自定义登录、授权页面

client/pom.xml

@@ -30,22 +30,11 @@
 			<scope>test</scope>
 		</dependency>
 
-		<dependency>
-			<groupId>org.springframework.boot</groupId>
-			<artifactId>spring-boot-configuration-processor</artifactId>
-			<optional>true</optional>
-		</dependency>
-		<!--&lt;!&ndash; oauth &ndash;&gt;
+		<!-- oauth -->
 		<dependency>
 			<groupId>org.springframework.security.oauth</groupId>
 			<artifactId>spring-security-oauth2</artifactId>
 			<version>2.3.3.RELEASE</version>
-		</dependency>-->
-
-		<dependency>
-			<groupId>org.springframework.security.oauth.boot</groupId>
-			<artifactId>spring-security-oauth2-autoconfigure</artifactId>
-			<version>2.1.3.RELEASE</version>
 		</dependency>
 
 		<!-- security -->
@@ -77,24 +66,6 @@
 			<artifactId>spring-boot-starter-thymeleaf</artifactId>
 		</dependency>
 
-		<!--swagger start-->
-		<dependency>
-			<groupId>io.springfox</groupId>
-			<artifactId>springfox-swagger2</artifactId>
-			<version>2.9.2</version>
-		</dependency>
-
-		<dependency>
-			<groupId>io.springfox</groupId>
-			<artifactId>springfox-swagger-ui</artifactId>
-			<version>2.9.2</version>
-		</dependency>
-
-		<!--swagger end-->
-		<dependency>
-			<groupId>org.apache.commons</groupId>
-			<artifactId>commons-lang3</artifactId>
-		</dependency>
 	</dependencies>
 
 	<build>

client/src/main/java/com/yingxin/server/client/config/AuthorizationServerConfiguration.java

 package com.yingxin.server.client.config;
 
+
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
@@ -7,17 +8,14 @@ import org.springframework.data.redis.connection.RedisConnectionFactory;
 import org.springframework.http.HttpMethod;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
 import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
 import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
 import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;
 import org.springframework.security.oauth2.provider.ClientDetailsService;
-import org.springframework.security.oauth2.provider.code.AuthorizationCodeServices;
-import org.springframework.security.oauth2.provider.token.TokenStore;
-import org.springframework.security.oauth2.provider.token.store.InMemoryTokenStore;
 import org.springframework.security.oauth2.provider.token.store.redis.RedisTokenStore;
-import javax.annotation.Resource;
-import javax.sql.DataSource;
+
 
 /**
  * description//TODO
@@ -38,11 +36,15 @@ public class AuthorizationServerConfiguration  extends AuthorizationServerConfig
     @Autowired
     UserDetailsService myUserDetailsService;
 
+    @Autowired
+    BCryptPasswordEncoder bCryptPasswordEncoder;
+
+
     @Autowired
     ClientDetailsService myClientDetailsService;
 
     @Bean
-    public RedisTokenStore redisTokenStore(){
+    public RedisTokenStore tokenStore(){
         return new RedisTokenStore(connectionFactory);
     }
 
@@ -77,7 +79,7 @@ public class AuthorizationServerConfiguration  extends AuthorizationServerConfig
     @Override
     public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
         endpoints.authenticationManager(authenticationManager)
-                .tokenStore(new RedisTokenStore(connectionFactory))
+                .tokenStore(tokenStore())
                 .userDetailsService(myUserDetailsService)
                 .allowedTokenEndpointRequestMethods(HttpMethod.GET,HttpMethod.POST);
     }

client/src/main/java/com/yingxin/server/client/config/SecurityConfig.java

@@ -3,18 +3,15 @@ package com.yingxin.server.client.config;
 
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.security.config.annotation.web.builders.WebSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 
-
-
-
 /**
  * description//TODO
  *
@@ -23,14 +20,12 @@ import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
  * @date 2019/8/20
  */
 @EnableWebSecurity  //开启权限验证
+@Configuration
 public class SecurityConfig extends WebSecurityConfigurerAdapter {
 
     @Autowired
     private UserDetailsService myUserDetailsService;
 
-    @Autowired
-    private MySecurityProperties properties;
-
     /**
      * 配置这个bean会在做AuthorizationServerConfigurer配置的时候使用
      * @return
@@ -47,39 +42,28 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
         auth.userDetailsService(myUserDetailsService).passwordEncoder(new BCryptPasswordEncoder());
     }
 
-    @Override
-    public void configure(WebSecurity web) throws Exception {
-        web.ignoring().antMatchers
-                ("/swagger-ui.html/**", "/webjars/**",
-                        "/swagger-resources/**", "/v2/api-docs/**",
-                        "/swagger-resources/configuration/ui/**", "/swagger-resources/configuration/security/**",
-                        "/images/**");
-    }
-
-
     @Override
     protected void configure(HttpSecurity http) throws Exception {
 
         http
                 // 必须配置，不然OAuth2的http配置不生效
                 .requestMatchers()
-                .antMatchers( "/oauth/**",properties.getLoginProcessUrl(),properties.getLoginPage())
+                .antMatchers( "/oauth/**","/auth/authorize","/auth/login")
                 .and()
                 .authorizeRequests()
                 // 自定义页面或处理url时，如果不配置全局允许，浏览器会提示服务器将页面转发多次
-                .antMatchers("/auth/login",properties.getLoginProcessUrl())
+                .antMatchers("/auth/login","/auth/authorize","/oauth/**")
                 .permitAll()
                 .anyRequest()
-                .authenticated();
+                .authenticated();;
 
