首先实现一个认证服务,基于之前的consul多模块服务架构,添加一个认证服务模块authservice。
1、添加maven依赖
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-consul-discovery</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-actuator</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-oauth2</artifactId>
</dependency>
<dependency>
<groupId>com.baomidou</groupId>
<artifactId>mybatis-plus-boot-starter</artifactId>
<version>3.2.0</version>
</dependency>
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-lang3</artifactId>
<version>3.9</version>
</dependency>
<dependency>
<groupId>com.example.consul</groupId>
<artifactId>common</artifactId>
<version>0.0.1-SNAPSHOT</version>
</dependency>
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
</dependency>
<dependency>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
<optional>true</optional>
</dependency>
2、认证服务
/**
* AuthorizationServerConfigurerAdapter是Spring Security核心部分,
* 提供了执行验证和授权功能的基本机制
* 该服务作为OAuth2服务,并添加几个rest端点,在OAuth2验证和授权中使用
*/
@Configuration
@EnableAuthorizationServer
public class AuthorizationServerConfiguration extends AuthorizationServerConfigurerAdapter {
@Autowired
DataSource dataSource;
@Autowired
AuthenticationManager authenticationManager;
@Autowired
UserDetailsService userDetailsService;
@Autowired
@Qualifier("jwtTokenStore")
private TokenStore tokenStore;
@Resource
private JwtAccessTokenConverter jwtAccessTokenConverter;
@Bean
public ClientDetailsService jdbcClientDetails() {
return new JdbcClientDetailsService(dataSource);
}
/**
* 定义哪些客户端将注册到服务,
* ClientDetailsServiceConfigurer支持内存存储和JDBC存储
* 这里从数据库读取客户端
* @param clients
* @throws Exception
*/
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients.withClientDetails(jdbcClientDetails());
}
/**
* 使用Spring提供的默认验证管理器和用户详细信息服务
* @param endpoints
* @throws Exception
*/
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
endpoints.authenticationManager(authenticationManager)
.userDetailsService(userDetailsService)
.tokenStore(tokenStore)
.accessTokenConverter(jwtAccessTokenConverter);
}
@Override
public void configure(AuthorizationServerSecurityConfigurer oauthServer) throws Exception {
oauthServer
.allowFormAuthenticationForClients()
.tokenKeyAccess("permitAll()")
.checkTokenAccess("isAuthenticated()")
.passwordEncoder(new BCryptPasswordEncoder());
}
}
3、 JWTToken配置
@Configuration
public class JwtTokenStoreConfig {
@Autowired
private JWTConfig jwtConfig;
@Bean
public TokenStore jwtTokenStore() {
return new JwtTokenStore(jwtAccessTokenConverter());
}
@Bean
public JwtAccessTokenConverter jwtAccessTokenConverter() {
JwtAccessTokenConverter converter = new JwtAccessTokenConverter();
converter.setSigningKey(jwtConfig.getSigningKey());
return converter;
}
}
JWTConfig类:
@Configuration
@ConfigurationProperties(prefix = "jwt")
public class JWTConfig {
private String signingKey;
public String getSigningKey() {
return signingKey;
}
public void setSigningKey(String signingKey) {
this.signingKey = signingKey;
}
}
properties配置文件中添加如下键值对:
jwt.signingKey=4567abcdefg1234
4、配置文件
server:
port: 9090
spring:
application:
name: authservice
datasource:
driver-class-name: com.mysql.jdbc.Driver
url: jdbc:mysql://localhost:3306/springcloud?useUnicode=true&characterEncoding=utf8&useSSL=false&zeroDateTimeBehavior=convertToNull
password: root
username: root
cloud:
consul:
host: localhost
port: 8500
discovery:
service-name: authservice
5、数据库表
新建一个表oauth_client_detail,添加数据client,密码为admin,通过BCryptPasswordEncoder加密后存到数据库
