中 网站建设 扬州,学编程的app软件,建网站公司联系方式,机械产品做那几个网站好这篇文章是对我以前的文章的增强#xff0c;该文章讨论了如何使用Spring security oauth2保护REST API。 万一您错过了它#xff0c;可以在这里领取#xff1a; http : //blog.rajithdelantha.com/2015/09/secure-your-rest-api-with-spring.html Spring Boot是Spring框架… 这篇文章是对我以前的文章的增强该文章讨论了如何使用Spring security oauth2保护REST API。 万一您错过了它可以在这里领取 http : //blog.rajithdelantha.com/2015/09/secure-your-rest-api-with-spring.html Spring Boot是Spring框架的一项新发明它使开发人员在构建大规模应用程序时的工作更加轻松。 这是抓住概念的好地方。 如果您查看我之前有关oauth2安全的文章那么您知道在Spring端需要做一些配置。 但是另一方面Spring boot将完成所有艰苦的工作我们只需要通过简单的注释告诉他们该怎么做。 因此本文是关于如何使用Spring安全性和Oauth2配置Spring引导项目的。 实际上我们不能真正说出configure因为所有大多数配置都是由Spring boot本身完成的。 源代码 https : //github.com/rajithd/spring-boot-oauth2 步骤1 对于这个项目我在内存数据库中使用H2。 因此您无需在运行时创建任何数据库和表。 但是如果您希望该项目使用MySQL作为数据源则首先创建数据库然后创建表。 CREATE TABLE user ( username VARCHAR(50) NOT NULL PRIMARY KEY, email VARCHAR(50), password VARCHAR(500), activated BOOLEAN DEFAULT FALSE, activationkey VARCHAR(50) DEFAULT NULL, resetpasswordkey VARCHAR(50) DEFAULT NULL ); CREATE TABLE authority ( name VARCHAR(50) NOT NULL PRIMARY KEY ); CREATE TABLE user_authority ( username VARCHAR(50) NOT NULL, authority VARCHAR(50) NOT NULL, FOREIGN KEY (username) REFERENCES user (username), FOREIGN KEY (authority) REFERENCES authority (name), UNIQUE INDEX user_authority_idx_1 (username, authority) ); CREATE TABLE oauth_access_token ( token_id VARCHAR(256) DEFAULT NULL, token BLOB, authentication_id VARCHAR(256) DEFAULT NULL, user_name VARCHAR(256) DEFAULT NULL, client_id VARCHAR(256) DEFAULT NULL, authentication BLOB, refresh_token VARCHAR(256) DEFAULT NULL ); CREATE TABLE oauth_refresh_token ( token_id VARCHAR(256) DEFAULT NULL, token BLOB, authentication BLOB ); 用户表–系统用户 权威–角色 user_authority –用户和角色的多对多表 oauth_access_token –存放access_token oauth_refresh_token –保持refresh_token 添加一些种子数据。 INSERT INTO user (username,email, password, activated) VALUES (admin, adminmail.me, b8f57d6d6ec0a60dfe2e20182d4615b12e321cad9e2979e0b9f81e0d6eda78ad9b6dcfe53e4e22d1, true); INSERT INTO user (username,email, password, activated) VALUES (user, usermail.me, d6dfa9ff45e03b161e7f680f35d90d5ef51d243c2a8285aa7e11247bc2c92acde0c2bb626b1fac74, true); INSERT INTO user (username,email, password, activated) VALUES (rajith, rajithabc.com, d6dfa9ff45e03b161e7f680f35d90d5ef51d243c2a8285aa7e11247bc2c92acde0c2bb626b1fac74, true); INSERT INTO authority (name) VALUES (ROLE_USER); INSERT INTO authority (name) VALUES (ROLE_ADMIN); INSERT INTO user_authority (username,authority) VALUES (rajith, ROLE_USER); INSERT INTO user_authority (username,authority) VALUES (user, ROLE_USER); INSERT INTO user_authority (username,authority) VALUES (admin, ROLE_USER); INSERT INTO user_authority (username,authority) VALUES (admin, ROLE_ADMIN);第2步 配置WebSecurityAdapter Configuration EnableWebSecurity public class SecurityConfiguration extends WebSecurityConfigurerAdapter { Autowired private UserDetailsService userDetailsService; Bean public PasswordEncoder passwordEncoder() { return new StandardPasswordEncoder(); } Autowired public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception { auth .userDetailsService(userDetailsService) .passwordEncoder(passwordEncoder()); } Override public void configure(WebSecurity