阅读 147

JWT——授权服务器(无密码版)

文章目录

  • 1、pom依赖(主要)

  • 2、配置文件

  • 3、启动类

  • 4、编写授权服务器

  • 5、配置web安全


1、pom依赖(主要)

   <dependency><groupId>org.springframework.cloud</groupId><artifactId>spring-cloud-starter-oauth2</artifactId></dependency><!-- web--><dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-web</artifactId></dependency>


2、配置文件

server:
  port: 9999spring:
  application:name: authorization


3、启动类

package com.mysave.authorization;import org.springframework.boot.SpringApplication;import org.springframework.boot.autoconfigure.SpringBootApplication;import org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration;/**
 * @author zhz
 * @create 2021-03-13 17:27
 */@SpringBootApplication(exclude = {DataSourceAutoConfiguration.class})//加exclude = {DataSourceAutoConfiguration.class这个是因为我的依赖里面有mysql相关的,但是我这里不用public class AuthorizationApplication {public static void main(String[] args) {SpringApplication.run(AuthorizationApplication.class,args);}}


4、编写授权服务器

package com.mysave.authorization.config.auth;import org.springframework.beans.factory.annotation.Autowired;import org.springframework.context.annotation.Configuration;import org.springframework.security.authentication.AuthenticationManager;import org.springframework.security.core.userdetails.UserDetailsService;import org.springframework.security.crypto.password.PasswordEncoder;import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;/**
 * @author zhz
 * @create 2021-03-13 18:04
 */@Configuration@EnableAuthorizationServer//开启授权服务器功能public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {@Autowiredprivate PasswordEncoder passwordEncoder;@Autowiredprivate AuthenticationManager authenticationManager;

   // @Qualifier("userServiceDetailsServiceImpl")@Autowiredprivate UserDetailsService userDetailsService;/**
     * 添加第三方的客户端
     */@Overridepublic void configure(ClientDetailsServiceConfigurer clients) throws Exception {clients.inMemory().withClient("auth-api") // 第三方客户端的名称.secret(passwordEncoder.encode("auth-secret")) //  第三方客户端的密钥.scopes("all") //第三方客户端的授权范围.accessTokenValiditySeconds(7 * 24 *3600) // token的有效期.refreshTokenValiditySeconds(30 * 24 * 3600)// refresh_token的有效期;super.configure(clients);}/**
     * 配置验证管理器,UserdetailService
     */@Overridepublic void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {endpoints.authenticationManager(authenticationManager).userDetailsService(userDetailsService);super.configure(endpoints);}}


5、配置web安全

package com.mysave.authorization.config.auth;import org.springframework.context.annotation.Bean;import org.springframework.context.annotation.Configuration;import org.springframework.security.authentication.AuthenticationManager;import org.springframework.security.config.annotation.web.builders.HttpSecurity;import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;import org.springframework.security.core.authority.SimpleGrantedAuthority;import org.springframework.security.core.userdetails.User;import org.springframework.security.core.userdetails.UserDetailsService;import org.springframework.security.crypto.password.NoOpPasswordEncoder;import org.springframework.security.crypto.password.PasswordEncoder;import org.springframework.security.provisioning.InMemoryUserDetailsManager;import java.util.Arrays;/**
 * @author :zhz
 * @date :Created in 2021/03/14
 * @version: V1.0
 * @slogan: 天下风云出我辈,一入代码岁月催
 * @description:
 **/@Configurationpublic class WebSecurityConfig extends WebSecurityConfigurerAdapter {@Overrideprotected void configure(HttpSecurity http) throws Exception {http.csrf().disable();http.authorizeRequests().anyRequest().authenticated();}@Beanprotected AuthenticationManager authenticationManager() throws Exception {return super.authenticationManager();}@Beanprotected UserDetailsService userDetailsService(){InMemoryUserDetailsManager inMemoryUserDetailsManager=new InMemoryUserDetailsManager();User user=new User("admin","123456", Arrays.asList(new SimpleGrantedAuthority("Role_Admin")));inMemoryUserDetailsManager.createUser(user);return inMemoryUserDetailsManager;}/**
     * 密码加密
     * @return
     */@Beanpublic PasswordEncoder passwordEncoder(){return  NoOpPasswordEncoder.getInstance();//设置不加密方式}/*public static void main(String[] args) {
        BCryptPasswordEncoder encoder=new BCryptPasswordEncoder();
        String encode = encoder.encode("123456");
        System.out.println(encode);
    }*/}


文章分类
后端
文章标签
jwt
授权
服务器
密码
版权声明:本站是系统测试站点,无实际运营。本文内容由互联网用户自发贡献,该文观点仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容, 请发送邮件至 XXXXXXo@163.com 举报,一经查实,本站将立刻删除。
相关推荐