使用Spring Boot 2通过OAuth2和JWT进行集中授权
2024-05-21 13:40:26
本指南逐步介绍了使用Spring Boot 2创建集中式身份验证和授权服务器的过程,还将提供演示资源服务器。
如果您不熟悉OAuth2,建议您阅读此书。
先决条件
- JDK 1.8
- 文本编辑器或您喜欢的IDE
- Maven 3.0+
实施概述
对于这个项目,我们将通过Spring Boot使用Spring Security 5 。 如果您熟悉早期版本,那么《 Spring Boot迁移指南》可能会有用。
OAuth2术语
- 资源所有者
- 授权应用程序访问其帐户的用户。
- 资源服务器 :
- 在
client获取access token之后处理已认证请求的服务器。
- 在
- 客户
- 代表资源所有者访问受保护资源的应用程序。
- 授权服务器
- 在成功验证
client和resource owner并授权请求之后,发出访问令牌的服务器。
- 在成功验证
- 访问令牌
- 用于访问受保护资源的唯一令牌
- 范围
- 许可
- 智威汤逊
- JSON Web令牌是一种用于在RFC 7519中定义的在双方之间安全地表示声明的方法
- 赠款类型
grant是一种获取访问令牌的方法。
授权服务器
为了构建我们的Authorization Server我们将通过Spring Boot 2.1.x使用Spring Security5.x 。
依存关系
您可以转到start.spring.io并生成一个新项目,然后添加以下依赖项:
<dependencies><dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-web</artifactId></dependency><dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-security</artifactId></dependency><dependency><groupId>org.springframework.security.oauth.boot</groupId><artifactId>spring-security-oauth2-autoconfigure</artifactId><version>2.1.2.RELEASE</version></dependency><dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-jdbc</artifactId></dependency><dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-configuration-processor</artifactId><optional>true</optional></dependency><dependency><groupId>com.h2database</groupId><artifactId>h2</artifactId><scope>runtime</scope></dependency> </dependencies>数据库
在本教程中,我们将使用H2数据库 。
在这里,您可以找到Spring Security所需的参考OAuth2 SQL模式。
CREATE TABLE IF NOT EXISTS oauth_client_details (client_id VARCHAR(256) PRIMARY KEY,resource_ids VARCHAR(256),client_secret VARCHAR(256) NOT NULL,scope VARCHAR(256),authorized_grant_types VARCHAR(256),web_server_redirect_uri VARCHAR(256),authorities VARCHAR(256),access_token_validity INTEGER,refresh_token_validity INTEGER,additional_information VARCHAR(4000),autoapprove VARCHAR(256)
);CREATE TABLE IF NOT EXISTS oauth_client_token (token_id VARCHAR(256),token BLOB,authentication_id VARCHAR(256) PRIMARY KEY,user_name VARCHAR(256),client_id VARCHAR(256)
);CREATE TABLE IF NOT EXISTS oauth_access_token (token_id VARCHAR(256),token BLOB,authentication_id VARCHAR(256),user_name VARCHAR(256),client_id VARCHAR(256),authentication BLOB,refresh_token VARCHAR(256)
);CREATE TABLE IF NOT EXISTS oauth_refresh_token (token_id VARCHAR(256),token BLOB,authentication BLOB
);CREATE TABLE IF NOT EXISTS oauth_code (code VARCHAR(256), authentication BLOB
);注意:由于本教程使用
JWT并非所有表都是必需的。
然后添加以下条目
-- The encrypted client_secret it `secret`
INSERT INTO oauth_client_details (client_id, client_secret, scope, authorized_grant_types, authorities, access_token_validity)VALUES ('clientId', '{bcrypt}$2a$10$vCXMWCn7fDZWOcLnIEhmK.74dvK1Eh8ae2WrWlhr2ETPLoxQctN4.', 'read,write', 'password,refresh_token,client_credentials', 'ROLE_CLIENT', 300);上面的
client_secret是使用bcrypt生成的。
前缀{bcrypt}是必需的,因为我们将使用Spring Security 5.x的DelegatingPasswordEncoder的新功能。
在下面的页面中,您可以找到Spring的org.springframework.security.core.userdetails.jdbc.JdbcDaoImpl使用的User和Authority参考SQL模式。
CREATE TABLE IF NOT EXISTS users (id INT AUTO_INCREMENT PRIMARY KEY,username VARCHAR(256) NOT NULL,password VARCHAR(256) NOT NULL,enabled TINYINT(1),UNIQUE KEY unique_username(username)
);CREATE TABLE IF NOT EXISTS authorities (username VARCHAR(256) NOT NULL,authority VARCHAR(256) NOT NULL,PRIMARY KEY(username, authority)
