在前面的文章,资源服务器的认证是每次都要去请求认证服务器,本次文章会对此点进行改进,资源服务器内部基于算法,无需多次请求认证服务器
需要eureka注册中心,认证服务器,资源服务器
pom文件
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>com.qiuxie</groupId>
<artifactId>qiuxie-parent</artifactId>
<packaging>pom</packaging>
<version>1.0-SNAPSHOT</version>
<modules>
<module>one-oauth-service</module>
<module>eureka-service</module>
<module>one-login-service</module>
<module>jwt-oauth-service</module>
<module>jwt-login-service</module>
</modules>
<!--spring boot 父启动器依赖-->
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.3.12.RELEASE</version>
</parent>
<properties>
<eureka.version>2.1</eureka.version>
<web.version>2.1.18.RELEASE</web.version>
</properties>
<!--用于整体控制依赖的版本-->
<dependencyManagement>
<dependencies>
<!--spring cloud依赖管理,引入了Spring Cloud的版本-->
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-dependencies</artifactId>
<version>Hoxton.SR12</version>
<type>pom</type>
<scope>import</scope>
</dependency>
<!--web依赖-->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
<version>2.0.1.RELEASE</version>
</dependency>
<!--lombok依赖-->
<dependency>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
<version>1.18.4</version>
</dependency>
<!--导入Eureka Server依赖-->
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-netflix-eureka-server</artifactId>
<version>2.2.9.RELEASE</version>
</dependency>
<!--客户端-->
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-netflix-eureka-client</artifactId>
<version>2.2.9.RELEASE</version>
</dependency>
<!--引入security对oauth2的支持-->
<dependency>
<groupId>org.springframework.security.oauth</groupId>
<artifactId>spring-security-oauth2</artifactId>
<version>2.3.4.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.security.oauth.boot</groupId>
<artifactId>spring-security-oauth2-autoconfigure</artifactId>
<version>2.1.11.RELEASE</version>
</dependency>
</dependencies>
</dependencyManagement>
<build>
<plugins>
<!--编译插件-->
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<configuration>
<source>1.8</source>
<target>1.8</target>
<encoding>utf-8</encoding>
</configuration>
</plugin>
<!--打包插件-->
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
</plugins>
</build>
</project>
eureka注册中心
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<parent>
<artifactId>qiuxie-parent</artifactId>
<groupId>com.qiuxie</groupId>
<version>1.0-SNAPSHOT</version>
</parent>
<modelVersion>4.0.0</modelVersion>
<groupId>com.eureka</groupId>
<artifactId>eureka-service</artifactId>
<dependencies>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-netflix-eureka-server</artifactId>
</dependency>
</dependencies>
</project>
server.port=8761 spring.application.name=eureka-service eureka.instance.hostname=localhost eureka.client.service-url.defaultZone=http://localhost:8761/eureka eureka.client.register-with-eureka=false eureka.client.fetch-registry=false
package com.eureka;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.cloud.netflix.eureka.server.EnableEurekaServer;
/**
* @author yourheart
* @Description
* @create 2022-02-14 20:33
*/
@SpringBootApplication
@EnableEurekaServer
public class EurekaApplication {
public static void main(String[] args) {
SpringApplication.run(EurekaApplication.class,args);
}
}
认证服务器
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<parent>
<artifactId>qiuxie-parent</artifactId>
<groupId>com.qiuxie</groupId>
<version>1.0-SNAPSHOT</version>
</parent>
<modelVersion>4.0.0</modelVersion>
<groupId>jwt.oauth</groupId>
<artifactId>jwt-oauth-service</artifactId>
<dependencies>
<!--移除tomcat容器-->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
<exclusions>
<exclusion>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-tomcat</artifactId>
</exclusion>
</exclusions>
</dependency>
<!--加入undertow-->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-undertow</artifactId>
</dependency>
<!--导入spring cloud oauth2依赖-->
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-oauth2</artifactId>
<exclusions>
<exclusion>
<groupId>org.springframework.security.oauth.boot</groupId>
<artifactId>spring-security-oauth2-autoconfigure</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.springframework.security.oauth.boot</groupId>
