授权服务器入门(二)
授权服务器另外三种授权方式:
- implicit
- authorization_code
- refresh_token
1 工程代码
1.1Maven依赖
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-oauth2</artifactId>
</dependency>
<dependency>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
<scope>provided</scope>
</dependency>
1.2 AuthorizationServerApplication.java
package com.example.authorizationserver;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
@SpringBootApplication
public class AuthorizationServerApplication {
public static void main(String[] args) {
SpringApplication.run(AuthorizationServerApplication.class, args);
}
}
1.3 OAuth2AuthorizationServer.java
package com.example.authorizationserver;
import lombok.RequiredArgsConstructor;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
@Configuration
@EnableAuthorizationServer
@RequiredArgsConstructor
public class OAuth2AuthorizationServer extends AuthorizationServerConfigurerAdapter
{
private final BCryptPasswordEncoder passwordEncoder;
private final AuthenticationManager authenticationManager;
private final MyUserDetailsService userDetailsService;
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients
.inMemory()
.withClient("client01")
.secret(passwordEncoder.encode("123456"))
.authorizedGrantTypes("password", "authorization_code", "client_credentials","refresh_token","implicit")
.authorities("READ_ONLY_CLIENT")
.scopes("all")
.redirectUris("http://baidu.com");
}
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
endpoints.userDetailsService(userDetailsService);
endpoints.authenticationManager(authenticationManager);
}
}
1.4 SecurityConfig.java
package com.example.authorizationserver;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
@Configuration
@Order(1)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.requestMatchers()
.antMatchers("/login", "/oauth/authorize")
.and()
.authorizeRequests()
.anyRequest().authenticated()
.and()
.formLogin().permitAll();
}
@Bean
public BCryptPasswordEncoder passwordEncoder(){
return new BCryptPasswordEncoder();
}
@Bean
@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
}
1.4 MyUserDetailsService.java
package com.example.authorizationserver;
import lombok.RequiredArgsConstructor;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.stereotype.Service;
import java.util.ArrayList;
import java.util.List;
@Service
@RequiredArgsConstructor
public class MyUserDetailsService implements UserDetailsService {
private final BCryptPasswordEncoder passwordEncoder;
@Override
public UserDetails loadUserByUsername(String username) {
List<SimpleGrantedAuthority> updatedAuthorities = new ArrayList<SimpleGrantedAuthority>();
SimpleGrantedAuthority authority = new SimpleGrantedAuthority("ROLE_ANOTHER");
updatedAuthorities.add(authority);
UserDetails userDetails = new org.springframework.security.core.userdetails.User("user", passwordEncoder.encode("123456"), updatedAuthorities);
return userDetails;
}
}
4 运行应用
4.1 通过implicit授权方式获取token的url
http://localhost:8080/oauth/authorize?client_id=client01&response_type=token 返回:
https://www.baidu.com/#access_token=50a00695-865b-4318-bcac-90526a5ae228&token_type=bearer&expires_in=40980&scope=all
4.2通过authorization_code获取token
首先,通过以下URL获取code http://localhost:8080/oauth/authorize?client_id=client01&response_type=code 返回:
https://www.baidu.com/?code=EE6XbO
其次,通过如下URL获取token http://localhost:8080/oauth/token?grant_type=authorization_code&code=EE6XbO 返回:
{
"access_token": "59dbce44-509e-4440-a61a-f5bf8885d4fe",
"token_type": "bearer",
"refresh_token": "295e8e43-8e0e-4b17-a9e4-783b29a3be25",
"expires_in": 43102,
"scope": "all"
}
4.3通过refresh_token获取新token的URL:
http://localhost:8080/oauth/token?grant_type=refresh_token&refresh_token=295e8e43-8e0e-4b17-a9e4-783b29a3be25
{
"access_token": "50a00695-865b-4318-bcac-90526a5ae228",
"token_type": "bearer",
"refresh_token": "295e8e43-8e0e-4b17-a9e4-783b29a3be25",
"expires_in": 43199,
"scope": "all"
}
本文使用 mdnice 排版