上一篇文章介绍了oauth2-server端的鉴权认证部分,想了下还是将三个组件分开来讲述下,因为实际场景大概都是server,resource,client分开部署的。
这篇文章介绍下oauth2-resource端的使用。(本案例使用远程token鉴权的方式,数据库的鉴权方式我个人感觉并不是很好,此文不做阐述)
1.构建一个简单的maven项目
2.在项目中增加spring-boot和security及oauth的依赖支持
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>cn.majingjing.tm.oauth2</groupId>
<artifactId>tm-oauth-resource</artifactId>
<version>1.0-SNAPSHOT</version>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>1.3.7.RELEASE</version>
</parent>
<dependencyManagement>
<dependencies>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-dependencies</artifactId>
<version>Brixton.SR5</version>
<type>pom</type>
<scope>import</scope>
</dependency>
</dependencies>
</dependencyManagement>
<dependencies>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-oauth2</artifactId>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<configuration>
<source>1.8</source>
<target>1.8</target>
</configuration>
</plugin>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
</plugins>
</build>
</project>3.配置服务参数及鉴权服务地址
server.port=8081
security.basic.enabled=false
security.oauth2.resource.id=tm-oauth-resource
security.oauth2.resource.token-info-uri=http://localhost:8080/oauth/check_token
logging.level.root=debug4.在主启动类上启用资源服务注解
@SpringBootApplication
@EnableResourceServer
public class ResourceApplication {
public static void main(String[] args) {
SpringApplication.run(ResourceApplication.class, args);
}
}5.编写对外提供的资源服务
@RestController
public class TmResourceController {
private static final Logger log = LoggerFactory.getLogger(TmResourceController.class);
@RequestMapping("/api/test1")
public Object test1() {
log.info("访问test---1---接口");
Map<String, Object> m = new HashMap<>();
m.put("method", "test1");
m.put("time", new SimpleDateFormat("yyyy-MM-dd HH:mm:ss").format(new Date()));
return m;
}
@RequestMapping("/api/user")
public Object user() {
log.info("访问user---user---接口");
Map<String, Object> m = new HashMap<>();
m.put("method", "user");
m.put("name", "皇太极");
m.put("age", 18);
m.put("sex", "男");
m.put("time", new SimpleDateFormat("yyyy-MM-dd HH:mm:ss").format(new Date()));
return m;
}
}6.添加资源的请求认证,及认证方式
@Configuration
public class TmResourceServerConfig extends ResourceServerConfigurerAdapter {
@Autowired
private ResourceServerProperties props;
@Override
public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
resources.resourceId(props.getResourceId());
}
@Override
public void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().antMatchers(HttpMethod.GET, "/api/user").authenticated();
}
@Bean
public RemoteTokenServices remoteTokenServices() {
RemoteTokenServices remoteTokenServices = new RemoteTokenServices();
remoteTokenServices.setCheckTokenEndpointUrl(props.getTokenInfoUri());
return remoteTokenServices;
}
}7.自定义security的配置(可自行扩展,此处省略)
@Configuration
public class TmWebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
super.configure(http);
}
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring().antMatchers("/favor.ico");
}
}8.启动服务,浏览器分别访问
http://localhost:8081/api/test1
http://localhost:8081/api/user
可以看到/api/user 服务已经提示未认证需要授权访问
到此oauth2-resource端服务已经搭建完成。后续会加入oauth2-client来对这个api进行验证