BACKGROUND: There are many lectures on configuring oauth2 on the internet. The configuration method is complex and complicated, which is not friendly to beginners and daunting.
Welcome to this series of blogs based on the latest version of spring cloud hoxton to complete the practice of OAuth 2
- Based on Spring Cloud OAuth, the authentication center of oauth is built in a concise way.
- For the authorization mode of OAuth 2, please refer directly to [Ruan Yifeng's four ways of OAuth 2.0's detailed introduction]
](http://www.ruanyifeng.com/blo...
- Project Version Core Notes
| Name | Edition |
|---|---|
| Spring Boot | 2.2.0.M5 |
| Spring Cloud | Hoxton.M2 |
| Spring Cloud OAuth2 | 2.2.0.M2 |
Start configuring the authentication server
maven dependency introduction
- All you need to do is introduce web and cloud-oauth instead of spring cloud.
<dependencies> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-web</artifactId> </dependency> <dependency> <groupId>org.springframework.cloud</groupId> <artifactId>spring-cloud-starter-oauth2</artifactId> </dependency> </dependencies>
Configure web security to intercept all requests
- Get the web context Authentication Manager injected into spring to facilitate the back oauth server injection
- Create a memory implementation of UserDetails Service and inject a test user
@Configuration @EnableWebSecurity @EnableGlobalMethodSecurity(prePostEnabled = true) public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter { /** * Authentication Manager must be injected, otherwise oauth cannot handle four authorization modes * * @return * @throws Exception */ @Bean @Override public AuthenticationManager authenticationManagerBean() throws Exception { return super.authenticationManagerBean(); } /** * UserDetails Service must be injected, otherwise oauth password mode and other dead-cycle problems * * @return */ @Bean @Override protected UserDetailsService userDetailsService() { InMemoryUserDetailsManager userDetailsManager = new InMemoryUserDetailsManager(); userDetailsManager.createUser(User.withUsername("lengleng").password("{noop}lengleng").authorities("USER").build()); return userDetailsManager; } }
Configure oauth2 authentication server
- Configure clientId information and the authorization mode it supports, with particular attention to the five types that contain a refresh operation
@Configuration @EnableAuthorizationServer public class BigAuthServerConfiguration extends AuthorizationServerConfigurerAdapter { @Autowired private AuthenticationManager authenticationManager; @Autowired private UserDetailsService userDetailsService; @Override public void configure(ClientDetailsServiceConfigurer clients) throws Exception { clients.inMemory() .withClient("appid") .secret("{noop}secret") .authorizedGrantTypes("password", "authorization_code", "client_credentials", "implicit", "refresh_token") .scopes("all"); } @Override public void configure(AuthorizationServerEndpointsConfigurer endpoints) { endpoints.authenticationManager(authenticationManager) .userDetailsService(userDetailsService); } }
The functions of authentication server have been completed above.
Test password mode
curl -X POST -H "Content-Type: application/x-www-form-urlencoded" -d 'grant_type=password&username=lengleng&password=lengleng&scope=all' "http://appid:secret@localhost:8764/oauth/token"
Start configuring resource servers
maven dependency introduction
- All you need to do is introduce web and cloud-oauth instead of spring cloud.
<dependencies> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-web</artifactId> </dependency> <dependency> <groupId>org.springframework.cloud</groupId> <artifactId>spring-cloud-starter-oauth2</artifactId> </dependency> </dependencies>
Configure client information
security: oauth2: client: client-id: appid client-secret: secret scope: all resource: # check_token Interface Address of Authentication Center token-info-uri: http://127.0.0.1:8764/oauth/check_token
Application Declaration Resource Server
- @ Enable Resource Server can complete access
// Access oauth2 and declare it a resource server @EnableResourceServer @EnableDiscoveryClient @SpringBootApplication public class BigUpmsServerApplication { public static void main(String[] args) { SpringApplication.run(BigUpmsServerApplication.class, args); } }
The authentication server configured above exposes check_token
- If the interface check_token 403 is not processed
public class BigAuthServerConfiguration extends AuthorizationServerConfigurerAdapter { /** * checkTokenAccess The permission is set to isAuthenticated, otherwise the resource server requests 403 * @param oauthServer */ @Override public void configure(AuthorizationServerSecurityConfigurer oauthServer) { oauthServer .allowFormAuthenticationForClients() .checkTokenAccess("isAuthenticated()"); } }
Resource Server demo Interface
@RestController public class DemoController { @GetMapping("/info") public Authentication authentication(Authentication authentication) { return authentication; } }
Access the test interface through token obtained above
- Get token
- Getting current user information through token request test interface
summary
- Welcome to my blog for more information on oauth2 extensions https://my.oschina.net/giegie
- Matching Practice Projects Welcome Attention RBAC Privilege Management System Based on Spring Boot 2.1.7, Spring Cloud Greenwich.SR2 and OAuth 2
