Spring Security实现OAuth2.0授权服务 - 进阶版
Posted 用户不存在!
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了Spring Security实现OAuth2.0授权服务 - 进阶版相关的知识,希望对你有一定的参考价值。
《Spring Security实现OAuth2.0授权服务 - 基础版》介绍了如何使用Spring Security实现OAuth2.0授权和资源保护,但是使用的都是Spring Security默认的登录页、授权页,client和token信息也是保存在内存中的。
本文将介绍如何在Spring Security OAuth项目中自定义登录页面、自定义授权页面、数据库配置client信息、数据库保存授权码和token令牌。
一、引入依赖
需要在基础版之上引入thymeleaf、JDBC、mybatis、mysql等依赖。
1 <!-- thymeleaf --> 2 <dependency> 3 <groupId>org.springframework.boot</groupId> 4 <artifactId>spring-boot-starter-thymeleaf</artifactId> 5 </dependency> 6 <dependency> 7 <groupId>org.thymeleaf.extras</groupId> 8 <artifactId>thymeleaf-extras-springsecurity4</artifactId> 9 </dependency> 10 11 <!-- JDBC --> 12 <dependency> 13 <groupId>org.springframework.boot</groupId> 14 <artifactId>spring-boot-starter-jdbc</artifactId> 15 </dependency> 16 <dependency> 17 <groupId>org.apache.commons</groupId> 18 <artifactId>commons-dbcp2</artifactId> 19 </dependency> 20 21 <!-- Mybatis --> 22 <dependency> 23 <groupId>org.mybatis.spring.boot</groupId> 24 <artifactId>mybatis-spring-boot-starter</artifactId> 25 <version>1.1.1</version> 26 </dependency> 27 28 <!-- MySQL --> 29 <dependency> 30 <groupId>mysql</groupId> 31 <artifactId>mysql-connector-java</artifactId> 32 </dependency>
二、client和token表

1 -- used in tests that use HSQL 2 create table oauth_client_details ( 3 client_id VARCHAR(255) PRIMARY KEY, 4 resource_ids VARCHAR(255), 5 client_secret VARCHAR(255), 6 scope VARCHAR(255), 7 authorized_grant_types VARCHAR(255), 8 web_server_redirect_uri VARCHAR(255), 9 authorities VARCHAR(255), 10 access_token_validity INTEGER, 11 refresh_token_validity INTEGER, 12 additional_information TEXT(4096), 13 autoapprove VARCHAR(255) 14 ); 15 16 create table oauth_client_token ( 17 token_id VARCHAR(255), 18 token BLOB, 19 authentication_id VARCHAR(255) PRIMARY KEY, 20 user_name VARCHAR(255), 21 client_id VARCHAR(255) 22 ); 23 24 create table oauth_access_token ( 25 token_id VARCHAR(255), 26 token BLOB, 27 authentication_id VARCHAR(255) PRIMARY KEY, 28 user_name VARCHAR(255), 29 client_id VARCHAR(255), 30 authentication BLOB, 31 refresh_token VARCHAR(255) 32 ); 33 34 create table oauth_refresh_token ( 35 token_id VARCHAR(255), 36 token BLOB, 37 authentication BLOB 38 ); 39 40 create table oauth_code ( 41 code VARCHAR(255), authentication BLOB 42 ); 43 44 create table oauth_approvals ( 45 userId VARCHAR(255), 46 clientId VARCHAR(255), 47 scope VARCHAR(255), 48 status VARCHAR(10), 49 expiresAt TIMESTAMP, 50 lastModifiedAt TIMESTAMP 51 ); 52 53 54 -- customized oauth_client_details table 55 create table ClientDetails ( 56 appId VARCHAR(255) PRIMARY KEY, 57 resourceIds VARCHAR(255), 58 appSecret VARCHAR(255), 59 scope VARCHAR(255), 60 grantTypes VARCHAR(255), 61 redirectUrl VARCHAR(255), 62 authorities VARCHAR(255), 63 access_token_validity INTEGER, 64 refresh_token_validity INTEGER, 65 additionalInformation VARCHAR(4096), 66 autoApproveScopes VARCHAR(255) 67 );
在oauth_client_details表添加数据:
1 INSERT INTO `oauth_client_details` VALUES (\'net5ijy\', NULL, \'123456\', \'all,read,write\', \'authorization_code,refresh_token,password\', NULL, \'ROLE_TRUSTED_CLIENT\', 7200, 7200, NULL, NULL); 2 INSERT INTO `oauth_client_details` VALUES (\'tencent\', NULL, \'123456\', \'all,read,write\', \'authorization_code,refresh_code\', NULL, \'ROLE_TRUSTED_CLIENT\', 3600, 3600, NULL, NULL);
三、用户、角色表

