【修改】oauth2.0 密码模式认证.

【新增】认证服务器也是资源服务器
2017-10-27 14:22:12 +08:00 · 2017-10-27 14:22:12 +08:00 · 3057e1b76c
parent a5e405ccce
commit 3057e1b76c
11 changed files with 142 additions and 140 deletions
--- a/pig-demo-service/pom.xml
+++ b/pig-demo-service/pom.xml
@ -0,0 +1,38 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+	<modelVersion>4.0.0</modelVersion>
+
+	<groupId>com.github.pig</groupId>
+	<artifactId>pig-demo-service</artifactId>
+	<version>0.0.1-SNAPSHOT</version>
+	<packaging>jar</packaging>
+
+	<name>pig-demo-service</name>
+	<description>demo service</description>
+
+	<parent>
+		<groupId>com.github</groupId>
+		<artifactId>pig</artifactId>
+		<version>1.0-SNAPSHOT</version>
+	</parent>
+
+	<dependencies>
+		<!--oauth2.0-->
+		<dependency>
+			<groupId>org.springframework.cloud</groupId>
+			<artifactId>spring-cloud-starter-oauth2</artifactId>
+		</dependency>
+	</dependencies>
+
+
+	<build>
+		<plugins>
+			<plugin>
+				<groupId>org.springframework.boot</groupId>
+				<artifactId>spring-boot-maven-plugin</artifactId>
+			</plugin>
+		</plugins>
+	</build>
+
+</project>
--- a/pig-demo-service/src/main/java/com/github/pig/demo/AuthserverApplication.java
+++ b/pig-demo-service/src/main/java/com/github/pig/demo/AuthserverApplication.java
@ -1,33 +0,0 @@
-package com.github.pig.demo;
-
-import org.springframework.boot.SpringApplication;
-import org.springframework.boot.autoconfigure.SpringBootApplication;
-import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
-import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
-import org.springframework.web.bind.annotation.GetMapping;
-import org.springframework.web.bind.annotation.RequestMapping;
-import org.springframework.web.bind.annotation.RestController;
-
-import java.security.Principal;
-
-@SpringBootApplication
-@RestController
-@EnableAuthorizationServer
-@EnableResourceServer
-public class AuthserverApplication {
-
-    @RequestMapping("/user")
-    public Principal user(Principal user) {
-        return user;
-    }
-
-    @GetMapping("/test")
-    public String test() {
-        return "test";
-    }
-
-    public static void main(String[] args) {
-        SpringApplication.run(AuthserverApplication.class, args);
-    }
-
-}
--- a/pig-demo-service/src/main/java/com/github/pig/demo/DemoResourceApplication.java
+++ b/pig-demo-service/src/main/java/com/github/pig/demo/DemoResourceApplication.java
@ -0,0 +1,42 @@
+package com.github.pig.demo;
+
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.cloud.client.discovery.EnableDiscoveryClient;
+import org.springframework.cloud.client.loadbalancer.LoadBalanced;
+import org.springframework.cloud.client.loadbalancer.LoadBalancerClient;
+import org.springframework.cloud.client.loadbalancer.LoadBalancerInterceptor;
+import org.springframework.context.annotation.Bean;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+import java.security.Principal;
+
+/**
+ * @author lengleng
+ * @date 2017年10月27日13:59:05
+ */
+@SpringBootApplication
+@EnableDiscoveryClient
+@RestController
+public class DemoResourceApplication {
+    @GetMapping("/demo")
+    public String demo() {
+        return "demo";
+    }
+
+    @RequestMapping("/user")
+    public Principal user(Principal principal) {
+        return principal;
+    }
+
+    public static void main(String[] args) {
+        SpringApplication.run(DemoResourceApplication.class, args);
+    }
+
+//    @Bean
+//    LoadBalancerInterceptor loadBalancerInterceptor(LoadBalancerClient loadBalance) {
+//        return new LoadBalancerInterceptor(loadBalance);
+//    }
+}
--- a/pig-demo-service/src/main/java/com/github/pig/demo/config/ResourceServerConfiguration.java
+++ b/pig-demo-service/src/main/java/com/github/pig/demo/config/ResourceServerConfiguration.java
@ -0,0 +1,21 @@
+package com.github.pig.demo.config;
+
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
+import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
+
+/**
+ * @author lengleng
+ * @date 2017/10/27
+ */
+@Configuration
+@EnableResourceServer
+public class ResourceServerConfiguration extends ResourceServerConfigurerAdapter {
+    @Override
+    public void configure(HttpSecurity http) throws Exception {
+        http.anonymous().disable()
+                .authorizeRequests()
+                .anyRequest().authenticated();
+    }
+}
--- a/pig-demo-service/src/main/resources/bootstrap.yml
+++ b/pig-demo-service/src/main/resources/bootstrap.yml
@ -0,0 +1,21 @@
+server:
+  port: 4000
+spring:
+  application:
+    name: pig-demo-service
+
+security:
+  sessions: stateless
+  oauth2:
+    resource:
+      loadBalanced: true
+      user-info-uri: http://pig-service-auth/user
+      prefer-token-info: false
+      service-id: pig-demo-service
+
+eureka:
+  instance:
+    prefer-ip-address: true
+  client:
+    serviceUrl:
+      defaultZone: http://127.0.0.1:9000/eureka/
--- a/pig-service-auth/src/main/java/com/github/pig/auth/PigServiceAuthApplication.java
+++ b/pig-service-auth/src/main/java/com/github/pig/auth/PigServiceAuthApplication.java
@ -4,18 +4,21 @@ import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
 import org.springframework.cloud.client.discovery.EnableDiscoveryClient;
 import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
+import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;

