67,513
社区成员
发帖
与我相关
我的任务
分享
@EnableResourceServer//@EnableResourceServer 注解自动增加了一个类型为 OAuth2AuthenticationProcessingFilter 的过滤器链,
@Configuration
@EnableWebSecurity
public class ResourceServerConfigurer extends ResourceServerConfigurerAdapter {
@Override
public void configure(HttpSecurity http) throws Exception {
http.csrf().disable();
http.authorizeRequests().anyRequest().authenticated();
}
@Override
public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
super.configure(resources);
resources.tokenServices(tokenServices());
}
@Bean
public JwtTokenStore jwtTokenStore() {
return new JwtTokenStore(accessTokenConverter());
}
@Bean
public JwtAccessTokenConverter accessTokenConverter() {
JwtAccessTokenConverter converter = new JwtAccessTokenConverter();
converter.setSigningKey("123");
return converter;
}
/**
* resourceServerTokenServices 类的实例,用来实现令牌服务。
* @return
*/
@Bean
@Primary
public DefaultTokenServices tokenServices() {
DefaultTokenServices defaultTokenServices = new DefaultTokenServices();
defaultTokenServices.setTokenStore(jwtTokenStore());
return defaultTokenServices;
}
}
@Configuration
@ComponentScan
public class OauthConfiguration implements AuthorizationServerConfigurer {
/**
*无法注入时候在WebSecurityConfigurerAdapter的实现类当中,重写authenticationManagerBean方法:
*/
@Autowired
private AuthenticationManager authenticationManager;
@Autowired
private UserService userService;
/**
* 用来配置令牌端点(Token Endpoint)的安全约束.
* @param authorizationServerSecurityConfigurer
* @throws Exception
*/
@Override
public void configure(AuthorizationServerSecurityConfigurer authorizationServerSecurityConfigurer) throws Exception {
authorizationServerSecurityConfigurer.allowFormAuthenticationForClients()
.checkTokenAccess("isAuthenticated()")
.tokenKeyAccess("permitAll()");
}
@Override
public void configure(ClientDetailsServiceConfigurer clientDetailsServiceConfigurer) throws Exception {
clientDetailsServiceConfigurer.inMemory().withClient("itqinbo")
.secret("123456")//7c42e528-bf84-4563-b5d1-bfcf5ac55559
.authorizedGrantTypes("password", "refresh_token")
.refreshTokenValiditySeconds(7 * 24 * 3600 * 1000)
.accessTokenValiditySeconds(1 * 24 * 3600 * 1000)
.scopes("read", "write");
}
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
endpoints.allowedTokenEndpointRequestMethods(HttpMethod.GET, HttpMethod.POST);
endpoints.authenticationManager(authenticationManager());
endpoints.tokenStore(jwtTokenStore());
endpoints.accessTokenConverter(accessTokenConverter());
endpoints.userDetailsService(userService);
endpoints.pathMapping("/oauth/token","/itqinbo/token");
ClientDetailsService clientDetails = endpoints.getClientDetailsService();
AuthorizationServerTokenServices tokenServices = endpoints.getTokenServices();
AuthorizationCodeServices authorizationCodeServices = endpoints.getAuthorizationCodeServices();
OAuth2RequestFactory requestFactory = endpoints.getOAuth2RequestFactory();
List<TokenGranter> tokenGranters = new ArrayList<>();
tokenGranters.add(new AuthorizationCodeTokenGranter(tokenServices, authorizationCodeServices, clientDetails,
requestFactory));
tokenGranters.add(new RefreshTokenGranter(tokenServices, clientDetails, requestFactory));
ImplicitTokenGranter implicit = new ImplicitTokenGranter(tokenServices, clientDetails, requestFactory);
tokenGranters.add(implicit);
tokenGranters.add(new ClientCredentialsTokenGranter(tokenServices, clientDetails, requestFactory));
tokenGranters.add(new ResourceOwnerPasswordTokenGranter(authenticationManager(), tokenServices,
clientDetails, requestFactory));
endpoints.tokenGranter(new CompositeTokenGranter(tokenGranters));
}
@Bean
public JwtTokenStore jwtTokenStore() {
return new JwtTokenStore(accessTokenConverter());
}
@Bean
public JwtAccessTokenConverter accessTokenConverter() {
JwtAccessTokenConverter converter = new JwtAccessTokenConverter();
converter.setSigningKey("123");
return converter;
}
@Bean
@Primary
public DefaultTokenServices tokenServices() {
DefaultTokenServices defaultTokenServices = new DefaultTokenServices();
defaultTokenServices.setTokenStore(jwtTokenStore());
defaultTokenServices.setSupportRefreshToken(true);
return defaultTokenServices;
}
public AuthenticationManager authenticationManager() {
List<AuthenticationProvider> providers = new ArrayList<>();
providers.add(daoAuthenticationProvider());
return new ProviderManager(providers, authenticationManager);
}
@Bean
public DaoAuthenticationProvider daoAuthenticationProvider() {
DaoAuthenticationProvider authenticationProvider = new DaoAuthenticationProvider();
authenticationProvider.setUserDetailsService(userService);
authenticationProvider.setPasswordEncoder(passwordEncoder());
return authenticationProvider;
}
@Bean
public PasswordEncoder passwordEncoder() {
return new Md5PasswordEncoder();
}
}
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity
@Order(1)
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Autowired
private UserService userService;
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable()
.anonymous().disable()
.authorizeRequests()
.antMatchers( "/login").permitAll();
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userService);
}
@Bean(name = BeanIds.AUTHENTICATION_MANAGER)
@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
}
@RestController
public class TestController {
@RequestMapping(value = "/test",method = RequestMethod.GET)
public Object test(Authentication authentication){
String principal = (String) authentication.getPrincipal();
return new JsonResult(200,"success",principal);
}
}
@RestController
public class TestController {
@RequestMapping(value = "/test",method = RequestMethod.GET)
public Object test(Authentication authentication){
String principal = (String) authentication.getPrincipal();
return new JsonResult(200,"success",principal);
}
}