学习笔记:微服务13 spring boot2.x oauth2-client
前面oauth2 server设置好了,登录oauth2 server正常,但另外建一个oauth2 client 总是不能登录认证,网上说是spring boot 2 中去除了@EnableOAuth2Sso注解,今天终于找到适合我的spring boot 2.11的oauth2 client,实现了客户端认证。
1.新建spring start project 项目,我命名为microservice-oauth2-client-8805
2.pom.xml,上全文吧
4.0.0
org.springframework.boot
spring-boot-starter-parent
2.1.1.RELEASE
com.linbsoft
microservice-oauth2-client-8805
0.0.1-SNAPSHOT
microservice-oauth2-client-8805
Demo project for Spring Boot microservice-oauth2-client-8805
UTF-8
UTF-8
1.8
Greenwich.M3
org.springframework.boot
spring-boot-starter-web
org.springframework.cloud
spring-cloud-starter-netflix-eureka-client
org.springframework.cloud
spring-cloud-starter-config
org.springframework.boot
spring-boot-starter-security
org.springframework.security
spring-security-oauth2-client
org.springframework.security
spring-security-oauth2-jose
org.springframework.security.oauth
spring-security-oauth2
2.3.3.RELEASE
org.springframework.boot
spring-boot-starter-test
test
org.springframework.cloud
spring-cloud-dependencies
${spring-cloud.version}
pom
import
spring-milestones
Spring Milestones
https://repo.spring.io/milestone
false
org.springframework.boot
spring-boot-maven-plugin
3. application.peoperties
server.port: 8805
spring.application.name=MicroserviceOauth2Client8805
spring.cloud.discovery.enabled=true
eureka.client.serviceUrl.defaultZone=http://admin:[email protected]:8101/eureka/,http://admin:[email protected]:8102/eureka/
# logging.level.root= debug
spring.security.oauth2.client.registration.my-client-1.client-id=admin
spring.security.oauth2.client.registration.my-client-1.client-secret=123456
spring.security.oauth2.client.registration.my-client-1.client-name=admin
spring.security.oauth2.client.registration.my-client-1.scope=read
spring.security.oauth2.client.registration.my-client-1.redirect-uri=http://microservice1.linbsoft.com:8805/login/oauth2/code/callback
spring.security.oauth2.client.registration.my-client-1.client-authentication-method=basic
spring.security.oauth2.client.registration.my-client-1.authorization-grant-type=authorization_code
spring.security.oauth2.client.registration.my-client-1.provider=my-oauth-provider
spring.security.oauth2.client.provider.my-oauth-provider.authorization-uri=http://centos7.linbsoft.com:8301/oauth/authorize
spring.security.oauth2.client.provider.my-oauth-provider.token-uri=http://centos7.linbsoft.com:8301/oauth/token
spring.security.oauth2.client.provider.my-oauth-provider.user-info-uri=http://centos7.linbsoft.com:8301/user
spring.security.oauth2.client.provider.my-oauth-provider.user-name-attribute=name这里要注意的是redirect-uri 和 oauth2 server不要相同域名,这个后面会说到为什么
4. 创建测试资源 ExampleController类
@RestController
public class ExampleController {
@RequestMapping("/")
public String email(Principal principal) {
return "Hello " + principal.getName();
}
@RequestMapping("/hello")
public String emailaa(Principal principal) {
return "Hello1 " + principal.getName();
}
}
5.修改 oauth2 server 增加对这个网站的回地址注册
在这个public void configure(ClientDetailsServiceConfigurer clients) 里
clients.inMemory()
.withClient("admin")
.scopes("read")
.secret(new BCryptPasswordEncoder().encode("123456"))
.redirectUris("http://centos7.linbsoft.com:8301","http://microservice1.linbsoft.com:8805/login/oauth2/code/callback")
.authorizedGrantTypes("password", "authorization_code", "refresh_token")
加入了http://microservice1.linbsoft.com:8805/login/oauth2/code/callback
6. 测试
结果出错了,提示[authorization_request_not_found]
后来看到网友文章说是定位到session=null,有个说法是因为oauth2客户端和服务端以都在同一个服务器地址,都在同一个浏览器,网友的原话是【这些错误意味着没有找到授权请求。 authorization request存储在会话中,所以一些会话没有被存储。 默认情况下会话由cookie管理。所以我认为这可能是因为你正在本地主机上运行所有东西,所以第一个cookie由localhost:8080设置以存储授权请求会话数据,并且当你登录到localhost:8081时,它将为其会话设置另一个cookie。】
怎么解决呢,想到的是把oauth2客户端和服务端的域名区分开来,因此,虽然在同一个ip,但设置两个域名:
192.168.49.141 centos7.linbsoft.com
192.168.49.141 microservice1.linbsoft.com
然后,oauth2 server 按部署在centos7.linbsoft.com:8301使用,而oauth2 client 按部署在microservice1.linbsoft.com:8805上使用,果然正常了。
oauth2客户端顺利登录oauth2服务器认证后访问客户端保护资源