├── .gitignore
├── README.md
├── authorization-code
├── README.md
├── authorization-code-authorization-server
│ ├── pom.xml
│ └── src
│ │ └── main
│ │ ├── java
│ │ └── com
│ │ │ └── github
│ │ │ └── hellxz
│ │ │ └── oauth2
│ │ │ ├── AuthorizationCodeAuthorizationServerApp.java
│ │ │ └── config
│ │ │ ├── AuthorizationConfig.java
│ │ │ └── SecurityConfig.java
│ │ └── resources
│ │ └── application.properties
├── authorization-code-client-resttemplate-jdbc
│ ├── README.md
│ ├── pom.xml
│ └── src
│ │ ├── main
│ │ ├── java
│ │ │ └── com
│ │ │ │ └── github
│ │ │ │ └── hellxz
│ │ │ │ └── oauth2
│ │ │ │ ├── AuthorizationCodeClientApp.java
│ │ │ │ ├── config
│ │ │ │ ├── ClientAuthenticationManager.java
│ │ │ │ ├── ClientUserDetailsService.java
│ │ │ │ ├── OAuth2ClientProperties.java
│ │ │ │ ├── OAuth2ServerProperties.java
│ │ │ │ └── SecurityConfig.java
│ │ │ │ ├── consts
│ │ │ │ └── GrantType.java
│ │ │ │ ├── dao
│ │ │ │ └── ClientUserRepositories.java
│ │ │ │ ├── domain
│ │ │ │ └── ClientUser.java
│ │ │ │ ├── dto
│ │ │ │ └── TokenDTO.java
│ │ │ │ ├── service
│ │ │ │ ├── ClientUserService.java
│ │ │ │ └── TokenService.java
│ │ │ │ ├── utils
│ │ │ │ └── SecurityUtils.java
│ │ │ │ └── web
│ │ │ │ ├── MainPageController.java
│ │ │ │ └── vo
│ │ │ │ └── UserInfo.java
│ │ └── resources
│ │ │ ├── application.yml
│ │ │ ├── sql
│ │ │ └── create_table.sql
│ │ │ └── templates
│ │ │ ├── index.html
│ │ │ └── user-info.html
│ │ └── test
│ │ └── java
│ │ └── com
│ │ └── github
│ │ └── hellxz
│ │ └── oauth2
│ │ └── ClientUserTests.java
├── authorization-code-resource-server
│ ├── pom.xml
│ └── src
│ │ └── main
│ │ ├── java
│ │ └── com
│ │ │ └── github
│ │ │ └── hellxz
│ │ │ └── oauth2
│ │ │ ├── AuthorizationCodeResourceServerApp.java
│ │ │ ├── config
│ │ │ └── ResourceConfig.java
│ │ │ └── web
│ │ │ ├── controller
│ │ │ └── ResourceController.java
│ │ │ └── vo
│ │ │ └── UserVO.java
│ │ └── resources
│ │ └── application.properties
└── pom.xml
├── client-credentials
├── README.md
├── client-credentials-authorization-server
│ ├── pom.xml
│ └── src
│ │ └── main
│ │ ├── java
│ │ └── com
│ │ │ └── github
│ │ │ └── hellxz
│ │ │ └── oauth2
│ │ │ ├── ClientCredentialsAuthorizationApp.java
│ │ │ └── config
│ │ │ ├── AuthorizationConfig.java
│ │ │ └── SecurityConfig.java
│ │ └── resources
│ │ └── application.properties
├── client-credentials-client
│ ├── pom.xml
│ └── src
│ │ └── main
│ │ ├── java
│ │ └── com
│ │ │ └── github
│ │ │ └── hellxz
│ │ │ └── oauth2
│ │ │ ├── ClientCredentialsClientApp.java
│ │ │ ├── config
│ │ │ ├── SecureConfig.java
│ │ │ └── UaaProperties.java
│ │ │ ├── dto
│ │ │ └── UserDto.java
│ │ │ ├── feign
│ │ │ ├── UserFeignClient.java
│ │ │ └── fallback
│ │ │ │ └── UserFeignClientFallback.java
│ │ │ ├── filter
│ │ │ └── FeignTokenInterceptor.java
│ │ │ ├── utils
│ │ │ └── TokenUtils.java
│ │ │ └── web
│ │ │ └── UserController.java
│ │ └── resources
│ │ └── application.yml
├── client-credentials-resource-server
│ ├── pom.xml
│ └── src
│ │ └── main
│ │ ├── java
│ │ └── com
│ │ │ └── github
│ │ │ └── hellxz
│ │ │ └── oauth2
│ │ │ ├── ClientCredentialsResourceServerApp.java
│ │ │ ├── config
│ │ │ └── ResourceServerConfig.java
│ │ │ └── web
│ │ │ ├── controller
│ │ │ └── ResourceController.java
│ │ │ └── vo
│ │ │ └── UserVO.java
│ │ └── resources
│ │ └── application.properties
└── pom.xml
├── implicit
├── README.md
├── implicit-authorization-server
│ ├── pom.xml
│ └── src
│ │ └── main
│ │ ├── java
│ │ └── com
│ │ │ └── github
│ │ │ └── hellxz
│ │ │ └── oauth2
│ │ │ ├── ImplicitAuthorizationServerApplication.java
│ │ │ └── config
│ │ │ ├── AuthorizationConfig.java
│ │ │ └── SecurityConfig.java
│ │ └── resources
│ │ └── application.properties
├── implicit-resource-server
│ ├── pom.xml
│ └── src
│ │ └── main
│ │ ├── java
│ │ └── com
│ │ │ └── github
│ │ │ └── hellxz
│ │ │ └── oauth2
│ │ │ ├── ImplicitResourceServerApp.java
│ │ │ ├── config
│ │ │ └── ResourceConfig.java
│ │ │ └── web
│ │ │ ├── controller
│ │ │ └── ResourceController.java
│ │ │ └── vo
│ │ │ └── UserVO.java
│ │ └── resources
│ │ └── application.properties
└── pom.xml
├── jwt
├── README.md
├── jwt-authorization-server
│ ├── pom.xml
│ └── src
│ │ └── main
│ │ ├── java
│ │ └── com
│ │ │ └── github
│ │ │ └── hellxz
│ │ │ └── oauth2
│ │ │ ├── JwtAuthorizationServerApp.java
│ │ │ └── config
│ │ │ ├── AuthorizationConfig.java
│ │ │ └── SecurityConfig.java
│ │ └── resources
│ │ ├── application.properties
│ │ └── hellxz-jwt.jks
├── jwt-resource-server
│ ├── pom.xml
│ └── src
│ │ └── main
│ │ ├── java
│ │ └── com
│ │ │ └── github
│ │ │ └── hellxz
│ │ │ └── oauth2
│ │ │ ├── JwtResourceServerApp.java
│ │ │ ├── config
│ │ │ └── ResourceConfig.java
│ │ │ └── web
│ │ │ ├── controller
│ │ │ └── ResourceController.java
│ │ │ └── vo
│ │ │ └── UserVO.java
│ │ └── resources
│ │ ├── application.properties
│ │ └── public.cert
└── pom.xml
├── password
├── README.md
├── password-authorization-server
│ ├── pom.xml
│ └── src
│ │ └── main
│ │ ├── java
│ │ └── com
│ │ │ └── github
│ │ │ └── hellxz
│ │ │ └── oauth2
│ │ │ ├── PasswordAuthorizationApp.java
│ │ │ └── config
│ │ │ ├── AuthorizationConfig.java
│ │ │ └── SecurityConfig.java
│ │ └── resources
│ │ └── application.properties
├── password-resource-server
│ ├── pom.xml
│ └── src
│ │ └── main
│ │ ├── java
│ │ └── com
│ │ │ └── github
│ │ │ └── hellxz
│ │ │ └── oauth2
│ │ │ ├── PasswordResourceApp.java
│ │ │ ├── config
│ │ │ └── ResourceServerConfig.java
│ │ │ └── web
│ │ │ ├── controller
│ │ │ └── ResourceController.java
│ │ │ └── vo
│ │ │ └── UserVO.java
│ │ └── resources
│ │ └── application.properties
└── pom.xml
├── pictures
└── encoded-jwt3.png
├── pom.xml
├── redis-token-saved
├── README.md
├── pom.xml
├── redis-token-saved-authorization-server
│ ├── pom.xml
│ └── src
│ │ ├── main
│ │ ├── java
│ │ │ └── com
│ │ │ │ └── github
│ │ │ │ └── hellxz
│ │ │ │ └── oauth2
│ │ │ │ ├── RedisAuthorizationServer.java
│ │ │ │ └── config
│ │ │ │ ├── AuthorizationConfig.java
│ │ │ │ └── SecurityConfig.java
│ │ └── resources
│ │ │ └── application.yml
│ │ └── test
│ │ └── java
│ │ └── com
│ │ └── github
│ │ └── hellxz
│ │ └── auth2
│ │ └── RedisTokenSavedServerTest.java
└── redis-token-saved-resource-server
│ ├── pom.xml
│ └── src
│ └── main
│ ├── java
│ └── com
│ │ └── github
│ │ └── hellxz
│ │ └── oauth2
│ │ ├── RedisResourceServer.java
│ │ ├── config
│ │ └── ResourceServerConfig.java
│ │ └── web
│ │ ├── controller
│ │ └── ResourceController.java
│ │ └── vo
│ │ └── UserVO.java
│ └── resources
│ └── application.yml
└── uaa-interface-adapter-demo
├── README.md
├── pom.xml
└── src
└── main
├── java
└── com
│ └── github
│ └── hellxz
│ └── oauth2
│ └── demo
│ ├── UaaAdapterApplication.java
│ ├── config
│ └── WebSecurityConfig.java
│ ├── controller
│ └── UaaAdapterController.java
│ └── utils
│ └── Response.java
└── resources
└── application.yml
/.gitignore:
--------------------------------------------------------------------------------
1 | /spring-security-oauth2-learn.iml
2 | .idea
3 | *.iml
4 | **/target
5 | **/.classpath
6 | **/.project
7 | **/.settings
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # spring-security-oauth2-learn
2 | ## 仓库说明
3 | 此项目用于学习Spring Security OAuth2,Demo使用的Api为5.2版本前的,现在提示已经废弃,ps:最初官方认为自己的授权服务器实现的太差就移除了,后来社区广泛需要授权服务器,官方又重新开发了`spring-security-oauth2-authorization-server
4 |
5 | 后续等官方授权服务器稳定后,本人会继续更新一个基于它的demo。相比此仓库的demo基于OAuth2.0实现,新的授权服务器是基于OAuth2.1协议的。
6 |
7 | 另外,本仓库均使用授权服务与资源服务分离的方式来编写demo,由于此二者放在同一服务时默认省了很多配置(资源服务器访问授权服务器进行校验token部分),对于后续应用会埋下许多坑,所以分离开来
8 |
9 | ## 基础演示demo功能说明
10 | > 基础Demo均使用内存保存token,仅用于测试
11 |
12 | - [x] authorization-code : 授权码模式
13 |
14 | - [x] client-credentials : 客户端模式
15 |
16 | - [x] implicit: 隐式模式(简化模式)
17 |
18 | - [x] password: 密码模式
19 |
20 | ## client端对接demo
21 | - [x] authorization-code/authorization-code-client-resttemplate-jdbc : 使用RestTemplate和数据库实现的授权码模式手动对接客户端,token保存到数据库
22 | - [x] uaa-interface-adapter-demo : 使用OAuth2提供的工具类,实现的客户端模式与密码模式的登录功能适配,也可以作为不显示使用/oauth/token端点的适配层,提升代码灵活性
23 | - [x] client-credentials/client-credentials-client: 实现一个客户端,如果调用其它服务的请求头中没有登录标识,使用客户端模式获取token,调用其它服务
24 |
25 | ## JWT
26 | > 使用rsa非对称加密,对称加密请参考本目录之前的提交
27 |
28 | - [x] jwt-authorization-server : 添加JWT实现token的授权服务器,这里开启了授权码与密码模式,支持refresh_token
29 | - [x] jwt-resource-server:资源服务器,本地校验jwt token,解析出用户信息
30 |
31 | ## 使用Redis存储token
32 | - [x] redis-token-saved-authorization-server : 使用password与授权码模式,支持刷新token的授权服务器,token保存到redis中
33 | - [x] redis-token-saved-resource-server : 使用redis校验token的资源服务器
34 |
35 |
36 |
--------------------------------------------------------------------------------
/authorization-code/README.md:
--------------------------------------------------------------------------------
1 | # 授权码模式Demo
2 | 此文档测试对象为`authorization-code-authorization-server`和`authorization-code-resource-server`
3 | ## 1. 获取授权码
4 | 1. 用户(资源拥有者)浏览器访问
5 | `http://localhost:8080/oauth/authorize?client_id=client-a&redirect_uri=http://localhost:9001/callback&response_type=code&scope=read_user_info`
6 | 请求参数列表:
7 | - client_id=客户端id
8 | - redirect_uri=回调url 一定要与授权服务器配置保持一致,否则得不到授权码
9 | - response_type=code 授权码必须是code
10 | - scope=作用域 与授权服务器配置保持一致
11 | - state=加密串或状态标识(可选)
12 |
13 | 2. 使用hellxz用户登录,用户名hellxz,密码xyz
14 | > 这里使用授权服务器中的用户登录
15 |
16 | 3. 选择`Approve`,点`Authorize`提交, 完成授权操作
17 | 4. 服务器校验通过,在回调url参数后添加`?code=授权码`并重定向
18 | > 回调的url对应一个服务接口,接收授权码并使用其换取令牌,下边授权码换令牌步骤使用手动方式测试
19 |
20 | ## 2. 授权码换令牌
21 | > 换取令牌操作为服务器进行操作的,这里登录用户需要是客户端的标识与secret
22 |
23 | 1. 发送Post请求到`http://localhost:8080/oauth/token`
24 | 请求参数列表:
25 | - code=授权码
26 | - grant_type=authorization_code
27 | - redirect_uri=回调url
28 | - scope=作用域
29 |
30 | 请求头列表:
31 | - Authorization:Basic 经Base64加密后的username:password的字符串
32 |
33 | ```
34 | curl -X POST \
35 | http://localhost:8080/oauth/token \
36 | -H 'Authorization: Basic Y2xpZW50LWE6Y2xpZW50LWEtc2VjcmV0' \
37 | -d 'code=TJb4Pd&grant_type=authorization_code&redirect_uri=http%3A%2F%2Flocalhost%3A9001%2Fcallback&scope=read_user_info'
38 | ```
39 |
40 | 获得令牌
41 | ```json
42 | {
43 | "access_token": "3ed92b8a-86f0-4ee1-b309-7db0b513f554",
44 | "token_type": "bearer",
45 | "expires_in": 43199,
46 | "scope": "read_user_info"
47 | }
48 | ```
49 |
50 | ## 3. 校验Token
51 |
52 | 这里测试下授权服务的令牌校验端点`/oauth/check_token`
53 | 1. 发送Post请求`http://localhost:8080/oauth/check_token`
54 | 请求参数列表:
55 | - token=令牌
56 | 请求头参数:
57 | - Authorization=Basic Y2xpZW50LWE6Y2xpZW50LWEtc2VjcmV0
58 |
59 | ```
60 | curl -X POST http://localhost:8080/oauth/check_token \
61 | -H 'Authorization: Basic Y2xpZW50LWE6Y2xpZW50LWEtc2VjcmV0' \
62 | -d 'token=3ed92b8a-86f0-4ee1-b309-7db0b513f554'
63 | ```
64 |
65 | 返回请求体:
66 | ```json
67 | {
68 | "aud": [
69 | "resource1"
70 | ],
71 | "active": true,
72 | "exp": 1574724686,
73 | "user_name": "hellxz",
74 | "client_id": "client-a",
75 | "scope": [
76 | "read_user_info"
77 | ]
78 | }
79 | ```
80 | 至此,我们确保了授权服务器的接口是正常的
81 |
82 | ## 4. 使用token访问受保护的资源
83 | 1. 发起请求`http://localhost:8081/user/hellxz001`
84 | 请求头参数:
85 | - Authorization:Bearer 令牌值 这里要注意的是Bearer与token间有一个空格
86 |
87 | ```bash
88 | curl -X GET http://localhost:8081/user/hellxz001 \
89 | -H 'Authorization: Bearer ca3c1d03-67b8-4e39-b2b3-0d634f094610'
90 | ```
91 |
92 | 返回结果
93 | ```json
94 | {
95 | "username": "hellxz001",
96 | "email": "hellxz001@foxmail.com"
97 | }
98 | ```
99 |
100 | ## 授权码流程梳理
101 | 1. 用户通过客户端(浏览器等)的接口 客户端本地检查是否有令牌,没有则拼接请求授权服务器的url重定向给用户,有则使用令牌尝试访问,如果请求过期,重新走授权
102 | 2. 用户访问到授权服务器页面,用户登录,并进行授权
103 | 3. 授权通过,授权服务器返回code(授权码)到回调的客户端url上
104 | 4. 客户端收到授权码,带上授权码向授权服务器发起请求, 获取token
105 | 4. 授权服务器根据传递过来的客户端的client_id、client_secret、授权码进行校验,校验通过返回access_token
106 | 5. 客户端收到token,将token保存在本地,请求时带上token,接着自调用接口,访问资源服务器的资源
107 |
108 | > 这里暂未写客户端(浏览器这部分),通过手动获取资源以了解授权码模式整体授权流程
--------------------------------------------------------------------------------
/authorization-code/authorization-code-authorization-server/pom.xml:
--------------------------------------------------------------------------------
1 |
2 |
5 |
6 | authorization-code
7 | com.github.hellxz
8 | 0.0.1-SNAPSHOT
9 |
10 | 4.0.0
11 |
12 | authorization-code-authorization-server
13 |
--------------------------------------------------------------------------------
/authorization-code/authorization-code-authorization-server/src/main/java/com/github/hellxz/oauth2/AuthorizationCodeAuthorizationServerApp.java:
