SpringCloudOAuth2案例
案例分析
⾸先来看案例的架构设计,在这个案例中有3个⼯程,分别是服务注册中⼼⼯程eureka-rver、授权中⼼Uaa⼯程auth-rvice和资源⼯程rvice-hi,如图:
⾸先,浏览器向auth-rvice 服务器提供客户端信息、⽤户名和密码,请求获取Token。auth-rvice确认这些信息⽆误后,根据该⽤户的信息⽣成Token并返回给浏览器。浏览器在以后的每次请求都需要携带Token给资源服务rvice-hi,资源服务器获取到请求携带的Token 后,通过远程调度将Token给授权服务auth-rvice确认。auth-rvice确认Token正确⽆误后,将该Token对应的⽤户的权限信息返回给资源服务rvice-hi。如果该Token对应的⽤户具有访问该API接⼝的权限,就正常返回请求结果,否则返回权限不⾜的错误提⽰。
编写Eureka Sever:
依赖:
<dependencies>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-eureka-rver</artifactId>
</dependency>
</dependencies>
配置:
水浒传读书笔记摘抄好词好句curity:
ur:
查找我的iphonename: eureka-rver
eureka:
instance:
hostname: localhost
client:
register-with-eureka:fal
fetch-registry:fal
rvice-url:
defaultZone: ${eureka.instance.hostname}:${rver.port}/eureka/
启动类:
@SpringBootApplication
@EnableEurekaServer
public class EurekaServerApplication {
public static void main(String[] args){
SpringApplication.run(EurekaServerApplication.class, args);
}
}问候语图片
编写Uaa授权服务:
在主Maven⼯程下创建-⼀个Module⼯程,取名为auth-rvice, 作为Uaa服务(授权服务),在auth-rvice⼯程的pom⽂件⾥引⼊⼯程所需的依赖,代码如下:
<dependencies>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-oauth2</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-jpa</artifactId>
</dependency>
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-eureka</artifactId>
</dependency>
</dependencies>
其中,spring-cloud-starter-oauth2 是对spring-cloud-starter-curity、 spring- curity-oauth2和spring-curity-jwt这3个起步依赖的整合。在⼯程中使⽤了MySQL数据库,引⼊了MySQL的连接驱动依赖mysql-connector-java和JPA的起步依赖spring-boot-starter- data-jpa。在⼯程中使⽤了Web功能,引⼊了Web的起步依赖spring -boot starter- web。这个⼯程作为Eureka Client,引⼊了Eureka 的起步依赖spring-cloud-starter-eurekao
配置:
context-path:/uaa
spring:
application:
name: rvice-auth
datasource:
driver-class-name: sql.jdbc.Driver
url: jdbc:mysql://localhost:3306/auth?uUnicode=true&characterEncoding=utf8&characterSetResults=utf8
唐雎不辱使命原文及翻译
urname: root
password:123456
jpa:
hibernate:
ddl-auto: update
show-sql:true
curity:
oauth2:
resource:
filter-order:3
eureka:
client:
rvice-url:
defaultZone: localhost:8761/eureka/
在上⾯的配置中,配置了程序名为rvice -auth,程序的端⼝号为5000, context-path为“/uaa";配置了MySQL 数据库的相关配置,包括数据源、⽤户和密码,其中数据库名为spring-cloud-auth,需要初始化12.3.1节的数据库脚本;使⽤JPA作为ORM框架,并对JPA做了相关的配置;配置了服务注册中⼼的地址为htp://ocalhost:8761/eureka/; 配置curity.oauth2 resource.filter-order为3,在Spring Boot 1.5.x版本,这是固定写法,在Spring Boot 1.5.x版本之前,默认即可。
配置Spring Security
由于auth-rvice需要对外暴露检查Token的API接⼝,所以auth-rvice也是⼀个资源服务,需要在⼯程中引⼊Spring Security,并做相关的配置,对auth-rvice资源进⾏保护。配置代码如下:
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled =true)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
UrDetailsService urDetailsService;
@Override
protected void configure(HttpSecurity http)throws Exception {
http.authorizeRequests().anyRequest().authenticated()
.and()
.csrf().disable();
}
@Override
protected void configure(AuthenticationManagerBuilder auth)throws Exception {
auth.urDetailsService(urDetailsService).passwordEncoder(new BCryptPasswordEncoder());
}
@Override
@Bean
public AuthenticationManager authenticationManagerBean()throws Exception {
return super.authenticationManagerBean();
}澄清湖
}
WebScurityConfig类通过@EnableWebSecurity注解开启Web保护功能,通过@EnableGlobalMethod
Security注解开启在⽅法上的保护功能。WebSecurityConfig 类继承了WebSecurity-ConfigurerAdapter类,并复写了以下3个⽅法来做相关的配置.
configure(HttpSecurity http):HttpSecurity 中配置了所有的请求都需要安全验证
configure(AuthenticationManagerBuilder auth);:AuthenticationManagerBuilder 中配置了验证的⽤户信息源和密码加密的策略,并且向IoC容器注⼊AuthenticationManager对象。这需要在OAuth2中配置,因为在OAuth2中配置了
AuthenticationManager,密码验证才会开启。在本例中,采⽤的是密码验证。
authenticationManagerBean():配置了验证管理的Bean。
UrService:
@Service
围棋起源
public class UrService implements UrDetailsService {
@Autowired
UrDao urRepository;
@Override
public UrDetails loadUrByUrname(String s)throws UrnameNotFoundException {
return urRepository.findByUrname(s);
}
}
UrDao:
public interface UrDao extends JpaRepository<Ur, Long>{
Ur findByUrname(String urname);
}
Ur:
@Entity
public class Ur implements UrDetails, Serializable {
@Id
@GeneratedValue(strategy = GenerationType.IDENTITY)
private Long id;
@Column(nullable =fal, unique =true)
private String urname;
@Column
private String password;
@ManyToMany(cascade = CascadeType.ALL, fetch = FetchType.EAGER)
怀孕可以喝酸奶吗@JoinTable(name ="ur_role", joinColumns =@JoinColumn(name ="ur_id", referencedColumnName ="id"),
inverJoinColumns =@JoinColumn(name ="role_id", referencedColumnName ="id"))
private List<Role> authorities;
public Ur(){
}
public Long getId(){
return id;
}
public void tId(Long id){
this.id = id;
}
public void tUrname(String urname){
this.urname = urname;
}
public void tPassword(String password){
this.password = password;
}
public void tAuthorities(List<Role> authorities){
this.authorities = authorities;
}
@Override
public Collection<?extends GrantedAuthority>getAuthorities(){ return authorities;
}
@Override
public String getPassword(){
return password;
}
@Override
public String getUrname(){
return urname;
}
@Override
public boolean isAccountNonExpired(){
return true;
}
@Override
public boolean isAccountNonLocked(){
return true;
}
@Override
public boolean isCredentialsNonExpired(){
return true;
}
@Override
public boolean isEnabled(){
金五行属什么
return true;
}
}
Role:
