Spring boot for Eclipse 开发指南第六节 Oauth 2.0

 折腾了一天. 终于在晚上 7点半 搞定了

1.废话不说 pom.xml 增长依赖 主要就是security 和 oauth2.0 的包

<dependency>
			<groupId>org.springframework.boot</groupId>
			<artifactId>spring-boot-starter-security</artifactId>
		</dependency>

        <dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-config</artifactId>
        </dependency>
		
		<!-- security oauth2 -->
		<dependency>
	        <groupId>org.springframework.cloud</groupId>
	        <artifactId>spring-cloud-starter-oauth2</artifactId>
		</dependency>

 

2.继承 WebSecurityConfigurerAdapter 的配置类中 主配置文件

@Override  
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {  
        auth.inMemoryAuthentication().withUser("shili").password("zzz123").roles("ADMIN");  
    }

@Override  
    protected void configure(HttpSecurity http) throws Exception {  
    	http.csrf().disable()
		.anonymous().disable()
	  	.authorizeRequests()
	  	.antMatchers("/oauth/token").permitAll().and().formLogin();
    }

这里主要配置了登陆的用户名和密码 以及 开放 /oauth/token 的路径

 

3. 继承 ResourceServerConfigurerAdapter 的配置类中  

@Configuration
@EnableResourceServer
@Order(6)
public class ResourceServerConfiguration extends ResourceServerConfigurerAdapter {
	
	private static final String RESOURCE_ID = "my_rest_api";
	
	@Override
	public void configure(ResourceServerSecurityConfigurer resources) {
		resources.resourceId(RESOURCE_ID).stateless(false);
	}

	@Override
	public void configure(HttpSecurity http) throws Exception {
		http.
		anonymous().disable()
		.requestMatchers().antMatchers("/sayhello")
		.and().authorizeRequests()
		.antMatchers("/sayhello").access("hasRole('ADMIN')")
		.and().exceptionHandling().accessDeniedHandler(new OAuth2AccessDeniedHandler());		 
	}
}

 

4.最后是继承 AuthorizationServerConfigurerAdapter 的配置类

@Configuration
@EnableAuthorizationServer
public class SecurityOauth2Config extends AuthorizationServerConfigurerAdapter {
	
	private static String REALM="MY_OAUTH_REALM";
		
	@Override
    public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
		//客户端详情服务
		clients.inMemory()
        .withClient("13890999")
        .authorizedGrantTypes("password", "authorization_code", "refresh_token", "implicit")
        .authorities("ROLE_CLIENT", "ROLE_TRUSTED_CLIENT")
        .scopes("read", "write", "trust")
        .secret("secret")
        .accessTokenValiditySeconds(120).//Access token is only valid for 2 minutes.
        refreshTokenValiditySeconds(600);//Refresh token is only valid for 10 minutes.
	}
	
    @Override  
    public void configure(AuthorizationServerSecurityConfigurer oauthServer) throws Exception {  
        oauthServer.allowFormAuthenticationForClients();  
    }  
}

 

5.测试步骤 首先访问如下地址

http://localhost:8080/oauth/authorize?client_id=13890999&response_type=code&redirect_uri=http://localhost:8080

就会跳转到登陆页面 而后登陆 会跳转到受权确认页面 最后会跳转到 http://localhost:8080/code=XXXXX

其中的XXXXX就是咱们须要的code

而后使用curl开始POST咱们的token 地址

curl "http://localhost:8080/oauth/token" -d "client_id=13890999&client_secret=secret&grant_type=authorization_code&code=XXXXX&redirect_uri=http://localhost:8080"

命令中的CODE 你要修改为你上一步获取到CODE

他就会返回以下 代码 表示已经成功了!

{"access_token":"5905c5da-0925-4752-8b6a-423936cfac71","token_type":"bearer","re
fresh_token":"9ebff67a-8a1d-462c-bf74-4a0a66f2980b","expires_in":119,"scope":"tr
ust read write"}

有了这个access_token 就能够访问 ResourceServerConfigurerAdapter 配置的url了

curl "http://localhost:8080/sayhello" -d "access_token=5905c5da-
0925-4752-8b6a-423936cfac71" -v

出现网页源代码 表示访问成功 到这里 Auth2.0 完成了一半了

明天 把那个很丑的受权页改一改 就OK了