--------------------------------------------------------------------------------
1 | package com.github.hellxz.oauth2;
2 |
3 | import org.springframework.boot.SpringApplication;
4 | import org.springframework.boot.autoconfigure.SpringBootApplication;
5 |
6 | /**
7 | * 授权服务器 入口
8 | *
9 | * @author hellxz
10 | */
11 | @SpringBootApplication
12 | public class AuthorizationCodeAuthorizationServerApp {
13 |
14 | public static void main(String[] args) {
15 | SpringApplication.run(AuthorizationCodeAuthorizationServerApp.class, args);
16 | }
17 | }
18 |
--------------------------------------------------------------------------------
/authorization-code/authorization-code-authorization-server/src/main/java/com/github/hellxz/oauth2/config/AuthorizationConfig.java:
--------------------------------------------------------------------------------
1 | package com.github.hellxz.oauth2.config;
2 |
3 | import org.springframework.beans.factory.annotation.Autowired;
4 | import org.springframework.context.annotation.Configuration;
5 | import org.springframework.security.crypto.password.PasswordEncoder;
6 | import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
7 | import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
8 | import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
9 | import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;
10 |
11 | //授权服务器配置
12 | @Configuration
13 | @EnableAuthorizationServer //开启授权服务
14 | public class AuthorizationConfig extends AuthorizationServerConfigurerAdapter {
15 |
16 | @Autowired
17 | private PasswordEncoder passwordEncoder;
18 |
19 | @Override
20 | public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
21 | //允许表单提交
22 | security.allowFormAuthenticationForClients()
23 | .checkTokenAccess("isAuthenticated()");
24 | }
25 |
26 | @Override
27 | public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
28 | // @formatter: off
29 | clients.inMemory()
30 | .withClient("client-a") //客户端唯一标识(client_id)
31 | .secret(passwordEncoder.encode("client-a-secret")) //客户端的密码(client_secret),这里的密码应该是加密后的
32 | .authorizedGrantTypes("authorization_code") //授权模式标识
33 | .scopes("read_user_info") //作用域
34 | .resourceIds("resource1") //资源id
35 | .redirectUris("http://localhost:9001/callback"); //回调地址
36 | // @formatter: on
37 | }
38 | }
39 |
--------------------------------------------------------------------------------
/authorization-code/authorization-code-authorization-server/src/main/java/com/github/hellxz/oauth2/config/SecurityConfig.java:
--------------------------------------------------------------------------------
1 | package com.github.hellxz.oauth2.config;
2 |
3 | import org.springframework.context.annotation.Bean;
4 | import org.springframework.context.annotation.Configuration;
5 | import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
6 | import org.springframework.security.config.annotation.web.builders.HttpSecurity;
7 | import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
8 | import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
9 | import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
10 | import org.springframework.security.crypto.password.PasswordEncoder;
11 |
12 | import java.util.Collections;
13 |
14 | @Configuration
15 | @EnableWebSecurity
16 | public class SecurityConfig extends WebSecurityConfigurerAdapter {
17 |
18 | @Bean
19 | public PasswordEncoder passwordEncoder(){
20 | return new BCryptPasswordEncoder();
21 | }
22 |
23 | @Override
24 | protected void configure(AuthenticationManagerBuilder auth) throws Exception {
25 | // @formatter: off
26 | auth.inMemoryAuthentication()
27 | .withUser("hellxz")
28 | .password(passwordEncoder().encode("xyz"))
29 | .authorities(Collections.emptyList());
30 | // @formatter: on
31 | }
32 |
33 | @Override
34 | protected void configure(HttpSecurity http) throws Exception {
35 | http.authorizeRequests()
36 | .anyRequest().authenticated() //所有请求都需要通过认证
37 | .and()
38 | .httpBasic() //Basic提交
39 | .and()
40 | .csrf().disable(); //关跨域保护
41 | }
42 | }
43 |
--------------------------------------------------------------------------------
/authorization-code/authorization-code-authorization-server/src/main/resources/application.properties:
--------------------------------------------------------------------------------
1 | server.port=8080
--------------------------------------------------------------------------------
/authorization-code/authorization-code-client-resttemplate-jdbc/README.md:
--------------------------------------------------------------------------------
1 | # 接入授权码模式客户端使用RestTemplate实现
2 | ## 说明
3 | 这里使用RestTemplate作为客户端,对接我们的授权码模式的授权服务器和资源服务器,客户端token存储使用数据库实现(仅用作demo)
4 | ## 操作流程
5 | 1. 启动授权码授权服务器
6 | 2. 启动授权码资源服务器
7 | 3. 数据库修改并执行`resource/create_table.sql`,启动此项目
8 | 4. 访问`http://localhost:9001`点击`点此进入用户详情页`
9 | 5. 使用`hellxz`:`abc`登录,这里登录的是客户端服务器
10 | 6. 使用`hellxz`:`xyz`登录,这里登录的是授权服务器
11 | 7. 进行授权操作
12 | 8. 自动重定向到访问的资源页面
13 | ## 内部流程说明
14 | - 访问授权详情页时,由于资源被拦截,会弹出登录窗口,登录客户端用户
15 | - 进行用户详情页对应的controller,查数据库看`oauth2_client_db.client_user`表中是否有用户token
16 | - 如果有,使用此token尝试调用资源服务器,没有则去调用授权服务器,获取授权码
17 | - 授权服务器返回授权码到客户端的回调接口`/callback`
18 | - 回调接口中,使用授权码换取token,获取token后保存到数据库与当前security上下文
19 | - 重定向原来的页面,再走一次访问资源服务器调用,如果报错`HttpClientErrorException`,则捕获异常并重走授权(token已过期)
20 | - 最后一切正常,放置资源服务器得到的数据并跳转到页面,进行展示
--------------------------------------------------------------------------------
/authorization-code/authorization-code-client-resttemplate-jdbc/pom.xml:
--------------------------------------------------------------------------------
1 |
2 |
5 |
6 | authorization-code
7 | com.github.hellxz
8 | 0.0.1-SNAPSHOT
9 |
10 | 4.0.0
11 |
12 | authorization-code-client-resttemplate-jdbc
13 |
14 |
15 |
16 | org.springframework.boot
17 | spring-boot-starter-thymeleaf
18 |
19 |
20 | org.springframework.boot
21 | spring-boot-starter-data-jpa
22 |
23 |
24 | mysql
25 | mysql-connector-java
26 |
27 |
28 | org.apache.commons
29 | commons-lang3
30 |
31 |
32 |
--------------------------------------------------------------------------------
/authorization-code/authorization-code-client-resttemplate-jdbc/src/main/java/com/github/hellxz/oauth2/AuthorizationCodeClientApp.java:
--------------------------------------------------------------------------------
1 | package com.github.hellxz.oauth2;
2 |
3 | import org.springframework.boot.SpringApplication;
4 | import org.springframework.boot.autoconfigure.SpringBootApplication;
5 | import org.springframework.context.annotation.Bean;
6 | import org.springframework.web.client.RestTemplate;
7 |
8 | @SpringBootApplication
9 | public class AuthorizationCodeClientApp {
10 | public static void main(String[] args) {
11 | SpringApplication.run(AuthorizationCodeClientApp.class, args);
12 | }
13 |
14 | @Bean
15 | public RestTemplate restTemplate(){
16 | return new RestTemplate();
17 | }
18 | }
19 |
--------------------------------------------------------------------------------
/authorization-code/authorization-code-client-resttemplate-jdbc/src/main/java/com/github/hellxz/oauth2/config/ClientAuthenticationManager.java:
--------------------------------------------------------------------------------
1 | package com.github.hellxz.oauth2.config;
2 |
3 | import com.github.hellxz.oauth2.dao.ClientUserRepositories;
4 | import org.apache.commons.lang3.StringUtils;
5 | import org.springframework.beans.factory.annotation.Autowired;
6 | import org.springframework.security.authentication.AuthenticationManager;
7 | import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
8 | import org.springframework.security.core.Authentication;
9 | import org.springframework.security.core.AuthenticationException;
10 | import org.springframework.security.core.userdetails.UserDetails;
11 | import org.springframework.stereotype.Component;
12 |
13 | @Component
14 | public class ClientAuthenticationManager implements AuthenticationManager {
15 |
16 | @Autowired
17 | private ClientUserDetailsService clientUserDetailsService;
18 |
19 | @Override
20 | public Authentication authenticate(Authentication authentication) throws AuthenticationException {
21 | UserDetails principal = (UserDetails) authentication.getPrincipal();
22 | String username = principal.getUsername();
23 | String password = principal.getPassword();
24 | if (StringUtils.isAnyBlank(username, password)) {
25 | throw new RuntimeException("用户名与密码均不能为空");
26 | }
27 | UserDetails userDetails = clientUserDetailsService.loadUserByUsername(username);
28 | if (!StringUtils.equals(password, userDetails.getPassword())) {
29 | throw new RuntimeException("密码输入不正确!");
30 | }
31 | return new UsernamePasswordAuthenticationToken(userDetails.getUsername(), userDetails.getPassword());
32 | }
33 | }
34 |
--------------------------------------------------------------------------------
/authorization-code/authorization-code-client-resttemplate-jdbc/src/main/java/com/github/hellxz/oauth2/config/ClientUserDetailsService.java:
--------------------------------------------------------------------------------
1 | package com.github.hellxz.oauth2.config;
2 |
3 | import com.github.hellxz.oauth2.dao.ClientUserRepositories;
4 | import com.github.hellxz.oauth2.domain.ClientUser;
5 | import org.springframework.beans.factory.annotation.Autowired;
6 | import org.springframework.security.core.userdetails.UserDetails;
7 | import org.springframework.security.core.userdetails.UserDetailsService;
8 | import org.springframework.security.core.userdetails.UsernameNotFoundException;
9 | import org.springframework.security.crypto.password.PasswordEncoder;
10 | import org.springframework.stereotype.Service;
11 |
12 | import java.util.Objects;
13 |
14 | @Service
15 | public class ClientUserDetailsService implements UserDetailsService {
16 |
17 | @Autowired
18 | private ClientUserRepositories clientUserRepositories;
19 |
20 | @Autowired
21 | private PasswordEncoder passwordEncoder;
22 |
23 | /**
24 | * 数据库查用户对象实现,这里不做权限控制
25 | */
26 | @Override
27 | public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
28 | ClientUser clientUser = clientUserRepositories.findOneByUsername(username);
29 | if(Objects.isNull(clientUser)){
30 | throw new UsernameNotFoundException("用户不存在");
31 | }
32 | return clientUser;
33 | }
34 | }
35 |
--------------------------------------------------------------------------------
/authorization-code/authorization-code-client-resttemplate-jdbc/src/main/java/com/github/hellxz/oauth2/config/OAuth2ClientProperties.java:
--------------------------------------------------------------------------------
1 | package com.github.hellxz.oauth2.config;
2 |
3 | import org.apache.commons.lang3.builder.ToStringBuilder;
4 | import org.apache.commons.lang3.builder.ToStringStyle;
5 | import org.slf4j.Logger;
6 | import org.slf4j.LoggerFactory;
7 | import org.springframework.boot.context.properties.ConfigurationProperties;
8 | import org.springframework.stereotype.Component;
9 |
10 | import javax.annotation.PostConstruct;
11 |
12 | @Component
13 | @ConfigurationProperties(prefix = "oauth2.client")
14 | public class OAuth2ClientProperties {
15 |
16 | private static final Logger log = LoggerFactory.getLogger(OAuth2ClientProperties.class);
17 |
18 | private String clientId;
19 | private String clientSecret;
20 | private String redirectUri;
21 | private String responseType;
22 | private String scope;
23 |
24 | @PostConstruct
25 | public void outputProperties(){
26 | log.info("当前OAuth2客户端配置:{}", this);
27 | }
28 |
29 | public String getClientId() {
30 | return clientId;
31 | }
32 |
33 | public void setClientId(String clientId) {
34 | this.clientId = clientId;
35 | }
36 |
37 | public String getClientSecret() {
38 | return clientSecret;
39 | }
40 |
41 | public void setClientSecret(String clientSecret) {
42 | this.clientSecret = clientSecret;
43 | }
44 |
45 | public String getRedirectUri() {
46 | return redirectUri;
47 | }
48 |
49 | public void setRedirectUri(String redirectUri) {
50 | this.redirectUri = redirectUri;
51 | }
52 |
53 | public String getResponseType() {
54 | return responseType;
55 | }
56 |
57 | public void setResponseType(String responseType) {
58 | this.responseType = responseType;
59 | }
60 |
61 | public String getScope() {
62 | return scope;
63 | }
64 |
65 | public void setScope(String scope) {
66 | this.scope = scope;
67 | }
68 |
69 | @Override