<artifactId>spring-security-oauth2-autoconfigure</artifactId>
</dependency>
<!--引入security对oauth2的支持-->
<dependency>
<groupId>org.springframework.security.oauth</groupId>
<artifactId>spring-security-oauth2</artifactId>
</dependency>
<!--客户端-->
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-netflix-eureka-client</artifactId>
</dependency>
</dependencies>
</project>
server.port=2002 spring.application.name=jwt-oauth #注册到eureka注册中心,如果是注册到集群就用逗号连接多个,单实例写上一个就好 eureka.client.service-url.defaultZone=http://localhost:8761/eureka logging.level.jwt.oauth=debug logging.level.web=debug spring.devtools.add-properties=false
获取token http://localhost:2002/oauth/token?client_secret=13301455191qiuxieM&grant_type=password& username=admin&password=13301455191qiuxieM&client_id=client_qiuxie 校验toekn http://localhost:2002/oauth/check_token?token= 刷新token http://localhost:2002/oauth/token?grant_type=refresh_token&client_id=client_qiuxie&client_secret=13301455191qiuxieM&refresh_token=8ca8f970-3815-44e2-baee-5f4f41ec607a
package jwt.oauth;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.cloud.client.discovery.EnableDiscoveryClient;
/**
* @author yourheart
* @Description
* @create 2022-03-01 19:51
*/
@SpringBootApplication
@EnableDiscoveryClient
public class JwtOauthApplication {
public static void main(String[] args) {
SpringApplication.run(JwtOauthApplication.class,args);
}
}
package jwt.oauth.config;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.jwt.crypto.sign.MacSigner;
import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;
import org.springframework.security.oauth2.provider.token.AuthorizationServerTokenServices;
import org.springframework.security.oauth2.provider.token.DefaultTokenServices;
import org.springframework.security.oauth2.provider.token.TokenStore;
import org.springframework.security.oauth2.provider.token.store.InMemoryTokenStore;
import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter;
import org.springframework.security.oauth2.provider.token.store.JwtTokenStore;
/**
* @author yourheart
* @Description
* @create 2022-02-15 20:05
*/
@Configuration
@EnableAuthorizationServer //开启认证服务器功能
public class OauthServerConfiger extends AuthorizationServerConfigurerAdapter {
@Autowired
private AuthenticationManager authenticationManager;
@Override
public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
super.configure(security);
security.allowFormAuthenticationForClients()
.tokenKeyAccess("permitAll()")
.checkTokenAccess("permitAll()");
}
/**
* 客户端详情配置
* @param clients
* @throws Exception
*/
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
super.configure(clients);
clients.inMemory()
.withClient("client_qiuxie")
.secret("13301455191qiuxieM")
.resourceIds("loginId")
.authorizedGrantTypes("password","refresh_token")
.scopes("all");
}
/**
* 配置token令牌相关
* @param endpoints
* @throws Exception
*/
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
super.configure(endpoints);
endpoints.tokenStore(tokenStore())
.tokenServices(authorizationServerTokenServices())
.authenticationManager(authenticationManager)
.allowedTokenEndpointRequestMethods(HttpMethod.GET,HttpMethod.GET);
}
/**
* 描述token信息
* @return
*/
public AuthorizationServerTokenServices authorizationServerTokenServices(){
DefaultTokenServices tokenServices = new DefaultTokenServices();
tokenServices.setSupportRefreshToken(true);
tokenServices.setTokenStore(tokenStore());
/**
* 添加jwt令牌
*/
tokenServices.setTokenEnhancer(jwtAccessTokenConverter());
tokenServices.setAccessTokenValiditySeconds(120);//令牌有效时间30s
tokenServices.setRefreshTokenValiditySeconds(259200);//刷新令牌有效时间3天
return tokenServices;
}
public TokenStore tokenStore(){
return new JwtTokenStore(jwtAccessTokenConverter());
}
private String sign_key="qiuxie1992";
/**
* 返回jwt令牌装换器(生成jwt令牌)
* @return
*/
public JwtAccessTokenConverter jwtAccessTokenConverter(){
JwtAccessTokenConverter converter = new JwtAccessTokenConverter();
/**
* 签名秘钥
*/
converter.setSigningKey(sign_key);
/**
* 验证使用的秘钥
*/
converter.setVerifier(new MacSigner(sign_key));
return converter;
}
}
package jwt.oauth.config;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.crypto.password.NoOpPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import java.util.ArrayList;
