青锋开源架构-springboot2.6.x+vue3-antdesign-vite之springboot整合springsecurity
1、加入springsecurity依赖<!--security依赖--><dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-security</artifactId></dependency>
·
框架开源地址:
1、加入springsecurity依赖
<!--security依赖-->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<!--oauth2依赖-->
<dependency>
<groupId>org.springframework.security.oauth</groupId>
<artifactId>spring-security-oauth2</artifactId>
<version>2.3.4.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-jwt</artifactId>
<version>1.1.1.RELEASE</version>
</dependency>
2、创建认证服务类
认证服务器需要创建三大配置:
认证令牌存储redis
在认证服务中,tokenStore使用的是RedisTokenStore,认证服务器生成的令牌将被存储到Redis中。此处我们需要引入redis用于存储认证服务的令牌token。
- 认证服务配置:负责发放、校验令牌是否正确
- 资源服务配置:这一项是可选的,因为认证服务器同样也可以是一个资源服务器。
- WebSecurity配置:Security配置,主要处理除资源服务外的其他服务请求以及验证token的授权信息。
我们先创建认证服务类AuthorizationServerConfigure: -
package com.qingfeng.auth.configure; import com.qingfeng.auth.service.UserDetailServiceImpl; import com.qingfeng.auth.translator.MyWebResponseExceptionTranslator; import com.qingfeng.framework.properties.AuthProperties; import com.qingfeng.framework.properties.ClientsProperties; import org.apache.commons.lang3.ArrayUtils; import org.apache.commons.lang3.StringUtils; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.data.redis.connection.RedisConnectionFactory; import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.crypto.password.PasswordEncoder; import org.springframework.security.oauth2.config.annotation.builders.InMemoryClientDetailsServiceBuilder; import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer; import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter; import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer; import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer; import org.springframework.security.oauth2.provider.token.DefaultAccessTokenConverter; import org.springframework.security.oauth2.provider.token.DefaultUserAuthenticationConverter; import org.springframework.security.oauth2.provider.token.TokenStore; import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter; import org.springframework.security.oauth2.provider.token.store.JwtTokenStore; /** * @title: AuthorizationServerConfigure * @projectName: AuthorizationServerConfigure * @description: TODO * @author: Administrator * @date: 2021/2/21 0021 21:51 */ @Configuration @EnableAuthorizationServer public class AuthorizationServerConfigure extends AuthorizationServerConfigurerAdapter { @Autowired private AuthenticationManager authenticationManager; @Autowired private RedisConnectionFactory redisConnectionFactory; @Autowired private UserDetailServiceImpl userDetailService; @Autowired private PasswordEncoder passwordEncoder; @Autowired private AuthProperties authProperties; @Autowired private MyWebResponseExceptionTranslator exceptionTranslator; // @Override // public void configure(ClientDetailsServiceConfigurer clients) throws Exception { // clients.inMemory() // .withClient("qingfeng") // .secret(passwordEncoder.encode("123456")) // .authorizedGrantTypes("password", "refresh_token") // .scopes("all"); // } @Override public void configure(ClientDetailsServiceConfigurer clients) throws Exception { ClientsProperties[] clientsArray = authProperties.getClients(); InMemoryClientDetailsServiceBuilder builder = clients.inMemory(); if (ArrayUtils.isNotEmpty(clientsArray)) { for (ClientsProperties client : clientsArray) { if (StringUtils.isBlank(client.getClient())) { throw new Exception("client不能为空"); } if (StringUtils.isBlank(client.getSecret())) { throw new Exception("secret不能为空"); } String[] grantTypes = StringUtils.splitByWholeSeparatorPreserveAllTokens(client.getGrantType(), ","); builder.withClient(client.getClient()) .secret(passwordEncoder.encode(client.getSecret())) .authorizedGrantTypes(grantTypes) .scopes(client.getScope()) .accessTokenValiditySeconds(authProperties.getAccessTokenValiditySeconds()) .refreshTokenValiditySeconds(authProperties.getRefreshTokenValiditySeconds()); } } } @Override public void configure(AuthorizationServerEndpointsConfigurer endpoints) { endpoints.tokenStore(tokenStore()) .accessTokenConverter(jwtAccessTokenConverter()) .userDetailsService(userDetailService) .authenticationManager(authenticationManager) // .tokenServices(defaultTokenServices()) .exceptionTranslator(exceptionTranslator); } @Bean public TokenStore tokenStore() { // return new RedisTokenStore(redisConnectionFactory); return new JwtTokenStore(jwtAccessTokenConverter()); } // @Primary // @Bean // public DefaultTokenServices defaultTokenServices() { // DefaultTokenServices tokenServices = new DefaultTokenServices(); // tokenServices.setTokenStore(tokenStore()); // tokenServices.setSupportRefreshToken(true); tokenServices.setAccessTokenValiditySeconds(60 * 60 * 24); tokenServices.setRefreshTokenValiditySeconds(60 * 60 * 24 * 7); // tokenServices.setAccessTokenValiditySeconds(authProperties.getAccessTokenValiditySeconds()); // tokenServices.setRefreshTokenValiditySeconds(authProperties.getRefreshTokenValiditySeconds()); // return tokenServices; // } @Bean public JwtAccessTokenConverter jwtAccessTokenConverter() { JwtAccessTokenConverter accessTokenConverter = new JwtAccessTokenConverter(); DefaultAccessTokenConverter defaultAccessTokenConverter = (DefaultAccessTokenConverter) accessTokenConverter.getAccessTokenConverter(); DefaultUserAuthenticationConverter userAuthenticationConverter = new DefaultUserAuthenticationConverter(); userAuthenticationConverter.setUserDetailsService(userDetailService); defaultAccessTokenConverter.setUserTokenConverter(userAuthenticationConverter); accessTokenConverter.setSigningKey("qingfeng"); return accessTokenConverter; } }
我们来介绍下认证服务类,首先@EnableAuthorizationServer表示开始认证服务。而且继承了AuthorizationServerConfigurerAdapter适配器,AuthorizationServerConfigurerAdapter包含了3个方法:
public class AuthorizationServerConfigurerAdapter implements AuthorizationServerConfigurer { public AuthorizationServerConfigurerAdapter() { } public void configure(AuthorizationServerSecurityConfigurer security) throws Exception { } public void configure(ClientDetailsServiceConfigurer clients) throws Exception { } public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception { } }
分别用于配置令牌端点的安全约束、客户端信息、配置令牌端点的安全约束
这也是我们AuthorizationServerConfigure类的骨架,其他代码都是围绕这3个方法产生的,都有注解说明。
接下来我们分别介绍下以下几个Bean: - passwordEncoder:定义加密算法
- tokenStore:定义token存储方式
- clientDetailsService:定义客户端client信息
更多推荐
已为社区贡献2条内容
所有评论(0)