修改资源服务器的配置,主要在配置类继承资源配置ResourceServerConfigurerAdapter的configure方法
1) 设置RestTemplate,默认RestTemplate有些格式无法解析,配置相关解析器
@LoadBalanced
@Bean
public RestTemplate restTemplate() {
//httpRequestFactory()
RestTemplate restTemplate = new RestTemplate();
List<HttpMessageConverter<?>> converters = restTemplate.getMessageConverters();
for (HttpMessageConverter<?> converter : converters) {
if (converter instanceof MappingJackson2HttpMessageConverter) {
MappingJackson2HttpMessageConverter jsonConverter = (MappingJackson2HttpMessageConverter) converter;
jsonConverter.setObjectMapper(new ObjectMapper());
jsonConverter.setSupportedMediaTypes(ImmutableList.of(new MediaType("application", "json", MappingJackson2HttpMessageConverter.DEFAULT_CHARSET), new MediaType("text", "javascript", MappingJackson2HttpMessageConverter.DEFAULT_CHARSET)));
}
}
return restTemplate;
}
2) 设置token解析器,因为认证服务使用的为默认解析器,这里保持一致
@Bean
public AccessTokenConverter accessTokenConverter() {
return new DefaultAccessTokenConverter();
}
@Override
public void configure(ResourceServerSecurityConfigurer resources) {
resources.tokenServices(tokenServices());//.resourceId(SPARKLR_RESOURCE_ID);
}
@Bean
public ResourceServerTokenServices tokenServices() {
RemoteTokenServices remoteTokenServices = new RemoteTokenServices();
remoteTokenServices.setCheckTokenEndpointUrl("https://security-service/oauth/check_token");
//这里硬编码客户端信息,服务端硬编码保存在内存里,生产上请修改
remoteTokenServices.setClientId("client");
remoteTokenServices.setClientSecret("password");
remoteTokenServices.setRestTemplate(restTemplate());
remoteTokenServices.setAccessTokenConverter(accessTokenConverter());
return remoteTokenServices;
}
认证服务的修改 1) 为了是校验请求通过,认证服务,修改配置public class OAuth2Config extends AuthorizationServerConfigurerAdapter 增加.checkTokenAccess("permitAll()")
@Override
public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
security
// 开启/oauth/token_key验证端口无权限访问
.tokenKeyAccess("permitAll()")
.checkTokenAccess("permitAll()")
.passwordEncoder(new BCryptPasswordEncoder())
// 请求/oauth/token的,如果配置支持allowFormAuthenticationForClients的,且url中有client_id和client_secret的会走ClientCredentialsTokenEndpointFilter
.allowFormAuthenticationForClients();
}
测试如下
图片.png