Kaynağa Gözat

没有测试通

oauth
燕鹏 4 yıl önce
ebeveyn
işleme
38cf2ae7f5
  1. 3
      build.gradle
  2. 70
      src/main/java/com/aiprose/scauth/conf/AuthcServerConfig.java
  3. 89
      src/main/java/com/aiprose/scauth/conf/WebAuthcSecurityConfig.java
  4. 4
      src/main/java/com/aiprose/scauth/conf/WebSecurityConfig.java

3
build.gradle

@ -23,6 +23,9 @@ repositories {
dependencies {
implementation 'org.springframework.boot:spring-boot-starter-data-jpa'
implementation 'org.springframework.boot:spring-boot-starter-security'
implementation 'org.springframework.security.oauth:spring-security-oauth2:2.4.0.RELEASE'
compile group: 'org.springframework.security', name: 'spring-security-jwt', version: '1.1.0.RELEASE'
implementation 'org.springframework.boot:spring-boot-starter-web'
implementation 'org.springframework.boot:spring-boot-starter-data-redis'
implementation 'org.springframework.boot:spring-boot-starter-thymeleaf'

70
src/main/java/com/aiprose/scauth/conf/AuthcServerConfig.java

@ -0,0 +1,70 @@
package com.aiprose.scauth.conf;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;
import org.springframework.security.oauth2.provider.token.store.InMemoryTokenStore;
import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter;
/**
* @author nelson
* @desc TODO
* @company 北京中经网软件有限公司
* @date 2020/11/30 11:10
* @since 1.0
*/
@Configuration
@EnableAuthorizationServer
public class AuthcServerConfig extends AuthorizationServerConfigurerAdapter {
@Autowired
private AuthenticationManager authenticationManager;
/**
* 配置一个客户端
*
* 既可以通过授权码方式获取令牌也可以通过密码方式获取令牌
*/
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients.inMemory()
.withClient("clientId")
.secret("secret")
.authorizedGrantTypes("authorization_code","password","refresh_token")
.scopes("all")
.redirectUris("http://localhost:8015/");
}
/** 配置token管理 */
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
endpoints.tokenStore(new InMemoryTokenStore())
.accessTokenConverter(accessTokenConverter())
.authenticationManager(authenticationManager)
.reuseRefreshTokens(false);
}
/** 配置jwt转换器 */
@Bean
public JwtAccessTokenConverter accessTokenConverter() {
JwtAccessTokenConverter converter = new JwtAccessTokenConverter();
converter.setSigningKey("secret");
return converter;
}
@Override
public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
security.tokenKeyAccess("permitAll()") //允许所有人请求令牌
.checkTokenAccess("isAuthenticated()") //已验证的客户端才能请求check_token端点
.allowFormAuthenticationForClients();
}
}

89
src/main/java/com/aiprose/scauth/conf/WebAuthcSecurityConfig.java

@ -0,0 +1,89 @@
package com.aiprose.scauth.conf;
import com.aiprose.scauth.entity.User;
import com.aiprose.scauth.filter.JWTAuthenticationFilter;
import com.aiprose.scauth.handler.*;
import com.aiprose.scauth.service.IUserService;
import org.apache.commons.lang3.StringUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.web.servlet.config.annotation.CorsRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
/**
* @author nelson
* @desc script配置
* @company 北京中经网软件有限公司
* @date 2020/11/27 15:32
* @since 1.0
*/
@Configuration
@EnableGlobalMethodSecurity(securedEnabled = true, prePostEnabled = true, jsr250Enabled = true)
public class WebAuthcSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private IUserService userService;
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring().antMatchers("/v3/api-docs/**", "/swagger-resources/**", "/swagger-ui/**","/swagger-ui/index.html");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.cors().and().csrf().disable();
// 授权配置
http.authorizeRequests().antMatchers("/oauth/**").permitAll().anyRequest().authenticated();
// 配置登录
http.formLogin().permitAll();
//登录过期、 未登录
http.exceptionHandling().authenticationEntryPoint(new LoginExpireHandler());
// 配置登录失败后的操作
http.formLogin().failureHandler(new LoginFailureHandler());
// 配置登录成功后的操作
http.formLogin().successHandler(new LoginSuccessHandler());
//权限不足
http.exceptionHandling().accessDeniedHandler(new AuthLimitHandler());
// 登出授权
// http.logout().permitAll();
http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
/* 配置token验证过滤器 */
// http.addFilterBefore(new JWTAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class);
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService()).passwordEncoder(new BCryptPasswordEncoder());
}
@Bean
public WebMvcConfigurer corsConfigurer() {
return new WebMvcConfigurer() {
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/**");
}
};
}
@Bean
@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
}

4
src/main/java/com/aiprose/scauth/conf/WebSecurityConfig.java

@ -39,8 +39,8 @@ import java.util.List;
* @date 2020/11/27 15:32
* @since 1.0
*/
@Configuration
@EnableGlobalMethodSecurity(securedEnabled = true, prePostEnabled = true, jsr250Enabled = true)
//@Configuration
//@EnableGlobalMethodSecurity(securedEnabled = true, prePostEnabled = true, jsr250Enabled = true)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private IUserService userService;

Yükleniyor…
İptal
Kaydet