Oauth2.0 资源服务器搭建
Oauth2.0 资源服务器搭建
配置 WebSecurityConfig 开启 Spring 方法级的安全保护
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;@Configuration
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {@Overrideprotected void configure(HttpSecurity http) throws Exception {http.csrf().disable().authorizeRequests().anyRequest().authenticated();}
}
配置 TokenConfig 来定义 Token 的校验方式
import cn.mowen.common.constant.OauthConstant;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.oauth2.provider.token.TokenStore;
import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter;
import org.springframework.security.oauth2.provider.token.store.JwtTokenStore;@Configuration
public class TokenConfig {@Beanpublic TokenStore tokenStore() {return new JwtTokenStore(accessTokenConverter());}//必须注入,并保证对称密钥和认证服务器的一样@Beanpublic JwtAccessTokenConverter accessTokenConverter() {JwtAccessTokenConverter converter = new JwtAccessTokenConverter();converter.setSigningKey(OauthConstant.OAUTH_SIGNING_KEY); //对称秘钥,资源服务器使用该秘钥来验证return converter;}}
继承 ResourceServerConfigurerAdapter 来实现资源服务器的核心配置❤️❤️❤️❤️❤️❤️❤️❤️❤️❤️❤️❤️
import cn.mowen.common.constant.OauthConstant;
import cn.mowen.common.constant.CommonWhiteConstant;
import cn.mowen.common.exception.oauth.CustomAuthenticationEntryPoint;
import cn.mowen.common.exception.oauth.CustomAccessDeniedHandler;
import lombok.AllArgsConstructor;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;
import org.springframework.security.oauth2.provider.token.TokenStore;@Configuration
@EnableResourceServer
@AllArgsConstructor
public class ResourceServerConfig extends ResourceServerConfigurerAdapter {private final TokenStore jwtTokenStore;@Overridepublic void configure(ResourceServerSecurityConfigurer resources) throws Exception {resources.resourceId(OauthConstant.OAUTH_RESOURCE_ID).tokenStore(jwtTokenStore).authenticationEntryPoint(new CustomAuthenticationEntryPoint()).accessDeniedHandler(new CustomAccessDeniedHandler()).stateless(true);}@Overridepublic void configure(HttpSecurity http) throws Exception {http.csrf().disable().authorizeRequests()//放行 url 在此配置.antMatchers(CommonWhiteConstant.white).permitAll().antMatchers(white).permitAll().anyRequest().authenticated();}// 白名单private static final String[] white = {"/test/**"};}
Oauth2.0 系列文章
以下是同步到语雀的、可读性好一点,CSDN 继续看的点专栏就好。
Oauth2.0 核心篇
Oauth2.0 安全性(以微信授权登陆为例)
Oauth2.0 认证服务器搭建
Oauth2.0 添加验证码登陆方式
Oauth2.0 资源服务器搭建
Oauth2.0 自定义响应值以及异常处理
Oauth2.0 补充