1.0 概要
- Oauth2.0 Password Flow 授权
- 前后端分离.前端Vue,后端Spring Oauth2.0
- 代码分为前端Vue和后端Java两工程
2.0代码
2.1Maven依赖
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.4.0-SNAPSHOT</version>
<relativePath/> <!-- lookup parent from repository -->
</parent>
<groupId>com.example</groupId>
<artifactId>oauth2-password-flow-server</artifactId>
<version>0.0.1-SNAPSHOT</version>
<name>oauth2-password-flow-server</name>
<description>Demo project for Spring Boot</description>
<properties>
<java.version>15</java.version>
<spring-cloud.version>2020.0.0-SNAPSHOT</spring-cloud.version>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-jpa</artifactId>
<version>2.3.5.RELEASE</version>
</dependency>
<dependency>
<groupId>org.hibernate.validator</groupId>
<artifactId>hibernate-validator</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-oauth2</artifactId>
</dependency>
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>com.h2database</groupId>
<artifactId>h2</artifactId>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-devtools</artifactId>
<scope>runtime</scope>
<optional>true</optional>
</dependency>
<dependency>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
<optional>true</optional>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
</dependencies>
<dependencyManagement>
<dependencies>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-dependencies</artifactId>
<version>${spring-cloud.version}</version>
<type>pom</type>
<scope>import</scope>
</dependency>
</dependencies>
</dependencyManagement>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
</plugins>
</build>
<repositories>
<repository>
<id>spring-milestones</id>
<name>Spring Milestones</name>
<url>https://repo.spring.io/milestone</url>
</repository>
<repository>
<id>spring-snapshots</id>
<name>Spring Snapshots</name>
<url>https://repo.spring.io/snapshot</url>
<snapshots>
<enabled>true</enabled>
</snapshots>
</repository>
</repositories>
<pluginRepositories>
<pluginRepository>
<id>spring-milestones</id>
<name>Spring Milestones</name>
<url>https://repo.spring.io/milestone</url>
</pluginRepository>
<pluginRepository>
<id>spring-snapshots</id>
<name>Spring Snapshots</name>
<url>https://repo.spring.io/snapshot</url>
<snapshots>
<enabled>true</enabled>
</snapshots>
</pluginRepository>
</pluginRepositories>
</project>
2.2授权服务配置类
OAuth2AuthorizationServer.java
package com.example.oauth2passwordflowserver.config;
import com.example.oauth2passwordflowserver.service.DemoUserDetailsService;
import lombok.RequiredArgsConstructor;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
@Configuration
@EnableAuthorizationServer
@RequiredArgsConstructor
public class OAuth2AuthorizationServer extends AuthorizationServerConfigurerAdapter
{
private final BCryptPasswordEncoder passwordEncoder;
private final AuthenticationManager authenticationManager;
private final DemoUserDetailsService userDetailsService;
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
// clients 配置信息,这里是Vue前端。可放在数据库里。我们这里放在内存
clients
.inMemory()
//客户端名称
.withClient("clientApp")
//客户端秘钥
.secret(passwordEncoder.encode("123456"))
//允许授权方式有password和refresh_token
//如果删除refresh_token,返回的token对象将没有refresh_token项
.authorizedGrantTypes("password", "refresh_token")
//可以随意填写,必须和前端client传过来的参数一致
.scopes("all");
}
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
//如果是password授权,必须使用userDetailsService。因为需要使用用户名和密码
endpoints.userDetailsService(userDetailsService);
//必须使用认证管理器
endpoints.authenticationManager(authenticationManager);
}
}
2.3用户控制类
UserController.java
package com.example.oauth2passwordflowserver.controller;
import com.example.oauth2passwordflowserver.entity.User;
import com.example.oauth2passwordflowserver.models.RegisterForm;
import com.example.oauth2passwordflowserver.models.UserInfo;
import com.example.oauth2passwordflowserver.service.UserService;
import lombok.RequiredArgsConstructor;
import org.springframework.security.core.Authentication;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RestController;
import java.util.List;
import java.util.stream.Collectors;
@RestController
@RequiredArgsConstructor
public class UserController {
private final UserService userService;
private final BCryptPasswordEncoder passwordEncoder;
@GetMapping(value ={"/"})
public String hello(){
return "hello";
}
/**
* 获取用户信息
* 在Controller里任何一个方法都可以获取用户信息
* @param authentication
* @return
*/
@GetMapping("/userInfo")
public UserInfo userInfo(Authentication authentication){
UserInfo userInfo = new UserInfo();
userInfo.setUsername(authentication.getName());
userInfo.setAuthenticated(authentication.isAuthenticated());
List<String> authorities = authentication.getAuthorities()
.stream().map(g ->g.getAuthority()).collect(Collectors.toList());
userInfo.setAuthority(authorities);
return userInfo;
}
/**
* 注册用户
* @param registerForm
* @return
*/
@PostMapping("/register")
public Boolean register(@RequestBody RegisterForm registerForm){
User user = new User();
user.setUsername(registerForm.getUsername());
user.setPassword(passwordEncoder.encode(registerForm.getPassword()));
return userService.register(user);
}
}
2.4实体类
Authority.java
package com.example.oauth2passwordflowserver.entity;
import com.example.oauth2passwordflowserver.enums.AuthorityType;
import lombok.Data;
import lombok.NoArgsConstructor;
import javax.persistence.*;
import java.util.ArrayList;
import java.util.List;
@Entity
@Data
@NoArgsConstructor
public class Authority {
@Id
@GeneratedValue(strategy = GenerationType.AUTO)
private long id;
@Enumerated(EnumType.STRING)
private AuthorityType name;
@ManyToMany(mappedBy = "authorities")
private List<User> users = new ArrayList<>();
}
User.java
package com.example.oauth2passwordflowserver.entity;
import lombok.Data;
import lombok.NoArgsConstructor;
import javax.persistence.*;
import javax.validation.constraints.NotBlank;
import java.util.ArrayList;
import java.util.List;
@Entity
@Data
@NoArgsConstructor
public class User {
@Id
@GeneratedValue(strategy = GenerationType.IDENTITY)
private long id;
@NotBlank
@Column(nullable = false, unique = true)
private String username;
@NotBlank
private String password;
@ManyToMany(cascade = CascadeType.ALL, fetch = FetchType.EAGER)
@JoinTable(name = "user_authority",
joinColumns = {@JoinColumn(name = "user_id")},
inverseJoinColumns = {@JoinColumn(name = "authority_id")})
private List<Authority> authorities = new ArrayList<>();
}
3.0 使用
1、运行后端Java工程,输入http://localhost:8081/ 返回 hello。后台启动成功
2、运行前端Vue工程,输入http://localhost:8080/ 进入登录页面。先注册用户,再登录成功进入首页