Spring boot for Eclipse 開發指南第六節 Oauth 2.0

 折騰了一天. 終於在晚上 7點半 搞定了

1.廢話不說 pom.xml 增長依賴 主要就是security 和 oauth2.0 的包

<dependency>
			<groupId>org.springframework.boot</groupId>
			<artifactId>spring-boot-starter-security</artifactId>
		</dependency>

        <dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-config</artifactId>
        </dependency>
		
		<!-- security oauth2 -->
		<dependency>
	        <groupId>org.springframework.cloud</groupId>
	        <artifactId>spring-cloud-starter-oauth2</artifactId>
		</dependency>

 

2.繼承 WebSecurityConfigurerAdapter 的配置類中 主配置文件

@Override  
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {  
        auth.inMemoryAuthentication().withUser("shili").password("zzz123").roles("ADMIN");  
    }

@Override  
    protected void configure(HttpSecurity http) throws Exception {  
    	http.csrf().disable()
		.anonymous().disable()
	  	.authorizeRequests()
	  	.antMatchers("/oauth/token").permitAll().and().formLogin();
    }

這裏主要配置了登陸的用戶名和密碼 以及 開放 /oauth/token 的路徑

 

3. 繼承 ResourceServerConfigurerAdapter 的配置類中  

@Configuration
@EnableResourceServer
@Order(6)
public class ResourceServerConfiguration extends ResourceServerConfigurerAdapter {
	
	private static final String RESOURCE_ID = "my_rest_api";
	
	@Override
	public void configure(ResourceServerSecurityConfigurer resources) {
		resources.resourceId(RESOURCE_ID).stateless(false);
	}

	@Override
	public void configure(HttpSecurity http) throws Exception {
		http.
		anonymous().disable()
		.requestMatchers().antMatchers("/sayhello")
		.and().authorizeRequests()
		.antMatchers("/sayhello").access("hasRole('ADMIN')")
		.and().exceptionHandling().accessDeniedHandler(new OAuth2AccessDeniedHandler());		 
	}
}

 

4.最後是繼承 AuthorizationServerConfigurerAdapter 的配置類

@Configuration
@EnableAuthorizationServer
public class SecurityOauth2Config extends AuthorizationServerConfigurerAdapter {
	
	private static String REALM="MY_OAUTH_REALM";
		
	@Override
    public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
		//客戶端詳情服務
		clients.inMemory()
        .withClient("13890999")
        .authorizedGrantTypes("password", "authorization_code", "refresh_token", "implicit")
        .authorities("ROLE_CLIENT", "ROLE_TRUSTED_CLIENT")
        .scopes("read", "write", "trust")
        .secret("secret")
        .accessTokenValiditySeconds(120).//Access token is only valid for 2 minutes.
        refreshTokenValiditySeconds(600);//Refresh token is only valid for 10 minutes.
	}
	
    @Override  
    public void configure(AuthorizationServerSecurityConfigurer oauthServer) throws Exception {  
        oauthServer.allowFormAuthenticationForClients();  
    }  
}

 

5.測試步驟 首先訪問如下地址

http://localhost:8080/oauth/authorize?client_id=13890999&response_type=code&redirect_uri=http://localhost:8080

就會跳轉到登陸頁面 而後登陸 會跳轉到受權確認頁面 最後會跳轉到 http://localhost:8080/code=XXXXX

其中的XXXXX就是咱們須要的code

而後使用curl開始POST咱們的token 地址

curl "http://localhost:8080/oauth/token" -d "client_id=13890999&client_secret=secret&grant_type=authorization_code&code=XXXXX&redirect_uri=http://localhost:8080"

命令中的CODE 你要修改爲你上一步獲取到CODE

他就會返回以下 代碼 表示已經成功了!

{"access_token":"5905c5da-0925-4752-8b6a-423936cfac71","token_type":"bearer","re
fresh_token":"9ebff67a-8a1d-462c-bf74-4a0a66f2980b","expires_in":119,"scope":"tr
ust read write"}

有了這個access_token 就能夠訪問 ResourceServerConfigurerAdapter 配置的url了

curl "http://localhost:8080/sayhello" -d "access_token=5905c5da-
0925-4752-8b6a-423936cfac71" -v

出現網頁源代碼 表示訪問成功 到這裏 Auth2.0 完成了一半了

明天 把那個很醜的受權頁改一改 就OK了