如何解决如何使用OAuth2.0春季云保护春季Web应用程序的安全
我正在使用OAuth2创建一个POC spring Web应用程序。我需要创建一个授权服务器和一个客户端暨资源服务器。我已经完成了授权服务器。现在,我正在尝试构建一个基于百里香叶的Web(MVC)应用程序,它是我的客户端以及资源服务器。因此,基本要求是,如果我第一次要求uri说http:// localhost:8080 / createCustomer(返回模型和视图),则应重定向到 AS 。用户成功登录 AS 后,应使用访问令牌(JWT)重定向到http:// localhost:8080 / createCustomer。在这种情况下,我不确定需要使用哪个代码流以及需要进行哪些配置。并再次确保其不是休息的终点。我的终点返回一个模型和视图,并借助Thymeleaf在浏览器中加载。
这些是我为客户端或资源服务器配置的一些文件
ResourceServerConfig class file
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;
import org.springframework.security.oauth2.provider.token.TokenStore;
import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter;
import org.springframework.security.oauth2.provider.token.store.JwtTokenStore;
@Configuration
@EnableResourceServer
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class ResourceServerConfig extends ResourceServerConfigurerAdapter {
@Bean
public TokenStore jwtTokenStore() {
return new JwtTokenStore(jwtAccessTokenConverter());
}
@Bean
public JwtAccessTokenConverter jwtAccessTokenConverter() {
JwtAccessTokenConverter accessTokenConverter = new JwtAccessTokenConverter();
accessTokenConverter.setSigningKey("developer1");
accessTokenConverter.setVerifierKey("developer1");
return accessTokenConverter;
}
@Autowired
private TokenStore jwtTokenStore;
@Override
public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
resources.tokenStore(jwtTokenStore);
}
@Override
public void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().antMatchers("/login").permitAll().and().authorizeRequests().anyRequest()
.authenticated();
}
}
Controller
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.servlet.ModelAndView;
@Controller
public class CodeClientController {
@Autowired
HttpServletRequest request;
@Autowired
HttpServletResponse response;
@GetMapping(value = "index")
public ModelAndView index(ModelAndView model) {
model.setViewName("index");
return model;
}
@GetMapping(value = "createCustomer")
public ModelAndView home(ModelAndView model) {
model.setViewName("createCustomer");
return model;
}
}
properties.yml file
server:
port: 8080
security:
oauth2:
client:
client-id: client1
client-secret: client1-secret
user-authorization-uri: http://localhost:7070/oauth/authorize
access-token-uri: http://localhost:7070/oauth/token
resource:
jwt:
key-uri: http://localhost:7070/oauth/token_key
key-value: developer1
authorization:
check-token-access: http://localhost:7070/oauth/check_token
logging:
level:
org:
hibernate:
type: trace
org.springframework: DEBUG
org.springframework.security.oauth2: DEBUG
and pom.xml
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.2.3.RELEASE</version>
<relativePath /> <!-- lookup parent from repository -->
</parent>
<modelVersion>4.0.0</modelVersion>
<groupId>com.oauth2.client</groupId>
<artifactId>oauth2-client</artifactId>
<name>oauth2-client</name>
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<maven.compiler.source>1.8</maven.compiler.source>
<maven.compiler.target>1.8</maven.compiler.target>
<spring-cloud.version>Greenwich.SR3</spring-cloud.version>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-oauth2</artifactId>
</dependency>
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt</artifactId>
<version>0.9.1</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-thymeleaf</artifactId>
</dependency>
<dependency>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
<scope>provided</scope>
</dependency>
</dependencies>
<dependencyManagement>
<dependencies>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-dependencies</artifactId>
<version>${spring-cloud.version}</version>
<type>pom</type>
<scope>import</scope>
</dependency>
</dependencies>
</dependencyManagement>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
</plugins>
</build>
</project>
现在,当我按我之前说的那样打我的uri时,而不是重定向到AS服务器。
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。