本文主要是介绍Spring Security OAuth2-资源模块配置,希望对大家解决编程问题提供一定的参考价值,需要的开发者们随着小编来一起学习吧!
配置资源服务器
创建一个类继承 ResourceServerConfigurerAdapter 并添加相关注解:
@Configuration@EnableResourceServer:资源服务器@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true, jsr250Enabled = true):全局方法拦截
package com.kejin.oauth2.resource.config;import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;@Configuration
@EnableResourceServer
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true, jsr250Enabled = true)
public class ResourceServerConfiguration extends ResourceServerConfigurerAdapter {@Overridepublic void configure(HttpSecurity http) throws Exception {http.exceptionHandling().and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and().authorizeRequests()// 以下为配置所需保护的资源路径及权限,需要与认证服务器配置的授权部分对应.antMatchers("/").hasAuthority("SystemContent").antMatchers("/view/**").hasAuthority("SystemContentView").antMatchers("/insert/**").hasAuthority("SystemContentInsert").antMatchers("/update/**").hasAuthority("SystemContentUpdate").antMatchers("/delete/**").hasAuthority("SystemContentDelete");}}
# Application
package com.kejin.oauth2;import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import tk.mybatis.spring.annotation.MapperScan;@SpringBootApplication
@MapperScan(basePackages = "com.funtl.oauth2.resource.mapper")
public class OAuth2ResourceApplication {public static void main(String[] args) {SpringApplication.run(OAuth2ResourceApplication.class, args);}
}
# application.yml
spring:application:name: oauth2-resourcedatasource:type: com.zaxxer.hikari.HikariDataSourcedriver-class-name: com.mysql.cj.jdbc.Driverurl: jdbc:mysql://192.168.141.128:3307/oauth2_resource?useUnicode=true&characterEncoding=utf-8&useSSL=falseusername: rootpassword: 123456hikari:minimum-idle: 5idle-timeout: 600000maximum-pool-size: 10auto-commit: truepool-name: MyHikariCPmax-lifetime: 1800000connection-timeout: 30000connection-test-query: SELECT 1security:oauth2:client:client-id: clientclient-secret: secretaccess-token-uri: http://localhost:8080/oauth/tokenuser-authorization-uri: http://localhost:8080/oauth/authorizeresource:token-info-uri: http://localhost:8080/oauth/check_tokenserver:port: 8081servlet:context-path: /contentsmybatis:type-aliases-package: com.funtl.oauth2.resource.domainmapper-locations: classpath:mapper/*.xmllogging:level:root: INFOorg.springframework.web: INFOorg.springframework.security: INFOorg.springframework.security.oauth2: INFO
# 访问资源
# 访问获取授权码
打开浏览器,输入地址:
http://localhost:8080/oauth/authorize?client_id=client&response_type=code
第一次访问会跳转到登录页面
验证成功后会询问用户是否授权客户端
选择授权后会跳转到相应的页面,浏览器地址上还会包含一个授权码(code=1JuO6V),浏览器地址栏会显示如下地址:
http://www.baidu.com/?code=1JuO6V
有了这个授权码就可以获取访问令牌了
# 通过授权码向服务器申请令牌
通过 CURL 或是 Postman 请求
curl -X POST -H "Content-Type: application/x-www-form-urlencoded" -d 'grant_type=authorization_code&code=1JuO6V' "http://client:secret@localhost:8080/oauth/token"
得到响应结果如下:
{"access_token": "016d8d4a-dd6e-4493-b590-5f072923c413","token_type": "bearer","expires_in": 43199,"scope": "app"
}
# 携带令牌访问资源服务器
此处以获取全部资源为例,其它请求方式一样,可以参考我源码中的单元测试代码。可以使用以下方式请求:
- 使用 Headers 方式:需要在请求头增加
Authorization: Bearer yourAccessToken - 直接请求带参数方式:
http://localhost:8081/contents?access_token=yourAccessToken
使用 Headers 方式,通过 CURL 或是 Postman 请求
curl --location --request GET "http://localhost:8081/contents" --header "Content-Type: application/json" --header "Authorization: Bearer yourAccessToken"
这篇关于Spring Security OAuth2-资源模块配置的文章就介绍到这儿,希望我们推荐的文章对编程师们有所帮助!