         // 表单登录
         http.formLogin()
                 // 登录页面
-                .loginPage(properties.getLoginPage())
-                .loginProcessingUrl(properties.getLoginProcessUrl());
+                .loginPage("/auth/login")
+                .loginProcessingUrl("/auth/authorize");
 
         http.httpBasic().disable();
     }
 
-
 }

client/src/main/java/com/yingxin/server/client/controller/CallbackController.java

@@ -43,10 +43,13 @@ public class CallbackController {
 
     private org.slf4j.Logger logger = LoggerFactory.getLogger(getClass());
 
+    //获取code后，自动提交post请求获取token，取出token，直接获取资源
     @RequestMapping("/oauth/callback")
     public Map getToken(@RequestParam(value = "code") String code, Principal principal){
+        //放开后，可获取角色
         //String role=userService.findRoleByUsername(principal.getName()).iterator().next().getRole_name();
         //System.out.println(role);
+
         String clientId="client1";
         logger.info("receive code {}",code);
 
@@ -54,6 +57,7 @@ public class CallbackController {
         headers.setContentType(MediaType.APPLICATION_FORM_URLENCODED);
         MultiValueMap<String,String> params= new LinkedMultiValueMap<>();
 
+        //获取token
         List<Client> clients=clientService.findClientByCLientId(clientId);
         params.add("grant_type","authorization_code");
         params.add("code",code);
@@ -61,16 +65,16 @@ public class CallbackController {
         params.add("client_secret",clients.get(0).getClientSecret());
         params.add("redirect_uri",clients.get(0).getWebServerRedirectUri());
         HttpEntity<MultiValueMap<String,String>> requestEntity = new HttpEntity<>(params, headers);
-        //System.out.println(requestEntity.toString());
-
         ResponseEntity<Map> response = restTemplate.postForEntity("http://localhost:8080/oauth/token",requestEntity,Map.class);
         Map token = response.getBody();
         logger.info("token => {}",token);
 
+        //从token中获取access_token
         Map map=new HashMap();
         map.put("access_token",token.get("access_token").toString());
         logger.info("access_token => {}",token.get("access_token").toString());
 
+        //处理401错误
         restTemplate.setErrorHandler(new DefaultResponseErrorHandler() {
             @Override
             public void handleError(ClientHttpResponse response) throws IOException {
@@ -80,6 +84,7 @@ public class CallbackController {
             }
         });
 
+        //提交get请求，获取资源
         ResponseEntity<Map> responseEntity=restTemplate.getForEntity("http://localhost:8088/user?access_token={access_token}",Map.class,map);
 
         return responseEntity.getBody();

client/src/main/java/com/yingxin/server/client/controller/GrantController.java

@@ -11,9 +11,9 @@ import java.util.Map;
 
 @Controller
 @SessionAttributes("authorizationRequest")
-
 public class GrantController {
 
+    //自定义授权页面
     @RequestMapping(value = "/oauth/confirm_access")
     public ModelAndView getAccessConfirmation(Map<String, Object> model,HttpServletRequest request) throws Exception {
         AuthorizationRequest authorizationRequest = (AuthorizationRequest) model.get("authorizationRequest");
@@ -22,7 +22,6 @@ public class GrantController {
         view.setViewName("grant");
         view.addObject("clientId",clientId );
         view.addObject("scopes",authorizationRequest.getScope());
-        System.out.println(authorizationRequest.toString());
         return view;
     }
 }

client/src/main/java/com/yingxin/server/client/controller/LoginController.java

 package com.yingxin.server.client.controller;
 
-import com.yingxin.server.client.config.MySecurityProperties;
+
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Controller;
 import org.springframework.ui.Model;
@@ -9,13 +9,10 @@ import org.springframework.web.bind.annotation.RequestMapping;
 @Controller
 public class LoginController {
 
-    @Autowired
-    private MySecurityProperties properties;
-
+    //自定义登录页面
     @RequestMapping("/auth/login")
     public String login(Model model) {
-        //System.out.println(properties.getLoginProcessUrl());
-        model.addAttribute("loginProcessUrl",properties.getLoginProcessUrl());
+        model.addAttribute("loginProcessUrl","/auth/authorize");
         return "login";
     }
 

client/src/main/resources/views/grant.html

@@ -74,7 +74,9 @@
 </div>
 <script  th:inline="javascript">
     window.onload=function(){
-            document.getElementsByName("span")[0].innerText=document.getElementsByName("span")[0].id;
+        for(var i = 0;i<3;i++){
+            document.getElementsByName("span")[i].innerText=document.getElementsByName("span")[i].id;
+        }
     }
 
 </script>

resources/src/main/resources/application.yml

@@ -6,11 +6,10 @@ server:
 security:
   oauth2:
     client:
-      access-token-uri: ${auth-server-url}/oauth/token
-      user-authorization-uri: ${auth-server-url}/oauth/authorize
       client-id: client1
       client-secret: 123456
       scope: test
+      access-token-uri: ${auth-server-url}/oauth/token
+      user-authorization-uri: ${auth-server-url}/oauth/authorize
     resource:
       token-info-uri: ${auth-server-url}/oauth/check_token #检查令牌
\ No newline at end of file
-