From 0b6a41fba6c31029b0d6b8ada5ce4713cf0f0832 Mon Sep 17 00:00:00 2001 From: xjs <1294405880@qq.com> Date: Tue, 31 May 2022 09:34:58 +0800 Subject: [PATCH] springCloud oauth demo --- .../eureka/eureka-client-consumer/pom.xml | 5 + .../src/main/resources/application.yml | 6 + .../eureka/eureka-client-provider/pom.xml | 5 + .../src/main/resources/application.yml | 6 + xjs-study/springcloud-project/oauth2/pom.xml | 45 +++++++ .../com/xjs/OAuthServerApplication9898.java | 18 +++ .../com/xjs/config/OauthServerConfiger.java | 121 ++++++++++++++++++ .../java/com/xjs/config/SecurityConfiger.java | 66 ++++++++++ .../oauth2/src/main/resources/application.yml | 18 +++ xjs-study/springcloud-project/pom.xml | 1 + .../src/main/resources/application.yml | 6 +- 11 files changed, 294 insertions(+), 3 deletions(-) create mode 100644 xjs-study/springcloud-project/oauth2/pom.xml create mode 100644 xjs-study/springcloud-project/oauth2/src/main/java/com/xjs/OAuthServerApplication9898.java create mode 100644 xjs-study/springcloud-project/oauth2/src/main/java/com/xjs/config/OauthServerConfiger.java create mode 100644 xjs-study/springcloud-project/oauth2/src/main/java/com/xjs/config/SecurityConfiger.java create mode 100644 xjs-study/springcloud-project/oauth2/src/main/resources/application.yml diff --git a/xjs-study/springcloud-project/eureka/eureka-client-consumer/pom.xml b/xjs-study/springcloud-project/eureka/eureka-client-consumer/pom.xml index 2aee7521..7153f9ab 100644 --- a/xjs-study/springcloud-project/eureka/eureka-client-consumer/pom.xml +++ b/xjs-study/springcloud-project/eureka/eureka-client-consumer/pom.xml @@ -32,6 +32,11 @@ org.springframework.cloud spring-cloud-starter-openfeign + + + org.springframework.cloud + spring-cloud-starter-sleuth + diff --git a/xjs-study/springcloud-project/eureka/eureka-client-consumer/src/main/resources/application.yml b/xjs-study/springcloud-project/eureka/eureka-client-consumer/src/main/resources/application.yml index 85031ce7..fa40d6db 100644 --- a/xjs-study/springcloud-project/eureka/eureka-client-consumer/src/main/resources/application.yml +++ b/xjs-study/springcloud-project/eureka/eureka-client-consumer/src/main/resources/application.yml @@ -17,3 +17,9 @@ eureka: instance: prefer-ip-address: true #服务实例中显示ip,而不是显示主机名 instance-id: ${spring.cloud.client.ip-address}:${spring.application.name}:${server.port} #实例名称 + + +logging: + level: + org.springframework.cloud.sleuth: debug + org.springframework.web.servlet.DispatcherServlet: debug diff --git a/xjs-study/springcloud-project/eureka/eureka-client-provider/pom.xml b/xjs-study/springcloud-project/eureka/eureka-client-provider/pom.xml index 9dfbf125..6c0c4ada 100644 --- a/xjs-study/springcloud-project/eureka/eureka-client-provider/pom.xml +++ b/xjs-study/springcloud-project/eureka/eureka-client-provider/pom.xml @@ -27,6 +27,11 @@ org.springframework.boot spring-boot-starter-web + + + org.springframework.cloud + spring-cloud-starter-sleuth + diff --git a/xjs-study/springcloud-project/eureka/eureka-client-provider/src/main/resources/application.yml b/xjs-study/springcloud-project/eureka/eureka-client-provider/src/main/resources/application.yml index 5a51b617..e95bd490 100644 --- a/xjs-study/springcloud-project/eureka/eureka-client-provider/src/main/resources/application.yml +++ b/xjs-study/springcloud-project/eureka/eureka-client-provider/src/main/resources/application.yml @@ -21,3 +21,9 @@ eureka: #自定义元数据 metadata-map: now: 2022 + + +logging: + level: + org.springframework.cloud.sleuth: debug + org.springframework.web.servlet.DispatcherServlet: debug diff --git a/xjs-study/springcloud-project/oauth2/pom.xml b/xjs-study/springcloud-project/oauth2/pom.xml new file mode 100644 index 00000000..f1c7a8a8 --- /dev/null +++ b/xjs-study/springcloud-project/oauth2/pom.xml @@ -0,0 +1,45 @@ + + + + springcloud-project + com.xjs + 1.0 + + 4.0.0 + oauth2认证授权 + + oauth2 + + + 11 + 11 + + + + + org.springframework.cloud + spring-cloud-starter-netflix-eureka-client + + + + org.springframework.boot + spring-boot-starter-web + + + + org.springframework.cloud + spring-cloud-starter-oauth2 + 2.2.5.RELEASE + + + + org.springframework.security.oauth + spring-security-oauth2 + 2.3.4.RELEASE + + + + + diff --git a/xjs-study/springcloud-project/oauth2/src/main/java/com/xjs/OAuthServerApplication9898.java b/xjs-study/springcloud-project/oauth2/src/main/java/com/xjs/OAuthServerApplication9898.java new file mode 100644 index 00000000..529e9988 --- /dev/null +++ b/xjs-study/springcloud-project/oauth2/src/main/java/com/xjs/OAuthServerApplication9898.java @@ -0,0 +1,18 @@ +package com.xjs; + +import org.springframework.boot.SpringApplication; +import org.springframework.boot.autoconfigure.SpringBootApplication; +import org.springframework.cloud.client.discovery.EnableDiscoveryClient; + +/** + * @author xiejs + * @since 2022-05-30 + */ +@SpringBootApplication +@EnableDiscoveryClient +public class OAuthServerApplication9898 { + + public static void main(String[] args) { + SpringApplication.run(OAuthServerApplication9898.class, args); + } +} diff --git a/xjs-study/springcloud-project/oauth2/src/main/java/com/xjs/config/OauthServerConfiger.java b/xjs-study/springcloud-project/oauth2/src/main/java/com/xjs/config/OauthServerConfiger.java new file mode 100644 index 00000000..a1dc5b3a --- /dev/null +++ b/xjs-study/springcloud-project/oauth2/src/main/java/com/xjs/config/OauthServerConfiger.java @@ -0,0 +1,121 @@ +package com.xjs.config; + +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.annotation.Configuration; +import org.springframework.http.HttpMethod; +import org.springframework.security.authentication.AuthenticationManager; +import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer; +import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter; +import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer; +import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer; +import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer; +import org.springframework.security.oauth2.provider.token.AuthorizationServerTokenServices; +import org.springframework.security.oauth2.provider.token.DefaultTokenServices; +import org.springframework.security.oauth2.provider.token.TokenStore; +import org.springframework.security.oauth2.provider.token.store.InMemoryTokenStore; + +/** + * 授权服务 + * + * @author xiejs + * @since 2022-05-30 + */ +@Configuration +@EnableAuthorizationServer +public class OauthServerConfiger extends AuthorizationServerConfigurerAdapter { + + + @Autowired + private AuthenticationManager authenticationManager; + + /** + * 认证服务器最终是以api接口的方式对外提供服务(校验合法性并生成令牌,校验令牌等)
+ * 那么,以api接口方式对外的话,就涉及到接口的访问权限,我们需要在这里进行必要的配置 + * + * @param security 配置 + * @throws Exception 异常 + */ + @Override + public void configure(AuthorizationServerSecurityConfigurer security) throws Exception { + super.configure(security); + + //相当于打开endpoints,访问接口的开关,这样的话后期我们能够访问该接口 + security + //允许客户端表单认证 + .allowFormAuthenticationForClients() + //开启端口 oauth/token_key的访问权限 + .tokenKeyAccess("permitAll()") + //开启端口 oauth/check_token的访问权限 + .checkTokenAccess("permitAll()") + ; + } + + /** + * 客户端详情配置
+ * 比如client_id,secret
+ * 当前这个服务如同QQ平台,服务作为客户端需要QQ平台进行登录授权认证等,提前需要到QQ平台注册,QQ平台会给服务颁发client_id等必要参数,表明客户端是谁 + * + * @param clients 客户端 + * @throws Exception 异常 + */ + @Override + public void configure(ClientDetailsServiceConfigurer clients) throws Exception { + super.configure(clients); + + + clients.inMemory() //客户端信息存储到什么地方,可以再内存中,也可以再数据库里 + .withClient("client_A") //添加一份client配置,指定client_id + .secret("xjs666") //指定客户端的密码/安全码 + .resourceIds("autodeliver") //指定客户端所能访问的资源id清单,此处的资源id是需要在具体的资源服务 + .authorizedGrantTypes("password", "refresh_token") //认证类型/令牌颁发模式,可以配置多个,需要客户端调用的时候传递参数 + .scopes("all") //客户端权限范围 + ; + } + + /** + * 配置token令牌管理相关 + * + * @param endpoints 令牌 + * @throws Exception 异常 + */ + @Override + public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception { + super.configure(endpoints); + + endpoints.tokenStore(this.tokenStore()) //指定token的存储方法 + .tokenServices(this.authorizationServerTokenServices()) //token服务的一个描述,可以认为是token生成细节的描述 + .authenticationManager(authenticationManager) //指定认证管理器,随后注入一个到当前类使用即可 + .allowedTokenEndpointRequestMethods(HttpMethod.GET, HttpMethod.POST) + ; + } + + + /** + * 该方法用于创建tokenStore对象(令牌存储对象)