70 | public String toString() {
71 | return ToStringBuilder.reflectionToString(this, ToStringStyle.SHORT_PREFIX_STYLE);
72 | }
73 | }
74 |
--------------------------------------------------------------------------------
/authorization-code/authorization-code-client-resttemplate-jdbc/src/main/java/com/github/hellxz/oauth2/config/OAuth2ServerProperties.java:
--------------------------------------------------------------------------------
1 | package com.github.hellxz.oauth2.config;
2 |
3 | import org.apache.commons.lang3.builder.ToStringBuilder;
4 | import org.apache.commons.lang3.builder.ToStringStyle;
5 | import org.slf4j.Logger;
6 | import org.slf4j.LoggerFactory;
7 | import org.springframework.boot.context.properties.ConfigurationProperties;
8 | import org.springframework.stereotype.Component;
9 |
10 | import javax.annotation.PostConstruct;
11 |
12 | @Component
13 | @ConfigurationProperties(prefix = "oauth2.server")
14 | public class OAuth2ServerProperties {
15 |
16 | private static final Logger log = LoggerFactory.getLogger(OAuth2ServerProperties.class);
17 |
18 | private String host;
19 | private String authorizeUrl;
20 | private String tokenUrl;
21 | private String checkTokenUrl;
22 |
23 | @PostConstruct
24 | public void outputProperties(){
25 | log.info("当前OAuth2服务端配置:{}", this);
26 | }
27 |
28 | public String getHost() {
29 | return host;
30 | }
31 |
32 | public void setHost(String host) {
33 | this.host = host;
34 | }
35 |
36 | public String getAuthorizeUrl() {
37 | return authorizeUrl;
38 | }
39 |
40 | public void setAuthorizeUrl(String authorizeUrl) {
41 | this.authorizeUrl = authorizeUrl;
42 | }
43 |
44 | public String getTokenUrl() {
45 | return tokenUrl;
46 | }
47 |
48 | public void setTokenUrl(String tokenUrl) {
49 | this.tokenUrl = tokenUrl;
50 | }
51 |
52 | public String getCheckTokenUrl() {
53 | return checkTokenUrl;
54 | }
55 |
56 | public void setCheckTokenUrl(String checkTokenUrl) {
57 | this.checkTokenUrl = checkTokenUrl;
58 | }
59 |
60 | @Override
61 | public String toString() {
62 | return ToStringBuilder.reflectionToString(this, ToStringStyle.SHORT_PREFIX_STYLE);
63 | }
64 | }
65 |
--------------------------------------------------------------------------------
/authorization-code/authorization-code-client-resttemplate-jdbc/src/main/java/com/github/hellxz/oauth2/config/SecurityConfig.java:
--------------------------------------------------------------------------------
1 | package com.github.hellxz.oauth2.config;
2 |
3 | import com.github.hellxz.oauth2.dao.ClientUserRepositories;
4 | import org.springframework.beans.factory.annotation.Autowired;
5 | import org.springframework.context.annotation.Bean;
6 | import org.springframework.context.annotation.Configuration;
7 | import org.springframework.http.HttpMethod;
8 | import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
9 | import org.springframework.security.config.annotation.web.builders.HttpSecurity;
10 | import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
11 | import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
12 | import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
13 | import org.springframework.security.crypto.password.PasswordEncoder;
14 |
15 | import javax.sql.DataSource;
16 |
17 | @Configuration
18 | @EnableWebSecurity
19 | public class SecurityConfig extends WebSecurityConfigurerAdapter {
20 |
21 | @Bean
22 | public PasswordEncoder passwordEncoder() {
23 | return new BCryptPasswordEncoder();
24 | }
25 | @Autowired
26 | private ClientUserRepositories clientUserRepositories;
27 |
28 | @Autowired
29 | private ClientUserDetailsService clientUserDetailsService;
30 |
31 | @Autowired
32 | private DataSource dataSource;
33 |
34 | @Override
35 | protected void configure(HttpSecurity http) throws Exception {
36 | //@formatter:off
37 | http.authorizeRequests()
38 | //仅放通登录接口
39 | .antMatchers(HttpMethod.GET, "/", "/index", "/api/login", "/callback").permitAll()
40 | .anyRequest().authenticated()
41 | .and()
42 | .httpBasic();
43 | //@formatter:on
44 | }
45 |
46 | @Override
47 | protected void configure(AuthenticationManagerBuilder auth) throws Exception {
48 | auth.userDetailsService(clientUserDetailsService);
49 | }
50 | }
51 |
--------------------------------------------------------------------------------
/authorization-code/authorization-code-client-resttemplate-jdbc/src/main/java/com/github/hellxz/oauth2/consts/GrantType.java:
--------------------------------------------------------------------------------
1 | package com.github.hellxz.oauth2.consts;
2 |
3 | public enum GrantType {
4 | /**
5 | * 授权码
6 | */
7 | AUTHORIZATION_CODE("authorization_code"),
8 | /**
9 | * 简化模式
10 | */
11 | IMPLICIT("implicit"),
12 | /**
13 | * 客户端模式
14 | */
15 | CLIENT_CREDENTIALS("client_credentials"),
16 | /**
17 | * 用户密码模式
18 | */
19 | PASSWORD("password");
20 |
21 | private String code;
22 | GrantType(String code){
23 | this.code = code;
24 | }
25 |
26 | public String getCode() {
27 | return code;
28 | }
29 | }
30 |
--------------------------------------------------------------------------------
/authorization-code/authorization-code-client-resttemplate-jdbc/src/main/java/com/github/hellxz/oauth2/dao/ClientUserRepositories.java:
--------------------------------------------------------------------------------
1 | package com.github.hellxz.oauth2.dao;
2 |
3 | import com.github.hellxz.oauth2.domain.ClientUser;
4 | import org.springframework.data.jpa.repository.JpaRepository;
5 |
6 | public interface ClientUserRepositories extends JpaRepository {
7 | ClientUser findOneByUsername(String username);
8 | }
9 |
--------------------------------------------------------------------------------
/authorization-code/authorization-code-client-resttemplate-jdbc/src/main/java/com/github/hellxz/oauth2/domain/ClientUser.java:
--------------------------------------------------------------------------------
1 | package com.github.hellxz.oauth2.domain;
2 |
3 | import org.apache.commons.lang3.builder.ToStringBuilder;
4 | import org.apache.commons.lang3.builder.ToStringStyle;
5 | import org.springframework.security.core.GrantedAuthority;
