVp4rDS4pWjL5QQRWv7GM1soKcgAl-49us7eQ2xWk9Auf5Gq8_WH9HhD7sEvD34xQWdWVgBZQ9dyLpl0NnNDkTjZwvAXGW8TYPt2tW31Wc0j07QbE7pMw",
"refresh_token": "L-OMlvSRDBxUHLg_qL4IJVr97KKlT3dCO4KXzPVk3cIpxb2yowiMge35G3RdMi0t8gwtkIvtU7OW4f-pUS6aVVvEdDLbufwOKeD7QQb96MOEDGg6JpAeVWY2st2Kw72B",
"scope": "openid message.read",
"id_token": "eyJraWQiOiI1ZDAwYWY2Ny1iNmIzLTQ1MTctOGE3Ny0zMTZlNjdhMzZmYzIiLCJhbGciOiJSUzI1NiJ9.eyJzdWIiOiIwMDAwMDAwIiwiYXVkIjoib2lkYy1jbGllbnQiLCJhenAiOiJvaWRjLWNsaWVudCIsImF1dGhfdGltZSI6MTY5Mzk5MjYxNywiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDo5MDAwIiwiZXhwIjoxNjkzOTk1MDA2LCJpYXQiOjE2OTM5OTMyMDYsInNpZCI6IkN3UjlSZWlvaVh6UkNvVW82ZHYwTEZhTHJSUk9VM0o5elpYLXF6NklVbFEifQ.MUbn7iblRGkwfQoUYYdLqbv1KDHZZBcTTE6FMkg3rs8pmBSkz6hYR9jA4cfc6bIwKucmiXuyypHxb2JXjSDxSLKhY2htP0SIHh3B182A7CvseY_3hzoO5fX6-HIrIaAFFKL1HP24XPc0r2Mj4GrFQhv_Cf9wn7sIPa35zVGNH_gR_6ooiYBnUd8uGFSueqQS_BsIbs_PSCJa5dfx0LoCy9JjMNZLulB7QiNNjx8XVKHlk0ZErW7HeT-K2bp5UQ7yryC8nCaIlS2M0mBJG6MTjyiBnGxlXul3Or42gH76nAagIKg7JwmLV2vafMRB1w2NRGjhRvVBxaryl7uAYruHkQ",
"token_type": "Bearer",
"expires_in": 3600
}

      • 1
      • 2
      • 3
      • 4
      • 5
      • 6
      • 7
      • 8

    4. 使用得到的token获取用户信息

      • 设置header
        • Authorization: Bearer ${access_token}
      • POST请求
        http://localhost:9000/userinfo
      • 结果
        {
  "sub": "0000000"
  }

      • 1
      • 2
      • 3

    服务端代码

    server:
  port: 9000

    • 1
    • 2
        @Bean
    @Order(1)
    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
        OAuth2AuthorizationServerConfiguration.applyDefaultSecurity(http);
        http.getConfigurer(OAuth2AuthorizationServerConfigurer.class)
                .oidc(Customizer.withDefaults());
        http.exceptionHandling(exception -> exception
                .authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/login")));
        return http.build();
    }

    @Bean
    @Order(2)
    public SecurityFilterChain appSecurityFilterChain(HttpSecurity http) throws Exception {
        http
                .authorizeHttpRequests(auth -> auth
                        .anyRequest().authenticated()
                )
                .formLogin(Customizer.withDefaults());
        return http.build();
    }

    @Bean
    public UserDetailsService userDetailsService() {
        var user1 = User.withUsername("user")
                .password("password")
                .authorities("read")
                .build();
        return new InMemoryUserDetailsManager(user1);
    }

    • 1
    • 2
    • 3
    • 4
    • 5
    • 6
    • 7
    • 8
    • 9
    • 10
    • 11
    • 12
    • 13
    • 14
    • 15
    • 16
    • 17
    • 18
    • 19
    • 20
    • 21
    • 22
    • 23
    • 24
    • 25
    • 26
    • 27
    • 28
    • 29
    • 30

    服务端代码

    spring:
  security:
    oauth2:
      client:
        registration:
          myoauth2:
            provider: spring
            client-id: client
            client-secret: secret
            redirect-uri: http://127.0.0.1:8080/login/oauth2/code/myoauth2
            scope: openid
            authorization-grant-type: authorization_code
        provider:
          spring:
            issuer-uri: http://localhost:9000
server:
  port: 8080

    • 1
    • 2
    • 3
    • 4
    • 5
    • 6
    • 7
    • 8
    • 9
    • 10
    • 11
    • 12
    • 13
    • 14
    • 15
    • 16
    • 17
        @Bean
    SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
        http
                .authorizeHttpRequests(authorize -> authorize
                        .anyRequest().authenticated())
                .oauth2Login(oauth2Login ->
                        oauth2Login.loginPage("/oauth2/authorization/myoauth2"))
                .oauth2Client(withDefaults());
        return http.build();
    }

    • 1
    • 2
    • 3
    • 4
    • 5
    • 6
    • 7
    • 8
    • 9
    • 10

    参考代码

    https://github.com/shenshuxin01/grpc-springboot/tree/oauth2

  • 相关阅读:
    学习css动画-animation
    解决Selenium元素拖拽不生效Bug
    JVM——类的生命周期(加载阶段,连接阶段,初始化阶段)
    Thymeleaf将字符串转换为数字
    #Paper Reading# Pre-trained Language Model based Ranking in Baidu Search
    三维模型3DTile格式轻量化压缩处理的数据质量提升方法分析
    揭秘AI 原生应用技术栈
    Prototype
    C++ Reference: Standard C++ Library reference: C Library: cmath: rint
    Spring Boot 开发环境热部署
  • 原文地址:https://blog.csdn.net/weixin_48835367/article/details/133132600