Spring官宣新家族成员：Spring Authorization Server

8月17日，Spring官方宣布 Spring Authorization Server 已正式脱离实验状态，并进入Spring-Project家族！

背景

• Spring Authorization Server （以下简称 SAS）是 Spring 团队最新开发适配 OAuth 协议的授权服务器项目，旨在替代原有的 Spring Security OAuth Server。

• 经过半年的开发和孵化，目前已经发布了 0.2.0 版本，已支持授权码、客户端、刷新、注销等 OAuth 协议。

• 目前 SAS 项目已经迁移至官方正式仓库维护，成为官方的正式子项目。

• 本文环境基于 Spring Boot 2.5.3 && SAS 0.2.0

开始上手

1. 核心依赖

• 这里需要 SAS 、Security, 注意看注释

​

编辑切换为居中

添加图片注释，不超过 140 字（可选）

2. 配置 security 安全认证

• 定义用户来源及其 form 认证的信息

​

编辑切换为居中

添加图片注释，不超过 140 字（可选）

3. 配置 SAS 服务器

@Configuration @EnableWebSecurity public class AuthServerConfiguration { // security 挂载 SAS 【最重要的一步】 @Bean @Order(Ordered.HIGHEST_PRECEDENCE) public SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception { OAuth2AuthorizationServerConfiguration.applyDefaultSecurity(http); return http.formLogin(Customizer.withDefaults()).build(); } // 客户端来源 @Bean public RegisteredClientRepository registeredClientRepository() { RegisteredClient client = RegisteredClient.withId("pig") .clientId("pig") .clientSecret("{noop}pig") .clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_BASIC) .authorizationGrantTypes(authorizationGrantTypes -> { authorizationGrantTypes.add(AuthorizationGrantType.AUTHORIZATION_CODE); authorizationGrantTypes.add(AuthorizationGrantType.REFRESH_TOKEN); }) .redirectUri("https://pig4cloud.com") .build(); return new InMemoryRegisteredClientRepository(client); } // 以下两个bean 定义 生成jwt 的配置，可以直接参考文末源码介绍，这里就不在截图 @Bean @SneakyThrows public JWKSource jwkSource() { .... } @Bean public static JwtDecoder jwtDecoder(JWKSource jwkSource) { ... } }

测试运行

通过以上配置即可搭建完成 SAS 服务端，我们以授权码模式测试

• 浏览器访问如下链接，会重定向至登录页

​

编辑切换为居中

添加图片注释，不超过 140 字（可选）

• 输入账号密码后，会携带 code 自动回调至目标页面

• 使用 code 换 token

curl --location --request POST 'http://localhost:3000/oauth2/token' \ > --header 'Authorization: Basic cGlnOnBpZw==' \ > --header 'Content-Type: application/x-www-form-urlencoded' \ > --data-urlencode 'grant_type=authorization_code' \ > --data-urlencode 'code=dn0GmDB-4hAfg-Kc9luUkuqZn4keJF9ZkUTlmcSRnYn8uzfEV9Ih429MH-9O77TPEVqPxXAJLPgxq-znOpiI-28Sek305db8Rezd46ods95FrjCSMq_HAswCtAJV4Vrt' \ > --data-urlencode 'redirect_uri=https://pig4cloud.com' _bAZ1dy39HDUHuosxtGPsw49wWuqZQTcMbr9YojbyUMkR7k30zAAByjUmkXzjaS4T-EIaA","refresh_token":"YlxCAnSyvtq1HcKqE3D3o-P_lT90wxdRQ6jfWbwQoKQaeFUZr51gQQQawSfpUUH4yf9kW51v7ENH2o4pDot7yIeN2tljVpKU6zuolj6gFKq0uDA6KkDDz54cDzfx1aw4","token_type":"Bearer","expires_in":"299"}

