From 0b6a41fba6c31029b0d6b8ada5ce4713cf0f0832 Mon Sep 17 00:00:00 2001
From: xjs <1294405880@qq.com>
Date: Tue, 31 May 2022 09:34:58 +0800
Subject: [PATCH] springCloud oauth demo
---
.../eureka/eureka-client-consumer/pom.xml | 5 +
.../src/main/resources/application.yml | 6 +
.../eureka/eureka-client-provider/pom.xml | 5 +
.../src/main/resources/application.yml | 6 +
xjs-study/springcloud-project/oauth2/pom.xml | 45 +++++++
.../com/xjs/OAuthServerApplication9898.java | 18 +++
.../com/xjs/config/OauthServerConfiger.java | 121 ++++++++++++++++++
.../java/com/xjs/config/SecurityConfiger.java | 66 ++++++++++
.../oauth2/src/main/resources/application.yml | 18 +++
xjs-study/springcloud-project/pom.xml | 1 +
.../src/main/resources/application.yml | 6 +-
11 files changed, 294 insertions(+), 3 deletions(-)
create mode 100644 xjs-study/springcloud-project/oauth2/pom.xml
create mode 100644 xjs-study/springcloud-project/oauth2/src/main/java/com/xjs/OAuthServerApplication9898.java
create mode 100644 xjs-study/springcloud-project/oauth2/src/main/java/com/xjs/config/OauthServerConfiger.java
create mode 100644 xjs-study/springcloud-project/oauth2/src/main/java/com/xjs/config/SecurityConfiger.java
create mode 100644 xjs-study/springcloud-project/oauth2/src/main/resources/application.yml
diff --git a/xjs-study/springcloud-project/eureka/eureka-client-consumer/pom.xml b/xjs-study/springcloud-project/eureka/eureka-client-consumer/pom.xml
index 2aee7521..7153f9ab 100644
--- a/xjs-study/springcloud-project/eureka/eureka-client-consumer/pom.xml
+++ b/xjs-study/springcloud-project/eureka/eureka-client-consumer/pom.xml
@@ -32,6 +32,11 @@
org.springframework.cloud
spring-cloud-starter-openfeign
+
+
+ org.springframework.cloud
+ spring-cloud-starter-sleuth
+
diff --git a/xjs-study/springcloud-project/eureka/eureka-client-consumer/src/main/resources/application.yml b/xjs-study/springcloud-project/eureka/eureka-client-consumer/src/main/resources/application.yml
index 85031ce7..fa40d6db 100644
--- a/xjs-study/springcloud-project/eureka/eureka-client-consumer/src/main/resources/application.yml
+++ b/xjs-study/springcloud-project/eureka/eureka-client-consumer/src/main/resources/application.yml
@@ -17,3 +17,9 @@ eureka:
instance:
prefer-ip-address: true #服务实例中显示ip,而不是显示主机名
instance-id: ${spring.cloud.client.ip-address}:${spring.application.name}:${server.port} #实例名称
+
+
+logging:
+ level:
+ org.springframework.cloud.sleuth: debug
+ org.springframework.web.servlet.DispatcherServlet: debug
diff --git a/xjs-study/springcloud-project/eureka/eureka-client-provider/pom.xml b/xjs-study/springcloud-project/eureka/eureka-client-provider/pom.xml
index 9dfbf125..6c0c4ada 100644
--- a/xjs-study/springcloud-project/eureka/eureka-client-provider/pom.xml
+++ b/xjs-study/springcloud-project/eureka/eureka-client-provider/pom.xml
@@ -27,6 +27,11 @@
org.springframework.boot
spring-boot-starter-web
+
+
+ org.springframework.cloud
+ spring-cloud-starter-sleuth
+
diff --git a/xjs-study/springcloud-project/eureka/eureka-client-provider/src/main/resources/application.yml b/xjs-study/springcloud-project/eureka/eureka-client-provider/src/main/resources/application.yml
index 5a51b617..e95bd490 100644
--- a/xjs-study/springcloud-project/eureka/eureka-client-provider/src/main/resources/application.yml
+++ b/xjs-study/springcloud-project/eureka/eureka-client-provider/src/main/resources/application.yml
@@ -21,3 +21,9 @@ eureka:
#自定义元数据
metadata-map:
now: 2022
+
+
+logging:
+ level:
+ org.springframework.cloud.sleuth: debug
+ org.springframework.web.servlet.DispatcherServlet: debug
diff --git a/xjs-study/springcloud-project/oauth2/pom.xml b/xjs-study/springcloud-project/oauth2/pom.xml
new file mode 100644
index 00000000..f1c7a8a8
--- /dev/null
+++ b/xjs-study/springcloud-project/oauth2/pom.xml
@@ -0,0 +1,45 @@
+
+
+
+ springcloud-project
+ com.xjs
+ 1.0
+
+ 4.0.0
+ oauth2认证授权
+
+ oauth2
+
+
+ 11
+ 11
+
+
+
+
+ org.springframework.cloud
+ spring-cloud-starter-netflix-eureka-client
+
+
+
+ org.springframework.boot
+ spring-boot-starter-web