);与之前相同,为用户及其权限添加以下条目。
-- The encrypted password is `pass`
INSERT INTO users (id, username, password, enabled) VALUES (1, 'user', '{bcrypt}$2a$10$cyf5NfobcruKQ8XGjUJkEegr9ZWFqaea6vjpXWEaSqTa2xL9wjgQC', 1);
INSERT INTO authorities (username, authority) VALUES ('user', 'ROLE_USER');Spring安全配置
添加以下Spring配置类。
import org.springframework.context.annotation.Bean;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.jdbc.JdbcDaoImpl;
import org.springframework.security.crypto.factory.PasswordEncoderFactories;
import org.springframework.security.crypto.password.PasswordEncoder;import javax.sql.DataSource;@EnableWebSecurity
public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {private final DataSource dataSource;private PasswordEncoder passwordEncoder;private UserDetailsService userDetailsService;public WebSecurityConfiguration(final DataSource dataSource) {this.dataSource = dataSource;}@Overrideprotected void configure(final AuthenticationManagerBuilder auth) throws Exception {auth.userDetailsService(userDetailsService()).passwordEncoder(passwordEncoder());}@Bean@Overridepublic AuthenticationManager authenticationManagerBean() throws Exception {return super.authenticationManagerBean();}@Beanpublic PasswordEncoder passwordEncoder() {if (passwordEncoder == null) {passwordEncoder = PasswordEncoderFactories.createDelegatingPasswordEncoder();}return passwordEncoder;}@Beanpublic UserDetailsService userDetailsService() {if (userDetailsService == null) {userDetailsService = new JdbcDaoImpl();((JdbcDaoImpl) userDetailsService).setDataSource(dataSource);}return userDetailsService;}}引用Spring Blog :
@EnableWebSecurity批注和WebSecurityConfigurerAdapter一起提供基于Web的安全性。
如果您使用的是Spring Boot,则将自动配置DataSource对象,您可以将其注入到类中,而不必自己定义。 需要将其注入到UserDetailsService中,该服务将使用Spring Security提供的JdbcDaoImpl ,如有必要,您可以将其替换为自己的实现。
由于某些自动配置的Spring @Bean需要Spring Security的AuthenticationManager因此有必要重写authenticationManagerBean方法,并以@Bean authenticationManagerBean注释。
PasswordEncoder将由PasswordEncoderFactories.createDelegatingPasswordEncoder()处理,其中基于前缀处理一些密码编码器和委托,在我们的示例中,我们使用{bcrypt}作为密码的前缀。
授权服务器配置
授权服务器会验证client和user凭据并提供令牌,在本教程中,我们将生成JSON Web Tokens aka JWT 。
为了对生成的JWT令牌进行签名,我们将使用自签名证书,并在使用Spring Configuration开始之前这样做,让我们创建一个@ConfigurationProperties类来绑定我们的配置属性。
import org.springframework.boot.context.properties.ConfigurationProperties;
import org.springframework.core.io.Resource;@ConfigurationProperties("security")
public class SecurityProperties {private JwtProperties jwt;public JwtProperties getJwt() {return jwt;}public void setJwt(JwtProperties jwt) {this.jwt = jwt;}public static class JwtProperties {private Resource keyStore;private String keyStorePassword;private String keyPairAlias;private String keyPairPassword;public Resource getKeyStore() {return keyStore;}public void setKeyStore(Resource keyStore) {this.keyStore = keyStore;}public String getKeyStorePassword() {return keyStorePassword;}public void setKeyStorePassword(String keyStorePassword) {this.keyStorePassword = keyStorePassword;}public String getKeyPairAlias() {return keyPairAlias;}public void setKeyPairAlias(String keyPairAlias) {this.keyPairAlias = keyPairAlias;}public String getKeyPairPassword() {return keyPairPassword;}public void setKeyPairPassword(String keyPairPassword) {this.keyPairPassword = keyPairPassword;}}