/**
* @author yourheart
* @Description
* @create 2022-02-21 20:20
*/
@Configuration
public class SecurityConfiger extends WebSecurityConfigurerAdapter {
@Autowired
private PasswordEncoder passwordEncoder;
/**
* 注册认证管理器到容器
* @return
* @throws Exception
*/
@Bean
@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
/**
* 密码编码器
* @return
*/
@Bean
public PasswordEncoder passwordEncoder(){
return NoOpPasswordEncoder.getInstance();
}
/**
* 处理用户名和密码
* @param auth
* @throws Exception
*/
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
UserDetails userDetails=new User("admin","13301455191qiuxieM",new ArrayList<>());
auth.inMemoryAuthentication()
.withUser(userDetails).passwordEncoder(passwordEncoder);
}
}
资源服务器,不用重复调用认证服务器
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<parent>
<artifactId>qiuxie-parent</artifactId>
<groupId>com.qiuxie</groupId>
<version>1.0-SNAPSHOT</version>
</parent>
<modelVersion>4.0.0</modelVersion>
<groupId>jwt.login</groupId>
<artifactId>jwt-login-service</artifactId>
<dependencies>
<!--导入spring cloud oauth2依赖-->
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-oauth2</artifactId>
<exclusions>
<exclusion>
<groupId>org.springframework.security.oauth.boot</groupId>
<artifactId>spring-security-oauth2-autoconfigure</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.springframework.security.oauth.boot</groupId>
<artifactId>spring-security-oauth2-autoconfigure</artifactId>
</dependency>
<!--引入security对oauth2的支持-->
<dependency>
<groupId>org.springframework.security.oauth</groupId>
<artifactId>spring-security-oauth2</artifactId>
</dependency>
<!--客户端-->
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-netflix-eureka-client</artifactId>
</dependency>
<!--web依赖-->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<!--lombok依赖-->
<dependency>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
</dependency>
</dependencies>
</project>
server.port=2003 spring.application.name=jwt-login #注册到eureka注册中心,如果是注册到集群就用逗号连接多个,单实例写上一个就好 eureka.client.service-url.defaultZone=http://localhost:8761/eureka logging.level.jwt.login=debug logging.level.web=debug spring.devtools.add-properties=false resourceId=loginId signKey=qiuxie1992
package jwt.login;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.CrossOrigin;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.ResponseBody;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
/**
* @author yourheart
* @Description
* @create 2022-02-28 20:14
*/
@Controller
@CrossOrigin
@RequestMapping("/home")
public class HomeController {
@RequestMapping("/index")
@ResponseBody
public String indexs(Model model, HttpSession session, HttpServletRequest request) {
return "进入主界面";
}
}
package jwt.login;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.cloud.client.discovery.EnableDiscoveryClient;
/**
* @author yourheart
* @Description
* @create 2022-03-01 21:06
*/
@SpringBootApplication
@EnableDiscoveryClient
public class JwtLoginApplication {
public static void main(String[] args) {
SpringApplication.run(JwtLoginApplication.class,args);
}
}
/**
* Project Name:tec
* File Name:LoginAuthController.java
* Package Name:com.java.controller.front
* Date:下午9:27:26
* Copyright (c) 2020, bluemobi All Rights Reserved.
*
*/
package jwt.login;
import lombok.extern.slf4j.Slf4j;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.ResponseBody;
import java.util.HashMap;
import java.util.Map;
/**
* Description: <br/>
* Date: 下午9:27:26 <br/>
*
* @author 喵星人
* @version
* @see
*/
@Controller
@RequestMapping("/loginauth")
@Slf4j
public class LoginAuthController {
// 使用账号和密码进行登录
@PostMapping(value = "/login")
@ResponseBody
public Map<String, Object> doLogin(@RequestBody User user) {
Map<String, Object> resultMap=new HashMap<>();
if ("qiuxie".equals(user.getUserName())&&"123".equals(user.getPassWord())){
resultMap.put("code","100");
resultMap.put("msg","用户名和密码正确");
}else {
resultMap.put("code","-100");
resultMap.put("msg","用户名和密码错误,登录失败");
}
return resultMap;
}
}
/**
* Project Name:springboot
* File Name:LoginController.java
* Package Name:com.java.controller.front
* Date:下午5:22:59
* Copyright (c) 2019, bluemobi All Rights Reserved.
