上一篇文章介绍了oauth2-server端的鉴权认证部分,想了下还是将三个组件分开来讲述下,因为实际场景大概都是server,resource,client分开部署的。
这篇文章介绍下oauth2-resource端的使用。(本案例使用远程token鉴权的方式,数据库的鉴权方式我个人感觉并不是很好,此文不做阐述)
资源服务器配置项目搭建:1.构建一个简单的maven项目
2.在项目中增加spring-boot和security及oauth的依赖支持
<?xml version="1.0" encoding="UTF-8"?> <project xmlns="http://maven./POM/4.0.0" xmlns:xsi="http://www./2001/XMLSchema-instance" xsi:schemaLocation="http://maven./POM/4.0.0 http://maven./xsd/maven-4.0.0.xsd"> <modelVersion>4.0.0</modelVersion>
<groupId>cn.majingjing.tm.oauth2</groupId> <artifactId>tm-oauth-resource</artifactId> <version>1.0-SNAPSHOT</version>
<parent> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-parent</artifactId> <version>1.3.7.RELEASE</version> </parent> <dependencyManagement> <dependencies> <dependency> <groupId>org.springframework.cloud</groupId> <artifactId>spring-cloud-dependencies</artifactId> <version>Brixton.SR5</version> <type>pom</type> <scope>import</scope> </dependency> </dependencies> </dependencyManagement>
<dependencies>
<dependency> <groupId>org.springframework.cloud</groupId> <artifactId>spring-cloud-starter-security</artifactId> </dependency>
<dependency> <groupId>org.springframework.cloud</groupId> <artifactId>spring-cloud-starter-oauth2</artifactId> </dependency>
</dependencies>
<build> <plugins> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-compiler-plugin</artifactId> <configuration> <source>1.8</source> <target>1.8</target> </configuration> </plugin>
<plugin> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-maven-plugin</artifactId> </plugin>
</plugins> </build>
</project>
3.配置服务参数及鉴权服务地址
server.port=8081 security.basic.enabled=false security.oauth2.resource.id=tm-oauth-resource security.oauth2.resource.token-info-uri=http://localhost:8080/oauth/check_token
logging.level.root=debug
4.在主启动类上启用资源服务注解
@SpringBootApplication @EnableResourceServer public class ResourceApplication { public static void main(String[] args) { SpringApplication.run(ResourceApplication.class, args); }
}
5.编写对外提供的资源服务
@RestController public class TmResourceController { private static final Logger log = LoggerFactory.getLogger(TmResourceController.class);
@RequestMapping("/api/test1") public Object test1() { log.info("访问test---1---接口"); Map<String, Object> m = new HashMap<>(); m.put("method", "test1"); m.put("time", new SimpleDateFormat("yyyy-MM-dd HH:mm:ss").format(new Date())); return m; }
@RequestMapping("/api/user") public Object user() { log.info("访问user---user---接口");
Map<String, Object> m = new HashMap<>(); m.put("method", "user"); m.put("name", "皇太极"); m.put("age", 18); m.put("sex", "男"); m.put("time", new SimpleDateFormat("yyyy-MM-dd HH:mm:ss").format(new Date())); return m; }
}
6.添加资源的请求认证,及认证方式
@Configuration public class TmResourceServerConfig extends ResourceServerConfigurerAdapter {
@Autowired private ResourceServerProperties props;
@Override public void configure(ResourceServerSecurityConfigurer resources) throws Exception { resources.resourceId(props.getResourceId()); }
@Override public void configure(HttpSecurity http) throws Exception { http.authorizeRequests().antMatchers(HttpMethod.GET, "/api/user").authenticated(); }
@Bean public RemoteTokenServices remoteTokenServices() { RemoteTokenServices remoteTokenServices = new RemoteTokenServices(); remoteTokenServices.setCheckTokenEndpointUrl(props.getTokenInfoUri()); return remoteTokenServices; }
}
7.自定义security的配置(可自行扩展,此处省略)
@Configuration public class TmWebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override protected void configure(HttpSecurity http) throws Exception { super.configure(http); }
@Override public void configure(WebSecurity web) throws Exception { web.ignoring().antMatchers("/favor.ico"); } }
8.启动服务,浏览器分别访问
http://localhost:8081/api/test1
http://localhost:8081/api/user
可以看到/api/user 服务已经提示未认证需要授权访问
到此oauth2-resource端服务已经搭建完成。后续会加入oauth2-client来对这个api进行验证
|