From 490dbd16cf89c1543430d25e6b8d814a86ba92f4 Mon Sep 17 00:00:00 2001 From: kdyzm Date: Mon, 11 Jan 2021 17:41:58 +0800 Subject: [PATCH] =?UTF-8?q?client=E4=BF=A1=E6=81=AF=E4=BF=9D=E5=AD=98?= =?UTF-8?q?=E5=88=B0=E6=95=B0=E6=8D=AE=E5=BA=93=EF=BC=9B=E6=8E=88=E6=9D=83?= =?UTF-8?q?=E7=A0=81=E4=BF=9D=E5=AD=98=E5=88=B0=E6=95=B0=E6=8D=AE=E5=BA=93?= =?UTF-8?q?=EF=BC=9B=E4=BF=AE=E6=94=B9=E8=B5=84=E6=BA=90=E6=9C=8D=E5=8A=A1?= =?UTF-8?q?=E8=B5=84=E6=BA=90id?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- auth-center/docs/sql/init.sql | 41 +++++++++++++++++++ .../center/config/AuthorizationServer.java | 41 ++++++++++++++----- .../auth/center/config/WebSecurityConfig.java | 6 +-- .../src/main/resources/application.yml | 4 +- .../server/config/ResouceServerConfig.java | 4 +- 5 files changed, 78 insertions(+), 18 deletions(-) diff --git a/auth-center/docs/sql/init.sql b/auth-center/docs/sql/init.sql index 3f2fe4f..dc7a682 100644 --- a/auth-center/docs/sql/init.sql +++ b/auth-center/docs/sql/init.sql @@ -16,6 +16,47 @@ CREATE DATABASE /*!32312 IF NOT EXISTS*/`security` /*!40100 DEFAULT CHARACTER SE USE `security`; +/*Table structure for table `oauth_client_details` */ + +DROP TABLE IF EXISTS `oauth_client_details`; + +CREATE TABLE `oauth_client_details` ( + `client_id` varchar(255) NOT NULL COMMENT '客户端标识', + `resource_ids` varchar(255) DEFAULT NULL COMMENT '接入资源列表', + `client_secret` varchar(255) DEFAULT NULL COMMENT '客户端秘钥', + `scope` varchar(255) DEFAULT NULL, + `authorized_grant_types` varchar(255) DEFAULT NULL, + `web_server_redirect_uri` varchar(255) DEFAULT NULL, + `authorities` varchar(255) DEFAULT NULL, + `access_token_validity` int(11) DEFAULT NULL, + `refresh_token_validity` int(11) DEFAULT NULL, + `additional_information` longtext, + `create_time` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP, + `archived` tinyint(4) DEFAULT NULL, + `trusted` tinyint(4) DEFAULT NULL, + `autoapprove` varchar(255) DEFAULT NULL, + PRIMARY KEY (`client_id`) USING BTREE +) ENGINE=InnoDB DEFAULT CHARSET=utf8 ROW_FORMAT=DYNAMIC COMMENT='接入客户端信息'; + +/*Data for the table `oauth_client_details` */ + +insert into `oauth_client_details`(`client_id`,`resource_ids`,`client_secret`,`scope`,`authorized_grant_types`,`web_server_redirect_uri`,`authorities`,`access_token_validity`,`refresh_token_validity`,`additional_information`,`create_time`,`archived`,`trusted`,`autoapprove`) values +('c1','res1','$2a$10$Tq3x4CjWgd5Fz92v.FvRoOQTnsG8eIlNj7dfHTD/ZQ28XfdbNuA/S','ROLE_ADMIN,ROLE_USER,ROLE_API','client_credentials,password,authorization_code,implicit,refresh_token','https://www.baidu.com',NULL,7200,259200,NULL,'2021-01-11 09:09:53',0,0,'false'), +('c2','res2','$2a$10$a3SXX5msIFfb2UlN65WrUuZVZCgSqp3ZynnOUq.MJHuSyH7QndJeW','ROLE_API','client_credentials,password,authorization_code,implicit,refresh_token','https://www.baidu.com',NULL,31536000,2592000,NULL,'2021-01-11 09:09:56',0,0,'false'); + +/*Table structure for table `oauth_code` */ + +DROP TABLE IF EXISTS `oauth_code`; + +CREATE TABLE `oauth_code` ( + `create_time` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP, + `code` varchar(255) DEFAULT NULL, + `authentication` blob, + KEY `code_index` (`code`) USING BTREE +) ENGINE=InnoDB DEFAULT CHARSET=utf8 ROW_FORMAT=COMPACT; + +/*Data for the table `oauth_code` */ + /*Table structure for table `t_permission` */ DROP TABLE IF EXISTS `t_permission`; diff --git a/auth-center/src/main/java/com/kdyzm/spring/security/auth/center/config/AuthorizationServer.java b/auth-center/src/main/java/com/kdyzm/spring/security/auth/center/config/AuthorizationServer.java index 030c7bf..e8cfee4 100644 --- a/auth-center/src/main/java/com/kdyzm/spring/security/auth/center/config/AuthorizationServer.java +++ b/auth-center/src/main/java/com/kdyzm/spring/security/auth/center/config/AuthorizationServer.java @@ -6,17 +6,21 @@ import org.springframework.context.annotation.Configuration; import org.springframework.http.HttpMethod; import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; +import org.springframework.security.crypto.password.PasswordEncoder; import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer; import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter; import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer; import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer; import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer; import org.springframework.security.oauth2.provider.ClientDetailsService; +import org.springframework.security.oauth2.provider.client.JdbcClientDetailsService; import org.springframework.security.oauth2.provider.code.AuthorizationCodeServices; import org.springframework.security.oauth2.provider.code.InMemoryAuthorizationCodeServices; +import org.springframework.security.oauth2.provider.code.JdbcAuthorizationCodeServices; import org.springframework.security.oauth2.provider.token.*; import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter; +import javax.sql.DataSource; import java.util.Arrays; import java.util.Collections; @@ -42,6 +46,15 @@ public class AuthorizationServer extends AuthorizationServerConfigurerAdapter { @Autowired private JwtAccessTokenConverter jwtAccessTokenConverter; + @Autowired + private PasswordEncoder passwordEncoder; + + //密码编码器 + @Bean + public PasswordEncoder passwordEncoder() { + return new BCryptPasswordEncoder(); + } + @Bean public AuthorizationServerTokenServices tokenServices(){ DefaultTokenServices services = new DefaultTokenServices(); @@ -58,20 +71,28 @@ public class AuthorizationServer extends AuthorizationServerConfigurerAdapter { } @Bean - public AuthorizationCodeServices authorizationCodeServices(){ - return new InMemoryAuthorizationCodeServices(); + public AuthorizationCodeServices authorizationCodeServices(DataSource dataSource){ + return new JdbcAuthorizationCodeServices(dataSource); + } + + @Bean + public ClientDetailsService clientDetailsService(DataSource dataSource) { + JdbcClientDetailsService clientDetailsService = new JdbcClientDetailsService(dataSource); + clientDetailsService.setPasswordEncoder(passwordEncoder); + return clientDetailsService; } @Override public void configure(ClientDetailsServiceConfigurer clients) throws Exception { - clients.inMemory() - .withClient("c1") - .secret(new BCryptPasswordEncoder().encode("secret"))//$2a$10$0uhIO.ADUFv7OQ/kuwsC1.o3JYvnevt5y3qX/ji0AUXs4KYGio3q6 - .resourceIds("r1") - .authorizedGrantTypes("authorization_code", "password", "client_credentials", "implicit", "refresh_token") - .scopes("all") - .autoApprove(false) - .redirectUris("https://www.baidu.com"); + clients.withClientDetails(clientDetailsService); +// clients.inMemory() +// .withClient("c1") +// .secret(new BCryptPasswordEncoder().encode("secret"))//$2a$10$0uhIO.ADUFv7OQ/kuwsC1.o3JYvnevt5y3qX/ji0AUXs4KYGio3q6 +// .resourceIds("r1") +// .authorizedGrantTypes("authorization_code", "password", "client_credentials", "implicit", "refresh_token") +// .scopes("all") +// .autoApprove(false) +// .redirectUris("https://www.baidu.com"); } @Override diff --git a/auth-center/src/main/java/com/kdyzm/spring/security/auth/center/config/WebSecurityConfig.java b/auth-center/src/main/java/com/kdyzm/spring/security/auth/center/config/WebSecurityConfig.java index 79b5e80..b483e5e 100644 --- a/auth-center/src/main/java/com/kdyzm/spring/security/auth/center/config/WebSecurityConfig.java +++ b/auth-center/src/main/java/com/kdyzm/spring/security/auth/center/config/WebSecurityConfig.java @@ -24,14 +24,10 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter { //认证管理器 @Bean + @Override public AuthenticationManager authenticationManagerBean() throws Exception { return super.authenticationManagerBean(); } - //密码编码器 - @Bean - public PasswordEncoder passwordEncoder() { - return new BCryptPasswordEncoder(); - } //安全拦截机制(最重要) @Override diff --git a/auth-center/src/main/resources/application.yml b/auth-center/src/main/resources/application.yml index 5a0be0d..8aca121 100644 --- a/auth-center/src/main/resources/application.yml +++ b/auth-center/src/main/resources/application.yml @@ -11,4 +11,6 @@ spring: thymeleaf: prefix: classpath:/templates/ suffix: .html - cache: false \ No newline at end of file + cache: false + main: + allow-bean-definition-overriding: true \ No newline at end of file diff --git a/resource-server/src/main/java/com/kdyzm/spring/security/oauth/study/resource/server/config/ResouceServerConfig.java b/resource-server/src/main/java/com/kdyzm/spring/security/oauth/study/resource/server/config/ResouceServerConfig.java index d86ff35..95fe33b 100644 --- a/resource-server/src/main/java/com/kdyzm/spring/security/oauth/study/resource/server/config/ResouceServerConfig.java +++ b/resource-server/src/main/java/com/kdyzm/spring/security/oauth/study/resource/server/config/ResouceServerConfig.java @@ -20,7 +20,7 @@ import org.springframework.security.oauth2.provider.token.TokenStore; @EnableResourceServer public class ResouceServerConfig extends ResourceServerConfigurerAdapter { - private static final String RESOURCE_ID= "r1"; + private static final String RESOURCE_ID= "res1"; @Autowired private TokenStore tokenStore; @@ -51,7 +51,7 @@ public class ResouceServerConfig extends ResourceServerConfigurerAdapter { public void configure(HttpSecurity http) throws Exception { http .authorizeRequests() - .antMatchers("/**").access("#oauth2.hasScope('all')") + .antMatchers("/**").access("#oauth2.hasScope('ROLE_ADMIN')") .and() .csrf().disable() .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.NEVER); -- Gitee