springCloud oauth demo

xjs-study/springcloud-project/eureka/eureka-client-consumer/pom.xml

@@ -32,6 +32,11 @@
             <groupId>org.springframework.cloud</groupId>
             <artifactId>spring-cloud-starter-openfeign</artifactId>
         </dependency>
+
+        <dependency>
+            <groupId>org.springframework.cloud</groupId>
+            <artifactId>spring-cloud-starter-sleuth</artifactId>
+        </dependency>
     </dependencies>
 
 </project>

xjs-study/springcloud-project/eureka/eureka-client-consumer/src/main/resources/application.yml

@@ -17,3 +17,9 @@ eureka:
   instance:
     prefer-ip-address: true   #服务实例中显示ip，而不是显示主机名
     instance-id: ${spring.cloud.client.ip-address}:${spring.application.name}:${server.port}   #实例名称
+
+
+logging:
+  level:
+    org.springframework.cloud.sleuth: debug
+    org.springframework.web.servlet.DispatcherServlet: debug

xjs-study/springcloud-project/eureka/eureka-client-provider/pom.xml

@@ -27,6 +27,11 @@
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-web</artifactId>
         </dependency>
+
+        <dependency>
+            <groupId>org.springframework.cloud</groupId>
+            <artifactId>spring-cloud-starter-sleuth</artifactId>
+        </dependency>
     </dependencies>
 
 </project>

xjs-study/springcloud-project/eureka/eureka-client-provider/src/main/resources/application.yml

@@ -21,3 +21,9 @@ eureka:
     #自定义元数据
     metadata-map:
       now: 2022
+
+
+logging:
+  level:
+    org.springframework.cloud.sleuth: debug
+    org.springframework.web.servlet.DispatcherServlet: debug

xjs-study/springcloud-project/oauth2/pom.xml

@@ -0,0 +1,45 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <parent>
+        <artifactId>springcloud-project</artifactId>
+        <groupId>com.xjs</groupId>
+        <version>1.0</version>
+    </parent>
+    <modelVersion>4.0.0</modelVersion>
+    <name>oauth2认证授权</name>
+
+    <artifactId>oauth2</artifactId>
+
+    <properties>
+        <maven.compiler.source>11</maven.compiler.source>
+        <maven.compiler.target>11</maven.compiler.target>
+    </properties>
+
+    <dependencies>
+        <dependency>
+            <groupId>org.springframework.cloud</groupId>
+            <artifactId>spring-cloud-starter-netflix-eureka-client</artifactId>
+        </dependency>
+
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-web</artifactId>
+        </dependency>
+
+        <dependency>
+            <groupId>org.springframework.cloud</groupId>
+            <artifactId>spring-cloud-starter-oauth2</artifactId>
+            <version>2.2.5.RELEASE</version>
+        </dependency>
+
+        <dependency>
+            <groupId>org.springframework.security.oauth</groupId>
+            <artifactId>spring-security-oauth2</artifactId>
+            <version>2.3.4.RELEASE</version>
+        </dependency>
+
+    </dependencies>
+
+</project>

xjs-study/springcloud-project/oauth2/src/main/java/com/xjs/OAuthServerApplication9898.java

@@ -0,0 +1,18 @@
+package com.xjs;
+
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.cloud.client.discovery.EnableDiscoveryClient;
+
+/**
+ * @author xiejs
+ * @since 2022-05-30
+ */
+@SpringBootApplication
+@EnableDiscoveryClient
+public class OAuthServerApplication9898 {
+
+    public static void main(String[] args) {
+        SpringApplication.run(OAuthServerApplication9898.class, args);
+    }
+}

xjs-study/springcloud-project/oauth2/src/main/java/com/xjs/config/OauthServerConfiger.java

