【Spring Security开发安全的REST服务】- 6.8 令牌配置
6.8 令牌配置
- 6.8 令牌配置
- 6.8.1 修改认证服务器部分配置代码
- 6.8.2 抽象上面的配置方法中的配置项
- 6.8.2.1、添加OAuth2ClientProperties 类
- 6.8.2.2、添加OAuth2Properties类
- 6.8.2.3、在SecurityProperties中添加OAuth相关
- 6.8.2.4、在demo项目中的application.yml文件中添加对应的配置
- 6.8.3 更换token的存储方式(redis)
- 6.8.4 测试(redis)
- 6.8.4.1 获取token
- 6.8.4.2 通过token获取测试资源路由
该篇在学习的基础上主要有参考了代码有毒博主的博客以及百度了部分代码解决方案总结。
6.8 令牌配置
6.8.1 修改认证服务器部分配置代码
package com.moss.securityapp;
import com.moss.securitycore.properties.OAuth2ClientProperties;
import com.moss.securitycore.properties.SecurityProperties;
import org.apache.commons.lang3.ArrayUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
import org.springframework.security.crypto.password.NoOpPasswordEncoder;
import org.springframework.security.oauth2.config.annotation.builders.InMemoryClientDetailsServiceBuilder;
import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;
import org.springframework.security.oauth2.provider.token.TokenStore;
/**
* 认证服务器
*
* @author lwj
*/
@Configuration
@EnableAuthorizationServer
public class MossAuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {
@Autowired
private SecurityProperties securityProperties;
@Autowired
private TokenStore redisTokenStore;
private final AuthenticationManager authenticationManager;
/**
* 获取authenticationManager
*
* @param authenticationConfiguration
* @throws Exception
*/
public MossAuthorizationServerConfig(AuthenticationConfiguration authenticationConfiguration) throws Exception {
this.authenticationManager = authenticationConfiguration.getAuthenticationManager();
}
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
endpoints
.tokenStore(redisTokenStore)
.authenticationManager(authenticationManager);
}
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
InMemoryClientDetailsServiceBuilder builder = clients.inMemory();
if (ArrayUtils.isNotEmpty(securityProperties.getOauth2().getClients())) {
for (OAuth2ClientProperties property : securityProperties.getOauth2().getClients()) {
builder
.withClient(property.getClientId())
.secret(property.getClientSecret())
.accessTokenValiditySeconds(property.getAccessTokenValiditySeconds())
.authorizedGrantTypes(property.getAuthorizedGrantTypes())
.scopes(property.getScopes())
.redirectUris(property.getRedirectUris());
}
}
}
@Override
public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
// 这里使用什么密码需要根据上面配置client信息里面的密码类型决定
// 目前上面配置的是无加密的密码
security.passwordEncoder(NoOpPasswordEncoder.getInstance());
}
}
6.8.2 抽象上面的配置方法中的配置项
6.8.2.1、添加OAuth2ClientProperties 类
package com.moss.securitycore.properties;
import lombok.Data;
/**
* OAuth2Client配置类
*
* @author lwj
*/
@Data
public class OAuth2ClientProperties {
private String clientId;
private String clientSecret;
private int accessTokenValiditySeconds;
private String[] authorizedGrantTypes = {};
/** 信任的回调域 */
private String[] redirectUris = {};
private String[] scopes = {};
}6.8.2.2、添加OAuth2Properties类
package com.moss.securitycore.properties;
import lombok.Data;
/**
* OAuth2配置类
*
* @author lwj
*/
@Data
public class OAuth2Properties {
private OAuth2ClientProperties[] clients = {};
}
6.8.2.3、在SecurityProperties中添加OAuth相关
private OAuth2Properties oauth2 = new OAuth2Properties();6.8.2.4、在demo项目中的application.yml文件中添加对应的配置
yml文件的配置需要注意格式问题
以下部分的代码需要添加到moss: security:browser:下
auth2:
clients:
-
clientId: myid
clientSecret: myid
redirectUris:
- "http://example.com"
- "http://ora.com"
accessTokenValiditySeconds: 0
-
clientId: myid2
clientSecret: myid2
authorizedGrantTypes: ["refresh_token", "password"]
redirectUris:
- "http://example.com"
- "localhost:8080"
scopes: ["all", "read", "write"]
accessTokenValiditySeconds: 72006.8.3 更换token的存储方式(redis)
在app项目下创建TokenStoreConfig类
package com.moss.securityapp;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.data.redis.connection.RedisConnectionFactory;
import org.springframework.security.oauth2.provider.token.TokenStore;
import org.springframework.security.oauth2.provider.token.store.redis.RedisTokenStore;
/**
* Token保存配置
*
* @author lwj
*/
@Configuration
public class TokenStoreConfig {
@Autowired
private RedisConnectionFactory redisConnectionFactory;
@Bean
public TokenStore redisTokenStore(){
return new RedisTokenStore(redisConnectionFactory);
}
}
添加了之后需要在MossAuthorizationServerConfig类的endPoints中添加tokenStore;
6.8.4 测试(redis)
6.8.4.1 获取token
6.8.4.2 通过token获取测试资源路由