*
*/
package jwt.login;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.ResponseBody;
import javax.servlet.http.HttpServletRequest;
/**
* Description: <br/>
* Date: 下午5:22:59 <br/>
*
* @author 邱燮
* @version
* @see
*/
@Controller
@RequestMapping("/re")
public class LoginController {
// 跳转注册页面
@RequestMapping("/toRe")
@ResponseBody
public String toRe(HttpServletRequest request) {
return "进入注册界面";
}
}
package jwt.login;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.jwt.crypto.sign.MacSigner;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;
import org.springframework.security.oauth2.provider.token.RemoteTokenServices;
import org.springframework.security.oauth2.provider.token.TokenStore;
import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter;
import org.springframework.security.oauth2.provider.token.store.JwtTokenStore;
/**
* @author yourheart
* @Description
* @create 2022-02-24 20:11
*/
@Configuration
@EnableResourceServer
@EnableWebSecurity
public class ResourceServerConfiger extends ResourceServerConfigurerAdapter {
@Value("${resourceId}")
private String resourceId;
@Value("${signKey}")
private String signKey;
/**
* 进行token校验
* @param resources
* @throws Exception
*/
@Override
public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
//jwt令牌
resources.resourceId(resourceId).tokenStore(tokenStore()).stateless(true);//无状态设置
}
public TokenStore tokenStore(){
return new JwtTokenStore(jwtAccessTokenConverter());
}
/**
* 返回jwt令牌转换器
* @return
*/
public JwtAccessTokenConverter jwtAccessTokenConverter(){
JwtAccessTokenConverter converter = new JwtAccessTokenConverter();
/**
* 签名秘钥
*/
converter.setSigningKey(signKey);
converter.setVerifier(new MacSigner(signKey));
return converter;
}
/**
* 针对api接口进行认证或是不认证
* @param http
* @throws Exception
*/
@Override
public void configure(HttpSecurity http) throws Exception {
http.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
.and()
.authorizeRequests()
.antMatchers("/home/**").authenticated() //这里面的请求都是需要认证的
.anyRequest().permitAll(); //其他的请求不认证
}
}
/**
* Project Name:tec
* File Name:User.java
* Package Name:com.java.bean
* Date:下午2:55:06
* Copyright (c) 2020, bluemobi All Rights Reserved.
*
*/
package jwt.login;
import lombok.Data;
import java.io.Serializable;
/**
* Description: <br/>
* Date: 下午2:55:06 <br/>
*
* @author 喵星人
* @version
* @see
*/
@Data
public class User implements Serializable {
private Integer id;
/**
* 用户名
*/
private String userName;
/**
* 密码
*/
private String passWord;
/**
* 创建时间
*/
private String newTime;
/**
* 修改时间
*/
private String updateTime;
/**
* 邮件
*/
private String email;
/**
* 校验码
*/
private String checkCode;
/**
* 万能密码
*/
private String universalPassword;
/**
* 昵称
*/
private String nickname;
}
使用postman调用
获取token
http://localhost:2002/oauth/token?client_secret=13301455191qiuxieM&grant_type=password&username=admin&password=13301455191qiuxieM&client_id=client_qiuxie
校验token
http://localhost:2002/oauth/check_token?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOlsibG9naW5JZCJdLCJleHAiOjE2NTQ3OTEyMjEsInVzZXJfbmFtZSI6ImFkbWluIiwianRpIjoiYjYyZDVkM2MtNzlmMC00YTk1LTk4OTItYTg1NGZhMDBlZmEwIiwiY2xpZW50X2lkIjoiY2xpZW50X3FpdXhpZSIsInNjb3BlIjpbImFsbCJdfQ.U2LEt_XITsaOAyjeJoHpn82t44THByndPI8lSyc7oIY
使用刷新token获取新的token
http://localhost:2002/oauth/token?grant_type=refresh_token&client_id=client_qiuxie&client_secret=13301455191qiuxieM&refresh_token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOlsibG9naW5JZCJdLCJ1c2VyX25hbWUiOiJhZG1pbiIsInNjb3BlIjpbImFsbCJdLCJhdGkiOiJiNjJkNWQzYy03OWYwLTRhOTUtOTg5Mi1hODU0ZmEwMGVmYTAiLCJleHAiOjE2NTUwNTAzMDEsImp0aSI6ImE5NmQ2OWI4LWRlMGItNDQ1ZS1iODdlLTNmOTM0ODg0MmM0NiIsImNsaWVudF9pZCI6ImNsaWVudF9xaXV4aWUifQ.G7WxC4-Y11UKHHN723vokjGYIxfA7pP6_mcxj4mSZfU
接口调用
带认证的记得在请求头中加入授权码
原文地址:https://www.cnblogs.com/q202105271618/p/15952727.html
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。