第十节 spring could security实现OAuth2
第十节 spring could security实现OAuth2
用户1418372
发布于 2018-09-13 10:23:45
发布于 2018-09-13 10:23:45
使用spring could security实现OAuth2来控制服务中api的安全
- 首先创建一个安全服务spring security,用于控制身份验证和授权。
- 增加pom依赖
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-oauth2</artifactId>
</dependency>- 在启动类上增加@EnableResourceServer表示允许该服务作为资源服务器使用 同时启用@EnableAuthorizationServer表示启用授权服务器,可参照如下配置:
//启用资源服务器
@SpringBootApplication
@RestController
@EnableResourceServer
public class SecurityApp {
@RequestMapping("/user")
public Principal user(Principal user) {
return user;
}
public static void main(String[] args) {
SpringApplication.run(SecurityApp.class, args);
}
//同时配置oauth2授权服务器
@Configuration
@EnableAuthorizationServer
protected static class OAuth2Config extends AuthorizationServerConfigurerAdapter {
@Autowired
private AuthenticationManager authenticationManager;
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpointsConfigurer) throws Exception {
endpointsConfigurer.authenticationManager(authenticationManager);
}
@Override
public void configure(ClientDetailsServiceConfigurer clientDetailsServiceConfigurer) throws Exception {
//作为示例使用硬编码配置
clientDetailsServiceConfigurer.inMemory()
.withClient("client")
.secret("clientsecret")
.authorizedGrantTypes("authorization_code", "refresh_token", "implicit", "password", "client_credentials")
.scopes("apiAccess");
}
}
}- 配置文件
info:
component:
Security Server
server:
port: 9001
ssl:
key-store: classpath:keystore.jks
key-store-password: password
key-password: password
# contextPath表示上下文;路径
contextPath: /auth
# 暂时使用硬编码
security:
user:
password: password
logging:
level:
org.springframework.security: DEBUG- 有了安全服务器,现在创建api server作为对外公开的api并通过安全服务器认证
- 增加pom依赖
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-oauth2</artifactId>
</dependency>- 将api-server作为资源服务器 添加@EnableResourceServer
@SpringBootApplication
@EnableEurekaClient
@EnableCircuitBreaker
@EnableResourceServer
@Configuration
@ComponentScan({"com.xzg.api.service", "com.xzg.common"})
public class ApiApp {
private static final Logger LOG = LoggerFactory.getLogger(ApiApp.class);
static {
// for localhost testing only
LOG.warn("Will now disable hostname check in SSL, only to be used during development");
HttpsURLConnection.setDefaultHostnameVerifier((hostname, sslSession) -> true);
}
@Value("${app.rabbitmq.host:localhost}")
String rabbitMqHost;
@Bean
public ConnectionFactory connectionFactory() {
LOG.info("Create RabbitMqCF for host: {}", rabbitMqHost);
CachingConnectionFactory connectionFactory = new CachingConnectionFactory(rabbitMqHost);
return connectionFactory;
}
@LoadBalanced
@Bean
RestTemplate restTemplate() {
return new RestTemplate();
}
public static void main(String[] args) {
LOG.info("Register MDCHystrixConcurrencyStrategy");
HystrixPlugins.getInstance().registerConcurrencyStrategy(new MDCHystrixConcurrencyStrategy());
SpringApplication.run(ApiApp.class, args);
}
}- 配置文件
info:
component: API Service
spring:
application:
name: api-service
aop:
proxyTargetClass: true
server:
port: 7771
security:
oauth2:
resource:
userInfoUri: https://localhost:9001/auth/user
management:
security:
enabled: false
# 其他略启动测试。。 spring boot 实现
本文参与 腾讯云自媒体同步曝光计划,分享自作者个人站点/博客。
原始发表:2018.09.05 ,如有侵权请联系 cloudcommunity@tencent.com 删除
评论
登录后参与评论
推荐阅读
目录
腾讯云开发者
