修改密码模式安全配置

706fd8d3 · XCQi · 22b51d69 · 706fd8d3 · 706fd8d3 · 706fd8d3
Commit 706fd8d3 authored Aug 23, 2019 by XCQi
5 changed files
--- a/.gitignore
+++ b/.gitignore
@@ -29,3 +29,4 @@ build/

 ### VS Code ###
 .vscode/
+!/.idea/
--- a/pom.xml
+++ b/pom.xml
@@ -32,10 +32,10 @@
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-web</artifactId>
        </dependency>
-<!--        <dependency>-->
-<!--            <groupId>org.springframework.boot</groupId>-->
-<!--            <artifactId>spring-boot-starter-data-redis</artifactId>-->
-<!--        </dependency>-->
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-data-redis</artifactId>
+        </dependency>

        <dependency>
            <groupId>org.springframework.boot</groupId>

--- a/src/main/java/com/yingxin/springcloudauthserver/config/AuthorizationServerConfig.java
+++ b/src/main/java/com/yingxin/springcloudauthserver/config/AuthorizationServerConfig.java
@@ -21,33 +21,33 @@ import org.springframework.security.oauth2.provider.token.store.redis.RedisToken
 @EnableAuthorizationServer
 public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {

-//    private final AuthenticationManager authenticationManager;
-//    private final RedisConnectionFactory redisConnectionFactory;
+    private final AuthenticationManager authenticationManager;
+    private final RedisConnectionFactory redisConnectionFactory;

-//    public AuthorizationServerConfig(AuthenticationManager authenticationManager, RedisConnectionFactory redisConnectionFactory) {
-//        this.authenticationManager = authenticationManager;
-//        this.redisConnectionFactory = redisConnectionFactory;
-//    }
-
-    @Bean
-    public PasswordEncoder passwordEncoder() {
-        return PasswordEncoderFactories.createDelegatingPasswordEncoder();
+    public AuthorizationServerConfig(AuthenticationManager authenticationManager, RedisConnectionFactory redisConnectionFactory) {
+        this.authenticationManager = authenticationManager;
+        this.redisConnectionFactory = redisConnectionFactory;
    }

+//    @Bean
+//    public PasswordEncoder passwordEncoder() {
+//        return PasswordEncoderFactories.createDelegatingPasswordEncoder();
+//    }
+
    // 定义令牌端点上的安全性约束
    @Override
    public void configure(AuthorizationServerSecurityConfigurer security) {
        security.allowFormAuthenticationForClients()
-                .tokenKeyAccess("isAuthenticated()")
+                .tokenKeyAccess("permitAll()")
 //                .checkTokenAccess("permitAll()");
-                .checkTokenAccess("permitAll()");
+                .checkTokenAccess("isAuthenticated()");
    }

    // 定义客户端详细信息服务的配置器。可以初始化客户端详细信息，也可以只引用现有store
    @Override
    public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
        // 2.0版本以后默认取消了明文密码保存
-        String finalSecret = "{bcrypt}" + new BCryptPasswordEncoder().encode("123456");
+        String finalSecret = "{bcrypt}" + new BCryptPasswordEncoder().encode("1234567");
        /*
        client模式，没有用户的概念，直接与认证服务器交互，用配置中的客户端信息去申请accessToken，
            客户端有自己的client_id,client_secret对应于用户的username,password，而客户端也拥有自己的
@@ -58,21 +58,22 @@ public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdap
         */
        clients.inMemory().withClient("client_1")//                clientId：（必须）客户端id
                .authorizedGrantTypes("client_credentials", "refresh_token")
-                .secret(finalSecret);
+                .secret(finalSecret)
+        .and().withClient("client_2")
 //                .resourceIds("order") // resorceIds：这个客户端可以访问的资源id 不设置则授权所有资源
-//                .authorizedGrantTypes("client_credentials", "refresh_token") // 授权给客户端使用的权限类型 默认值为空
-//                .scopes("server") // 客户端的作用域。如果scope未定义或者为空（默认值），则客户端作用域不受限制
-//                .authorities("oauth2") // 授权给客户端的权限
-//                .secret(finalSecret); // （对于可信任的客户端是必须的）客户端的私密信息
+                .authorizedGrantTypes("password", "refresh_token") // 授权给客户端使用的权限类型 默认值为空
+                .scopes("server") // 客户端的作用域。如果scope未定义或者为空（默认值），则客户端作用域不受限制
+                .authorities("oauth2") // 授权给客户端的权限
+                .secret(finalSecret); // （对于可信任的客户端是必须的）客户端的私密信息
    }