}添加以下Spring配置类。
import com.marcosbarbero.lab.sec.oauth.jwt.config.props.SecurityProperties;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;
import org.springframework.security.oauth2.provider.ClientDetailsService;
import org.springframework.security.oauth2.provider.token.DefaultTokenServices;
import org.springframework.security.oauth2.provider.token.TokenStore;
import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter;
import org.springframework.security.oauth2.provider.token.store.JwtTokenStore;
import org.springframework.security.oauth2.provider.token.store.KeyStoreKeyFactory;import javax.sql.DataSource;
import java.security.KeyPair;@Configuration
@EnableAuthorizationServer
@EnableConfigurationProperties(SecurityProperties.class)
public class AuthorizationServerConfiguration extends AuthorizationServerConfigurerAdapter {private final DataSource dataSource;private final PasswordEncoder passwordEncoder;private final AuthenticationManager authenticationManager;private final SecurityProperties securityProperties;private JwtAccessTokenConverter jwtAccessTokenConverter;private TokenStore tokenStore;public AuthorizationServerConfiguration(final DataSource dataSource, final PasswordEncoder passwordEncoder,final AuthenticationManager authenticationManager, final SecurityProperties securityProperties) {this.dataSource = dataSource;this.passwordEncoder = passwordEncoder;this.authenticationManager = authenticationManager;this.securityProperties = securityProperties;}@Beanpublic TokenStore tokenStore() {if (tokenStore == null) {tokenStore = new JwtTokenStore(jwtAccessTokenConverter());}return tokenStore;}@Beanpublic DefaultTokenServices tokenServices(final TokenStore tokenStore,final ClientDetailsService clientDetailsService) {DefaultTokenServices tokenServices = new DefaultTokenServices();tokenServices.setSupportRefreshToken(true);tokenServices.setTokenStore(tokenStore);tokenServices.setClientDetailsService(clientDetailsService);tokenServices.setAuthenticationManager(this.authenticationManager);return tokenServices;}@Beanpublic JwtAccessTokenConverter jwtAccessTokenConverter() {if (jwtAccessTokenConverter != null) {return jwtAccessTokenConverter;}SecurityProperties.JwtProperties jwtProperties = securityProperties.getJwt();KeyPair keyPair = keyPair(jwtProperties, keyStoreKeyFactory(jwtProperties));jwtAccessTokenConverter = new JwtAccessTokenConverter();jwtAccessTokenConverter.setKeyPair(keyPair);return jwtAccessTokenConverter;}@Overridepublic void configure(final ClientDetailsServiceConfigurer clients) throws Exception {clients.jdbc(this.dataSource);}@Overridepublic void configure(final AuthorizationServerEndpointsConfigurer endpoints) {endpoints.authenticationManager(this.authenticationManager).accessTokenConverter(jwtAccessTokenConverter()).tokenStore(tokenStore());}@Overridepublic void configure(final AuthorizationServerSecurityConfigurer oauthServer) {oauthServer.passwordEncoder(this.passwordEncoder).tokenKeyAccess("permitAll()").checkTokenAccess("isAuthenticated()");}private KeyPair keyPair(SecurityProperties.JwtProperties jwtProperties, KeyStoreKeyFactory keyStoreKeyFactory) {return keyStoreKeyFactory.getKeyPair(jwtProperties.getKeyPairAlias(), jwtProperties.getKeyPairPassword().toCharArray());}private KeyStoreKeyFactory keyStoreKeyFactory(SecurityProperties.JwtProperties jwtProperties) {return new KeyStoreKeyFactory(jwtProperties.getKeyStore(), jwtProperties.getKeyStorePassword().toCharArray());}