6 | import org.springframework.security.core.userdetails.UserDetails;
7 |
8 | import javax.persistence.Column;
9 | import javax.persistence.Entity;
10 | import javax.persistence.GeneratedValue;
11 | import javax.persistence.Id;
12 | import java.io.Serializable;
13 | import java.util.Calendar;
14 | import java.util.Collection;
15 | import java.util.Collections;
16 |
17 | @Entity(name = "client_user")
18 | public class ClientUser implements UserDetails, Serializable {
19 |
20 | private static final long serialVersionUID = 1L;
21 |
22 | @Id
23 | @GeneratedValue
24 | @Column(name = "id")
25 | private long id;
26 | @Column(name = "username")
27 | private String username;
28 | @Column(name = "password")
29 | private String password;
30 | @Column(name = "access_token")
31 | private String accessToken;
32 | @Column(name = "refresh_token")
33 | private String refreshToken;
34 | @Column(name = "validate_token_expire")
35 | private Calendar validateTokenExpire;
36 |
37 | public long getId() {
38 | return id;
39 | }
40 |
41 | public void setId(long id) {
42 | this.id = id;
43 | }
44 |
45 | public String getUsername() {
46 | return username;
47 | }
48 |
49 | @Override
50 | public boolean isAccountNonExpired() {
51 | return true;
52 | }
53 |
54 | @Override
55 | public boolean isAccountNonLocked() {
56 | return true;
57 | }
58 |
59 | @Override
60 | public boolean isCredentialsNonExpired() {
61 | return true;
62 | }
63 |
64 | @Override
65 | public boolean isEnabled() {
66 | return true;
67 | }
68 |
69 | public void setUsername(String username) {
70 | this.username = username;
71 | }
72 |
73 | @Override
74 | public Collection getAuthorities() {
75 | return Collections.emptyList();
76 | }
77 |
78 | public String getPassword() {
79 | return password;
80 | }
81 |
82 | public void setPassword(String password) {
83 | this.password = password;
84 | }
85 |
86 | public String getAccessToken() {
87 | return accessToken;
88 | }
89 |
90 | public void setAccessToken(String accessToken) {
91 | this.accessToken = accessToken;
92 | }
93 |
94 | public String getRefreshToken() {
95 | return refreshToken;
96 | }
97 |
98 | public void setRefreshToken(String refreshToken) {
99 | this.refreshToken = refreshToken;
100 | }
101 |
102 | public Calendar getValidateTokenExpire() {
103 | return validateTokenExpire;
104 | }
105 |
106 | public void setValidateTokenExpire(Calendar validateTokenExpire) {
107 | this.validateTokenExpire = validateTokenExpire;
108 | }
109 |
110 | @Override
111 | public String toString() {
112 | return ToStringBuilder.reflectionToString(this, ToStringStyle.SHORT_PREFIX_STYLE);
113 | }
114 | }
115 |
--------------------------------------------------------------------------------
/authorization-code/authorization-code-client-resttemplate-jdbc/src/main/java/com/github/hellxz/oauth2/dto/TokenDTO.java:
--------------------------------------------------------------------------------
1 | package com.github.hellxz.oauth2.dto;
2 |
3 | import com.fasterxml.jackson.annotation.JsonProperty;
4 | import org.apache.commons.lang3.builder.ToStringBuilder;
5 | import org.apache.commons.lang3.builder.ToStringStyle;
6 |
7 | /**
8 | * 授权成功token返回体
9 | */
10 | public class TokenDTO {
11 | @JsonProperty("access_token")
12 | private String accessToken;
13 | @JsonProperty("refresh_token")
14 | private String refreshToken;
15 | @JsonProperty("token_type")
16 | private String tokenType;
17 | @JsonProperty("expires_in")
18 | private String expiresIn;
19 | @JsonProperty("scope")
20 | private String scope;
21 |
22 | public String getRefreshToken() {
23 | return refreshToken;
24 | }
25 |
26 | public void setRefreshToken(String refreshToken) {
27 | this.refreshToken = refreshToken;
28 | }
29 |
30 | public String getAccessToken() {
31 | return accessToken;
32 | }
33 |
34 | public void setAccessToken(String accessToken) {
35 | this.accessToken = accessToken;
36 | }
37 |
38 | public String getTokenType() {
39 | return tokenType;
40 | }
41 |
42 | public void setTokenType(String tokenType) {
43 | this.tokenType = tokenType;
44 | }
45 |
46 | public String getExpiresIn() {
47 | return expiresIn;
48 | }
49 |
50 | public void setExpiresIn(String expiresIn) {
51 | this.expiresIn = expiresIn;
52 | }
53 |
54 | public String getScope() {
55 | return scope;
56 | }
57 |
58 | public void setScope(String scope) {
59 | this.scope = scope;
60 | }
61 |
62 | @Override
63 | public String toString() {
64 | return ToStringBuilder.reflectionToString(this, ToStringStyle.SHORT_PREFIX_STYLE);
65 | }
66 | }
67 |
--------------------------------------------------------------------------------
/authorization-code/authorization-code-client-resttemplate-jdbc/src/main/java/com/github/hellxz/oauth2/service/ClientUserService.java:
--------------------------------------------------------------------------------
1 | package com.github.hellxz.oauth2.service;
2 |
3 | import com.github.hellxz.oauth2.dao.ClientUserRepositories;
4 | import com.github.hellxz.oauth2.domain.ClientUser;
5 | import com.github.hellxz.oauth2.utils.SecurityUtils;
6 | import org.springframework.beans.factory.annotation.Autowired;
7 | import org.springframework.stereotype.Service;
8 |
9 | import java.util.Optional;
10 |
11 | @Service
12 | public class ClientUserService {
13 |
14 | @Autowired
15 | private ClientUserRepositories repositories;
16 |
17 | public void updateClientUser(ClientUser clientUser){
18 | Optional userById = repositories.findById(clientUser.getId());
19 | if(userById.isPresent()){
20 | repositories.save(clientUser);
21 | }
22 | }
23 | }
24 |
--------------------------------------------------------------------------------
/authorization-code/authorization-code-client-resttemplate-jdbc/src/main/java/com/github/hellxz/oauth2/service/TokenService.java:
--------------------------------------------------------------------------------
1 | package com.github.hellxz.oauth2.service;
2 |
3 | import com.github.hellxz.oauth2.config.OAuth2ClientProperties;
4 | import com.github.hellxz.oauth2.config.OAuth2ServerProperties;
5 | import com.github.hellxz.oauth2.consts.GrantType;
6 | import com.github.hellxz.oauth2.domain.ClientUser;
7 | import com.github.hellxz.oauth2.dto.TokenDTO;
