继承AuthorizationServerConfigurerAdapter方法的配置
@Configuration
@EnableAuthorizationServer
public class Oauth2ServerConfig extends AuthorizationServerConfigurerAdapter {
@Autowired
private BCryptPasswordEncoder bCryptPasswordEncoder; //加密
@Autowired
private UserServiceImpl userDetailsService; //加载用户信息
@Autowired
private AuthenticationManager authenticationManager; //认证管理器
@Autowired
private TokenStore tokenStore; //JWT令牌存储方案
@Autowired
private DataSource dataSource; //数据源,用于从数据库获取数据进行认证操作,测试可以从内存中获取
@Autowired
private JwtTokenEnhancer jwtTokenEnhancer; //jwt设置需要的字段
@Autowired
private JwtAccessTokenConverter jwtAccessTokenConverter; //jks公钥
@Autowired
private AuthorizationCodeServices authorizationCodeServices; //授权码
@Autowired
private ClientDetailsService clientDetailsService; //将客户端client id secret这些信息存储到数据库
@Bean //设置授权码模式的授权码如何存取
public AuthorizationCodeServices authorizationCodeServices(DataSource dataSource) {
return new JdbcAuthorizationCodeServices(dataSource);
}
@Bean //客户端配置,将客户端client id secret这些信息存储到数据库
public ClientDetailsService clientDetailsService() {
return new JdbcClientDetailsService(dataSource);
}
@Bean //令牌管理服务
public AuthorizationServerTokenServices tokenService() {
//jwt令牌内容增强
TokenEnhancerChain enhancerChain = new TokenEnhancerChain();
List<TokenEnhancer> delegates = new ArrayList<>();
delegates.add(jwtTokenEnhancer);
delegates.add(jwtAccessTokenConverter);
enhancerChain.setTokenEnhancers(delegates); //配置JWT的内容增强器
// 配置tokenServices参数
DefaultTokenServices service=new DefaultTokenServices();
service.setClientDetailsService(clientDetailsService); //客户端详情服务
service.setSupportRefreshToken(true); //支持刷新令牌
service.setTokenStore(tokenStore); //令牌存储,把access_token和refresh_token保存到数据库
service.setTokenEnhancer(enhancerChain); //配置JWT的内容增强
service.setAccessTokenValiditySeconds(7200); // 令牌默认有效期2小时
service.setRefreshTokenValiditySeconds(259200); // 刷新令牌默认有效期3天
return service;
}
@Override
public void configure(ClientDetailsServiceConfigurer clientsDetails) throws Exception {
//从数据库加载认证信息
clientsDetails.withClientDetails(clientDetailsService);
/* // 测试用,将客户端信息存储在内存中
clientsDetails.inMemory()
.withClient("client") // client_id
.secret(bCryptPasswordEncoder.encode("123456")) // client_secret
.authorizedGrantTypes("password", "authorization_code", "refresh_token") // 该client允许的授权类型
.scopes("all") // 允许的授权范围
.accessTokenValiditySeconds(3600)
.refreshTokenValiditySeconds(86400)
//加上验证回调地址
.redirectUris("http://www.baidu.com")
.autoApprove(true); //登录后绕过批准询问(/oauth/confirm_access)*/
}
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
endpoints.authenticationManager(authenticationManager) //配置授权管理认证对象
.userDetailsService(userDetailsService) //配置加载用户信息的服务
.authorizationCodeServices(authorizationCodeServices) //授权码服务,添加就可以保存到数据库了
.accessTokenConverter(jwtAccessTokenConverter) //jwt保存的信息
.tokenServices(tokenService()) //令牌管理服务,调用上面的方法
.allowedTokenEndpointRequestMethods(HttpMethod.GET, HttpMethod.POST);
}
@Override
public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
security.allowFormAuthenticationForClients()
.passwordEncoder(bCryptPasswordEncoder)
.tokenKeyAccess("permitAll()") //oauth/token_key是公开
.checkTokenAccess("isAuthenticated()"); //oauth/check_token公开
}
}
如果对我的其它文章有更多的兴趣,可以访问我的个人博客:uniqueho.xyz
还有一个我的网站:204910013.xyz