Spring Cloud Security Oauth2集成
Posted java_wxid
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了Spring Cloud Security Oauth2集成相关的知识,希望对你有一定的参考价值。
文章目录
- 创建spring-cloud-security-oauth2-demo项目
- 修改pom.xml
- 创建bootstrap.yml文件
- 修改application.properties文件
- 创建一个空的config.properties文件
- 创建jwt.jks文件
- 修改SpringCloudSecurityOauth2DemoApplication
- 创建数据库表结构
- 创建AuthResourceServerConfig
- 创建AuthServerJdbcTokenStoreConfig.java
- 创建AuthServerJwtTokenStoreConfig
- 创建AuthServerRedisTokenStoreConfig.java
- 创建AuthTokenEnhancer
- 创建JwtTokenStoreConfig
- 创建RedisStoreConfig
- 创建WebSecurityConfig
- 创建SecurityOauth2Controller
- 创建AppUserinfoEntity
- 创建ResultData
- 创建UserInfoFeignService
- 创建JWTAuthenticationEntryPoint.java
- 创建JWTAuthenticationFilter.java
- 创建JWTAuthorizationFilter.java
- 创建UserServiceHystrix
- 创建JwtCAProperties
- 创建AppUserDetailsService
- 创建UserInfoDetails
- 创建JwtTokenUtil
- 验证Spring Cloud Security Oauth2是否工作
- 创建spring-cloud-security-oauth2-sso-client-demo项目(实现单点登录)
创建spring-cloud-security-oauth2-demo项目
项目代码:https://gitee.com/java_wxid/java_wxid/tree/master/demo/spring-cloud-security-oauth2-demo
项目结构如下(示例):
修改pom.xml
代码如下(示例):
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>com.example</groupId>
<artifactId>spring-cloud-security-oauth2-demo</artifactId>
<version>0.0.1-SNAPSHOT</version>
<name>spring-cloud-security-oauth2-demo</name>
<description>Demo project for Spring Boot</description>
<!-- 属性配置-->
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
<java.version>1.8</java.version>
<!--引入 Spring Boot、Spring Cloud、Spring Cloud Alibaba 三者 BOM 文件,进行依赖版本的管理,防止不兼容。
在 https://dwz.cn/mcLIfNKt 文章中,Spring Cloud Alibaba 开发团队推荐了三者的依赖关系-->
<spring.boot.version>2.3.12.RELEASE</spring.boot.version>
<spring.cloud.version>Hoxton.SR12</spring.cloud.version>
<spring.cloud.alibaba.version>2.2.7.RELEASE</spring.cloud.alibaba.version>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
<!--代表web模块,在这个模块中含了许多JAR包,有spring相关的jar,内置tomcat服务器,jackson等,
这些web项目中常用的的功能都会自动引入-->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<!-- Alibaba Nacos 配置 -->
<dependency>
<groupId>com.alibaba.cloud</groupId>
<artifactId>spring-cloud-starter-alibaba-nacos-discovery</artifactId>
</dependency>
<dependency>
<groupId>com.alibaba.cloud</groupId>
<artifactId>spring-cloud-starter-alibaba-nacos-config</artifactId>
</dependency>
<!-- 在SpringBoot 2.4.x的版本之后,对于bootstrap.properties/bootstrap.yaml配置文件
(我们合起来成为Bootstrap配置文件)的支持,其实这个jar包里什么都没有,就只有一个标识类Marker,
用来标识要开启Bootstrap配置文件的支持,由于父类用了2.5.6版本需要导入如下的依赖-->
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-bootstrap</artifactId>
<version>3.1.0</version>
</dependency>
<!-- spring security oauth2-->
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-oauth2</artifactId>
</dependency>
<!-- JWT依赖-->
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt</artifactId>
<version>0.9.1</version>
</dependency>
<!-- lombok插件-->
<dependency>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
<version>RELEASE</version>
<scope>compile</scope>
</dependency>
<!-- commons-lang3工具包-->
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-lang3</artifactId>
<version>3.10</version>
</dependency>
<!--openfeign客户端依赖-->
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-openfeign-core</artifactId>
<version>2.2.6.RELEASE</version>
</dependency>
<!--引入HttpClient依赖-->
<dependency>
<groupId>io.github.openfeign</groupId>
<artifactId>feign-httpclient</artifactId>
</dependency>
<!-- 引入Feign Slf4j -->
<dependency>
<groupId>com.netflix.feign</groupId>
<artifactId>feign-slf4j</artifactId>
<version>8.14.4</version>
</dependency>
<!-- jdbc-->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-jdbc</artifactId>
</dependency>
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
</dependency>
<!-- redis -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-redis</artifactId>
</dependency>
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-pool2</artifactId>
</dependency>
<!-- fastjson-->
<dependency>
<groupId>com.alibaba</groupId>
<artifactId>fastjson</artifactId>
