Spring?Cloud?oauth2?認(rèn)證服務(wù)搭建過程示例

更新時(shí)間：2022年06月28日 10:24:55 作者：百里有聲

這篇文章主要為大家介紹了Spring?Cloud?oauth2?認(rèn)證服務(wù)搭建過程示例詳解，有需要的朋友可以借鑒參考下，希望能夠有所幫助，祝大家多多進(jìn)步，早日升職加薪

安裝httpie

安裝httpie 需要 python 環(huán)境

pip install --upgrade httpie

進(jìn)入D:\Project目錄，在此目錄下打開CMD，調(diào)用httpie,創(chuàng)建 oauth2 項(xiàng)目

http -d https://start.spring.io/starter.zip javaVersion==17 groupId==com.my.demo artifactId==oauthService name==oauth-service baseDir==oauth-service bootVersion==2.6.6.RELEASE dependencies==cloud-starter

將生成的oauthService.zip解壓縮到當(dāng)前目錄，然后進(jìn)入到oauth-service文件夾

導(dǎo)入數(shù)據(jù)庫腳本

CREATE DATABASE IF NOT EXISTS `oauth2`;
USE `oauth2`;
CREATE TABLE IF NOT EXISTS `oauth_access_token` (
  `token_id` varchar(256) DEFAULT NULL,
  `token` blob,
  `authentication_id` varchar(128) NOT NULL,
  `user_name` varchar(256) DEFAULT NULL,
  `client_id` varchar(256) DEFAULT NULL,
  `authentication` blob,
  `refresh_token` varchar(256) DEFAULT NULL,
  PRIMARY KEY (`authentication_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb3;
CREATE TABLE IF NOT EXISTS `oauth_approvals` (
  `userId` varchar(256) DEFAULT NULL,
  `clientId` varchar(256) DEFAULT NULL,
  `scope` varchar(256) DEFAULT NULL,
  `status` varchar(10) DEFAULT NULL,
  `expiresAt` datetime DEFAULT NULL,
  `lastModifiedAt` datetime DEFAULT NULL
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb3;
CREATE TABLE IF NOT EXISTS `oauth_client_details` (
  `client_id` varchar(128) NOT NULL,
  `resource_ids` varchar(256) DEFAULT NULL,
  `client_secret` varchar(256) DEFAULT NULL,
  `scope` varchar(256) DEFAULT NULL,
  `authorized_grant_types` varchar(256) DEFAULT NULL,
  `web_server_redirect_uri` varchar(256) DEFAULT NULL,
  `authorities` varchar(256) DEFAULT NULL,
  `access_token_validity` int DEFAULT NULL,
  `refresh_token_validity` int DEFAULT NULL,
  `additional_information` varchar(4096) DEFAULT NULL,
  `autoapprove` varchar(256) DEFAULT NULL,
  PRIMARY KEY (`client_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb3;
CREATE TABLE IF NOT EXISTS `oauth_client_token` (
  `token_id` varchar(256) DEFAULT NULL,
  `token` blob,
  `authentication_id` varchar(128) NOT NULL,
  `user_name` varchar(256) DEFAULT NULL,
  `client_id` varchar(256) DEFAULT NULL,
  PRIMARY KEY (`authentication_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb3;
CREATE TABLE IF NOT EXISTS `oauth_code` (
  `code` varchar(256) DEFAULT NULL,
  `authentication` blob
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb3;
CREATE TABLE IF NOT EXISTS `oauth_refresh_token` (
  `token_id` varchar(256) DEFAULT NULL,
  `token` blob,
  `authentication` blob
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb3;
CREATE TABLE IF NOT EXISTS `rbac_role` (
  `id` int NOT NULL AUTO_INCREMENT,
  `name` varchar(100) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL,
  PRIMARY KEY (`id`)
) ENGINE=InnoDB AUTO_INCREMENT=2 DEFAULT CHARSET=utf8mb3;
CREATE TABLE IF NOT EXISTS `rbac_user` (
  `id` int NOT NULL AUTO_INCREMENT,
  `username` varchar(100) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL,
  `password` varchar(255) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL,
  `phone` varchar(11) CHARACTER SET utf8 COLLATE utf8_general_ci DEFAULT NULL,
  `email` varchar(255) CHARACTER SET utf8 COLLATE utf8_general_ci DEFAULT NULL,
  `create_time` datetime NOT NULL,
  `isactive` smallint DEFAULT NULL,
  PRIMARY KEY (`id`)
) ENGINE=InnoDB AUTO_INCREMENT=4 DEFAULT CHARSET=utf8mb3;
CREATE TABLE IF NOT EXISTS `rbac_user_role` (
  `user_id` int NOT NULL,
  `role_id` int NOT NULL,
  KEY `user_id_fk` (`user_id`) USING BTREE,
  KEY `role_id_fk` (`role_id`) USING BTREE,
  CONSTRAINT `rbac_user_role_ibfk_1` FOREIGN KEY (`role_id`) REFERENCES `rbac_role` (`id`) ON DELETE RESTRICT ON UPDATE RESTRICT,
  CONSTRAINT `rbac_user_role_ibfk_2` FOREIGN KEY (`user_id`) REFERENCES `rbac_user` (`id`) ON DELETE RESTRICT ON UPDATE RESTRICT
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb3;
INSERT INTO `oauth_client_details` (`client_id`, `resource_ids`, `client_secret`, `scope`, `authorized_grant_types`, `web_server_redirect_uri`, `authorities`, `access_token_validity`, `refresh_token_validity`, `additional_information`, `autoapprove`) VALUES
	('client', NULL, '{noop}123456', 'server', 'password,refresh_token', '', 'oauth2', NULL, NULL, NULL, NULL),
	('client_01', NULL, '{noop}123456', 'all', 'authorization_code,implicit', '', 'oauth2', NULL, NULL, NULL, NULL);
INSERT INTO `rbac_role` (`id`, `name`) VALUES
	(1, 'USER');
INSERT INTO `rbac_user` (`id`, `username`, `password`, `phone`, `email`, `create_time`, `isactive`) VALUES
	(1, 'user_1', '{noop}123456', NULL, NULL, '2021-09-08 11:21:43', 0),
	(2, 'user_2', '{noop}123456', NULL, NULL, '2021-09-08 11:22:21', 1),
	(3, 'Test', '{noop}123456', NULL, NULL, '2021-09-08 14:15:51', 1);
INSERT INTO `rbac_user_role` (`user_id`, `role_id`) VALUES
	(1, 1),
	(2, 1),
	(3, 1);