@@ -0,0 +1,121 @@
+package com.xjs.config;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.http.HttpMethod;
+import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
+import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
+import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
+import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
+import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;
+import org.springframework.security.oauth2.provider.token.AuthorizationServerTokenServices;
+import org.springframework.security.oauth2.provider.token.DefaultTokenServices;
+import org.springframework.security.oauth2.provider.token.TokenStore;
+import org.springframework.security.oauth2.provider.token.store.InMemoryTokenStore;
+
+/**
+ * 授权服务
+ *
+ * @author xiejs
+ * @since 2022-05-30
+ */
+@Configuration
+@EnableAuthorizationServer
+public class OauthServerConfiger extends AuthorizationServerConfigurerAdapter {
+
+
+    @Autowired
+    private AuthenticationManager authenticationManager;
+
+    /**
+     * 认证服务器最终是以api接口的方式对外提供服务（校验合法性并生成令牌，校验令牌等）<br>
+     * 那么，以api接口方式对外的话，就涉及到接口的访问权限，我们需要在这里进行必要的配置
+     *
+     * @param security 配置
+     * @throws Exception 异常
+     */
+    @Override
+    public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
+        super.configure(security);
+
+        //相当于打开endpoints，访问接口的开关，这样的话后期我们能够访问该接口
+        security
+                //允许客户端表单认证
+                .allowFormAuthenticationForClients()
+                //开启端口 oauth/token_key的访问权限
+                .tokenKeyAccess("permitAll()")
+                //开启端口 oauth/check_token的访问权限
+                .checkTokenAccess("permitAll()")
+        ;
+    }
+
+    /**
+     * 客户端详情配置<br>
+     * 比如client_id,secret<br>
+     * 当前这个服务如同QQ平台，服务作为客户端需要QQ平台进行登录授权认证等，提前需要到QQ平台注册，QQ平台会给服务颁发client_id等必要参数，表明客户端是谁
+     *
+     * @param clients 客户端
+     * @throws Exception 异常
+     */
+    @Override
+    public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
+        super.configure(clients);
+
+
+        clients.inMemory()                         //客户端信息存储到什么地方，可以再内存中，也可以再数据库里
+                .withClient("client_A")     //添加一份client配置，指定client_id
+                .secret("xjs666")                  //指定客户端的密码/安全码
+                .resourceIds("autodeliver")        //指定客户端所能访问的资源id清单，此处的资源id是需要在具体的资源服务
+                .authorizedGrantTypes("password", "refresh_token")      //认证类型/令牌颁发模式，可以配置多个，需要客户端调用的时候传递参数
+                .scopes("all")                     //客户端权限范围
+        ;
+    }
+
+    /**
+     * 配置token令牌管理相关
+     *
+     * @param endpoints 令牌
+     * @throws Exception 异常
+     */
+    @Override
+    public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
+        super.configure(endpoints);
+
+        endpoints.tokenStore(this.tokenStore())              //指定token的存储方法
+                .tokenServices(this.authorizationServerTokenServices())            //token服务的一个描述，可以认为是token生成细节的描述
+                .authenticationManager(authenticationManager)    //指定认证管理器，随后注入一个到当前类使用即可
+                .allowedTokenEndpointRequestMethods(HttpMethod.GET, HttpMethod.POST)
+        ;
+    }
+
+
+    /**
+     * 该方法用于创建tokenStore对象（令牌存储对象）<br>
+     * token以什么形式存储
+     */
+    public TokenStore tokenStore() {
+        return new InMemoryTokenStore();
+    }
+
+    /**
+     * 该方法用户获取一个token服务对象（该对象描述了token有效期等信息）
+     */
+    public AuthorizationServerTokenServices authorizationServerTokenServices() {
+        DefaultTokenServices defaultTokenServices = new DefaultTokenServices();
+        //是否开启令牌刷新
+        defaultTokenServices.setSupportRefreshToken(true);
+
+        defaultTokenServices.setTokenStore(this.tokenStore());
+
+        //设置令牌有效时间
+        defaultTokenServices.setAccessTokenValiditySeconds(10 /** 60*/);
+
+        //设置刷新令牌的有效时间
+        defaultTokenServices.setRefreshTokenValiditySeconds(3 * 60 * 60 * 24);
+
+        return defaultTokenServices;
+    }
+
+
+}

xjs-study/springcloud-project/oauth2/src/main/java/com/xjs/config/SecurityConfiger.java

@@ -0,0 +1,66 @@
+package com.xjs.config;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.core.userdetails.User;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.crypto.password.NoOpPasswordEncoder;
+import org.springframework.security.crypto.password.PasswordEncoder;
+
+import java.util.ArrayList;
+
+/**
+ * 该配置类主要处理用户名和密码的校验等
+ *
+ * @author xiejs
+ * @since 2022-05-30
+ */
+@Configuration
+public class SecurityConfiger extends WebSecurityConfigurerAdapter {
+
+    @Autowired
+    private PasswordEncoder passwordEncoder;
+
+
+    /**
+     * 注册一个认证管理器到容器
+     */
+    @Override
+    @Bean
+    public AuthenticationManager authenticationManagerBean() throws Exception {
+        return super.authenticationManagerBean();
+    }
+
+
+    /**
+     * 处理用户名和密码验证
+     * <li>
+     *     <ul>客户端传递username和password参数到认证服务器</ul>
+     *     <ul>一般来说，username和password会存储在数据库中的用户表中</ul>
+     *     <ul>根据用户表中数据，验证当前传递过来的用户信息的合法性</ul>
+     * </li>
+     */
+    @Override
+    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+        super.configure(auth);
+
+        //把用户信息配置在内存中，实例化一个用户对象
+        UserDetails user = new User("admin", "123456", new ArrayList<>());
+
+        auth.inMemoryAuthentication()
+                .withUser(user)
+                .passwordEncoder(passwordEncoder)
+        ;
+
+    }
+
+
+    @Bean
+    public PasswordEncoder passwordEncoder() {
+        return NoOpPasswordEncoder.getInstance();
+    }
+}

xjs-study/springcloud-project/oauth2/src/main/resources/application.yml

@@ -0,0 +1,18 @@
+server:
+  port: 9898
+
+spring:
+  application:
+    name: oauth-server
+
+#注册到Eureka服务中心
+eureka:
+  client:
+    service-url:
+      # 注册到集群，就把多个Eureka Server 地址使用逗号连接起来即可，注册到单实例，就写一个
+      defaultZone: http://localhost:8761/eureka,http://localhost:8762/eureka,http://localhost:8763/eureka
+
+  instance:
+    prefer-ip-address: true   #服务实例中显示ip，而不是显示主机名
+    instance-id: ${spring.cloud.client.ip-address}:${spring.application.name}:${server.port}   #实例名称
+

xjs-study/springcloud-project/pom.xml

@@ -13,6 +13,7 @@
     <modules>
         <module>eureka</module>
         <module>stream</module>
+        <module>oauth2</module>
     </modules>
 
     <artifactId>springcloud-project</artifactId>

xjs-study/springcloud-project/stream/stream-consumer-8601/src/main/resources/application.yml

@@ -28,8 +28,8 @@ eureka:
   client:
     serviceUrl: # eureka server的路径
       defaultZone: http://localhost:8761/eureka,http://localhost:8762/eureka,http://localhost:8763/eureka
-    instance:
+  instance:
-      prefer-ip-address: true #使用ip注册
+    prefer-ip-address: true #使用ip注册
-      instance-id: ${spring.cloud.client.ip-address}:${spring.application.name}:${server.port}   #实例名称
+    instance-id: ${spring.cloud.client.ip-address}:${spring.application.name}:${server.port}   #实例名称