1 CREATE TABLE `springcloud_user` ( 2 `id` int(11) NOT NULL AUTO_INCREMENT , 3 `username` varchar(100) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL , 4 `password` varchar(255) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL , 5 `phone` varchar(11) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL , 6 `email` varchar(255) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL , 7 `create_time` datetime NOT NULL , 8 PRIMARY KEY (`id`) 9 ) 10 ENGINE=InnoDB 11 DEFAULT CHARACTER SET=utf8 COLLATE=utf8_general_ci 12 AUTO_INCREMENT=1; 13 14 CREATE TABLE `springcloud_role` ( 15 `id` int(11) NOT NULL AUTO_INCREMENT , 16 `name` varchar(100) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL , 17 PRIMARY KEY (`id`) 18 ) 19 ENGINE=InnoDB 20 DEFAULT CHARACTER SET=utf8 COLLATE=utf8_general_ci 21 AUTO_INCREMENT=1; 22 23 CREATE TABLE `springcloud_user_role` ( 24 `user_id` int(11) NOT NULL , 25 `role_id` int(11) NOT NULL , 26 FOREIGN KEY (`role_id`) REFERENCES `springcloud_role` (`id`) ON DELETE RESTRICT ON UPDATE RESTRICT, 27 FOREIGN KEY (`user_id`) REFERENCES `springcloud_user` (`id`) ON DELETE RESTRICT ON UPDATE RESTRICT, 28 INDEX `user_id_fk` USING BTREE (`user_id`) , 29 INDEX `role_id_fk` USING BTREE (`role_id`) 30 ) 31 ENGINE=InnoDB 32 DEFAULT CHARACTER SET=utf8 COLLATE=utf8_general_ci;
用户表添加数据
1 INSERT INTO `springcloud_user` VALUES (1, \'admin001\', \'$2a$10$sXHKvdufrEfE2900ME40nOSBmeHRRUOF71szu22uaqqL8FIJeJDYW\', \'13622114309\', \'13622114309@189.cn\', \'2019-4-7 09:31:07\'); 2 INSERT INTO `springcloud_user` VALUES (2, \'admin002\', \'$2a$10$sXHKvdufrEfE2900ME40nOSBmeHRRUOF71szu22uaqqL8FIJeJDYW\', \'17809837654\', \'17809837654@189.cn\', \'2019-4-7 09:33:00\');
角色表添加数据
1 INSERT INTO `springcloud_role` VALUES (1, \'ADMIN\'); 2 INSERT INTO `springcloud_role` VALUES (2, \'DBA\'); 3 INSERT INTO `springcloud_role` VALUES (3, \'USER\');
用户角色关系表添加数据
1 INSERT INTO `springcloud_user_role` VALUES (1, 1); 2 INSERT INTO `springcloud_user_role` VALUES (2, 1);
四、实体类和工具类
1、User实体类
封装授权服务器登录用户信息

