大家好,欢迎来到IT知识分享网。
auth2四种模式
关键名词
授权码模式的实现
@Resource private UserDetailsService userDetailsService; @Autowired private TokenStore tokenStore; @Autowired private WebResponseExceptionTranslator webResponseExceptionTranslator; @Autowired private RedisClientDetailsService clientDetailsService; @Autowired private RandomValueAuthorizationCodeServices authorizationCodeServices; @Autowired private TokenGranter tokenGranter; / * 配置身份认证器,配置认证方式,TokenStore,TokenGranter,OAuth2RequestFactory * @param endpoints */ @Override public void configure(AuthorizationServerEndpointsConfigurer endpoints) { //配置token存储,一般配置redis存储 endpoints.tokenStore(tokenStore) //配置认证管理器 .authenticationManager(authenticationManager) //配置用户详情server,密码模式必须 .userDetailsService(userDetailsService) //配置授权码模式授权码服务,不配置默认为内存模式 .authorizationCodeServices(authorizationCodeServices) //为了定制spring -oauth的异常处理程序你必须定义的实例WebResponseExceptionTranslator : .exceptionTranslator(webResponseExceptionTranslator) //配置grant_type模式,如果不配置则默认使用密码模式、简化模式、验证码模式以及刷新token模式,如果配置了只使用配置中,默认配置失效 //具体可以查询AuthorizationServerEndpointsConfigurer中的getDefaultTokenGranters方法 .tokenGranter(tokenGranter); } / * 配置应用名称 应用id * 配置OAuth2的客户端相关信息 * @param clients * @throws Exception */ @Override public void configure(ClientDetailsServiceConfigurer clients) throws Exception { clients.withClientDetails(clientDetailsService); clientDetailsService.loadAllClientToCache(); } / * 对应于配置AuthorizationServer安全认证的相关信息,创建ClientCredentialsTokenEndpointFilter核心过滤器 * @param security */ @Override public void configure(AuthorizationServerSecurityConfigurer security) { security .tokenKeyAccess("isAuthenticated()") .checkTokenAccess("permitAll()") //让/oauth/token支持client_id以及client_secret作登录认证 .allowFormAuthenticationForClients(); } @Resource private AuthenticationEntryPoint authenticationEntryPoint; @Resource private OAuth2WebSecurityExpressionHandler expressionHandler; @Resource private OAuth2AccessDeniedHandler oAuth2AccessDeniedHandler; @Autowired private SecurityProperties securityProperties; @Override public void configure(ResourceServerSecurityConfigurer resources) { resources.tokenStore(tokenStore) .stateless(true) .authenticationEntryPoint(authenticationEntryPoint) .expressionHandler(expressionHandler) .accessDeniedHandler(oAuth2AccessDeniedHandler); } @Override public void configure(HttpSecurity http) throws Exception { ExpressionUrlAuthorizationConfigurer<HttpSecurity>.AuthorizedUrl authorizedUrl = setHttp(http) .authorizeRequests() .antMatchers(securityProperties.getIgnore().getUrls()).permitAll() .antMatchers(HttpMethod.OPTIONS).permitAll() .anyRequest(); setAuthenticate(authorizedUrl); http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED) .and() .httpBasic().disable() .headers() .frameOptions().disable() .and() .csrf().disable(); } / * url权限控制,默认是认证就通过,可以重写实现个性化 * @param authorizedUrl */ public HttpSecurity setAuthenticate(ExpressionUrlAuthorizationConfigurer<HttpSecurity>.AuthorizedUrl authorizedUrl) { return authorizedUrl.authenticated().and(); } / * 留给子类重写扩展功能 * @param http */ public HttpSecurity setHttp(HttpSecurity http) { return http; } }
免责声明:本站所有文章内容,图片,视频等均是来源于用户投稿和互联网及文摘转载整编而成,不代表本站观点,不承担相关法律责任。其著作权各归其原作者或其出版社所有。如发现本站有涉嫌抄袭侵权/违法违规的内容,侵犯到您的权益,请在线联系站长,一经查实,本站将立刻删除。 本文来自网络,若有侵权,请联系删除,如若转载,请注明出处:https://haidsoft.com/120379.html