+
+
+
+ org.springframework.cloud
+ spring-cloud-starter-oauth2
+ 2.2.5.RELEASE
+
+
+
+ org.springframework.security.oauth
+ spring-security-oauth2
+ 2.3.4.RELEASE
+
+
+
+
+
diff --git a/xjs-study/springcloud-project/oauth2/src/main/java/com/xjs/OAuthServerApplication9898.java b/xjs-study/springcloud-project/oauth2/src/main/java/com/xjs/OAuthServerApplication9898.java
new file mode 100644
index 00000000..529e9988
--- /dev/null
+++ b/xjs-study/springcloud-project/oauth2/src/main/java/com/xjs/OAuthServerApplication9898.java
@@ -0,0 +1,18 @@
+package com.xjs;
+
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.cloud.client.discovery.EnableDiscoveryClient;
+
+/**
+ * @author xiejs
+ * @since 2022-05-30
+ */
+@SpringBootApplication
+@EnableDiscoveryClient
+public class OAuthServerApplication9898 {
+
+ public static void main(String[] args) {
+ SpringApplication.run(OAuthServerApplication9898.class, args);
+ }
+}
diff --git a/xjs-study/springcloud-project/oauth2/src/main/java/com/xjs/config/OauthServerConfiger.java b/xjs-study/springcloud-project/oauth2/src/main/java/com/xjs/config/OauthServerConfiger.java
new file mode 100644
index 00000000..a1dc5b3a
--- /dev/null
+++ b/xjs-study/springcloud-project/oauth2/src/main/java/com/xjs/config/OauthServerConfiger.java
@@ -0,0 +1,121 @@
+package com.xjs.config;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.http.HttpMethod;
+import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
+import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
+import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
+import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
+import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;
+import org.springframework.security.oauth2.provider.token.AuthorizationServerTokenServices;
+import org.springframework.security.oauth2.provider.token.DefaultTokenServices;
+import org.springframework.security.oauth2.provider.token.TokenStore;
+import org.springframework.security.oauth2.provider.token.store.InMemoryTokenStore;
+
+/**
+ * 授权服务
+ *
+ * @author xiejs
+ * @since 2022-05-30
+ */
+@Configuration
+@EnableAuthorizationServer
+public class OauthServerConfiger extends AuthorizationServerConfigurerAdapter {
+
+
+ @Autowired
+ private AuthenticationManager authenticationManager;
+
+ /**
+ * 认证服务器最终是以api接口的方式对外提供服务(校验合法性并生成令牌,校验令牌等)
+ * 那么,以api接口方式对外的话,就涉及到接口的访问权限,我们需要在这里进行必要的配置
+ *
+ * @param security 配置
+ * @throws Exception 异常
+ */
+ @Override
+ public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
+ super.configure(security);
+
+ //相当于打开endpoints,访问接口的开关,这样的话后期我们能够访问该接口
+ security
+ //允许客户端表单认证
+ .allowFormAuthenticationForClients()
+ //开启端口 oauth/token_key的访问权限
+ .tokenKeyAccess("permitAll()")
+ //开启端口 oauth/check_token的访问权限
+ .checkTokenAccess("permitAll()")
+ ;
+ }
+
+ /**
+ * 客户端详情配置
+ * 比如client_id,secret
+ * 当前这个服务如同QQ平台,服务作为客户端需要QQ平台进行登录授权认证等,提前需要到QQ平台注册,QQ平台会给服务颁发client_id等必要参数,表明客户端是谁
+ *
+ * @param clients 客户端
+ * @throws Exception 异常
+ */
+ @Override
+ public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
+ super.configure(clients);
+
+
+ clients.inMemory() //客户端信息存储到什么地方,可以再内存中,也可以再数据库里
+ .withClient("client_A") //添加一份client配置,指定client_id
+ .secret("xjs666") //指定客户端的密码/安全码
+ .resourceIds("autodeliver") //指定客户端所能访问的资源id清单,此处的资源id是需要在具体的资源服务
+ .authorizedGrantTypes("password", "refresh_token") //认证类型/令牌颁发模式,可以配置多个,需要客户端调用的时候传递参数
+ .scopes("all") //客户端权限范围
+ ;
+ }
+
+ /**
+ * 配置token令牌管理相关
+ *
+ * @param endpoints 令牌
+ * @throws Exception 异常
+ */
+ @Override
+ public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
+ super.configure(endpoints);
+
+ endpoints.tokenStore(this.tokenStore()) //指定token的存储方法
+ .tokenServices(this.authorizationServerTokenServices()) //token服务的一个描述,可以认为是token生成细节的描述
+ .authenticationManager(authenticationManager) //指定认证管理器,随后注入一个到当前类使用即可
+ .allowedTokenEndpointRequestMethods(HttpMethod.GET, HttpMethod.POST)
+ ;
+ }
+
+
+ /**
+ * 该方法用于创建tokenStore对象(令牌存储对象)
+ * token以什么形式存储
+ */
+ public TokenStore tokenStore() {
+ return new InMemoryTokenStore();
+ }
