springauthorizationserver授权服务器教程,集成jdbc,使⽤版本0.2.2⽂章⽬录
前⾔
⼀、创建授权服务器
创建springboot启动项⽬,版本2.6.3
1.引⼊库
代码如下(⽰例):
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
<!-- Spring Security OAuth2 依赖 -->
<!-- Spring Authorization Server-->
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-oauth2-authorization-server</artifactId>
<version>0.2.2</version>
</dependency>
<!-- 新版 Resource Server 类库 -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-oauth2-resource-server</artifactId>
</dependency>
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
</dependency>
<dependency>
<groupId>com.alibaba</groupId>
thymeleaf用法
<artifactId>druid-spring-boot-starter</artifactId>
<version>1.2.8</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-jdbc</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-thymeleaf</artifactId>
</dependency>
2.创建相关数据表
sql⽰例:
CREATE TABLE oauth2_registered_client (
id varchar(100)NOT NULL,
client_id varchar(100)NOT NULL,
client_id_issued_at timestamp DEFAULT CURRENT_TIMESTAMP NOT NULL, client_secret varchar(200)DEFAULT NULL,
client_secret_expires_at timestamp DEFAULT NULL,
client_name varchar(200)NOT NULL,
client_authentication_methods varchar(1000)NOT NULL,
authorization_grant_types varchar(1000)NOT NULL,
redirect_uris varchar(1000)DEFAULT NULL,
scopes varchar(1000)NOT NULL,
client_settings varchar(2000)NOT NULL,
token_settings varchar(2000)NOT NULL,
PRIMARY KEY(id)
);
CREATE TABLE oauth2_authorization_consent (
registered_client_id varchar(100)NOT NULL,
principal_name varchar(200)NOT NULL,
authorities varchar(1000)NOT NULL,
PRIMARY KEY(registered_client_id, principal_name)
);
/
*
IMPORTANT:
If using PostgreSQL, update ALL columns defined with 'blob' to 'text',
as PostgreSQL does not support the 'blob' data type.
*/
CREATE TABLE oauth2_authorization (
id varchar(100)NOT NULL,
registered_client_id varchar(100)NOT NULL,
principal_name varchar(200)NOT NULL,
authorization_grant_type varchar(100)NOT NULL,
attributes blob DEFAULT NULL,
state varchar(500)DEFAULT NULL,
authorization_code_value blob DEFAULT NULL,
authorization_code_issued_at timestamp DEFAULT NULL,
authorization_code_expires_at timestamp DEFAULT NULL,
authorization_code_metadata blob DEFAULT NULL,
access_token_value blob DEFAULT NULL,
access_token_issued_at timestamp DEFAULT NULL,
access_token_expires_at timestamp DEFAULT NULL,
access_token_metadata blob DEFAULT NULL,
access_token_type varchar(100)DEFAULT NULL,
access_token_scopes varchar(1000)DEFAULT NULL,
oidc_id_token_value blob DEFAULT NULL,
oidc_id_token_issued_at timestamp DEFAULT NULL,
oidc_id_token_expires_at timestamp DEFAULT NULL,
oidc_id_token_metadata blob DEFAULT NULL,
refresh_token_value blob DEFAULT NULL,
refresh_token_issued_at timestamp DEFAULT NULL,
refresh_token_expires_at timestamp DEFAULT NULL,
refresh_token_metadata blob DEFAULT NULL,
PRIMARY KEY(id)
);
3.配置⽂件
server:
port:9500
spring:
security:
oauth2:
resourceserver:
jwt:
issuer-uri: 127.0.0.1:9500 #认证中⼼端点,作为资源端的配置
application:
name: oauth2-auth
datasource:
driver-class-name: sql.cj.jdbc.Driver
url: jdbc:mysql://192.168.3.150:31736/ry-cloud?useUnicode=true&characterEncoding=utf8&zeroDateTimeBehavior=convertToNull&useSSL=true&server Timezone=GMT%2B8
username: root
password: root
druid:
stat-view-servlet:
enabled:true
loginUsername: admin
loginPassword:123456
initial-size:5
min-idle:5
maxActive:20
maxWait:60000
timeBetweenEvictionRunsMillis:60000
minEvictableIdleTimeMillis:300000
validationQuery: SELECT 1 FROM DUAL
testWhileIdle:true
testOnBorrow:false
testOnReturn:false
poolPreparedStatements:true
maxPoolPreparedStatementPerConnectionSize:20
filters: stat,slf4j
connectionProperties: Sql\=true;druid.stat.slowSqlMillis\=5000
4.放⼊官⽅认证html页⾯
在这个⽬录下,代码如下
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta name="viewport"content="width=device-width, initial-scale=1, shrink-to-fit=no">
