Spring Cloud oauth2 认证服务搭建过程示例

2022-11-13 11:11:54 示例 过程 搭建

安装httpie

安装httpie 需要 python 环境

pip install --upgrade httpie

进入D:\Project目录,在此目录下打开CMD,调用httpie,创建 oauth2 项目

http -d https://start.spring.io/starter.zip javaVersion==17 groupId==com.my.demo artifactId==oauthService name==oauth-service baseDir==oauth-service bootVersion==2.6.6.RELEASE dependencies==cloud-starter

将生成的oauthService.zip解压缩到当前目录,然后进入到oauth-service文件夹

导入数据库脚本

CREATE DATABASE IF NOT EXISTS `oauth2`;
USE `oauth2`;
CREATE TABLE IF NOT EXISTS `oauth_access_token` (
  `token_id` varchar(256) DEFAULT NULL,
  `token` blob,
  `authentication_id` varchar(128) NOT NULL,
  `user_name` varchar(256) DEFAULT NULL,
  `client_id` varchar(256) DEFAULT NULL,
  `authentication` blob,
  `refresh_token` varchar(256) DEFAULT NULL,
  PRIMARY KEY (`authentication_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb3;
CREATE TABLE IF NOT EXISTS `oauth_approvals` (
  `userId` varchar(256) DEFAULT NULL,
  `clientId` varchar(256) DEFAULT NULL,
  `scope` varchar(256) DEFAULT NULL,
  `status` varchar(10) DEFAULT NULL,
  `expiresAt` datetime DEFAULT NULL,
  `lastModifiedAt` datetime DEFAULT NULL
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb3;
CREATE TABLE IF NOT EXISTS `oauth_client_details` (
  `client_id` varchar(128) NOT NULL,
  `resource_ids` varchar(256) DEFAULT NULL,
  `client_secret` varchar(256) DEFAULT NULL,
  `scope` varchar(256) DEFAULT NULL,
  `authorized_grant_types` varchar(256) DEFAULT NULL,
  `WEB_server_redirect_uri` varchar(256) DEFAULT NULL,
  `authorities` varchar(256) DEFAULT NULL,
  `access_token_validity` int DEFAULT NULL,
  `refresh_token_validity` int DEFAULT NULL,
  `additional_infORMation` varchar(4096) DEFAULT NULL,
  `autoapprove` varchar(256) DEFAULT NULL,
  PRIMARY KEY (`client_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb3;
CREATE TABLE IF NOT EXISTS `oauth_client_token` (
  `token_id` varchar(256) DEFAULT NULL,
  `token` blob,
  `authentication_id` varchar(128) NOT NULL,
  `user_name` varchar(256) DEFAULT NULL,
  `client_id` varchar(256) DEFAULT NULL,
  PRIMARY KEY (`authentication_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb3;
CREATE TABLE IF NOT EXISTS `oauth_code` (
  `code` varchar(256) DEFAULT NULL,
  `authentication` blob
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb3;
CREATE TABLE IF NOT EXISTS `oauth_refresh_token` (
  `token_id` varchar(256) DEFAULT NULL,
  `token` blob,
  `authentication` blob
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb3;
CREATE TABLE IF NOT EXISTS `rbac_role` (
  `id` int NOT NULL AUTO_INCREMENT,
  `name` varchar(100) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL,
  PRIMARY KEY (`id`)
) ENGINE=InnoDB AUTO_INCREMENT=2 DEFAULT CHARSET=utf8mb3;
CREATE TABLE IF NOT EXISTS `rbac_user` (
  `id` int NOT NULL AUTO_INCREMENT,
  `username` varchar(100) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL,
  `passWord` varchar(255) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL,
  `phone` varchar(11) CHARACTER SET utf8 COLLATE utf8_general_ci DEFAULT NULL,
  `email` varchar(255) CHARACTER SET utf8 COLLATE utf8_general_ci DEFAULT NULL,
  `create_time` datetime NOT NULL,
  `isactive` smallint DEFAULT NULL,
  PRIMARY KEY (`id`)
) ENGINE=InnoDB AUTO_INCREMENT=4 DEFAULT CHARSET=utf8mb3;
CREATE TABLE IF NOT EXISTS `rbac_user_role` (
  `user_id` int NOT NULL,
  `role_id` int NOT NULL,
  KEY `user_id_fk` (`user_id`) USING BTREE,
  KEY `role_id_fk` (`role_id`) USING BTREE,
  CONSTRAINT `rbac_user_role_ibfk_1` FOREIGN KEY (`role_id`) REFERENCES `rbac_role` (`id`) ON DELETE RESTRICT ON UPDATE RESTRICT,
  CONSTRAINT `rbac_user_role_ibfk_2` FOREIGN KEY (`user_id`) REFERENCES `rbac_user` (`id`) ON DELETE RESTRICT ON UPDATE RESTRICT
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb3;
INSERT INTO `oauth_client_details` (`client_id`, `resource_ids`, `client_secret`, `scope`, `authorized_grant_types`, `web_server_redirect_uri`, `authorities`, `access_token_validity`, `refresh_token_validity`, `additional_information`, `autoapprove`) VALUES
	('client', NULL, '{noop}123456', 'server', 'password,refresh_token', '', 'oauth2', NULL, NULL, NULL, NULL),
	('client_01', NULL, '{noop}123456', 'all', 'authorization_code,implicit', '', 'oauth2', NULL, NULL, NULL, NULL);
INSERT INTO `rbac_role` (`id`, `name`) VALUES
	(1, 'USER');
INSERT INTO `rbac_user` (`id`, `username`, `password`, `phone`, `email`, `create_time`, `isactive`) VALUES
	(1, 'user_1', '{noop}123456', NULL, NULL, '2021-09-08 11:21:43', 0),
	(2, 'user_2', '{noop}123456', NULL, NULL, '2021-09-08 11:22:21', 1),
	(3, 'Test', '{noop}123456', NULL, NULL, '2021-09-08 14:15:51', 1);
INSERT INTO `rbac_user_role` (`user_id`, `role_id`) VALUES
	(1, 1),
	(2, 1),
	(3, 1);

