使用密码认证模式 需要我们在 加了@ EnableWebSecurity注解的类中加 AuthenticationManager 的Bean对象,不加这个代码是用不了密码模式的!
@Bean
@Override
public AuthenticationManager authenticationManagerBean() throws Exception{
return super.authenticationManagerBean();
}
截图如下:
第二步在 加了@EnableAuthorizationServer注解的类中加如下代码
@Autowired
private AuthenticationManager authenticationManager;
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
endpoints.authenticationManager(authenticationManager);
}
截图如下:
再在authorizedGrantTypes 中加一个password模式如下:
.authorizedGrantTypes("authorization_code","password")
然后在postman 中请求一下在02 的模式中稍微改一下,1.去掉code, 因为不需要授权码了,2授权模式改成 password,然后请求可以成功拿到了token:
具体代码如下:
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;
@Configuration
@EnableAuthorizationServer
public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {
@Autowired
private BCryptPasswordEncoder passwordEncoder;
@Autowired
private AuthenticationManager authenticationManager;
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
endpoints.authenticationManager(authenticationManager);
}
@Override
public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
//开启表单认证,主要是让/oauth/token支持client_id以及client_secret做登录验证
security.allowFormAuthenticationForClients()
//开启/oauth/token_key验证端口无权限访问
.tokenKeyAccess("permitAll()")
//开启/oauth/check_token验证端口认证无限性访问
.checkTokenAccess("permitAll()");
}
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients.
//使用内存设置
inMemory()
//客户端
.withClient("client")
//客户端密码
.secret(passwordEncoder.encode("secret"))
//授权类型
// http://localhost:8888/oauth/authorize?client_id=client&scope=app&response_type=code
.authorizedGrantTypes("authorization_code","password")
//授权范围
.scopes("app")
// .autoApprove(false)
// .accessTokenValiditySeconds(60)//秒
// .refreshTokenValiditySeconds(60)
//注册回调地址
.redirectUris("http://www.baidu.com");
}
}
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
@Configuration
@EnableWebSecurity
public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {
@Bean
public BCryptPasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
@Bean
@Override
public AuthenticationManager authenticationManagerBean() throws Exception{
return super.authenticationManagerBean();
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication()
.withUser("admin")
.password(passwordEncoder().encode("123456"))
.roles("ADMIN")
.and()
.withUser("user").password(passwordEncoder().encode("123456")).roles("USER");
}
}
server:
port: 8888
spring:
application:
name: doaredo-oauth
datasource:
type: com.zaxxer.hikari.HikariDataSource
driver-class-name: com.mysql.cj.jdbc.Driver
url: jdbc:mysql://81.68.000.000:3306/doaredo?serverTimezone=UTC&useUnicode=true&characterEncoding-utf8
username: admin123
password: 892d#110
hikari:
minimum-idle: 5
idle-timeout: 60000
maximum-pool-size: 10
auto-commit: true
pool-name: MyHikariCP
max-lifetime: 1
connection-timeout: 30000
connection-test-query: SELECt 1
mybatis-plus:
mapper-locations: classpath:/mapper/**.xml
pom:
4.0.0 org.springframework.boot spring-boot-starter-parent2.5.6 com.butler butler-auth-server0.0.1-SNAPSHOT butler-auth-server Demo project for Spring Boot 1.8 org.springframework.boot spring-boot-starter-weborg.springframework.cloud spring-cloud-starter-oauth22.2.5.RELEASE org.springframework.boot spring-boot-starter-security2.5.6 org.springframework.boot spring-boot-starter-jdbc2.5.6 org.apache.tomcat tomcat-jdbccom.zaxxer HikariCP4.0.3 mysql mysql-connector-java8.0.20 io.springfox springfox-boot-starter3.0.0 com.github.xiaoymin knife4j-spring-boot-starter3.0.3 org.springframework.boot spring-boot-starter-testtest org.springframework.boot spring-boot-maven-plugin
