我们有受Oauth2客户端凭据方案保护的REST服务。资源和授权服务在同一应用程序中运行,但可以拆分为不同的应用程序。
@Configurationpublic class SecurityConfig {@Configuration@EnableResourceServerprotected static class ResourceServer extends ResourceServerConfigurerAdapter { // Identifies this resource server. Usefull if the AuthorisationServer authorises multiple Resource servers private static final String RESOURCE_ID = "*****"; @Resource(name = "OAuth") @Autowired DataSource dataSource; @Override public void configure(HttpSecurity http) throws Exception { // @formatter:off http .authorizeRequests().anyRequest().authenticated(); // @formatter:on } @Override public void configure(ResourceServerSecurityConfigurer resources) throws Exception { resources.resourceId(RESOURCE_ID); resources.tokenStore(tokenStore()); } @Bean public TokenStore tokenStore() { return new JdbcTokenStore(dataSource); }}@Configuration@EnableAuthorizationServerprotected static class AuthorizationServerConfiguration extends AuthorizationServerConfigurerAdapter { @Resource(name = "OAuth") @Autowired DataSource dataSource; @Bean public TokenStore tokenStore() { return new JdbcTokenStore(dataSource); } @Override public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception { endpoints.tokenStore(tokenStore()); } @Override public void configure(ClientDetailsServiceConfigurer clients) throws Exception { clients.jdbc(dataSource); }}}Oauth2表的数据源配置:
@Bean(name = "OAuth")@ConfigurationProperties(prefix="datasource.oauth")public DataSource secondaryDataSource() { return DataSourceBuilder.create().build();}与身份验证和资源服务器通信如下
curl -H "Accept: application/json" user:password@localhost:8080/oauth/token -d grant_type=client_credentialscurl -H "Authorization: Bearer token" localhost:8080/...
Oauth2数据库中存在以下记录:
client_id resource_ids client_secret scope authorized_grant_types web_server_redirect_uri authorities access_token_validity refresh_token_validity additional_information autoapproveuser **** password NULL client_credentials NULL X NULL NULL NULL NULL
客户端应用程序中的Resttemplate配置
@Configuration@EnableOAuth2Clientpublic class OAuthConfig {@Value("${OAuth2ClientId}")private String oAuth2ClientId;@Value("${OAuth2ClientSecret}")private String oAuth2ClientSecret;@Value("${Oauth2AccesTokenUri}")private String accessTokenUri;@Beanpublic RestTemplate oAuthRestTemplate() { ClientCredentialsResourceDetails resourceDetails = new ClientCredentialsResourceDetails(); resourceDetails.setId("1"); resourceDetails.setClientId(oAuth2ClientId); resourceDetails.setClientSecret(oAuth2ClientSecret); resourceDetails.setAccessTokenUri(accessTokenUri); // OAuth2RestTemplate restTemplate = new OAuth2RestTemplate(resourceDetails, oauth2ClientContext); OAuth2RestTemplate restTemplate = new OAuth2RestTemplate(resourceDetails, new DefaultOAuth2ClientContext()); return restTemplate;}}您可以注入restTemplate以(异步)与Oauth2安全服务进行通信。我们目前不使用范围。