+ * token以什么形式存储 + */ + public TokenStore tokenStore() { + return new InMemoryTokenStore(); + } + + /** + * 该方法用户获取一个token服务对象(该对象描述了token有效期等信息) + */ + public AuthorizationServerTokenServices authorizationServerTokenServices() { + DefaultTokenServices defaultTokenServices = new DefaultTokenServices(); + //是否开启令牌刷新 + defaultTokenServices.setSupportRefreshToken(true); + + defaultTokenServices.setTokenStore(this.tokenStore()); + + //设置令牌有效时间 + defaultTokenServices.setAccessTokenValiditySeconds(10 /** 60*/); + + //设置刷新令牌的有效时间 + defaultTokenServices.setRefreshTokenValiditySeconds(3 * 60 * 60 * 24); + + return defaultTokenServices; + } + + +} diff --git a/xjs-study/springcloud-project/oauth2/src/main/java/com/xjs/config/SecurityConfiger.java b/xjs-study/springcloud-project/oauth2/src/main/java/com/xjs/config/SecurityConfiger.java new file mode 100644 index 00000000..2a708e6e --- /dev/null +++ b/xjs-study/springcloud-project/oauth2/src/main/java/com/xjs/config/SecurityConfiger.java @@ -0,0 +1,66 @@ +package com.xjs.config; + +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; +import org.springframework.security.authentication.AuthenticationManager; +import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; +import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; +import org.springframework.security.core.userdetails.User; +import org.springframework.security.core.userdetails.UserDetails; +import org.springframework.security.crypto.password.NoOpPasswordEncoder; +import org.springframework.security.crypto.password.PasswordEncoder; + +import java.util.ArrayList; + +/** + * 该配置类主要处理用户名和密码的校验等 + * + * @author xiejs + * @since 2022-05-30 + */ +@Configuration +public class SecurityConfiger extends WebSecurityConfigurerAdapter { + + @Autowired + private PasswordEncoder passwordEncoder; + + + /** + * 注册一个认证管理器到容器 + */ + @Override + @Bean + public AuthenticationManager authenticationManagerBean() throws Exception { + return super.authenticationManagerBean(); + } + + + /** + * 处理用户名和密码验证 + *
  • + * + * + * + *
  • + */ + @Override + protected void configure(AuthenticationManagerBuilder auth) throws Exception { + super.configure(auth); + + //把用户信息配置在内存中,实例化一个用户对象 + UserDetails user = new User("admin", "123456", new ArrayList<>()); + + auth.inMemoryAuthentication() + .withUser(user) + .passwordEncoder(passwordEncoder) + ; + + } + + + @Bean + public PasswordEncoder passwordEncoder() { + return NoOpPasswordEncoder.getInstance(); + } +} diff --git a/xjs-study/springcloud-project/oauth2/src/main/resources/application.yml b/xjs-study/springcloud-project/oauth2/src/main/resources/application.yml new file mode 100644 index 00000000..f52c47da --- /dev/null +++ b/xjs-study/springcloud-project/oauth2/src/main/resources/application.yml @@ -0,0 +1,18 @@ +server: + port: 9898 + +spring: + application: + name: oauth-server + +#注册到Eureka服务中心 +eureka: + client: + service-url: + # 注册到集群,就把多个Eureka Server 地址使用逗号连接起来即可,注册到单实例,就写一个 + defaultZone: http://localhost:8761/eureka,http://localhost:8762/eureka,http://localhost:8763/eureka + + instance: + prefer-ip-address: true #服务实例中显示ip,而不是显示主机名 + instance-id: ${spring.cloud.client.ip-address}:${spring.application.name}:${server.port} #实例名称 + diff --git a/xjs-study/springcloud-project/pom.xml b/xjs-study/springcloud-project/pom.xml index 942da8fd..57939227 100644 --- a/xjs-study/springcloud-project/pom.xml +++ b/xjs-study/springcloud-project/pom.xml @@ -13,6 +13,7 @@ eureka stream + oauth2 springcloud-project diff --git a/xjs-study/springcloud-project/stream/stream-consumer-8601/src/main/resources/application.yml b/xjs-study/springcloud-project/stream/stream-consumer-8601/src/main/resources/application.yml index d3f26edb..4ae747b4 100644 --- a/xjs-study/springcloud-project/stream/stream-consumer-8601/src/main/resources/application.yml +++ b/xjs-study/springcloud-project/stream/stream-consumer-8601/src/main/resources/application.yml @@ -28,8 +28,8 @@ eureka: client: serviceUrl: # eureka server的路径 defaultZone: http://localhost:8761/eureka,http://localhost:8762/eureka,http://localhost:8763/eureka - instance: - prefer-ip-address: true #使用ip注册 - instance-id: ${spring.cloud.client.ip-address}:${spring.application.name}:${server.port} #实例名称 + instance: + prefer-ip-address: true #使用ip注册 + instance-id: ${spring.cloud.client.ip-address}:${spring.application.name}:${server.port} #实例名称