Commit 706fd8d3 authored by XCQi's avatar XCQi

修改密码模式安全配置

parent 22b51d69
...@@ -29,3 +29,4 @@ build/ ...@@ -29,3 +29,4 @@ build/
### VS Code ### ### VS Code ###
.vscode/ .vscode/
!/.idea/
...@@ -32,10 +32,10 @@ ...@@ -32,10 +32,10 @@
<groupId>org.springframework.boot</groupId> <groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId> <artifactId>spring-boot-starter-web</artifactId>
</dependency> </dependency>
<!-- <dependency>--> <dependency>
<!-- <groupId>org.springframework.boot</groupId>--> <groupId>org.springframework.boot</groupId>
<!-- <artifactId>spring-boot-starter-data-redis</artifactId>--> <artifactId>spring-boot-starter-data-redis</artifactId>
<!-- </dependency>--> </dependency>
<dependency> <dependency>
<groupId>org.springframework.boot</groupId> <groupId>org.springframework.boot</groupId>
......
...@@ -21,33 +21,33 @@ import org.springframework.security.oauth2.provider.token.store.redis.RedisToken ...@@ -21,33 +21,33 @@ import org.springframework.security.oauth2.provider.token.store.redis.RedisToken
@EnableAuthorizationServer @EnableAuthorizationServer
public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter { public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {
// private final AuthenticationManager authenticationManager; private final AuthenticationManager authenticationManager;
// private final RedisConnectionFactory redisConnectionFactory; private final RedisConnectionFactory redisConnectionFactory;
// public AuthorizationServerConfig(AuthenticationManager authenticationManager, RedisConnectionFactory redisConnectionFactory) { public AuthorizationServerConfig(AuthenticationManager authenticationManager, RedisConnectionFactory redisConnectionFactory) {
// this.authenticationManager = authenticationManager; this.authenticationManager = authenticationManager;
// this.redisConnectionFactory = redisConnectionFactory; this.redisConnectionFactory = redisConnectionFactory;
// }
@Bean
public PasswordEncoder passwordEncoder() {
return PasswordEncoderFactories.createDelegatingPasswordEncoder();
} }
// @Bean
// public PasswordEncoder passwordEncoder() {
// return PasswordEncoderFactories.createDelegatingPasswordEncoder();
// }
// 定义令牌端点上的安全性约束 // 定义令牌端点上的安全性约束
@Override @Override
public void configure(AuthorizationServerSecurityConfigurer security) { public void configure(AuthorizationServerSecurityConfigurer security) {
security.allowFormAuthenticationForClients() security.allowFormAuthenticationForClients()
.tokenKeyAccess("isAuthenticated()") .tokenKeyAccess("permitAll()")
// .checkTokenAccess("permitAll()"); // .checkTokenAccess("permitAll()");
.checkTokenAccess("permitAll()"); .checkTokenAccess("isAuthenticated()");
} }
// 定义客户端详细信息服务的配置器。可以初始化客户端详细信息,也可以只引用现有store // 定义客户端详细信息服务的配置器。可以初始化客户端详细信息,也可以只引用现有store
@Override @Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception { public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
// 2.0版本以后默认取消了明文密码保存 // 2.0版本以后默认取消了明文密码保存
String finalSecret = "{bcrypt}" + new BCryptPasswordEncoder().encode("123456"); String finalSecret = "{bcrypt}" + new BCryptPasswordEncoder().encode("1234567");
/* /*
client模式,没有用户的概念,直接与认证服务器交互,用配置中的客户端信息去申请accessToken, client模式,没有用户的概念,直接与认证服务器交互,用配置中的客户端信息去申请accessToken,
客户端有自己的client_id,client_secret对应于用户的username,password,而客户端也拥有自己的 客户端有自己的client_id,client_secret对应于用户的username,password,而客户端也拥有自己的
...@@ -58,21 +58,22 @@ public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdap ...@@ -58,21 +58,22 @@ public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdap
*/ */
clients.inMemory().withClient("client_1")// clientId:(必须)客户端id clients.inMemory().withClient("client_1")// clientId:(必须)客户端id
.authorizedGrantTypes("client_credentials", "refresh_token") .authorizedGrantTypes("client_credentials", "refresh_token")
.secret(finalSecret); .secret(finalSecret)
.and().withClient("client_2")
// .resourceIds("order") // resorceIds:这个客户端可以访问的资源id 不设置则授权所有资源 // .resourceIds("order") // resorceIds:这个客户端可以访问的资源id 不设置则授权所有资源
// .authorizedGrantTypes("client_credentials", "refresh_token") // 授权给客户端使用的权限类型 默认值为空 .authorizedGrantTypes("password", "refresh_token") // 授权给客户端使用的权限类型 默认值为空
// .scopes("server") // 客户端的作用域。如果scope未定义或者为空(默认值),则客户端作用域不受限制 .scopes("server") // 客户端的作用域。如果scope未定义或者为空(默认值),则客户端作用域不受限制