    // 定义授权和令牌端点以及令牌服务
    @Override
    public void configure(AuthorizationServerEndpointsConfigurer endpoints) {
        endpoints
-//                .tokenStore(new RedisTokenStore(redisConnectionFactory))
-                .tokenStore(new InMemoryTokenStore())
-//                .authenticationManager(authenticationManager)
+                .tokenStore(new RedisTokenStore(redisConnectionFactory))
+//                .tokenStore(new InMemoryTokenStore())
+                .authenticationManager(authenticationManager)
                .allowedTokenEndpointRequestMethods(HttpMethod.GET, HttpMethod.POST); // 默认只开放post请求
    }
 }
--- a/src/main/java/com/yingxin/springcloudauthserver/config/WebSecurityConfig.java
+++ b/src/main/java/com/yingxin/springcloudauthserver/config/WebSecurityConfig.java
-//package com.yingxin.springcloudauthserver.config;
-//
-//import org.springframework.context.annotation.Bean;
-//import org.springframework.context.annotation.Configuration;
-//import org.springframework.security.authentication.AuthenticationManager;
-//import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-//import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
-//import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
-//import org.springframework.security.core.userdetails.User;
-//import org.springframework.security.core.userdetails.UserDetailsService;
-//import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
-//import org.springframework.security.provisioning.InMemoryUserDetailsManager;
-//
-//@Configuration
-//@EnableWebSecurity
-//public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
-//
-//    @Bean
-//    @Override
-//    public AuthenticationManager authenticationManagerBean() throws Exception {
-//        return super.authenticationManagerBean();
-//    }
-//
-//    @Bean
-//    @Override
-//    public UserDetailsService userDetailsServiceBean() {
-//        BCryptPasswordEncoder bCryptPasswordEncoder = new BCryptPasswordEncoder();
-//        String finalPassword = "{bcrypt}"+bCryptPasswordEncoder.encode("password1");
-//
-//        InMemoryUserDetailsManager userDetailsManager = new InMemoryUserDetailsManager();
-//        userDetailsManager.createUser(User.withUsername("user1").password(finalPassword).authorities("USER").build());
-//        return userDetailsManager;
-//    }
-//
-//
-//    @Override
-//    protected void configure(HttpSecurity http) throws Exception {
-//        http.authorizeRequests()
-////                .antMatchers("/oauth/token").authenticated()
+package com.yingxin.springcloudauthserver.config;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.core.userdetails.User;
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.crypto.factory.PasswordEncoderFactories;
+import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.security.provisioning.InMemoryUserDetailsManager;
+
+@Configuration
+@EnableWebSecurity
+public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
+
+    @Bean
+    @Override
+    public AuthenticationManager authenticationManagerBean() throws Exception {
+        return super.authenticationManagerBean();
+    }
+
+    @Bean
+    @Override
+    public UserDetailsService userDetailsServiceBean() {
+        BCryptPasswordEncoder bCryptPasswordEncoder = new BCryptPasswordEncoder();
+        String finalPassword = "{bcrypt}"+bCryptPasswordEncoder.encode("password1");
+
+        InMemoryUserDetailsManager userDetailsManager = new InMemoryUserDetailsManager();
+        userDetailsManager.createUser(User.withUsername("user1").password(finalPassword).authorities("USER").build());
+        return userDetailsManager;
+    }
+
+    @Bean
+    PasswordEncoder passwordEncoder() {
+        return PasswordEncoderFactories.createDelegatingPasswordEncoder();
+    }
+
+    @Override
+    protected void configure(HttpSecurity http) throws Exception {
+        http.requestMatchers().anyRequest()
+                .and().authorizeRequests().antMatchers("/oauth/token").permitAll();
+//                .antMatchers("/oauth/token").authenticated()
 //                .anyRequest().permitAll();
-//    }
-//}
+    }
+}
--- a/src/main/resources/application.properties
+++ b/src/main/resources/application.properties
 eureka.client.service-url.defaultZone=http://localhost:8761/eureka/
 spring.application.name=spring-cloud-oauth-auth-server
-