8 | import com.github.hellxz.oauth2.web.vo.UserInfo;
9 | import org.springframework.beans.factory.annotation.Autowired;
10 | import org.springframework.http.*;
11 | import org.springframework.stereotype.Component;
12 | import org.springframework.util.LinkedMultiValueMap;
13 | import org.springframework.util.MultiValueMap;
14 | import org.springframework.web.client.HttpClientErrorException;
15 | import org.springframework.web.client.RestTemplate;
16 | import org.springframework.web.servlet.ModelAndView;
17 |
18 | import java.io.UnsupportedEncodingException;
19 | import java.net.URI;
20 | import java.net.URLEncoder;
21 | import java.util.*;
22 |
23 | @Component
24 | public class TokenService {
25 |
26 | @Autowired
27 | private OAuth2ServerProperties auth2ServerProperties;
28 |
29 | @Autowired
30 | private OAuth2ClientProperties auth2ClientProperties;
31 |
32 | @Autowired
33 | private RestTemplate restTemplate;
34 |
35 | /**
36 | * 请求授权码url
37 | */
38 | public String getAuthorizeUrl() {
39 | HashMap params = new HashMap<>();
40 | params.put("client_id", auth2ClientProperties.getClientId());
41 | params.put("redirect_uri", URLEncoder.encode(auth2ClientProperties.getRedirectUri()));
42 | params.put("response_type", auth2ClientProperties.getResponseType());
43 | params.put("scope", URLEncoder.encode(auth2ClientProperties.getScope()));
44 | return buildUrlStr(auth2ServerProperties.getAuthorizeUrl(), params);
45 | }
46 |
47 | /**
48 | * 请求授权token的url
49 | */
50 | public String getToken(String code) throws UnsupportedEncodingException {
51 | RequestEntity httpEntity = new RequestEntity<>(getHttpBody(code), getHttpHeaders(), HttpMethod.POST, URI.create(auth2ServerProperties.getTokenUrl()));
52 | ResponseEntity exchange = restTemplate.exchange(httpEntity, TokenDTO.class);
53 | if (exchange.getStatusCode().is2xxSuccessful()) {
54 | System.err.println(exchange.getBody());
55 | return Objects.requireNonNull(exchange.getBody()).getAccessToken();
56 | }
57 | throw new RuntimeException("请求令牌失败!");
58 | }
59 |
60 | public void tryGetUserInfo(ModelAndView mv, ClientUser currentUser) {
61 | //正常请求资源服务器,获取用户信息
62 | HttpHeaders headers = new HttpHeaders();
63 | headers.setBearerAuth(currentUser.getAccessToken());
64 | RequestEntity> requestEntity
65 | = new RequestEntity<>(headers, HttpMethod.GET, URI.create("http://localhost:8081/user/jack"));
66 | ResponseEntity exchange = null;
67 | try{
68 | //尝试访问资源
69 | exchange = restTemplate.exchange(requestEntity, UserInfo.class);
70 | }catch (HttpClientErrorException exception){
71 | //未认证会报错,重定向到授权页面,获取新token
72 | mv.setViewName("redirect:" + getAuthorizeUrl());
73 | return;
74 | }
75 | assert exchange != null;
76 | if (exchange.getStatusCode().is2xxSuccessful()) {
77 | UserInfo body = exchange.getBody();
78 | mv.addObject("currentLoginUsername", currentUser.getUsername());
79 | mv.addObject("user", body);
80 | }
81 | }
82 |
83 | private HttpHeaders getHttpHeaders() {
84 | HttpHeaders httpHeaders = new HttpHeaders();
85 | httpHeaders.setBasicAuth(auth2ClientProperties.getClientId(), auth2ClientProperties.getClientSecret());
86 | httpHeaders.setContentType(MediaType.APPLICATION_FORM_URLENCODED);
87 | httpHeaders.setAccept(Arrays.asList(MediaType.APPLICATION_JSON));
88 | return httpHeaders;
89 | }
90 |
91 | private MultiValueMap getHttpBody(String code) throws UnsupportedEncodingException {
92 | MultiValueMap params = new LinkedMultiValueMap<>();
93 | params.add("code", code);
94 | params.add("grant_type", GrantType.AUTHORIZATION_CODE.getCode());
95 | params.add("redirect_uri", auth2ClientProperties.getRedirectUri());
96 | params.add("scope", auth2ClientProperties.getScope());
97 | return params;
98 | }
99 |
100 | /**
101 | * 构建url
102 | *
103 | * @param endpoint 服务器端点url
104 | * @param params 参数列表
105 | * @return 带参数的url
106 | */
107 | private String buildUrlStr(String endpoint, Map params) {
108 | List keyValueParam = new ArrayList<>(params.size());
109 | params.forEach((key, value) -> keyValueParam.add(key + "=" + value));
110 | return endpoint + "?" + keyValueParam.stream().reduce((a, b) -> a + "&" + b).get();
111 | }
112 | }
113 |
--------------------------------------------------------------------------------
/authorization-code/authorization-code-client-resttemplate-jdbc/src/main/java/com/github/hellxz/oauth2/utils/SecurityUtils.java:
--------------------------------------------------------------------------------
1 | package com.github.hellxz.oauth2.utils;
2 |
3 | import com.github.hellxz.oauth2.domain.ClientUser;
4 | import com.github.hellxz.oauth2.service.ClientUserService;
5 | import org.springframework.beans.factory.annotation.Autowired;
6 | import org.springframework.security.core.Authentication;
7 | import org.springframework.security.core.context.SecurityContext;
8 | import org.springframework.security.core.context.SecurityContextHolder;
9 | import org.springframework.security.core.userdetails.UserDetails;
10 | import org.springframework.stereotype.Component;
11 |
12 | @Component
13 | public class SecurityUtils {
14 |
15 | @Autowired
16 | private ClientUserService clientUserService;
17 |
18 | public UserDetails getCurrentUser(){
19 | SecurityContext context = SecurityContextHolder.getContext();
20 | Authentication authentication = context.getAuthentication();
21 | Object principal = authentication.getPrincipal();
22 | if(principal instanceof UserDetails){
23 | return (UserDetails) principal;
24 | }
25 | return null;
26 | }
27 |
28 | /**
29 | * 更新token
30 | */
31 | public void updateToken(String token){
32 | SecurityContext context = SecurityContextHolder.getContext();
33 | Authentication authentication = context.getAuthentication();
34 | Object principal = authentication.getPrincipal();
35 | if(principal instanceof ClientUser){
36 | ClientUser clientUser = (ClientUser) principal;
37 | clientUser.setAccessToken(token);
38 | clientUserService.updateClientUser(clientUser);
39 | }
40 | }
41 | }
42 |
--------------------------------------------------------------------------------
/authorization-code/authorization-code-client-resttemplate-jdbc/src/main/java/com/github/hellxz/oauth2/web/MainPageController.java:
