token_id varchar(256) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL,
token blob NULL,
authentication_id varchar(250) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL,
user_name varchar(256) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL,
client_id varchar(256) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL,
authentication blob NULL,
refresh_token varchar(256) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL,
PRIMARY KEY (authentication_id) USING BTREE
) ENGINE = InnoDB CHARACTER SET = utf8 COLLATE = utf8_general_ci ROW_FORMAT = Dynamic;
– Table structure for oauth_client_details
DROP TABLE IF EXISTS oauth_client_details;
CREATE TABLE oauth_client_details (
client_id varchar(250) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL,
resource_ids varchar(256) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL,
client_secret varchar(256) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL,
scope varchar(256) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL,
authorized_grant_types varchar(256) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL,
web_server_redirect_uri varchar(256) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL,
authorities varchar(256) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL,
access_token_validity int(11) NULL DEFAULT NULL,
refresh_token_validity int(11) NULL DEFAULT NULL,
additional_information varchar(4096) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL,
autoapprove varchar(256) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL,
PRIMARY KEY (client_id) USING BTREE
) ENGINE = InnoDB CHARACTER SET = utf8 COLLATE = utf8_general_ci ROW_FORMAT = Dynamic;
– Table structure for oauth_refresh_token
DROP TABLE IF EXISTS oauth_refresh_token;
CREATE TABLE oauth_refresh_token (
token_id varchar(256) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL,
token blob NULL,
authentication blob NULL
) ENGINE = InnoDB CHARACTER SET = utf8 COLLATE = utf8_general_ci ROW_FORMAT = Dynamic;
2.在上一篇博客项目基础上 还有两项需要配置
3.配置认证服务器
@Configuration
@EnableAuthorizationServer // 这个注解告诉 Spring 这个应用是 OAuth2 的授权服务器//
// 提供/oauth/authorize,/oauth/token,/oauth/check_token,/oauth//confirm/i_access,/oauth/error
public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {
@Autowired
@Qualifier(“authenticationManagerBean”)
private AuthenticationManager authenticationManager;
@Autowired
@Qualifier(“dataSource”)
private DataSource dataSource;
@Autowired
private UserDetailsService userDetailsService;
@Bean
public TokenStore tokenStore() {
// return new InMemoryTokenStore(); //使用内存中的 token store
return new JdbcTokenStore(dataSource); ///使用Jdbctoken store
}
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients.jdbc(dataSource)
.withClient(“client”)
.secret(new BCryptPasswordEncoder().encode(“123456”))
.authorizedGrantTypes(“password”, “refresh_token”)
《一线大厂Java面试题解析+后端开发学习笔记+最新架构讲解视频+实战项目源码讲义》
【docs.qq.com/doc/DSmxTbFJ1cmN1R2dB】 完整内容开源分享
//允许授权范围
.authorities(“ROLE_ADMIN”,“ROLE_USER”)//客户端可以使用的权限
.scopes( “read”, “write”)
.accessTokenValiditySeconds(7200)
.refreshTokenValiditySeconds(7200);
}
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
endpoints.tokenStore(tokenStore())
.authenticationManager(authenticationManager)
.userDetailsService(userDetailsService);//必须设置 UserDetailsService 否则刷新token 时会报错
}
@Override
public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
security
.tokenKeyAccess(“permitAll()”)
.checkTokenAccess(“isAuthenticated()”)
.allowFormAuthenticationForClients();//允许表单登录
}
}
4.配置资源服务器
@Configuration
@EnableResourceServer //这个类表明了此应用是OAuth2 的资源服务器,此处主要指定了受资源服务器保护的资源链接
public class ResourceServerConfig extends ResourceServerConfigurerAdapter {
@Override
public void configure(HttpSecurity http) throws Exception {
http.csrf().disable()//禁用了 csrf 功能
.authorizeRequests()//限定签名成功的请求
.antMatchers("/decision/","/govern/").hasAnyRole(“USER”,“ADMIN”)
.antMatchers("/admin
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService)
.passwordEncoder(passwordEncoder());
}
@Override
protected void configure(HttpSecurity http) throws Exception {
//不拦截 oauth 开放的资源
http.csrf().disable();
http.requestMatchers()//使HttpSecurity接收以"/login/","/oauth/"开头请求。
.antMatchers("/oauth/", "/login/", “/logout/**”)
.and()
.authorizeRequests()
.antMatchers("/oauth/**").authenticated()
.and()
.formLogin();
}
}
到这整合就完成了。
获取token :
http://localhost:18088/oauth/token?username=admin&password=admin&grant_type=password&client_id=client&client_secret=123456&grant_type=refresh_token
返回:
{
“access_token”: “624d8e84-e981-484b-a064-1d8f5997e4fb”,
“token_type”: “bearer”,
“refresh_token”: “ca0d41c8-d808-4211-8cab-5da5bfe6c6db”,
“expires_in”: 5696,
“scope”: “read write”
}
刷新令牌:
http://localhost:18088/oauth/token?grant_type=refresh_token&client_id=client&client_secret=123456&refresh_token=ca0d41c8-d808-4211-8cab-5da5bfe6c6db
返回数据:
欢迎分享,转载请注明来源:内存溢出
微信扫一扫
支付宝扫一扫
评论列表(0条)