可見 user_1的 isactive 為 0,用戶的密碼都是 {noop}123456 的明文方式

sts中導(dǎo)入項(xiàng)目

修改 POM文件

添加引用 javax.xml.bind等等一堆庫是為解決springSecurityFilterChain的編譯錯(cuò)誤

POM文件

修改配置文件

修改 application.properties 配置文件

server.port=8509
spring.application.name=oauth-service
spring.redis.database=0  
spring.redis.host=127.0.0.1
spring.redis.port=6379 
spring.redis.password=
spring.redis.timeout=2000
spring.datasource.driver-class-name=com.mysql.cj.jdbc.Driver
spring.datasource.url=jdbc:mysql://127.0.0.1:3306/oauth2?serverTimezone=GMT%2B8&useSSL=false
spring.datasource.username=root
spring.datasource.password=

修改主類文件

主類文件夾下建立 config, service 兩個(gè)文件夾

config下添加兩個(gè)配置文件(WebSecurityConfig.java,AuthorizationServerConfig.java)，service目錄下添加Redis緩存Token實(shí)現(xiàn)(RedisTokenStoreService)

如果想用bcrypt編碼則所有的數(shù)據(jù)庫端的密碼都保存成

{bcrypt}$2a$10$l4Su6LU.w.HIgpHXn31Hc.1VKbkv7.EY.P7VDzJxyImrZEMDW3Hkq

同時(shí)修改AuthorizationServerConfig.java 文件

    @Autowired
    private PasswordEncoder passwordEncoder;
    @Bean
    public ClientDetailsService clientDetails() {
        JdbcClientDetailsService jdbcClientDetailsService = new JdbcClientDetailsService(dataSource);
        jdbcClientDetailsService.setPasswordEncoder(passwordEncoder);
        return jdbcClientDetailsService;
    }