1 public class User implements Serializable { 2 3 private Integer id; 4 private String username; 5 private String password; 6 private String phone; 7 private String email; 8 private Set<Role> roles = new HashSet<Role>(); 9 private Date createTime; 10 11 // getter & setter 12 13 @Override 14 public int hashCode() { 15 final int prime = 31; 16 int result = 1; 17 result = prime * result + ((id == null) ? 0 : id.hashCode()); 18 return result; 19 } 20 @Override 21 public boolean equals(Object obj) { 22 if (this == obj) 23 return true; 24 if (obj == null) 25 return false; 26 if (getClass() != obj.getClass()) 27 return false; 28 User other = (User) obj; 29 if (id == null) { 30 if (other.id != null) 31 return false; 32 } else if (!id.equals(other.id)) 33 return false; 34 return true; 35 } 36 @Override 37 public String toString() { 38 return "User [id=" + id + ", username=" + username + ", password=" 39 + password + ", phone=" + phone + ", email=" + email 40 + ", roles=" + roles + ", createTime=" + createTime + "]"; 41 } 42 }
2、Role实体类
封装角色信息
1 public class Role implements Serializable { 2 3 private Integer id; 4 private String name; 5 6 public Role() { 7 super(); 8 } 9 public Role(String name) { 10 super(); 11 this.name = name; 12 } 13 14 // getter & setter 15 16 @Override 17 public String toString() { 18 return "Role [id=" + id + ", name=" + name + "]"; 19 } 20 }
3、ResponseMessage工具类
封装接口响应信息

1 public class ResponseMessage { 2 3 private Integer code; 4 private String message; 5 6 public ResponseMessage() { 7 super(); 8 } 9 10 public ResponseMessage(Integer code, String message) { 11 super(); 12 this.code = code; 13 this.message = message; 14 } 15 16 // getter & setter 17 18 public static ResponseMessage success() { 19 return new ResponseMessage(0, "操作成功"); 20 } 21 22 public static ResponseMessage fail() { 23 return new ResponseMessage(99, "操作失败"); 24 } 25 }
五、DAO和Service编写
1、数据源配置
在application.properties文件配置datasource
1 spring.datasource.url=jdbc:mysql://localhost:3306/test 2 spring.datasource.username=system 3 spring.datasource.password=123456 4 spring.datasource.driver-class-name=com.mysql.jdbc.Driver 5 6 spring.datasource.type=org.apache.commons.dbcp2.BasicDataSource 7 spring.datasource.dbcp2.initial-size=5 8 spring.datasource.dbcp2.max-active=25 9 spring.datasource.dbcp2.max-idle=10 10 spring.datasource.dbcp2.min-idle=5 11 spring.datasource.dbcp2.max-wait-millis=10000 12 spring.datasource.dbcp2.validation-query=SELECT 1 13 spring.datasource.dbcp2.connection-properties=characterEncoding=utf8
使用dbcp2数据源
2、mapper.xml
在src/main/resources下创建org.net5ijy.oauth2.mapper包,创建user-mapper.xml配置文件

1 <mapper namespace="org.net5ijy.oauth2.repository.UserRepository"> 2 3 <resultMap type="User" id="UserResultMap"> 4 <result column="id" property="id" jdbcType="INTEGER" javaType="int" /> 5 <result column="username" property="username" jdbcType="VARCHAR" 6 javaType="string" /> 7 <result column="password" property="password" jdbcType="VARCHAR" 8 javaType="string" /> 9 <result column="phone" property="phone" jdbcType="VARCHAR" 10 javaType="string" /> 11 <result column="email" property="email" jdbcType="VARCHAR" 12 javaType="string" /> 13 <result column="create_time" property="createTime" jdbcType="TIMESTAMP" 14 javaType="java.util.Date" /> 15 <collection property="roles" select="selectRolesByUserId" 16 column="id"></collection> 17 </resultMap> 18 19 <!-- 根据用户名查询用户 --> 20 <select id="findByUsername" parameterType="java.lang.String" 21 resultMap="UserResultMap"> 22 <![CDATA[ 23 select * from springcloud_user where username = #{username} 以上是关于Spring Security实现OAuth2.0授权服务 - 进阶版的主要内容,如果未能解决你的问题,请参考以下文章Spring Security实现OAuth2.0——资源服务
spring security oauth2.0 实现 解决url-pattern .do .action
Spring Security 入门(1-3)Spring Security oauth2.0 指南