首次提交

.gitignore

+HELP.md
+target/
+!.mvn/wrapper/maven-wrapper.jar
+!**/src/main/**
+!**/src/test/**
+
+### STS ###
+.apt_generated
+.classpath
+.factorypath
+.project
+.settings
+.springBeans
+.sts4-cache
+
+### IntelliJ IDEA ###
+.idea
+*.iws
+*.iml
+*.ipr
+
+### NetBeans ###
+/nbproject/private/
+/nbbuild/
+/dist/
+/nbdist/
+/.nb-gradle/
+build/
+
+### VS Code ###
+.vscode/

pom.xml

+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+    <parent>
+        <groupId>org.springframework.boot</groupId>
+        <artifactId>spring-boot-starter-parent</artifactId>
+        <version>2.1.7.RELEASE</version>
+        <relativePath/> <!-- lookup parent from repository -->
+    </parent>
+    <groupId>com.yingxin</groupId>
+    <artifactId>springcloudauthserver</artifactId>
+    <version>0.0.1-SNAPSHOT</version>
+    <name>SpringCloudAuthServer</name>
+    <description>Demo project for Spring Boot</description>
+
+    <properties>
+        <java.version>1.8</java.version>
+        <spring-cloud.version>Greenwich.SR2</spring-cloud.version>
+    </properties>
+
+    <dependencies>
+        <dependency>
+            <groupId>org.springframework.cloud</groupId>
+            <artifactId>spring-cloud-starter-netflix-eureka-client</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.cloud</groupId>
+            <artifactId>spring-cloud-starter-oauth2</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-web</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-data-redis</artifactId>
+        </dependency>
+
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-test</artifactId>
+            <scope>test</scope>
+        </dependency>
+    </dependencies>
+
+    <dependencyManagement>
+        <dependencies>
+            <dependency>
+                <groupId>org.springframework.cloud</groupId>
+                <artifactId>spring-cloud-dependencies</artifactId>
+                <version>${spring-cloud.version}</version>
+                <type>pom</type>
+                <scope>import</scope>
+            </dependency>
+        </dependencies>
+    </dependencyManagement>
+
+    <build>
+        <plugins>
+            <plugin>
+                <groupId>org.springframework.boot</groupId>
+                <artifactId>spring-boot-maven-plugin</artifactId>
+            </plugin>
+        </plugins>
+    </build>
+
+</project>

src/main/java/com/yingxin/springcloudauthserver/SpringCloudAuthServerApplication.java

+package com.yingxin.springcloudauthserver;
+
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.cloud.client.discovery.EnableDiscoveryClient;
+
+@EnableDiscoveryClient
+@SpringBootApplication
+public class SpringCloudAuthServerApplication {
+
+    public static void main(String[] args) {
+        SpringApplication.run(SpringCloudAuthServerApplication.class, args);
+    }
+
+}

src/main/java/com/yingxin/springcloudauthserver/config/AuthorizationServerConfig.java