<version>1.2.62</version>
</dependency>
</dependencies>
<!--
引入 Spring Boot、Spring Cloud、Spring Cloud Alibaba 三者 BOM 文件,进行依赖版本的管理,防止不兼容。
在 https://dwz.cn/mcLIfNKt 文章中,Spring Cloud Alibaba 开发团队推荐了三者的依赖关系
-->
<dependencyManagement>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>$spring.boot.version</version>
<type>pom</type>
<scope>import</scope>
</dependency>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-dependencies</artifactId>
<version>$spring.cloud.version</version>
<type>pom</type>
<scope>import</scope>
</dependency>
<dependency>
<groupId>com.alibaba.cloud</groupId>
<artifactId>spring-cloud-alibaba-dependencies</artifactId>
<version>$spring.cloud.alibaba.version</version>
<type>pom</type>
<scope>import</scope>
</dependency>
</dependencies>
</dependencyManagement>
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<version>2.4</version>
<configuration>
<source>$java.version</source>
<target>$java.version</target>
<encoding>$project.build.sourceEncoding</encoding>
</configuration>
</plugin>
</plugins>
<resources>
<resource>
<directory>src/main/resources</directory>
<filtering>true</filtering>
<excludes>
<exclude>**/*.jks</exclude>
</excludes>
</resource>
<resource>
<directory>src/main/resources</directory>
<filtering>false</filtering>
<includes>
<include>**/*.jks</include>
</includes>
</resource>
</resources>
</build>
</project>
创建bootstrap.yml文件
代码如下(示例):
#bootstrap.yml优先级比application.yml优先级高
spring:
#prefix−spring.profile.active.$file-extension
#nacos会根据当前环境去拼接配置名称查找相应配置文件,
#示例:spring.application.name-spring.profiles.active-spring.cloud.nacos.config.file-extension
#获取到值:nacos-autoconfig-service-dev.yml
profiles:
#开发环境dev,测试环境test,生产环境prod
active: dev
application:
#配置应用的名称,用于获取配置
name: security-oauth2
main:
allow-bean-definition-overriding: true
cloud:
nacos:
discovery:
# 服务注册地址
server-addr: ip:8848
config:
#nacos配置中心地址
server-addr: ip:8848
#配置中心的命名空间id
namespace: 9e50b6d9-6c3d-4e7a-b701-10f085e4b98d
#配置分组,默认没有也可以
group: DEFAULT_GROUP
#配置文件后缀,用于拼接配置配置文件名称,目前只支持yaml和properties
file-extension: yaml
#配置自动刷新
refresh-enabled: true
#配置文件的前缀,默认是application.name的值,如果配了prefix,就取prefix的值
#prefix: nacos-autoconfig-service-$spring.profile.active
# 配置编码
encode: UTF-8
username: nacos
password: nacos
datasource:
driver-class-name: com.mysql.cj.jdbc.Driver
url: jdbc:mysql://ip:3306/oauth2?useUnicode=true&characterEncoding=UTF-8&serverTimezone=GMT%2b8
username: root
password: ca0a997ee4770063
hikari:
minimum-idle: 5
idle-timeout: 600000
maximum-pool-size: 10
auto-commit: true
pool-name: MyHikariCP
max-lifetime: 3000000 #连接最大存活时间,默认值30分钟.设置应该比mysql设置的超时时间短
connection-timeout: 30000
connection-test-query: SELECT 1 #连接测试查询
redis:
host: ip
database: 0
client-name: root
password: ca0a997ee4770063
auth:
jwt:
keyPairName: jwt.jks
keyPairAlias: jwt
keyPairSecret: 123456
keyPairStoreSecret: 123456
修改application.properties文件
server.port=8807
创建一个空的config.properties文件
创建jwt.jks文件
# Keytool 是一个java提供的证书管理工具
# -alias:密钥的别名
# -keyalg:使用的hash算法
# -keypass:密钥的访问密码
# -keystore:密钥库文件名,jwt.jks -> 生成的证书
# -storepass:密钥库的访问密码
keytool -genkeypair -alias jwt -keyalg RSA -keypass 123456 -keystore jwt.jks -storepass 123456
# 查询证书
keytool -list -keystore jwt.jks
把生成的文件复制到项目的resource目录下面
修改SpringCloudSecurityOauth2DemoApplication
代码如下(示例):
package com.example.springcloudsecurityoauth2demo;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.cloud.client.discovery.EnableDiscoveryClient;
@EnableDiscoveryClient
@SpringBootApplication
public class SpringCloudSecurityOauth2DemoApplication
public static void main(String[] args)
SpringApplication.run(SpringCloudSecurityOauth2DemoApplication.class, args);
创建数据库表结构
代码如下(示例):
#官方的sql: https://github.com/spring-projects/spring-securitySpring Cloud Security[微服务安全](一)初识Spring Cloud Security和OAuth2.0
如何使用 redis 使用 spring-security-oauth2 持久化令牌
Spring cloud eureka 添加 spring-security
无法修复 spring-security-oauth2-resource-server 上的漏洞
使用 spring-session 和 spring-cloud-security 时,OAuth2ClientContext (spring-security-oauth2) 不会保留在 Redis