前面oauth2 server设置好了,登录oauth2 server正常,但另外建一个oauth2 client 总是不能登录认证,网上说是spring boot 2 中去除了@EnableOAuth2Sso注解,今天终于找到适合我的spring boot 2.11的oauth2 client,实现了客户端认证。
1.新建spring start project 项目,我命名为microservice-oauth2-client-8805
2.pom.xml,上全文吧
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.1.1.RELEASE</version>
<relativePath/> <!-- lookup parent from repository -->
</parent>
<groupId>com.linbsoft</groupId>
<artifactId>microservice-oauth2-client-8805</artifactId>
<version>0.0.1-SNAPSHOT</version>
<name>microservice-oauth2-client-8805</name>
<description>Demo project for Spring Boot microservice-oauth2-client-8805</description>
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
<java.version>1.8</java.version>
<spring-cloud.version>Greenwich.M3</spring-cloud.version><!-- Finchley.M8 -->
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-netflix-eureka-client</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-config</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-oauth2-client</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-oauth2-jose</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.security.oauth</groupId>
<artifactId>spring-security-oauth2</artifactId>
<version>2.3.3.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
</dependencies>
<dependencyManagement>
<dependencies>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-dependencies</artifactId>
<version>${spring-cloud.version}</version>
<type>pom</type>
<scope>import</scope>
</dependency>
</dependencies>
</dependencyManagement>
<repositories>
<repository>
<id>spring-milestones</id>
<name>Spring Milestones</name>
<url>https://repo.spring.io/milestone</url>
<snapshots>
<enabled>false</enabled>
</snapshots>
</repository>
</repositories>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
</plugins>
</build>
</project>
3. application.peoperties
server.port: 8805
spring.application.name=MicroserviceOauth2Client8805
spring.cloud.discovery.enabled=true
eureka.client.serviceUrl.defaultZone=http://admin:[email protected]:8101/eureka/,http://admin:[email protected]:8102/eureka/
# logging.level.root= debug
spring.security.oauth2.client.registration.my-client-1.client-id=admin
spring.security.oauth2.client.registration.my-client-1.client-secret=123456
spring.security.oauth2.client.registration.my-client-1.client-name=admin
spring.security.oauth2.client.registration.my-client-1.scope=read
spring.security.oauth2.client.registration.my-client-1.redirect-uri=http://microservice1.linbsoft.com:8805/login/oauth2/code/callback
spring.security.oauth2.client.registration.my-client-1.client-authentication-method=basic
spring.security.oauth2.client.registration.my-client-1.authorization-grant-type=authorization_code
spring.security.oauth2.client.registration.my-client-1.provider=my-oauth-provider
spring.security.oauth2.client.provider.my-oauth-provider.authorization-uri=http://centos7.linbsoft.com:8301/oauth/authorize
spring.security.oauth2.client.provider.my-oauth-provider.token-uri=http://centos7.linbsoft.com:8301/oauth/token
spring.security.oauth2.client.provider.my-oauth-provider.user-info-uri=http://centos7.linbsoft.com:8301/user
spring.security.oauth2.client.provider.my-oauth-provider.user-name-attribute=name
这里要注意的是redirect-uri 和 oauth2 server不要相同域名,这个后面会说到为什么
4. 创建测试资源 ExampleController类
@RestController
public class ExampleController {
@RequestMapping("/")
public String email(Principal principal) {
return "Hello " + principal.getName();
}
@RequestMapping("/hello")
public String emailaa(Principal principal) {
return "Hello1 " + principal.getName();
}
}
5.修改 oauth2 server 增加对这个网站的回地址注册
在这个public void configure(ClientDetailsServiceConfigurer clients) 里
clients.inMemory()
.withClient("admin")
.scopes("read")
.secret(new BCryptPasswordEncoder().encode("123456"))
.redirectUris("http://centos7.linbsoft.com:8301","http://microservice1.linbsoft.com:8805/login/oauth2/code/callback")
.authorizedGrantTypes("password", "authorization_code", "refresh_token")
加入了http://microservice1.linbsoft.com:8805/login/oauth2/code/callback
6. 测试
结果出错了,提示[authorization_request_not_found]
后来看到网友文章说是定位到session=null,有个说法是因为oauth2客户端和服务端以都在同一个服务器地址,都在同一个浏览器,网友的原话是【这些错误意味着没有找到授权请求。 authorization request存储在会话中,所以一些会话没有被存储。 默认情况下会话由cookie管理。所以我认为这可能是因为你正在本地主机上运行所有东西,所以第一个cookie由localhost:8080设置以存储授权请求会话数据,并且当你登录到localhost:8081时,它将为其会话设置另一个cookie。】
怎么解决呢,想到的是把oauth2客户端和服务端的域名区分开来,因此,虽然在同一个ip,但设置两个域名:
192.168.49.141 centos7.linbsoft.com
192.168.49.141 microservice1.linbsoft.com
然后,oauth2 server 按部署在centos7.linbsoft.com:8301使用,而oauth2 client 按部署在microservice1.linbsoft.com:8805上使用,果然正常了。
oauth2客户端顺利登录oauth2服务器认证后访问客户端保护资源