}在上面的类中,您将找到JWT所需的所有Spring @Bean 。 最重要的@Bean是: JwtAccessTokenConverter , JwtTokenStore和DefaultTokenServices 。
JwtAccessTokenConverter使用自签名证书对生成的令牌进行签名。
JwtTokenStore实现仅从令牌本身读取数据。 并不是真正的商店,因为它从不持久化任何东西,它使用JwtAccessTokenConverter生成和读取令牌。
DefaultTokenServices使用TokenStore来保留令牌。
按照本指南生成自签名证书 。
生成自签名证书后,在application.yml上配置它。
security:jwt:key-store: classpath:keystore.jkskey-store-password: letmeinkey-pair-alias: mytestkeykey-pair-password: changeme资源服务器配置
资源服务器托管HTTP资源 ,其中的HTTP资源可以是文档,照片或其他内容,在我们的情况下,它将是受OAuth2保护的REST API。
依存关系
<dependencies><dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-web</artifactId></dependency><dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-security</artifactId></dependency><dependency><groupId>org.springframework.security.oauth.boot</groupId><artifactId>spring-security-oauth2-autoconfigure</artifactId><version>2.1.2.RELEASE</version></dependency><dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-configuration-processor</artifactId><optional>true</optional></dependency><dependency><groupId>commons-io</groupId><artifactId>commons-io</artifactId><version>2.6</version></dependency> </dependencies>定义我们受保护的API
下面的代码定义了返回/me Principal的端点/me ,它要求经过身份验证的用户具有ROLE_USER的访问权限。
import org.springframework.http.ResponseEntity;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;import java.security.Principal;@RestController
@RequestMapping("/me")
public class UserController {@GetMapping@PreAuthorize("hasRole('ROLE_USER')")public ResponseEntity<Principal> get(final Principal principal) {return ResponseEntity.ok(principal);}}@PreAuthorize批注会在执行代码之前验证用户是否具有给定角色,以使其正常工作,有必要启用prePost批注,为此添加以下类:
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;@EnableGlobalMethodSecurity(prePostEnabled = true)
public class WebSecurityConfiguration {}这里的重要部分是@EnableGlobalMethodSecurity(prePostEnabled = true)批注, prePostEnabled标志默认情况下设置为false 。
资源服务器配置
解码JWT令牌就必须使用public key从自签名的认证上使用的授权服务器签署的道理,做让我们先创建一个@ConfigurationProperties类绑定配置属性。
import org.springframework.boot.context.properties.ConfigurationProperties;
import org.springframework.core.io.Resource;@ConfigurationProperties("security")
public class SecurityProperties {private JwtProperties jwt;public JwtProperties getJwt() {return jwt;}public void setJwt(JwtProperties jwt) {this.jwt = jwt;}public static class JwtProperties {private Resource publicKey;public Resource getPublicKey() {return publicKey;}public void setPublicKey(Resource publicKey) {this.publicKey = publicKey;}}}使用以下命令从生成的JKS导出public key :
$ keytool -list -rfc --keystore keystore.jks | openssl x509 -inform pem -pubkey -noout样本响应如下所示:
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmWI2jtKwvf0W1hdMdajc
h+mFx9FZe3CZnKNvT/d0+2O6V1Pgkz7L2FcQx2uoV7gHgk5mmb2MZUsy/rDKj0dM
fLzyXqBcCRxD6avALwu8AAiGRxe2dl8HqIHyo7P4R1nUaea1WCZB/i7AxZNAQtcC
cSvMvF2t33p3vYXY6SqMucMD4yHOTXexoWhzwRqjyyC8I8uCYJ+xIfQvaK9Q1RzK
Rj99IRa1qyNgdeHjkwW9v2Fd4O/Ln1Tzfnk/dMLqxaNsXPw37nw+OUhycFDPPQF/
H4Q4+UDJ3ATf5Z2yQKkUQlD45OO2mIXjkWprAmOCi76dLB2yzhCX/plGJwcgb8XH
EQIDAQAB
-----END PUBLIC KEY-----将其复制到public.txt文件,并将其放置在/src/main/resources ,然后配置指向该文件的application.yml :
