网站首页 > 博客文章 正文
要通过Spring Boot 实现一个 OAuth 2.0 的提供者(Authorization Server)可以通过Spring Authorization Server来实现,下面我们就来通过一个简单的小例子来看看,如何通过SpringBoot来实现OAuth 2.0 授权服务器的功能。
添加依赖
首先,需要在Spring Boot项目中添加必要的依赖配置,例如要添加对于Spring Authorization Server和Spring Security相关依赖,如下所示。
<dependencies>
<!-- Spring Boot Starter Security -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<!-- Spring Authorization Server -->
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-oauth2-authorization-server</artifactId>
<version>1.1.2</version>
</dependency>
<!-- Spring Boot Starter Web -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<!-- Spring Data JPA (if you want to persist client details) -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-jpa</artifactId>
</dependency>
<!-- H2 Database for development -->
<dependency>
<groupId>com.h2database</groupId>
<artifactId>h2</artifactId>
<scope>runtime</scope>
</dependency>
</dependencies>配置授权服务器
接下来,就是需要通过一个配置类来添加相关的授权服务器认证配置操作,如下所示。
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.security.oauth2.server.authorization.config.ProviderSettings;
import org.springframework.security.oauth2.server.authorization.config.annotation.web.configuration.OAuth2AuthorizationServerConfiguration;
import org.springframework.security.oauth2.server.authorization.config.annotation.web.configurers.OAuth2AuthorizationServerConfigurer;
import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings;
@Configuration
public class AuthorizationServerConfig {
@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
OAuth2AuthorizationServerConfiguration.applyDefaultSecurity(http);
http
.authorizeHttpRequests(authorizeRequests ->
authorizeRequests.anyRequest().authenticated()
)
.formLogin();
return http.build();
}
@Bean
public UserDetailsService userDetailsService() {
var userDetailsService = new InMemoryUserDetailsManager();
userDetailsService.createUser(
User.withDefaultPasswordEncoder()
.username("user")
.password("password")
.roles("USER")
.build()
);
return userDetailsService;
}
@Bean
public AuthorizationServerSettings providerSettings() {
return AuthorizationServerSettings.builder()
.issuer("http://localhost:8080")
.build();
}
}配置OAuth2客户端
接下来就是定义定义授权服务器中的客户端信息,我们可以将这个数据信息存储到内存中或者是通过外部存储进行持久化的存储,如下所示。我们将相关的数据信息添加到了内存中进行存储。
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository;
import org.springframework.security.oauth2.server.authorization.client.InMemoryRegisteredClientRepository;
import org.springframework.security.oauth2.core.AuthorizationGrantType;
import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
@Configuration
public class ClientConfig {
@Bean
public RegisteredClientRepository registeredClientRepository() {
RegisteredClient registeredClient = RegisteredClient.withId("client-id")
.clientId("client-id")
.clientSecret("{noop}client-secret")
.clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_BASIC)
.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
.authorizationGrantType(AuthorizationGrantType.REFRESH_TOKEN)
.redirectUri("http://localhost:8080/login/oauth2/code/client-oidc")
.scope("openid")
.build();
return new InMemoryRegisteredClientRepository(registeredClient);
}
}
启动应用程序
完成上述操作之后,我们的SpringBoot应用就可以作为一个OAuth 2.0 的授权服务器运行了,我们可以通过访问/oauth2/authorize 来进行授权,然后通过通过 /oauth2/token 来获取令牌。
通过 Postman 或其他 OAuth 2.0 客户端工具测试上面这个的授权服务器。我们也可以测试授权码流程、客户端凭据、密码模式等。
总结
通过上面的步骤,我们就可以创建一个简单的OAuth 2.0提供者(授权服务器)。当然,在实际开发过程中我们也可以根据需要扩展和自定义实现,比如使用数据库存储客户端信息、添加更多的授权类型、集成 JWT 令牌等。
猜你喜欢
- 2024-12-14 不服不行啊!大牛确实把SpringCloud集成Dubbo给一次性讲透了
- 2024-12-14 SpringBoot + minio + kkfile 实现文件预览
- 2024-12-14 基于Spring Boot 2.2.6实现Rest风格的文件上传&下载APIs-附源码
- 2024-12-14 springboot2.2.X手册:5分钟用Netty搭建高性能异步WebSocket服务
- 2024-12-14 Spring Boot 3.0 要来了,这个特性真心强
- 2024-12-14 妹子始终没搞懂OAuth2.0,今天整合Spring Cloud Security 说明白
- 2024-12-14 SpringBoot 3.2:CRaC技术助力启动速度飞跃
- 2024-12-14 拿捏SpringBoot自动配置实战演示
- 2024-12-14 SpringBoot 3.3.5 试用CRaC,启动速度提升3到10倍
- 2024-12-14 Spring Boot Admin 2.2.0发布,新增多语言支持(含中文)
欢迎 你 发表评论:
- 最近发表
- 标签列表
-
- powershellfor (55)
- messagesource (56)
- aspose.pdf破解版 (56)
- promise.race (63)
- 2019cad序列号和密钥激活码 (62)
- window.performance (66)
- qt删除文件夹 (72)
- mysqlcaching_sha2_password (64)
- ubuntu升级gcc (58)
- nacos启动失败 (64)
- ssh-add (70)
- jwt漏洞 (58)
- macos14下载 (58)
- yarnnode (62)
- abstractqueuedsynchronizer (64)
- source~/.bashrc没有那个文件或目录 (65)
- springboot整合activiti工作流 (70)
- jmeter插件下载 (61)
- 抓包分析 (60)
- idea创建mavenweb项目 (65)
- vue回到顶部 (57)
- qcombobox样式表 (68)
- vue数组concat (56)
- tomcatundertow (58)
- pastemac (61)
本文暂时没有评论,来添加一个吧(●'◡'●)