• 刷新 token

curl --location --request POST 'http://localhost:3000/oauth2/token' \ > --header 'Authorization: Basic cGlnOnBpZw==' \ > --header 'Content-Type: application/x-www-form-urlencoded' \ > --data-urlencode 'grant_type=authorization_code' \ > --data-urlencode 'code=dn0GmDB-4hAfg-Kc9luUkuqZn4keJF9ZkUTlmcSRnYn8uzfEV9Ih429MH-9O77TPEVqPxXAJLPgxq-znOpiI-28Sek305db8Rezd46ods95FrjCSMq_HAswCtAJV4Vrt' \ > --data-urlencode 'redirect_uri=https://pig4cloud.com' _bAZ1dy39HDUHuosxtGPsw49wWuqZQTcMbr9YojbyUMkR7k30zAAByjUmkXzjaS4T-EIaA","refresh_token":"YlxCAnSyvtq1HcKqE3D3o-P_lT90wxdRQ6jfWbwQoKQaeFUZr51gQQQawSfpUUH4yf9kW51v7ENH2o4pDot7yIeN2tljVpKU6zuolj6gFKq0uDA6KkDDz54cDzfx1aw4","token_type":"Bearer","expires_in":"299"}% lengleng@MacBook-Pro  ~/Downloads/auth-server-demo   password ±  lengleng@MacBook-Pro  ~/Downloads/auth-server-demo   password ±  curl --location --request POST 'http://localhost:3000/oauth2/token' \ > --header 'Authorization: Basic cGlnOnBpZw==' \ > --header 'Content-Type: application/x-www-form-urlencoded' \ > --data-urlencode 'grant_type=refresh_token' \ > --data-urlencode 'refresh_token=YlxCAnSyvtq1HcKqE3D3o-P_lT90wxdRQ6jfWbwQoKQaeFUZr51gQQQawSfpUUH4yf9kW51v7ENH2o4pDot7yIeN2tljVpKU6zuolj6gFKq0uDA6KkDDz54cDzfx1aw4' \ > {"access_token":"eyJraWQiOiI2YmU4YzhlYi0wNDA2LTQxZGMtOGE2ZS0xOWZmNThlYzY4MTIiLCJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJsZW5nbGVuZyIsImF1ZCI6InBpZyIsIm5iZiI6MTYyOTM2OTc2OSwiZXhwIjoxNjI5MzcwMDY5LCJpYXQiOjE2MjkzNjk3Njl9.dj_ktchQnTKRXGSQK7EZ3FAdz8StPOo27rURdCI8FN6jM3RFRD0s67v4LB1SRexl5KKHPuH6yYHhlr_u0um8ZpeQIrkumA2COukJAzy5O3SLsBYvLqipz-Ea9h9RZvC7EQZG-AbVJ378X214WxdsOYj1UPTv4Iegy4QsgERJSijINrCQZc0msHqSWIc_p61o2KIc8qaekrkZgY_JqCOz8K7x6drKvJ5gyWc9CyzeOrob5WrJfQGqqhjwjTl76g-9YyZ5Q97LX5lKRh8HOU6AUgKCyd4Jdol6PR6CkYd3gd4kyd5Ra7c3GbhzGUaxDrez79NDPx0aRAB9GA9mSohtsw","refresh_token":"YlxCAnSyvtq1HcKqE3D3o-P_lT90wxdRQ6jfWbwQoKQaeFUZr51gQQQawSfpUUH4yf9kW51v7ENH2o4pDot7yIeN2tljVpKU6zuolj6gFKq0uDA6KkDDz54cDzfx1aw4","token_type":"Bearer","expires_in":"299"}%

撤销令牌

• 通过 access_token

curl --location --request POST 'http://localhost:3000/oauth2/revoke' \ --header 'Authorization: Basic cGlnOnBpZw==' \ --header 'Content-Type: application/x-www-form-urlencoded' \ --data-urlencode 'token=eyJraWQiOiI0NmM3Zjk0OS01NmZmLTRlMjgtYmI4Zi0wNjZjYWU4ODllNDkiLCJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJsZW5nbGVuZyIsImF1ZCI6InBpZyIsIm5iZiI6MTYyOTM0MzM4NiwiZXhwIjoxNjI5MzQzNjg2LCJpYXQiOjE2MjkzNDMzODZ9.avRZ9NuybP8bqenEstvDq3SAKuSI6Y3ihh2PqeiQvwkUAWBPY6N9JCaxJllKhrcS6OgL76I38Yvt0B1ICMFistqemWl1rxQUB2aXpZuTwnPjxtxV6deDxyr--Y1w7I9jVpT5jnaqOXDIZ6dhIlUCfqBPT9a4DmwuEsz5H60KUO-NbMM66DPDxvTgauuylhrjiPQgaDyaxFHbtdw6qq_pgFI023fkIASodauCFiUcl64HKV3or9B3OkXW0EgnA553ofTbgz0hlROMfee15wuzOAXTUkhlUOjjosuEslimT9vFM9wtRza4o864Gi_j_zIhIoSSmRfUScXTgt9aZT1xlQ' \ --data-urlencode 'token_type_hint=access_token'

• 通过 refresh_token

curl --location --request POST 'http://localhost:3000/oauth2/revoke' \ --header 'Authorization: Basic cGlnOnBpZw==' \ --header 'Content-Type: application/x-www-form-urlencoded' \ --data-urlencode 'token=ku4R4n7YD1f584KXj4k_3GP9o-HbdY-PDIIh-twPVJTmvHa5mLIoifaNhbBvFNBbse6_wAMcRoOWuVs9qeBWpxQ5zIFrF1A4g1Q7LhVAfH1vo9Uc7WL3SP3u82j0XU5x' \ --data-urlencode 'token_type_hint=refresh_token'

项目源码地址

https://github.com/lltx/auth-server-demo

                                             资源获取：

大家点赞、收藏、关注、评论啦 、查看微信公众号获取联系方式

 精彩专栏推荐订阅：在下方专栏

每天学四小时：Java+Spring+JVM+分布式高并发，架构师指日可待