import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Primary;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;
import org.springframework.security.oauth2.provider.token.RemoteTokenServices;
import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;
/**
* 资源服务配置
*
* @author Canaan
* @date 2018/10/29 14:57
*/
@Configuration
@EnableResourceServer
public class ResourceServerConfiguration extends ResourceServerConfigurerAdapter {
@Autowired
private LogoutSuccessHandler logoutSuccessHandler;
@Autowired
private AuthenticationEntryPoint denialAuthenticationEntryPoint;
@Primary
@Bean
public RemoteTokenServices tokenServices() {
final RemoteTokenServices tokenService = new RemoteTokenServices();
tokenService.setCheckTokenEndpointUrl("http://localhost:8080/oauth/check_token");
tokenService.setClientId("risk");
tokenService.setClientSecret("risk123456");
return tokenService;
}
@Override
public void configure(HttpSecurity http) throws Exception {
http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED);
http.csrf().disable();
http.exceptionHandling()
.authenticationEntryPoint(denialAuthenticationEntryPoint);
http.logout().logoutUrl("/oauth/logout")
.logoutSuccessHandler(this.logoutSuccessHandler);
http.authorizeRequests()
.anyRequest().authenticated();
}
@Override
public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
resources.resourceId("risk").stateless(true);
}
}
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.stereotype.Component;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
/**
* @author Canaan
* @date 2018/10/26 18:04
*/
@Component
public class DenialAuthenticationEntryPoint implements AuthenticationEntryPoint {
private final Logger logger = LoggerFactory.getLogger(DenialAuthenticationEntryPoint.class);
@Override
public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException e) throws IOException, ServletException {
logger.info("拒绝访问!!!");
response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Access Denied");
}
}
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.Authentication;
import org.springframework.security.oauth2.common.OAuth2AccessToken;
import org.springframework.security.oauth2.provider.token.TokenStore;
import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;
import org.springframework.stereotype.Component;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.Optional;
/**
* @author Canaan
* @date 2018/10/29 15:18
*/
@Component
public class MyLogoutSuccessHandle implements LogoutSuccessHandler {
private final Logger logger = LoggerFactory.getLogger(MyLogoutSuccessHandle.class);
@Autowired
private TokenStore tokenStore;
@Override
public void onLogoutSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException {
Optional<OAuth2AccessToken> tokenOptional = getToken(request);
if (!tokenOptional.isPresent()) {
logger.error("access token 获取失败");
return;
}
tokenStore.removeAccessToken(tokenOptional.get());
logger.debug("成功退出");
}
private Optional<OAuth2AccessToken> getToken(HttpServletRequest request) {
//从参数中获取
String token = request.getParameter("access_token");
if (StringUtils.isNotBlank(token)) {
OAuth2AccessToken oAuth2AccessToken = this.tokenStore.readAccessToken(token.trim());
if (oAuth2AccessToken != null) {
return Optional.of(oAuth2AccessToken);
}
}
//从头部中获取
token = request.getHeader("authorization");
if (StringUtils.isBlank(token)) {
return Optional.empty();
}
String[] arr = StringUtils.split(token, " ");
if (arr == null || arr.length != 2) {
return Optional.empty();
}
token = arr[1];
OAuth2AccessToken oAuth2AccessToken = this.tokenStore.readAccessToken(token.trim());
return Optional.ofNullable(oAuth2AccessToken);
}
}