接着上一篇:SpringBoot2 整合OAuth2實作統一認證
上一篇整合介紹了OAuth2的認證服務,接下來利用認證服務提供的token來包含我們的資源。
環境:2.2.11.RELEASE + OAuth2 + Redis
- pom.xml
org.springframework.bootspring-boot-starter-weborg.springframework.bootspring-boot-starter-data-redisorg.apache.commonscommons-pool2org.springframework.security.oauth.bootspring-security-oauth2-autoconfigure2.2.11.RELEASE
- application.yml
server: port: 8088---spring: application: name: oauth-resource---spring: redis: host: localhost port: 6379 password: database: 1 lettuce: pool: maxActive: 8 maxIdle: 100 minIdle: 10 maxWait: -1
- Domain對象(我們在認證服務上是把Users對象序列化存儲到了Redis,是以這裡還需要這個類,其實如果用了網關,這些認證就不需要在資源端進行了)
public class Users implements UserDetails, Serializable {private static final long serialVersionUID = 1L;private String id ;private String username ;private String password ;}
- 核心配置類
@[email protected] class OAuthConfig extends ResourceServerConfigurerAdapter { private static final Logger logger = LoggerFactory.getLogger(OAuthConfig.class) ;public static final String RESOURCE_ID = "gx_resource_id"; @Resource private RedisConnectionFactory redisConnectionFactory ; @Override public void configure(ResourceServerSecurityConfigurer resources) throws Exception { resources.resourceId(RESOURCE_ID) ; OAuth2AuthenticationEntryPoint oAuth2AuthenticationEntryPoint = new OAuth2AuthenticationEntryPoint(); oAuth2AuthenticationEntryPoint.setExceptionTranslator(webResponseExceptionTranslator()); resources.authenticationEntryPoint(oAuth2AuthenticationEntryPoint) ; resources.tokenExtractor((request) -> { String tokenValue = extractToken(request) ; if (tokenValue != null) { PreAuthenticatedAuthenticationToken authentication = new PreAuthenticatedAuthenticationToken(tokenValue, ""); return authentication; } return null; }) ; } private String extractToken(HttpServletRequest request) {// first check the header... Authorization: Bearer xxxString token = extractHeaderToken(request);// sencod check the header... access_token: xxxif (token == null) {token = request.getHeader("access_token") ;}// bearer type allows a request parameter as wellif (token == null) {logger.debug("Token not found in headers. Trying request parameters.") ;token = request.getParameter(OAuth2AccessToken.ACCESS_TOKEN) ;if (token == null) {logger.debug("Token not found in request parameters. Not an OAuth2 request.") ;} else {request.setAttribute(OAuth2AuthenticationDetails.ACCESS_TOKEN_TYPE, OAuth2AccessToken.BEARER_TYPE);}}return token;} private String extractHeaderToken(HttpServletRequest request) {Enumeration headers = request.getHeaders("Authorization");while (headers.hasMoreElements()) { // typically there is only one (most servers enforce that)String value = headers.nextElement();if ((value.toLowerCase().startsWith(OAuth2AccessToken.BEARER_TYPE.toLowerCase()))) {String authHeaderValue = value.substring(OAuth2AccessToken.BEARER_TYPE.length()).trim();// Add this here for the auth details later. Would be better to change the signature of this method.request.setAttribute(OAuth2AuthenticationDetails.ACCESS_TOKEN_TYPE,value.substring(0, OAuth2AccessToken.BEARER_TYPE.length()).trim());int commaIndex = authHeaderValue.indexOf(',');if (commaIndex > 0) {authHeaderValue = authHeaderValue.substring(0, commaIndex);}return authHeaderValue;}}return null;} @Override public void configure(HttpSecurity http) throws Exception { http.csrf().disable() ; http.requestMatcher(request -> { String path = request.getServletPath() ; if (path != null && path.startsWith("/demo")) {return true ;} return false ; }) .authorizeRequests() .anyRequest() .authenticated() ; } @Bean public TokenStore tokenStore() { TokenStore tokenStore = null ; tokenStore = new RedisTokenStore(redisConnectionFactory) ; return tokenStore ; } @Bean public WebResponseExceptionTranslator> webResponseExceptionTranslator() { return new DefaultWebResponseExceptionTranslator() {@SuppressWarnings({ "unchecked", "rawtypes" })@Overridepublic ResponseEntity translate(Exception e) throws Exception {ResponseEntity responseEntity = super.translate(e) ;ResponseEntity> customEntity = exceptionProcess(responseEntity);return customEntity ;} }; } private static ResponseEntity> exceptionProcess(ResponseEntity responseEntity) {Map body = new HashMap<>() ;body.put("code", -1) ;OAuth2Exception excep = responseEntity.getBody() ;String errorMessage = excep.getMessage();if (errorMessage != null) {errorMessage = "認證失敗,非法使用者" ;body.put("message", errorMessage) ;} else {String error = excep.getOAuth2ErrorCode();if (error != null) {body.put("message", error) ;} else {body.put("message", "認證服務異常,未知錯誤") ;}}body.put("data", null) ;ResponseEntity> customEntity = new ResponseEntity<>(body, responseEntity.getHeaders(), responseEntity.getStatusCode()) ;return customEntity;} }
核心配置類主要完整,開啟資源服務認證,定義我們需要保護的接口,token的存儲對象及錯誤資訊的統一處理。
- 測試接口
@[email protected]("/demo")public class DemoController {@GetMapping("/res")public Object res() {return "success" ;}}
測試:
先直接通路token或者傳一個錯誤的tokenj
接下先擷取一個正确的token
成功了
完畢!!!
給個關注,轉發呗,謝謝!
Springboot之Actuator詳解
Tomcat配置連接配接數說明
SpringBoot中使用Cache及JSR107的使用
SpringBoot開發自己的@Enable功能
SpringBoot RabbitMQ消息可靠發送與接收
Spring Cloud Sentinel 流控限流
Spring Cloud Sentinel 基礎配置
SpringCloud Nacos 服務動态配置