web) throws Exception { web .ignoring() .antMatchers(/h2console/**) .antMatchers(/api/register) .antMatchers(/api/activate) .antMatchers(/api/lostpassword) .antMatchers(/api/resetpassword); } Override Bean public AuthenticationManager authenticationManagerBean() throws Exception { return super.authenticationManagerBean(); } EnableGlobalMethodSecurity(prePostEnabled true, jsr250Enabled true) private static class GlobalSecurityConfiguration extends GlobalMethodSecurityConfiguration { Override protected MethodSecurityExpressionHandler createExpressionHandler() { return new OAuth2MethodSecurityExpressionHandler(); } } }第三步 Oauth2的配置 Configuration public class OAuth2Configuration { Configuration EnableResourceServer protected static class ResourceServerConfiguration extends ResourceServerConfigurerAdapter { Autowired private CustomAuthenticationEntryPoint customAuthenticationEntryPoint; Autowired private CustomLogoutSuccessHandler customLogoutSuccessHandler; Override public void configure(HttpSecurity http) throws Exception { http .exceptionHandling() .authenticationEntryPoint(customAuthenticationEntryPoint) .and() .logout() .logoutUrl(/oauth/logout) .logoutSuccessHandler(customLogoutSuccessHandler) .and() .csrf() .requireCsrfProtectionMatcher(new AntPathRequestMatcher(/oauth/authorize)) .disable() .headers() .frameOptions().disable() .sessionManagement() .sessionCreationPolicy(SessionCreationPolicy.STATELESS) .and() .authorizeRequests() .antMatchers(/hello/**).permitAll() .antMatchers(/secure/**).authenticated(); } } Configuration EnableAuthorizationServer protected static class AuthorizationServerConfiguration extends AuthorizationServerConfigurerAdapter implements EnvironmentAware { private static final String ENV_OAUTH authentication.oauth.; private static final String PROP_CLIENTID clientid; private static final String PROP_SECRET secret; private static final String PROP_TOKEN_VALIDITY_SECONDS tokenValidityInSeconds; private RelaxedPropertyResolver propertyResolver; Autowired private DataSource dataSource; Bean public TokenStore tokenStore() { return new JdbcTokenStore(dataSource); } Autowired Qualifier(authenticationManagerBean) private AuthenticationManager authenticationManager; Override public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception { endpoints .tokenStore(tokenStore()) .authenticationManager(authenticationManager); } Override public void configure(ClientDetailsServiceConfigurer clients) throws Exception { clients .inMemory() .withClient(propertyResolver.getProperty(PROP_CLIENTID)) .scopes(read, write) .authorities(Authorities.ROLE_ADMIN.name(), Authorities.ROLE_USER.name()) .authorizedGrantTypes(password, refresh_token) .secret(propertyResolver.getProperty(PROP_SECRET)) .accessTokenValiditySeconds(propertyResolver.getProperty(PROP_TOKEN_VALIDITY_SECONDS, Integer.class, 1800)); } Override public void setEnvironment(Environment environment) { this.propertyResolver new RelaxedPropertyResolver(environment, ENV_OAUTH); } } } 就是这个。 尝试通过mvn spring-bootrun运行Spring Boot应用程序 然后通过执行以下curl检查oauth2的安全性 https://github.com/rajithd/spring-boot-oauth2 翻译自: https://www.javacodegeeks.com/2015/10/spring-boot-oauth2-security.html