security:jwt:public-key: classpath:public.txt现在,让我们为资源服务器添加Spring的配置。
import org.apache.commons.io.IOUtils;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;
import org.springframework.security.oauth2.provider.token.DefaultTokenServices;
import org.springframework.security.oauth2.provider.token.TokenStore;
import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter;
import org.springframework.security.oauth2.provider.token.store.JwtTokenStore;import java.io.IOException;import static java.nio.charset.StandardCharsets.UTF_8;@Configuration
@EnableResourceServer
@EnableConfigurationProperties(SecurityProperties.class)
public class ResourceServerConfiguration extends ResourceServerConfigurerAdapter {private static final String ROOT_PATTERN = "/**";private final SecurityProperties securityProperties;private TokenStore tokenStore;public ResourceServerConfiguration(final SecurityProperties securityProperties) {this.securityProperties = securityProperties;}@Overridepublic void configure(final ResourceServerSecurityConfigurer resources) {resources.tokenStore(tokenStore());}@Overridepublic void configure(HttpSecurity http) throws Exception {http.authorizeRequests().antMatchers(HttpMethod.GET, ROOT_PATTERN).access("#oauth2.hasScope('read')").antMatchers(HttpMethod.POST, ROOT_PATTERN).access("#oauth2.hasScope('write')").antMatchers(HttpMethod.PATCH, ROOT_PATTERN).access("#oauth2.hasScope('write')").antMatchers(HttpMethod.PUT, ROOT_PATTERN).access("#oauth2.hasScope('write')").antMatchers(HttpMethod.DELETE, ROOT_PATTERN).access("#oauth2.hasScope('write')");}@Beanpublic DefaultTokenServices tokenServices(final TokenStore tokenStore) {DefaultTokenServices tokenServices = new DefaultTokenServices();tokenServices.setTokenStore(tokenStore);return tokenServices;}@Beanpublic TokenStore tokenStore() {if (tokenStore == null) {tokenStore = new JwtTokenStore(jwtAccessTokenConverter());}return tokenStore;}@Beanpublic JwtAccessTokenConverter jwtAccessTokenConverter() {JwtAccessTokenConverter converter = new JwtAccessTokenConverter();converter.setVerifierKey(getPublicKeyAsString());return converter;}private String getPublicKeyAsString() {try {return IOUtils.toString(securityProperties.getJwt().getPublicKey().getInputStream(), UTF_8);} catch (IOException e) {throw new RuntimeException(e);}}}此配置的重要部分是三个@Bean : JwtAccessTokenConverter , TokenStore和DefaultTokenServices :
JwtAccessTokenConverter使用JKSpublic key。JwtTokenStore使用JwtAccessTokenConverter读取令牌。DefaultTokenServices使用JwtTokenStore来保留令牌。
一起测试
为了一起测试,我们需要同时旋转Authorization Server和Resource Server ,在我的设置中,它将相应地在端口9000和9100上运行。
生成令牌
$ curl -u clientId:secret -X POST localhost:9000/oauth/token\?grant_type=password\&username=user\&password=pass{"access_token" : "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE1NDgxODk0NDUsInVzZXJfbmFtZSI6InVzZXIiLCJhdXRob3JpdGllcyI6WyJST0xFX1VTRVIiXSwianRpIjoiYjFjYWQ3MTktZTkwMS00Njk5LTlhOWEtYTIwYzk2NDM5NjAzIiwiY2xpZW50X2lkIjoiY2xpZW50SWQiLCJzY29wZSI6WyJyZWFkIiwid3JpdGUiXX0.LkQ3KAj2kPY7yKmwXlhIFaHtt-31mJGWPb-_VpC8PWo9IBUpZQxg76WpahBJjet6O1ICx8b5Ab2CxH7ErTl0tL1jk5VZ_kp66E9E7bUQn-C09CY0fqxAan3pzpGrJsUvcR4pzyzLoRCuAqVRF5K2mdDQUZ8NaP0oXeVRuxyRdgjwMAkQGHpFC_Fk-7Hbsq2Y0GikD0UdkaH2Ey_vVyKy5aj3NrAZs62KFvQfSbifxd4uBHzUJSkiFE2Cx3u1xKs3W2q8MladwMwlQmWJROH6lDjQiybUZOEhJaktxQYGAinScnm11-9WOdaqohcr65PAQt48__rMRi0TUgvsxpz6ow","token_type" : "bearer","refresh_token" : "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyX25hbWUiOiJ1c2VyIiwic2NvcGUiOlsicmVhZCIsIndyaXRlIl0sImF0aSI6ImIxY2FkNzE5LWU5MDEtNDY5OS05YTlhLWEyMGM5NjQzOTYwMyIsImV4cCI6MTU1MDc4MTE0NSwiYXV0aG9yaXRpZXMiOlsiUk9MRV9VU0VSIl0sImp0aSI6Ijg2OWFjZjM2LTJiODAtNGY5Ni04MzUwLTA5NTgyMzE3NTAzMCIsImNsaWVudF9pZCI6ImNsaWVudElkIn0.TDQwUNb627-f0-Cjn1vWZXFpzZSGpeKZq85ivA9zY_atOXM2WfjOxTLE6phnNLevjLSNAGrx1skm_sx6leQlrrmDi36nwiR7lvhv8xMbn1DkF5KaoWPhldW7GHsSIiauMu_cJ5Kmq89ZOEOlxYoXlLwfWYo75ISkKNYqko98yDogGrRAJxtc1aKIBLypLchhoCf8w43efd11itwvBdaLIb5ACfN30kztUqQtbeL8voQP6tOsRZbCgbOOKMTulOCRyBvaora4GJDV2qdvXdCUT-kORKDj9liqt2ae7OJzb2FuuXCGqBUrxYYK-H-wdwh7XFkXVe74Lev9YDUbyEmDHg","expires_in" : 299,"scope" : "read write","jti" : "b1cad719-e901-4699-9a9a-a20c96439603"
}访问资源
既然已经生成了令牌,请复制access_token并将其添加到Authorization HTTP Header上的请求中,例如:
curl localhost:9100/me -H "Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE1NDgxODk0NDUsInVzZXJfbmFtZSI6InVzZXIiLCJhdXRob3JpdGllcyI6WyJST0xFX1VTRVIiXSwianRpIjoiYjFjYWQ3MTktZTkwMS00Njk5LTlhOWEtYTIwYzk2NDM5NjAzIiwiY2xpZW50X2lkIjoiY2xpZW50SWQiLCJzY29wZSI6WyJyZWFkIiwid3JpdGUiXX0.LkQ3KAj2kPY7yKmwXlhIFaHtt-31mJGWPb-_VpC8PWo9IBUpZQxg76WpahBJjet6O1ICx8b5Ab2CxH7ErTl0tL1jk5VZ_kp66E9E7bUQn-C09CY0fqxAan3pzpGrJsUvcR4pzyzLoRCuAqVRF5K2mdDQUZ8NaP0oXeVRuxyRdgjwMAkQGHpFC_Fk-7Hbsq2Y0GikD0UdkaH2Ey_vVyKy5aj3NrAZs62KFvQfSbifxd4uBHzUJSkiFE2Cx3u1xKs3W2q8MladwMwlQmWJROH6lDjQiybUZOEhJaktxQYGAinScnm11-9WOdaqohcr65PAQt48__rMRi0TUgvsxpz6ow"{"authorities" : [ {"authority" : "ROLE_GUEST"} ],"details" : {"remoteAddress" : "127.0.0.1","sessionId" : null,"tokenValue" : "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE1NDgyMzcxNDEsInVzZXJfbmFtZSI6Imd1ZXN0IiwiYXV0aG9yaXRpZXMiOlsiUk9MRV9HVUVTVCJdLCJqdGkiOiIzNDk1ODE1MC0wOGJkLTQwMDYtYmNhMC1lM2RkYjAxMGU2NjUiLCJjbGllbnRfaWQiOiJjbGllbnRJZCIsInNjb3BlIjpbInJlYWQiLCJ3cml0ZSJdfQ.WUwAh-aKgh_Bqk-a9ijw67EI6H8gFrb3D_WdwlEcITskIybhacHjT6E7cUXjdBT7GCRvvJ-yxzFJIQyI6y0t61SInpqVG2GlAwtTxR5reG0e4ZtcKoq2rbQghK8hWenGplGT31kjDY78zZv-WqCAc0-MM4cC06fTXFzdhsdueY789lCasSD4WMMC6bWbN098lHF96rMpCdlW13EalrPgcKeuvZtUBrC8ntL8Bg3LRMcU1bFKTRAwlVxw1aYyqeEN4NSxkiSgQod2dltA-b3c15L-fXoOWNGnPB68hqgK48ymuemRQTSg3eKmHFAQdDL6pxQ8_D_ZWAL3QhsKQVGDKg","tokenType" : "Bearer","decodedDetails" : null},"authenticated" : true,"userAuthentication" : {"authorities" : [ {"authority" : "ROLE_GUEST"} ],"details" : null,"authenticated" : true,"principal" : "guest","credentials" : "N/A","name" : "guest"},"credentials" : "","principal" : "guest","clientOnly" : false,"oauth2Request" : {"clientId" : "clientId","scope" : [ "read", "write" ],"requestParameters" : {"client_id" : "clientId"},"resourceIds" : [ ],"authorities" : [ ],"approved" : true,"refresh" : false,"redirectUri" : null,"responseTypes" : [ ],"extensions" : { },"grantType" : null,"refreshTokenRequest" : null},"name" : "guest"
}脚注
- 本教程使用的代码可以在GitHub上找到
- OAuth 2.0
- Spring Security Java配置预览
- Spring Boot 2 –迁移指南
- Spring– OAuth2开发人员指南
翻译自: https://www.javacodegeeks.com/2019/03/centralized_-authorization_-oauth2_jwt.html
使用Spring Boot 2通过OAuth2和JWT进行集中授权相关推荐
- 使用Spring Boot 2使用OAuth2和不透明令牌进行集中授权
如果您正在寻找JWT实施,请点击此链接 本指南逐步介绍了使用Spring Boot 2创建集中式身份验证和授权服务器的过程,还将提供演示资源服务器. 如果您不熟悉OAuth2,建议您阅读此书. 先决条 ...
