Spring Boot Restful WebAPI集成 OAuth2
2017-12-28 12:33
507 查看
系统采用前后端分离的架构,采用OAuth2协议是很自然的事情。
下面开始实战,主要依赖以下两个组件:
一、认证服务器
二、资源服务器
一开始一直在配置WebSecurityConfigurerAdapter,其实这个跟ResourceServerConfigurerAdapter是冲突的,如果用OAuth来做认证的话,那么只要配置ResourceServerConfigurerAdapter就可以了
Spring OAuth中有个SSO注解,可以帮助实现单点登录。等项目发展起来以后,我们可以用这个来实现账号的统一授权。
相关参才:
http://blog.csdn.net/carrie__yang/article/details/77836456
http://hevanwang.iteye.com/blog/2009923
下面开始实战,主要依赖以下两个组件:
<dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-security</artifactId> </dependency> <dependency> <groupId>org.springframework.security.oauth</groupId> <artifactId>spring-security-oauth2</artifactId> </dependency>
例外还要配置两个Config:
一、认证服务器
@Configuration @EnableAuthorizationServer public class AuthorizationServerConfiguration extends AuthorizationServerConfigurerAdapter { @Autowired private UserApprovalHandler userApprovalHandler; @Autowired private AuthenticationManager authenticationManager; @Autowired private TokenStore tokenStore; @Autowired private MyUserService userService; @Autowired private ClientDetailsService clientDetailsService; @Override public void configure(ClientDetailsServiceConfigurer clients) throws Exception { clients.inMemory() .withClient("aizoukeji") // .authorizedGrantTypes("password", "authorization_code", "implicit") .authorizedGrantTypes("password") .authorities("ROLE_CLIENT", "ROLE_TRUSTED_CLIENT") .scopes("read", "write", "trust") .secret("18657189775") .accessTokenValiditySeconds(60 * 2);//Access token is only valid for 2 minutes. // refreshTokenValiditySeconds(600);//Refresh token is only valid for 10 minutes. } @Override public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception { endpoints.tokenStore(tokenStore) .userApprovalHandler(userApprovalHandler) .authenticationManager(authenticationManager) .userDetailsService(userService); } @Bean public TokenStore tokenStore() { return new InMemoryTokenStore(); } @Bean @Autowired public TokenStoreUserApprovalHandler userApprovalHandler(TokenStore tokenStore){ TokenStoreUserApprovalHandler handler = new TokenStoreUserApprovalHandler(); handler.setTokenStore(tokenStore); handler.setRequestFactory(new DefaultOAuth2RequestFactory(clientDetailsService)); handler.setClientDetailsService(clientDetailsService); return handler; } @Bean @Autowired public ApprovalStore approvalStore(TokenStore tokenStore) throws Exception { TokenApprovalStore store = new TokenApprovalStore(); store.setTokenStore(tokenStore); return store; } }
二、资源服务器
@Configuration @EnableResourceServer public class ResourceServerConfiguration extends ResourceServerConfigurerAdapter { private static final String RESOURCE_ID = "my_rest_api"; @Override public void configure(ResourceServerSecurityConfigurer resources) { resources.resourceId(RESOURCE_ID).stateless(true); } @Override public void configure(HttpSecurity http) throws Exception { // http.requestMatchers().antMatchers("/**") // .and() // .authorizeRequests().antMatchers("/v1/**").authenticated() // .and() // .exceptionHandling().accessDeniedHandler(new OAuth2AccessDeniedHandler()); http.authorizeRequests().antMatchers("/v1/**").authenticated() .and() .exceptionHandling().accessDeniedHandler(new OAuth2AccessDeniedHandler()); } }
踩过的坑
一开始一直在配置WebSecurityConfigurerAdapter,其实这个跟ResourceServerConfigurerAdapter是冲突的,如果用OAuth来做认证的话,那么只要配置ResourceServerConfigurerAdapter就可以了
延伸
Spring OAuth中有个SSO注解,可以帮助实现单点登录。等项目发展起来以后,我们可以用这个来实现账号的统一授权。相关参才:
Spring boot下自定义spring oauth2的授权页面
http://blog.csdn.net/carrie__yang/article/details/77836456http://hevanwang.iteye.com/blog/2009923
相关文章推荐
- springboot集成swagger2构建RESTful API文档
- springboot集成swagger2构建RESTful API文档
- SpringBoot实践之---集成Swagger2生成Restful风格的在线API
- 使用 Spring Boot 2.0 + WebFlux 实现 RESTful API功能
- Spring Boot 实践1 --创建WEB restful项目,集成jpa
- springboot【3】web开发之构建RESTful API与单元测试
- springboot集成swagger2,构建优雅的Restful API doc
- Spring Boot Restful API 个人实际应用
- Spring Boot 构建一个较为复杂的RESTful API以及单元测试
- SpringBoot学习(六)--SpringBoot集成swagger在线API文档工具
- Building a RESTful Web Service Using Spring Boot In Eclipse
- 详解SpringBoot restful api的单元测试
- Spring Boot-构建一个复杂的RESTful API及单元测试
- SpringBoot之Hypermedia-Driven RESTful Web Service
- 【spring boot】2.0 集成 webflux 以及 异步响应式新特性验证
- 使用CXF与Spring集成实现RESTFul WebService
- SpringBoot Web/API的通用异常处理[嗡汤圆的小笔记]
- springboot-restful api-swagger2 ui-实战
- springboot-restful api-swagger2 ui-实战
- Spring Boot Web API测试