//授权服务器配置 @configuration @enableauthorizationserver public class oauth2authorizationserver extends authorizationserverconfigureradapter { @override public void configure(clientdetailsserviceconfigurer clients) throws exception { clients.inmemory() .withclient("clientapp") .secret("112233") .redirecturis("http://localhost:9001/callback") // 授权码模式 .authorizedgranttypes("authorization_code") .scopes("read_userinfo", "read_contacts"); } }
//资源服务配置 @configuration @enableresourceserver public class oauth2resourceserver extends resourceserverconfigureradapter { @override public void configure(httpsecurity http) throws exception { http.authorizerequests() .anyrequest() .authenticated() .and() .requestmatchers() .antmatchers("/api/**"); } }
http://localhost:8080/oauth/authorize?client_id=clientapp&redirect_uri=http://localhost:9001/callback&response_type=code&scope=read_userinfo
# spring security setting security.user.name=bobo security.user.password=xyz
http://www.lhsxpumps.com/_localhost:8080/oauth/token?code=ghn0hf&grant_type=authorization_code&redirect_uri=http://localhost:9001/callback&scope=read_userinfo
注意:需要在headers里添加认证
认证参数就是授权服务器配置的client和secret
http://www.lhsxpumps.com/_localhost:8080/api/userinfo?access_token=f4345f3a-34a3-4887-bc02-e95150c54bf4
如果token错误,则
@configuration @enableauthorizationserver public class oauth2authoriationserver extends authorizationserverconfigureradapter{ @override public void configure(clientdetailsserviceconfigurer clients) throws exception { clients.inmemory() .withclient("clientapp") .secret("112233") .accesstokenvalidityseconds(60) .redirecturis("http://localhost:9001/callback") .authorizedgranttypes("implicit") .scopes("admin", "visitor"); } }
http://www.lhsxpumps.com/_localhost:8080/oauth/authorize?client_id=clientapp&redirect_uri=http://localhost:9001/callback&response_type=token&scope=admin&state=abc
注意:因为access token是附着在 redirect_uri 上面被返回的,所以这个 access token就可能会暴露给资源所有者或者设置内的其它方(对资源所有者来说,可以看到redirect_uri,对其它方来说,可以通过监测浏览器的地址变化来得到 access token)。
// 授权服务器配置 @configuration @enableauthorizationserver public class oauth2authoriationserver extends authorizationserverconfigureradapter{ @autowired private authenticationmanager authenticationmanager; @override public void configure(authorizationserverendpointsconfigurer endpoints) throws exception { endpoints.authenticationmanager(authenticationmanager); } @override public void configure(clientdetailsserviceconfigurer clients) throws exception { clients.inmemory() .withclient("clientapp") .secret("112233") .accesstokenvalidityseconds(60) .redirecturis("http://localhost:9001/callback") .authorizedgranttypes("password") .scopes("admin", "visitor"); } }
http://www.lhsxpumps.com/_localhost:8080/oauth/token?password=123456&grant_type=password&redirect_uri=http://localhost:9001/callback&username=lll&scope=admin
注意:和授权码模式一样,需要在headers里添加认证
结果:
获取token后,步骤同1.1和1.2模式
http://www.lhsxpumps.com/_localhost:8080/oauth/token?grant_type=client_credentials&scope=admin
http://www.lhsxpumps.com/_localhost:8080/oauth/token?grant_type=refresh_token&refresh_token=ad3941d1-c6dd-4a2e-a9c8-eac6a9a59dd2
参考 https://www.cnblogs.com/maoxiaolv/p/5838680.html
代码学习地址 https://github.com/spring2go/oauth2lab
如对本文有疑问, 点击进行留言回复!!
[JVM学习之路]一、初识JVM,了解其结构、模型及生命周期
【JAVA并发编程】LinkedBlockingQueue原理
网友评论