【修改】oauth2.0 密码模式认证.

【新增】认证服务器也是资源服务器
This commit is contained in:
wangiegie@gmail.com 2017-10-27 14:22:12 +08:00
parent a5e405ccce
commit 3057e1b76c
11 changed files with 142 additions and 140 deletions

38
pig-demo-service/pom.xml Normal file
View File

@ -0,0 +1,38 @@
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>com.github.pig</groupId>
<artifactId>pig-demo-service</artifactId>
<version>0.0.1-SNAPSHOT</version>
<packaging>jar</packaging>
<name>pig-demo-service</name>
<description>demo service</description>
<parent>
<groupId>com.github</groupId>
<artifactId>pig</artifactId>
<version>1.0-SNAPSHOT</version>
</parent>
<dependencies>
<!--oauth2.0-->
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-oauth2</artifactId>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
</plugins>
</build>
</project>

View File

@ -1,33 +0,0 @@
package com.github.pig.demo;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
import java.security.Principal;
@SpringBootApplication
@RestController
@EnableAuthorizationServer
@EnableResourceServer
public class AuthserverApplication {
@RequestMapping("/user")
public Principal user(Principal user) {
return user;
}
@GetMapping("/test")
public String test() {
return "test";
}
public static void main(String[] args) {
SpringApplication.run(AuthserverApplication.class, args);
}
}

View File

@ -0,0 +1,42 @@
package com.github.pig.demo;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.cloud.client.discovery.EnableDiscoveryClient;
import org.springframework.cloud.client.loadbalancer.LoadBalanced;
import org.springframework.cloud.client.loadbalancer.LoadBalancerClient;
import org.springframework.cloud.client.loadbalancer.LoadBalancerInterceptor;
import org.springframework.context.annotation.Bean;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
import java.security.Principal;
/**
* @author lengleng
* @date 2017年10月27日13:59:05
*/
@SpringBootApplication
@EnableDiscoveryClient
@RestController
public class DemoResourceApplication {
@GetMapping("/demo")
public String demo() {
return "demo";
}
@RequestMapping("/user")
public Principal user(Principal principal) {
return principal;
}
public static void main(String[] args) {
SpringApplication.run(DemoResourceApplication.class, args);
}
// @Bean
// LoadBalancerInterceptor loadBalancerInterceptor(LoadBalancerClient loadBalance) {
// return new LoadBalancerInterceptor(loadBalance);
// }
}

View File

@ -0,0 +1,21 @@
package com.github.pig.demo.config;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
/**
* @author lengleng
* @date 2017/10/27
*/
@Configuration
@EnableResourceServer
public class ResourceServerConfiguration extends ResourceServerConfigurerAdapter {
@Override
public void configure(HttpSecurity http) throws Exception {
http.anonymous().disable()
.authorizeRequests()
.anyRequest().authenticated();
}
}

View File

@ -0,0 +1,21 @@
server:
port: 4000
spring:
application:
name: pig-demo-service
security:
sessions: stateless
oauth2:
resource:
loadBalanced: true
user-info-uri: http://pig-service-auth/user
prefer-token-info: false
service-id: pig-demo-service
eureka:
instance:
prefer-ip-address: true
client:
serviceUrl:
defaultZone: http://127.0.0.1:9000/eureka/

View File

@ -4,18 +4,21 @@ import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication; import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.cloud.client.discovery.EnableDiscoveryClient; import org.springframework.cloud.client.discovery.EnableDiscoveryClient;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity; import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
/** /**
* @author lengleng * @author lengleng
* 获取用户信息也是通过这个应用实现
* 这里既是认证服务器也是资源服务器
* EnableResourceServer
*/ */
@EnableDiscoveryClient
@SpringBootApplication @SpringBootApplication
public class PigServiceAuthApplication { @EnableResourceServer
@EnableDiscoveryClient
public class PigAuthServerApplication {
public static void main(String[] args) { public static void main(String[] args) {
SpringApplication.run(PigServiceAuthApplication.class, args); SpringApplication.run(PigAuthServerApplication.class, args);
} }
} }

View File

@ -9,17 +9,18 @@ import org.springframework.security.oauth2.config.annotation.configurers.ClientD
import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter; import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer; import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer; import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;
import org.springframework.security.oauth2.provider.token.store.redis.RedisTokenStore; import org.springframework.security.oauth2.provider.token.store.redis.RedisTokenStore;
/** /**
* @author lengleng * @author lengleng
* @date 2017/10/26 * @date 2017/10/27
* 认证服务器配置 * 认证服务器逻辑实现
*/ */
@Configuration @Configuration
@EnableAuthorizationServer @EnableAuthorizationServer
public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter { public class PigAuthorizationConfig extends AuthorizationServerConfigurerAdapter {
@Autowired @Autowired
private AuthenticationManager authenticationManager; private AuthenticationManager authenticationManager;
@ -29,28 +30,20 @@ public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdap
@Autowired @Autowired
private RedisConnectionFactory redisConnectionFactory; private RedisConnectionFactory redisConnectionFactory;
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
endpoints
.authenticationManager(authenticationManager)
.userDetailsService(userDetailsService)
.tokenStore(new RedisTokenStore(redisConnectionFactory));
}
@Override @Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception { public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients.inMemory() clients.inMemory()
.withClient("lengleng") .withClient("lengleng")
.secret("lengleng") .secret("lengleng")
.authorizedGrantTypes("authorization_code", "refresh_token", "password") .authorizedGrantTypes("refresh_token", "password")
.scopes("ui"); .scopes("ui");
} }
@Override @Override
public void configure(AuthorizationServerSecurityConfigurer oauthServer) throws Exception { public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
oauthServer endpoints
.tokenKeyAccess("permitAll()") .tokenStore(new RedisTokenStore(redisConnectionFactory))
.checkTokenAccess("isAuthenticated()"); .authenticationManager(authenticationManager)
.userDetailsService(userDetailsService);
} }
} }

View File

@ -1,13 +0,0 @@
package com.github.pig.auth.config;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
/**
* @author lengleng
* @date 2017/10/26
*/
@Configuration
@EnableResourceServer
public class PigResoureServerConfig {
}

View File

@ -1,58 +0,0 @@
package com.github.pig.auth.config;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.password.PasswordEncoder;
/**
* @author lengleng
* @date 2017/10/26
*/
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class PigWebSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private UserDetailsService userDetailsService;
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth
.userDetailsService(userDetailsService)
.passwordEncoder(new PasswordEncoder() {
@Override
public String encode(CharSequence charSequence) {
return charSequence.toString();
}
@Override
public boolean matches(CharSequence charSequence, String s) {
return s.equals(charSequence.toString());
}
});
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.anonymous().disable()
.authorizeRequests()
.anyRequest().authenticated()
.and()
.csrf().disable();
}
@Override
@Bean
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
}

View File

@ -1,6 +1,5 @@
package com.github.pig.auth.controller; package com.github.pig.auth.controller;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController; import org.springframework.web.bind.annotation.RestController;
@ -12,7 +11,7 @@ import java.security.Principal;
*/ */
@RestController @RestController
public class UserController { public class UserController {
@GetMapping("/user") @RequestMapping("/user")
public Object user(Principal user) { public Object user(Principal user) {
return user; return user;
} }

View File

@ -24,14 +24,3 @@ eureka:
serviceUrl: serviceUrl:
defaultZone: http://127.0.0.1:9000/eureka/ defaultZone: http://127.0.0.1:9000/eureka/
security:
user:
password: lengleng
name: lengleng
oauth2:
client:
client-secret: lengleng
clientId: lengleng
authorized-grant-types: password
scope: openid