可见 user_1的 isactive 为 0,用户的密码都是 {noop}123456 的明文方式

sts中导入项目

修改 POM文件

添加引用 javax.xml.bind等等一堆库 是为解决springSecurityFilterChain的编译错误

POM文件

修改配置文件

修改 application.properties 配置文件

server.port=8509
spring.application.name=oauth-service
spring.redis.database=0  
spring.redis.host=127.0.0.1
spring.redis.port=6379 
spring.redis.password=
spring.redis.timeout=2000
spring.datasource.driver-class-name=com.Mysql.cj.jdbc.Driver
spring.datasource.url=jdbc:mysql://127.0.0.1:3306/oauth2?serverTimezone=GMT%2B8&useSSL=false
spring.datasource.username=root
spring.datasource.password=

修改主类文件

主类文件夹下建立 config, service 两个文件夹

config下添加两个配置文件(WebSecurityConfig.java,AuthorizationServerConfig.java),service目录下添加Redis缓存Token实现(RedisTokenStoreService)

如果想用bcrypt编码 则所有的数据库端的密码都保存成

{bcrypt}$2a$10$l4Su6LU.w.HIgpHXn31Hc.1VKbkv7.EY.P7VDzJxyImrZEMDW3Hkq

同时修改AuthorizationServerConfig.java 文件

    @Autowired
    private PasswordEncoder passwordEncoder;
    @Bean
    public ClientDetailsService clientDetails() {
        JdbcClientDetailsService jdbcClientDetailsService = new JdbcClientDetailsService(dataSource);
        jdbcClientDetailsService.setPasswordEncoder(passwordEncoder);
        return jdbcClientDetailsService;
    }

编译,运行

测试

可以看到 user_1 是被禁用的

换成 Test用户,则可以获取到Token

查看Redis缓存

源码点击下载

以上就是spring cloud oauth2 认证服务搭建过程示例的详细内容,更多关于Spring Cloud oauth2认证服务搭建的资料请关注其它相关文章!

相关文章