 /**
 * @author lengleng
+ * 获取用户信息也是通过这个应用实现
+ * 这里既是认证服务器，也是资源服务器
+ * EnableResourceServer
 */
-@EnableDiscoveryClient
@SpringBootApplication
-public class PigServiceAuthApplication {
+@EnableResourceServer
+@EnableDiscoveryClient
+public class PigAuthServerApplication {

    public static void main(String[] args) {
-        SpringApplication.run(PigServiceAuthApplication.class, args);
+        SpringApplication.run(PigAuthServerApplication.class, args);
    }

-
-
 }
--- a/pig-service-auth/src/main/java/com/github/pig/auth/config/AuthorizationServerConfig.java
+++ b/pig-service-auth/src/main/java/com/github/pig/auth/config/AuthorizationServerConfig.java
@ -9,17 +9,18 @@ import org.springframework.security.oauth2.config.annotation.configurers.ClientD
 import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
 import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
 import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
-import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;
 import org.springframework.security.oauth2.provider.token.store.redis.RedisTokenStore;

 /**
 * @author lengleng
- * @date 2017/10/26
- * 认证服务器配置
+ * @date 2017/10/27
+ * 认证服务器逻辑实现
 */
+
@Configuration
@EnableAuthorizationServer
-public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {
+public class PigAuthorizationConfig extends AuthorizationServerConfigurerAdapter {
+
    @Autowired
    private AuthenticationManager authenticationManager;

@ -29,28 +30,20 @@ public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdap
    @Autowired
    private RedisConnectionFactory redisConnectionFactory;

-    @Override
-    public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
-        endpoints
-                .authenticationManager(authenticationManager)
-                .userDetailsService(userDetailsService)
-                .tokenStore(new RedisTokenStore(redisConnectionFactory));
-    }
-
    @Override
    public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
        clients.inMemory()
                .withClient("lengleng")
                .secret("lengleng")
-                .authorizedGrantTypes("authorization_code", "refresh_token", "password")
+                .authorizedGrantTypes("refresh_token", "password")
                .scopes("ui");
    }

    @Override
-    public void configure(AuthorizationServerSecurityConfigurer oauthServer) throws Exception {
-        oauthServer
-                .tokenKeyAccess("permitAll()")
-                .checkTokenAccess("isAuthenticated()");
+    public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
+        endpoints
+                .tokenStore(new RedisTokenStore(redisConnectionFactory))
+                .authenticationManager(authenticationManager)
+                .userDetailsService(userDetailsService);
    }
-
 }
--- a/pig-service-auth/src/main/java/com/github/pig/auth/config/PigResoureServerConfig.java
+++ b/pig-service-auth/src/main/java/com/github/pig/auth/config/PigResoureServerConfig.java
@ -1,13 +0,0 @@
-package com.github.pig.auth.config;
-
-import org.springframework.context.annotation.Configuration;
-import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
-
-/**
- * @author lengleng
- * @date 2017/10/26
- */
-@Configuration
-@EnableResourceServer
-public class PigResoureServerConfig {
-}
--- a/pig-service-auth/src/main/java/com/github/pig/auth/config/PigWebSecurityConfig.java
+++ b/pig-service-auth/src/main/java/com/github/pig/auth/config/PigWebSecurityConfig.java
@ -1,58 +0,0 @@
-package com.github.pig.auth.config;
-
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.context.annotation.Bean;
-import org.springframework.context.annotation.Configuration;
-import org.springframework.security.authentication.AuthenticationManager;
-import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
-import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
-import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
-import org.springframework.security.core.userdetails.UserDetailsService;
-import org.springframework.security.crypto.password.PasswordEncoder;
-
-/**
- * @author lengleng
- * @date 2017/10/26
- */
-@Configuration
-@EnableWebSecurity
-@EnableGlobalMethodSecurity(prePostEnabled = true)
-public class PigWebSecurityConfig extends WebSecurityConfigurerAdapter {
-    @Autowired
-    private UserDetailsService userDetailsService;
-
-    @Autowired
-    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
-        auth
-                .userDetailsService(userDetailsService)
-                .passwordEncoder(new PasswordEncoder() {
-                    @Override
-                    public String encode(CharSequence charSequence) {
-                        return charSequence.toString();
-                    }
-
-                    @Override
-                    public boolean matches(CharSequence charSequence, String s) {
-                        return s.equals(charSequence.toString());
-                    }
-                });
-    }
-
-    @Override
-    protected void configure(HttpSecurity http) throws Exception {
-        http
-                .anonymous().disable()
-                .authorizeRequests()
-                .anyRequest().authenticated()
-                .and()
-                .csrf().disable();
-    }
-
-    @Override
-    @Bean
-    public AuthenticationManager authenticationManagerBean() throws Exception {
-        return super.authenticationManagerBean();
-    }
-}
--- a/pig-service-auth/src/main/java/com/github/pig/auth/controller/UserController.java
+++ b/pig-service-auth/src/main/java/com/github/pig/auth/controller/UserController.java
@ -1,6 +1,5 @@
 package com.github.pig.auth.controller;

-import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;

@ -12,7 +11,7 @@ import java.security.Principal;
 */
@RestController
 public class UserController {
-    @GetMapping("/user")
+    @RequestMapping("/user")
    public Object user(Principal user) {
        return user;
    }
--- a/pig-service-auth/src/main/resources/bootstrap.yml
+++ b/pig-service-auth/src/main/resources/bootstrap.yml
@ -24,14 +24,3 @@ eureka:
    serviceUrl:
      defaultZone: http://127.0.0.1:9000/eureka/

-security:
-  user:
-    password: lengleng
-    name: lengleng
-  oauth2:
-    client:
-      client-secret: lengleng
-      clientId: lengleng
-      authorized-grant-types: password
-      scope: openid
-