--------------------------------------------------------------------------------
1 | package com.github.hellxz.oauth2.web;
2 |
3 | import com.github.hellxz.oauth2.domain.ClientUser;
4 | import com.github.hellxz.oauth2.service.TokenService;
5 | import com.github.hellxz.oauth2.utils.SecurityUtils;
6 | import org.apache.commons.lang3.StringUtils;
7 | import org.springframework.beans.factory.annotation.Autowired;
8 | import org.springframework.stereotype.Controller;
9 | import org.springframework.web.bind.annotation.GetMapping;
10 | import org.springframework.web.bind.annotation.RequestParam;
11 | import org.springframework.web.client.RestTemplate;
12 | import org.springframework.web.servlet.ModelAndView;
13 |
14 | import java.io.UnsupportedEncodingException;
15 |
16 | /**
17 | * 页面控制器,本示例中所有controller都在这里
18 | */
19 | @Controller
20 | public class MainPageController {
21 |
22 | @Autowired
23 | private RestTemplate restTemplate;
24 |
25 | @Autowired
26 | private TokenService tokenService;
27 |
28 | @Autowired
29 | private SecurityUtils securityUtils;
30 |
31 | /**
32 | * 主页
33 | */
34 | @GetMapping(value = {"/", "/index"})
35 | public String index(){
36 | return "index";
37 | }
38 |
39 | /**
40 | * 回调
41 | */
42 | @GetMapping("/callback")
43 | public ModelAndView callback(@RequestParam("code") String code) throws UnsupportedEncodingException {
44 | String token = tokenService.getToken(code);
45 | if(StringUtils.isNotBlank(token)){
46 | securityUtils.updateToken(token);
47 | return new ModelAndView("redirect:/user-info");
48 | }
49 | throw new RuntimeException("请求超时");
50 | }
51 |
52 | /**
53 | * 用于测试获取token与访问资源服务器资源的功能
54 | */
55 | @GetMapping("/user-info")
56 | public ModelAndView userInfoPage(){
57 | //获取当前登录的用户,这个用户对象中包含数据库中保存的token
58 | ClientUser currentUser = (ClientUser)securityUtils.getCurrentUser();
59 | //不存在需要去走一次授权码模式流程
60 | if(null != currentUser && StringUtils.isBlank(currentUser.getAccessToken())){
61 | //重定向到授权服务器进行授权, 先获取授权码
62 | return new ModelAndView("redirect:"+tokenService.getAuthorizeUrl());
63 | }
64 | ModelAndView modelAndView = new ModelAndView("user-info");
65 | //尝试获取资源
66 | tokenService.tryGetUserInfo(modelAndView, currentUser);
67 | return modelAndView;
68 | }
69 |
70 | }
71 |
--------------------------------------------------------------------------------
/authorization-code/authorization-code-client-resttemplate-jdbc/src/main/java/com/github/hellxz/oauth2/web/vo/UserInfo.java:
--------------------------------------------------------------------------------
1 | package com.github.hellxz.oauth2.web.vo;
2 |
3 | import com.fasterxml.jackson.annotation.JsonProperty;
4 | import org.apache.commons.lang3.builder.ToStringBuilder;
5 | import org.apache.commons.lang3.builder.ToStringStyle;
6 |
7 | public class UserInfo {
8 | @JsonProperty("username")
9 | private String username;
10 | @JsonProperty("email")
11 | private String email;
12 |
13 | public String getEmail() {
14 | return email;
15 | }
16 |
17 | public void setEmail(String email) {
18 | this.email = email;
19 | }
20 |
21 | public String getUsername() {
22 | return username;
23 | }
24 |
25 | public void setUsername(String username) {
26 | this.username = username;
27 | }
28 |
29 | @Override
30 | public String toString() {
31 | return ToStringBuilder.reflectionToString(this, ToStringStyle.SHORT_PREFIX_STYLE);
32 | }
33 | }
34 |
--------------------------------------------------------------------------------
/authorization-code/authorization-code-client-resttemplate-jdbc/src/main/resources/application.yml:
--------------------------------------------------------------------------------
1 | server:
2 | port: 9001
3 |
4 | spring:
5 | http:
6 | converters:
7 | preferred-json-mapper: jackson
8 | thymeleaf:
9 | cache: false
10 | datasource:
11 | driver-class-name: com.mysql.cj.jdbc.Driver
12 | url: jdbc:mysql://localhost:3306/oauth2_client_db?useSSL=false&useCharacterEncoding=utf-8
13 | username: root
14 | password: root
15 | jpa:
16 | properties:
17 | hibernate:
18 | hbm2ddl.auto: update
19 | dialect: org.hibernate.dialect.MySQL5InnoDBDialect
20 | show-sql: true
21 |
22 | oauth2:
23 | client:
24 | client-id: client-a
25 | client-secret: client-a-secret
26 | redirect_uri: http://localhost:${server.port}/callback
27 | response_type: code
28 | scope: read_user_info
29 | server:
30 | host: http://localhost:8080
31 | authorize-url: ${oauth2.server.host}/oauth/authorize
32 | token-url: ${oauth2.server.host}/oauth/token
33 | check-token-url: ${oauth2.server.host}/oauth/check_token
34 |
--------------------------------------------------------------------------------
/authorization-code/authorization-code-client-resttemplate-jdbc/src/main/resources/sql/create_table.sql:
--------------------------------------------------------------------------------
1 | -- 创建数据库
2 | create database if not exists `oauth2_client_db` default character set utf8 collate utf8_general_ci;
3 | use oauth2_client_db;
4 | -- 创建client端用户,这里可以与授权服务登录用户名和密码不一致
5 | create table if not exists client_user
6 | (
7 | id bigint auto_increment primary key,
8 | username varchar(32) not null,
9 | `password` varchar(64) not null,
10 | access_token varchar(256) default null,
11 | validate_token_expire datetime,
12 | refresh_token varchar(256) default null
13 | );
14 | -- 每次启动清空上次用户表,仅用于测试
15 | truncate table client_user;
16 | -- 插入一个与授权服务器密码不一致的用户
17 | insert into client_user values (null,'hellxz','$2a$10$iAEfWxvrLKt6bhBdkNsdCeMn6JEqrS8c6MF/pbbeAeCxVrgkH92Re', null, null, null);
18 |
--------------------------------------------------------------------------------
/authorization-code/authorization-code-client-resttemplate-jdbc/src/main/resources/templates/index.html:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | 首页
6 |
7 |
8 | 点此进入用户详情页
9 |
10 |
--------------------------------------------------------------------------------
/authorization-code/authorization-code-client-resttemplate-jdbc/src/main/resources/templates/user-info.html:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | 用户详情页面
6 |
7 |
8 | 当前登录的用户为:
test
9 |
10 |
11 | 获得的用户信息为:
12 |
13 | - 用户名:测试用户
14 | - 密码:测试email
15 |
16 |