+package com.yingxin.springcloudauthserver.config;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.data.redis.connection.RedisConnectionFactory;
+import org.springframework.http.HttpMethod;
+import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.crypto.factory.PasswordEncoderFactories;
+import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
+import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
+import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
+import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
+import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;
+import org.springframework.security.oauth2.provider.token.store.redis.RedisTokenStore;
+
+// 定义授权服务器
+@Configuration
+@EnableAuthorizationServer
+public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {
+
+    private final AuthenticationManager authenticationManager;
+    private final RedisConnectionFactory redisConnectionFactory;
+
+    public AuthorizationServerConfig(AuthenticationManager authenticationManager, RedisConnectionFactory redisConnectionFactory) {
+        this.authenticationManager = authenticationManager;
+        this.redisConnectionFactory = redisConnectionFactory;
+    }
+
+    @Bean
+    public PasswordEncoder passwordEncoder() {
+        return PasswordEncoderFactories.createDelegatingPasswordEncoder();
+    }
+
+    // 定义令牌端点上的安全性约束
+    @Override
+    public void configure(AuthorizationServerSecurityConfigurer security) {
+        security.allowFormAuthenticationForClients()
+                .tokenKeyAccess("isAuthenticated()");
+//                .tokenKeyAccess("permitAll()")
+//                .checkTokenAccess("isAuthenticated()");
+    }
+
+    // 定义客户端详细信息服务的配置器。可以初始化客户端详细信息，也可以只引用现有store
+    @Override
+    public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
+        // 2.0版本以后默认取消了明文密码保存
+        String finalSecret = "{bcrypt}" + new BCryptPasswordEncoder().encode("123456");
+        /*
+        client模式，没有用户的概念，直接与认证服务器交互，用配置中的客户端信息去申请accessToken，
+            客户端有自己的client_id,client_secret对应于用户的username,password，而客户端也拥有自己的
+            authorities，当采取client模式认证时，对应的权限也就是客户端自己的authorities。
+        password模式，自己本身有一套用户体系，在认证时需要带上自己的用户名和密码，
+            以及客户端的client_id,client_secret。此时，accessToken所包含的权限是用户本身的权限，
+            而不是客户端的权限。
+        clientId:(必需）客户端ID。
+        secret:(可信客户端需要）客户端密钥（如果有）。
+        scope：客户受限的范围。如果范围未定义或为空（默认值），则客户端不受范围限制。
+        authorizedGrantTypes：授权客户端使用的授权类型。默认值为空。
+        authorities：授予客户端的权限（常规Spring Security权限）。
+         */
+        clients.inMemory().withClient("client_1")//                clientId：（必须）客户端id
+                .authorizedGrantTypes("client_credentials", "refresh_token")
+                .secret(finalSecret);
+//                .resourceIds("order") // resorceIds：这个客户端可以访问的资源id 不设置则授权所有资源
+//                .authorizedGrantTypes("client_credentials", "refresh_token") // 授权给客户端使用的权限类型 默认值为空
+//                .scopes("server") // 客户端的作用域。如果scope未定义或者为空（默认值），则客户端作用域不受限制
+//                .authorities("oauth2") // 授权给客户端的权限
+//                .secret(finalSecret); // （对于可信任的客户端是必须的）客户端的私密信息
+    }
+
+    // 定义授权和令牌端点以及令牌服务
+    @Override
+    public void configure(AuthorizationServerEndpointsConfigurer endpoints) {
+        endpoints
+                .tokenStore(new RedisTokenStore(redisConnectionFactory))
+//                .tokenStore(new InMemoryTokenStore())
+                .authenticationManager(authenticationManager)
+                .allowedTokenEndpointRequestMethods(HttpMethod.GET, HttpMethod.POST); // 默认只开放post请求
+    }
+}

src/main/java/com/yingxin/springcloudauthserver/config/WebSecurityConfig.java

+package com.yingxin.springcloudauthserver.config;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.core.userdetails.User;
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.provisioning.InMemoryUserDetailsManager;
+
+@Configuration
+@EnableWebSecurity
+public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
+
+    @Bean
+    @Override
+    public AuthenticationManager authenticationManagerBean() throws Exception {
+        return super.authenticationManagerBean();
+    }
+
+    @Bean
+    @Override
+    public UserDetailsService userDetailsServiceBean() {
+        BCryptPasswordEncoder bCryptPasswordEncoder = new BCryptPasswordEncoder();
+        String finalPassword = "{bcrypt}"+bCryptPasswordEncoder.encode("password1");
+
+        InMemoryUserDetailsManager userDetailsManager = new InMemoryUserDetailsManager();
+        userDetailsManager.createUser(User.withUsername("user1").password(finalPassword).authorities("USER").build());
+        return userDetailsManager;
+    }
+
+
+    @Override
+    protected void configure(HttpSecurity http) throws Exception {
+        http.authorizeRequests()
+//                .antMatchers("/oauth/token").authenticated()
+                .anyRequest().permitAll();
+    }
+}

src/main/resources/application.properties

+eureka.client.service-url.defaultZone=http://localhost:8761/eureka/
+spring.application.name=spring-cloud-oauth-auth-server
+

src/test/java/com/yingxin/springcloudauthserver/SpringCloudAuthServerApplicationTests.java

+package com.yingxin.springcloudauthserver;
+
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.test.context.junit4.SpringRunner;
+
+@RunWith(SpringRunner.class)
+@SpringBootTest
+public class SpringCloudAuthServerApplicationTests {
+
+    @Test
+    public void contextLoads() {
+    }
+
+}