// .authorities("oauth2") // 授权给客户端的权限 .authorities("oauth2") // 授权给客户端的权限
// .secret(finalSecret); // (对于可信任的客户端是必须的)客户端的私密信息 .secret(finalSecret); // (对于可信任的客户端是必须的)客户端的私密信息
} }
// 定义授权和令牌端点以及令牌服务 // 定义授权和令牌端点以及令牌服务
@Override @Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) { public void configure(AuthorizationServerEndpointsConfigurer endpoints) {
endpoints endpoints
// .tokenStore(new RedisTokenStore(redisConnectionFactory)) .tokenStore(new RedisTokenStore(redisConnectionFactory))
.tokenStore(new InMemoryTokenStore()) // .tokenStore(new InMemoryTokenStore())
// .authenticationManager(authenticationManager) .authenticationManager(authenticationManager)
.allowedTokenEndpointRequestMethods(HttpMethod.GET, HttpMethod.POST); // 默认只开放post请求 .allowedTokenEndpointRequestMethods(HttpMethod.GET, HttpMethod.POST); // 默认只开放post请求
} }
} }
//package com.yingxin.springcloudauthserver.config; package com.yingxin.springcloudauthserver.config;
//
//import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Bean;
//import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Configuration;
//import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.authentication.AuthenticationManager;
//import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity;
//import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
//import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
//import org.springframework.security.core.userdetails.User; import org.springframework.security.core.userdetails.User;
//import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.core.userdetails.UserDetailsService;
//import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
//import org.springframework.security.provisioning.InMemoryUserDetailsManager; import org.springframework.security.crypto.factory.PasswordEncoderFactories;
// import org.springframework.security.crypto.password.PasswordEncoder;
//@Configuration import org.springframework.security.provisioning.InMemoryUserDetailsManager;
//@EnableWebSecurity
//public class WebSecurityConfig extends WebSecurityConfigurerAdapter { @Configuration
// @EnableWebSecurity
// @Bean public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
// @Override
// public AuthenticationManager authenticationManagerBean() throws Exception { @Bean
// return super.authenticationManagerBean(); @Override
// } public AuthenticationManager authenticationManagerBean() throws Exception {
// return super.authenticationManagerBean();
// @Bean }
// @Override
// public UserDetailsService userDetailsServiceBean() { @Bean
// BCryptPasswordEncoder bCryptPasswordEncoder = new BCryptPasswordEncoder(); @Override
// String finalPassword = "{bcrypt}"+bCryptPasswordEncoder.encode("password1"); public UserDetailsService userDetailsServiceBean() {
// BCryptPasswordEncoder bCryptPasswordEncoder = new BCryptPasswordEncoder();
// InMemoryUserDetailsManager userDetailsManager = new InMemoryUserDetailsManager(); String finalPassword = "{bcrypt}"+bCryptPasswordEncoder.encode("password1");
// userDetailsManager.createUser(User.withUsername("user1").password(finalPassword).authorities("USER").build());
// return userDetailsManager; InMemoryUserDetailsManager userDetailsManager = new InMemoryUserDetailsManager();
// } userDetailsManager.createUser(User.withUsername("user1").password(finalPassword).authorities("USER").build());
// return userDetailsManager;
// }
// @Override
// protected void configure(HttpSecurity http) throws Exception { @Bean
// http.authorizeRequests() PasswordEncoder passwordEncoder() {
//// .antMatchers("/oauth/token").authenticated() return PasswordEncoderFactories.createDelegatingPasswordEncoder();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.requestMatchers().anyRequest()
.and().authorizeRequests().antMatchers("/oauth/token").permitAll();
// .antMatchers("/oauth/token").authenticated()
// .anyRequest().permitAll(); // .anyRequest().permitAll();
// } }
//} }
eureka.client.service-url.defaultZone=http://localhost:8761/eureka/ eureka.client.service-url.defaultZone=http://localhost:8761/eureka/
spring.application.name=spring-cloud-oauth-auth-server spring.application.name=spring-cloud-oauth-auth-server
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment