Spring cloud oauth2如何搭建认证资源中心

  org.springframework.cloudspring-cloud-starter-oauth2

 /** * security配置类 */ @Configuration @EnableWebSecurity //开启web保护 @EnableGlobalMethodSecurity(prePostEnabled = true) // 开启方法注解权限配置 public class WebSecurityConfig extends WebSecurityConfigurerAdapter { @Qualifier("userDetailsServiceImpl") @Autowired private UserDetailsService userDetailsService; //配置用户签名服务,赋予用户权限等 @Override protected void configure(AuthenticationManagerBuilder auth) throws Exception { auth.userDetailsService(userDetailsService)//指定userDetailsService实现类去对应方法认 .passwordEncoder(passwordEncoder()); //指定密码加密器 } @Bean public Password<mark style="color:transparent">来源gaodaimacom搞#^代%!码&网</mark>Encoder passwordEncoder() { return new BCryptPasswordEncoder(); } //配置拦截保护请求,什么请求放行,什么请求需要验证 @Override protected void configure(HttpSecurity http) throws Exception { http.authorizeRequests() //配置所有请求开启认证 .anyRequest().permitAll() .and().httpBasic(); //启用http基础验证 } // 配置token验证管理的Bean @Override @Bean public AuthenticationManager authenticationManagerBean() throws Exception { return super.authenticationManagerBean(); } }

 /** * OAuth2授权服务器 */ @EnableAuthorizationServer //声明OAuth2认证中心 @Configuration public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter { @Autowired @Qualifier("authenticationManagerBean") private AuthenticationManager authenticationManager; @Autowired private DataSource dataSource; @Autowired private UserDetailsService userDetailsService; @Autowired private PasswordEncoder passwordEncoder; /** * 这个方法主要是用于校验注册的第三方客户端的信息，可以存储在数据库中，默认方式是存储在内存中，如下所示，注释掉的代码即为内存中存储的方式 */ @Override public void configure(ClientDetailsServiceConfigurer clients) throws Exception{ clients.inMemory() .withClient("hou") // 客户端id,必须有 .secret(passwordEncoder.encode("123456")) // 客户端密码 .scopes("server") .authorizedGrantTypes("authorization_code", "password", "refresh_token") //验证类型 .redirectUris("http://www.baidu.com"); /*redirectUris 关于这个配置项，是在 OAuth2协议中，认证成功后的回调地址，此值同样可以配置多个*/ //数据库配置,需要建表 //    clients.withClientDetails(clientDetailsService()); //    clients.jdbc(dataSource); } // 声明 ClientDetails实现 private ClientDetailsService clientDetailsService() { return new JdbcClientDetailsService(dataSource); } /** * 控制token端点信息 */ @Override public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception { endpoints.authenticationManager(authenticationManager) .tokenStore(tokenStore()) .userDetailsService(userDetailsService); } //获取token存储类型 @Bean public TokenStore tokenStore() { //return new JdbcTokenStore(dataSource); //存储mysql中 return new InMemoryTokenStore();  //存储内存中 //new RedisTokenStore(connectionFactory); //存储redis中 } //配置获取token策略和检查策略 @Override public void configure(AuthorizationServerSecurityConfigurer oauthServer) throws Exception { oauthServer.tokenKeyAccess("permitAll()") //获取token请求不进行拦截 .checkTokenAccess("isAuthenticated()") //验证通过返回token信息 .allowFormAuthenticationForClients();  // 允许 客户端使用client_id和client_secret获取token } }

 security: oauth2: resource: tokenInfoUri: http://localhost:9099/oauth/check_token preferTokenInfo: true client: client-id: hou client-secret: 123456 grant-type: password scope: server access-token-uri: http://localhost:9099/oauth/token

 /** * 资源中心配置 */ @Configuration @EnableResourceServer // 声明资源服务,即可开启token验证保护 @EnableGlobalMethodSecurity(prePostEnabled = true) // 开启方法权限注解 public class ResourceServerConfig extends ResourceServerConfigurerAdapter { @Override public void configure(HttpSecurity http) throws Exception { http.authorizeRequests() //配置所有请求不需要认证,在方法用注解定制权限 .anyRequest().permitAll(); } }

 @RestController @RequestMapping("test") public class TestController { //不需要权限 @GetMapping("/hou") public String test01(){ return "返回测试数据hou"; } @PreAuthorize("hasAnyAuthority('ROLE_USER')") //需要权限 @GetMapping("/zheng") public String test02(){ return "返回测试数据zheng"; } }