什么是oauth2
OAuth 2.0 是一個授權協議,它允許軟體應用代表(而不是充當)資源擁有者去訪問資源擁有者的資源,應用向資源擁有者請求授權,然后取得令牌(token),并用它來訪問資源,并且資源擁有者不用向應用提供用戶名和密碼等敏感資料,
當前有一個開放介面 該介面
會被非常多的商戶端來呼叫
管理商戶端
開放介面平臺設計
第三方支付介面 或者 第三方知名平臺介面
微信 支付寶 等,
流程
1.申請一個appid 和 秘鑰
Appid=QQ賬戶—終生無法變化
Apppwd改===QQ密碼
2.appid 和密碼 獲取token
3.需要使用該token呼叫介面
4.Token 臨時且唯一 2個小時 8個小時
Token 失效----重繪token
Oauth角色劃分
1、Resource Server:被授權訪問的資源
2、Authotization Server:OAUTH2認證授權中心
3、Resource Owner: 用戶
4、Client:使用API的合作伙伴
整合代碼
1. Authotization Server:OAUTH2認證授權中心模塊
<dependencies>
<!-- SpringBoot整合Web組件 -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
</dependency>
<!-- springboot整合freemarker -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-freemarker</artifactId>
</dependency>
<!-->spring-boot 整合security -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<!-- Spring Security OAuth2 -->
<dependency>
<groupId>org.springframework.security.oauth</groupId>
<artifactId>spring-security-oauth2</artifactId>
<version>2.2.1.RELEASE</version>
</dependency>
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt</artifactId>
<version>0.6.0</version>
</dependency>
<dependency>
<groupId>com.alibaba</groupId>
<artifactId>fastjson</artifactId>
<version>1.2.62</version>
</dependency>
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-lang3</artifactId>
</dependency>
</dependencies>
security認證 里面認證用戶名和密碼
@Component
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
/**
* 需要填寫 認證賬戶 mayikt
*
* @param auth
* @throws Exception
*/
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication()
.withUser("mayikt")
.password(passwordEncoder().encode("mayikt"))
.authorities("/*");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.anyRequest().authenticated() //所有請求都需要通過認證
.and()
.httpBasic() //Basic登錄
.and()
.csrf().disable(); //關跨域保護
}
}
認證授權Server端 需提供appId,密鑰,回呼地址 ,資源Id
/**
* 認證授權Server端
*/
@Component
@EnableAuthorizationServer
public class AuthorizationConfig extends AuthorizationServerConfigurerAdapter {
@Autowired
private PasswordEncoder passwordEncoder;
@Override
public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
//允許表單提交
security.allowFormAuthenticationForClients()
.checkTokenAccess("permitAll()");
}
/**
* appid mayikt secret= 123456
*
* @param clients
* @throws Exception
*/
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients.inMemory()
// appid 表里取 這里寫死
.withClient("appId")
// 密鑰 表里取 這里寫死
.secret(passwordEncoder.encode("123456"))
// 授權碼
.authorizedGrantTypes("authorization_code")
// 作用域
.scopes("all")
// 資源的id 表里取 這里寫死
.resourceIds("mayikt_resource")
// 回呼地址 表里取 這里寫死
.redirectUris("http://www.mayikt.com/callback");
}
}
獲取access_token步驟
1. 獲取授權碼
http://localhost:8080/oauth/authorize?client_id=appId&response_type=code
通過訪問這個地址獲取授權碼 ,client_id值為
訪問介面填寫賬戶和密碼
訪問成功后通過回呼地址獲取授權碼
2.根據授權碼獲取accessToken
http://localhost:8080/oauth/token?code=6s9qUj&grant_type=authorization_code&redirect_uri=http://www.mayikt.com/callback&scope=all
redirect_uri:回呼地址
code:授權碼
通過postman post請求 填寫appid和密鑰就可以獲取token
2. Resource Server:被授權訪問的資源
<dependencies>
<!-- SpringBoot整合Web組件 -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
</dependency>
<!-- springboot整合freemarker -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-freemarker</artifactId>
</dependency>
<!-->spring-boot 整合security -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<!-- Spring Security OAuth2 -->
<dependency>
<groupId>org.springframework.security.oauth</groupId>
<artifactId>spring-security-oauth2</artifactId>
<version>2.2.1.RELEASE</version>
</dependency>
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt</artifactId>
<version>0.6.0</version>
</dependency>
<dependency>
<groupId>com.alibaba</groupId>
<artifactId>fastjson</artifactId>
<version>1.2.62</version>
</dependency>
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-lang3</artifactId>
</dependency>
</dependencies>
資源Server端
/**
* 資源Server端
*/
@Configuration
@EnableResourceServer
public class ResourceConfig extends ResourceServerConfigurerAdapter {
//appID
private String mayiktAppId ="appId";
//密鑰
private String mayiktAppSecret ="123456";
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
@Primary
@Bean
public RemoteTokenServices remoteTokenServices() {
final RemoteTokenServices tokenServices = new RemoteTokenServices();
//設定授權服務器check_token端點完整地址
tokenServices.setCheckTokenEndpointUrl("http://localhost:8080/oauth/check_token");
//設定客戶端id與secret,注意:client_secret值不能使用passwordEncoder加密!
tokenServices.setClientId(mayiktAppId);
tokenServices.setClientSecret(mayiktAppSecret);
return tokenServices;
}
@Override
public void configure(HttpSecurity http) throws Exception {
//設定創建session策略
http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED);
//@formatter:off
//所有請求必須授權
http.authorizeRequests().anyRequest().authenticated();
//@formatter:on
}
@Override
public void configure(ResourceServerSecurityConfigurer resources) {
resources.resourceId("mayikt_resource").stateless(true);
}
}
@RestController
public class MemberService {
@GetMapping("/getMember")
public String getMember() {
return "我是會員服務介面";
}
}
帶上token訪問成功
轉載請註明出處,本文鏈接:https://www.uj5u.com/qita/333581.html
標籤:其他
上一篇:常用的四種免費證書申請方式
下一篇:1226-哲學家進餐