- (附源码)Spring Boot 框架整合 OAuth2 实现单点登录 SSO 详细完整源码教程!
1. 前言 技术这东西吧,看别人写的好像很简单似的,到自己去写的时候就各种问题,"一看就会,一做就错".网上关于实现SSO的文章一大堆,但是当你真的照着写的时候就会发现根本不是那 ...
- Spring Boot Security 整合 OAuth2 设计安全API接口服务
OAuth2概述 oauth2根据使用场景不同,分成了4种模式 授权码模式(authorization code) 简化模式(implicit) 密码模式(resource owner passwor ...
- 【Spring Boot】Spring Boot @EnableOAuth2Sso | 启用 OAuth2 单点登录
文章目录 演示工具版本 Maven 依赖 使用 @EnableOAuth2Sso OAuth2 配置 登出 完整示例 输出 参考文献 源码下载 本页将介绍Spring Security OAuth2 ...
- Spring Cloud Security:Oauth2结合JWT使用
摘要 Spring Cloud Security 为构建安全的SpringBoot应用提供了一系列解决方案,结合Oauth2还可以实现更多功能,比如使用JWT令牌存储信息,刷新令牌功能,本文将对其结合 ...
- 基于Spring Boot实现电脑端网页微信扫码授权登录方式一(附带完整源码)
简介 电脑端微信网页扫码授权登录有2种方式: 第一种:基于微信公众号,单独获取登录二维码扫码,然后扫码登录,程序控制跳转逻辑,例如CSDN: 第二种:基于微信开放平台,跳转到微信二维码页面进行扫码登录 ...
- 使用PostgreSQL使用Spring Boot和JPA构建基本应用
"我喜欢编写身份验证和授权代码." 〜从来没有Java开发人员. 厌倦了一次又一次地建立相同的登录屏幕? 尝试使用Okta API进行托管身份验证,授权和多因素身份验证. 每个不平 ...
- Spring Boot 2.1 版本变化[翻译]
大家好,我是烤鸭: 最近在把低版本的springboot项目升级,正好翻译了下springboot 2.1-2.3 版本的更新日志. Github 原文:https://github.com/ ...
- springboot oauth2登录成功处理器_Spring Boot Security 整合 OAuth2 设计安全API接口服务...
简介 OAuth是一个关于授权(authorization)的开放网络标准,在全世界得到广泛应用,目前的版本是2.0版.本文重点讲解Spring Boot项目对OAuth2进行的实现,如果你对OAut ...
最新文章
- manjaro 火焰截图添加快捷键_Linux中功能强大的截图工具 - Flameshot
- [python]函数默认参数顺序问题
- EPERM: operation not permitted, mkdir 'C:\Program Files\nodejs'
- oracle虑重语句,db基本语句(oracle)
- ML.NET 9月更新
- Appfuse 教程
- xml TO json(非递归实现)
- 利用memoize缓存到Redis出现多个参数同一个结果
- 在64位系统中无法看到Microsoft Excel Application的问题
- 软件项目管理案例教程第4版知识清单
- 在 Chrome 浏览器中安装印象笔记·剪藏插件
- nds android7.0模拟器,NDS用MD模拟器jEnesisDS 0.7
- project web architecture
- OpenLayers3基础教程——OL3基本概念
- 多媒体-用windows自带录音机录音(转载)
- SSM——SpringMVC
- Vuforia-PocketCat丨1. 设计目标及效果展示
- grbl控制3轴机械臂 原理 实现 (四) 之GRBL源码修改驱动三轴机械臂
- 凯泽窗带通滤波器MATLAB,用凯泽窗设计线性相位带通FIR滤波器
- 华为计算机魔术,华为荣耀magic给大家变了一个魔术,想“拆穿”他吗?