+
+ /**
+ * 该方法用户获取一个token服务对象(该对象描述了token有效期等信息)
+ */
+ public AuthorizationServerTokenServices authorizationServerTokenServices() {
+ DefaultTokenServices defaultTokenServices = new DefaultTokenServices();
+ //是否开启令牌刷新
+ defaultTokenServices.setSupportRefreshToken(true);
+
+ defaultTokenServices.setTokenStore(this.tokenStore());
+
+ //设置令牌有效时间
+ defaultTokenServices.setAccessTokenValiditySeconds(10 /** 60*/);
+
+ //设置刷新令牌的有效时间
+ defaultTokenServices.setRefreshTokenValiditySeconds(3 * 60 * 60 * 24);
+
+ return defaultTokenServices;
+ }
+
+
+}
diff --git a/xjs-study/springcloud-project/oauth2/src/main/java/com/xjs/config/SecurityConfiger.java b/xjs-study/springcloud-project/oauth2/src/main/java/com/xjs/config/SecurityConfiger.java
new file mode 100644
index 00000000..2a708e6e
--- /dev/null
+++ b/xjs-study/springcloud-project/oauth2/src/main/java/com/xjs/config/SecurityConfiger.java
@@ -0,0 +1,66 @@
+package com.xjs.config;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.core.userdetails.User;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.crypto.password.NoOpPasswordEncoder;
+import org.springframework.security.crypto.password.PasswordEncoder;
+
+import java.util.ArrayList;
+
+/**
+ * 该配置类主要处理用户名和密码的校验等
+ *
+ * @author xiejs
+ * @since 2022-05-30
+ */
+@Configuration
+public class SecurityConfiger extends WebSecurityConfigurerAdapter {
+
+ @Autowired
+ private PasswordEncoder passwordEncoder;
+
+
+ /**
+ * 注册一个认证管理器到容器
+ */
+ @Override
+ @Bean
+ public AuthenticationManager authenticationManagerBean() throws Exception {
+ return super.authenticationManagerBean();
+ }
+
+
+ /**
+ * 处理用户名和密码验证
+ *
+ * 客户端传递username和password参数到认证服务器
+ * 一般来说,username和password会存储在数据库中的用户表中
+ * 根据用户表中数据,验证当前传递过来的用户信息的合法性
+ *
+ */
+ @Override
+ protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+ super.configure(auth);
+
+ //把用户信息配置在内存中,实例化一个用户对象
+ UserDetails user = new User("admin", "123456", new ArrayList<>());
+
+ auth.inMemoryAuthentication()
+ .withUser(user)
+ .passwordEncoder(passwordEncoder)
+ ;
+
+ }
+
+
+ @Bean
+ public PasswordEncoder passwordEncoder() {
+ return NoOpPasswordEncoder.getInstance();
+ }
+}
diff --git a/xjs-study/springcloud-project/oauth2/src/main/resources/application.yml b/xjs-study/springcloud-project/oauth2/src/main/resources/application.yml
new file mode 100644
index 00000000..f52c47da
--- /dev/null
+++ b/xjs-study/springcloud-project/oauth2/src/main/resources/application.yml
@@ -0,0 +1,18 @@
+server:
+ port: 9898
+
+spring:
+ application:
+ name: oauth-server
+
+#注册到Eureka服务中心
+eureka:
+ client:
+ service-url:
+ # 注册到集群,就把多个Eureka Server 地址使用逗号连接起来即可,注册到单实例,就写一个
+ defaultZone: http://localhost:8761/eureka,http://localhost:8762/eureka,http://localhost:8763/eureka
+
+ instance:
+ prefer-ip-address: true #服务实例中显示ip,而不是显示主机名
+ instance-id: ${spring.cloud.client.ip-address}:${spring.application.name}:${server.port} #实例名称
+
diff --git a/xjs-study/springcloud-project/pom.xml b/xjs-study/springcloud-project/pom.xml
index 942da8fd..57939227 100644
--- a/xjs-study/springcloud-project/pom.xml
+++ b/xjs-study/springcloud-project/pom.xml
@@ -13,6 +13,7 @@
eureka
stream
+ oauth2
springcloud-project
diff --git a/xjs-study/springcloud-project/stream/stream-consumer-8601/src/main/resources/application.yml b/xjs-study/springcloud-project/stream/stream-consumer-8601/src/main/resources/application.yml
index d3f26edb..4ae747b4 100644
--- a/xjs-study/springcloud-project/stream/stream-consumer-8601/src/main/resources/application.yml
+++ b/xjs-study/springcloud-project/stream/stream-consumer-8601/src/main/resources/application.yml
@@ -28,8 +28,8 @@ eureka:
client:
serviceUrl: # eureka server的路径
defaultZone: http://localhost:8761/eureka,http://localhost:8762/eureka,http://localhost:8763/eureka
- instance:
- prefer-ip-address: true #使用ip注册
- instance-id: ${spring.cloud.client.ip-address}:${spring.application.name}:${server.port} #实例名称
+ instance:
+ prefer-ip-address: true #使用ip注册
+ instance-id: ${spring.cloud.client.ip-address}:${spring.application.name}:${server.port} #实例名称