<link rel="stylesheet"href="stackpath.bootstrapcdn/bootstrap/4.5.2/css/bootstrap.min.css"
integrity="sha384-JcKb8q3iqJ61gNV9KGb8thSsNjpSL0n8PARn9HuZOnIxN0hoP+VmmDGMN5t9UJ0Z"crossorigin="anonymous">
<title>Custom consent page - Consent required</title>
<style>
body{
background-color: aliceblue;
}
</style>
<script>
function cancelConsent(){
}
}
</script>
</head>
<body>
<div class="container">
<div class="py-5">
<h1 class="text-center text-primary">App permissions</h1>
</div>
<div class="row">
<div class="col text-center">
<p>
The application
<span class="font-weight-bold text-primary"text="${clientId}"></span>
wants to access your account
<span class="font-weight-bold"text="${principalName}"></span>
</p>
</div>
</div>
<div class="row pb-3">
<div class="col text-center"><p>The following permissions are requested by the above app.<br/>Please review
these and consent if you approve.</p></div>
</div>
<div class="row">
<div class="col text-center">
<form name="consent_form"method="post"action="/oauth2/authorize">
<input type="hidden"name="client_id"value="${clientId}">
<input type="hidden"name="state"value="${state}">
<div each="scope: ${scopes}"class="form-group form-check py-1">
<input class="form-check-input"
type="checkbox"
name="scope"
value="${scope.scope}"
id="${scope.scope}">
<label class="form-check-label font-weight-bold"for="${scope.scope}"text="${scope.scope}"></label>
<p class="text-primary"text="${scope.description}"></p>
</div>
<p if="${not #lists.isEmpty(previouslyApprovedScopes)}">You have already granted the following permissions to the above app:</p> <div each="scope: ${previouslyApprovedScopes}"class="form-group form-check py-1">
<input class="form-check-input"
type="checkbox"
id="${scope.scope}"
disabled
checked>
<label class="form-check-label font-weight-bold"for="${scope.scope}"text="${scope.scope}"></label>
<p class="text-primary"text="${scope.description}"></p>
</div>
<div class="form-group pt-3">
<button class="btn btn-primary btn-lg"type="submit"id="submit-consent">
Submit Consent
</button>
</div>
<div class="form-group">
<button class="btn btn-link regular"type="button"id="cancel-consent"onclick="cancelConsent();">
Cancel
</button>
</div>
</form>
</div>
</div>
<div class="row pt-4">
<div class="col text-center">
<p>
<small>
Your consent to provide access is required.
Your consent to provide access is required.
<br/>If you do not approve, click Cancel, in which case no information will be shared with the app.
</small>
</p>
</div>
</div>
</div>
</body>
</html>
5.⽣成jks⽂件
windows下CMD命令窗⼝输⼊
keytool -genkeypair -alias shy_debug.jks -keyalg RSA -validity 7 -keystore shy_debug.jks
alias别名
然后根据提⽰输⼊相关信息,记好密码和别名,后⾯要⽤到
把⽣成的jks⽂件放到这⾥
6.配置KeyPair
@Configuration
public class KeyPairConfig {
@Bean
public KeyPair keyPair()throws Exception {
ClassPathResource ksFile =new ClassPathResource("shy_debug.jks");//⽂件名
KeyStoreKeyFactory ksFactory =new KeyStoreKeyFactory(ksFile,"haiwei".toCharArray());//第⼆个参数就是⽣成时候的密码KeyPair("shy_debug.jks");
}
}
7.配置AuthorizationServerConfig授权服务器配置
@Configuration(proxyBeanMethods =false)
public class AuthorizationServerConfig {
private static final String CUSTOM_CONSENT_PAGE_URI ="/oauth2/consent";
@Autowired
private KeyPair keyPair;
@Bean
@Order(Ordered.HIGHEST_PRECEDENCE)
public SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http)throws Exception {
OAuth2AuthorizationServerConfigurer<HttpSecurity> authorizationServerConfigurer =
new OAuth2AuthorizationServerConfigurer<>();
authorizationServerConfigurer
.authorizationEndpoint(authorizationEndpoint ->
RequestMatcher endpointsMatcher = authorizationServerConfigurer
.getEndpointsMatcher();
http
.requestMatcher(endpointsMatcher)
.authorizeRequests(authorizeRequests -> authorizeRequests
.anyRequest().authenticated()
版权声明:本站内容均来自互联网,仅供演示用,请勿用于商业和其他非法用途。如果侵犯了您的权益请与我们联系QQ:729038198,我们将在24小时内删除。
发表评论