整合基础框架

2023-08-19 20:21:30 +08:00
parent 5c8439cb7f
commit 5e0259bc2a
6 changed files with 172 additions and 0 deletions
--- a/auth-service/src/main/java/com/test/AuthApplication.java
+++ b/auth-service/src/main/java/com/test/AuthApplication.java
@@ -0,0 +1,18 @@
+package com.test;
+
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+
+/**
+ * ClassName: AuthApplication
+ * Package: com.test
+ *
+ * @author yovinchen
+ * @Create 2023/8/19 20:14
+ */
+@SpringBootApplication
+public class AuthApplication {
+    public static void main(String[] args) {
+        SpringApplication.run(AuthApplication.class,args);
+    }
+}
--- a/auth-service/src/main/java/com/test/config/OAuth2Configuration.java
+++ b/auth-service/src/main/java/com/test/config/OAuth2Configuration.java
@@ -0,0 +1,60 @@
+package com.test.config;
+
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
+import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
+import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
+import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
+import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;
+
+import javax.annotation.Resource;
+
+/**
+ * ClassName: OAuth2Configuration
+ * Package: com.test.config
+ *
+ * @author yovinchen
+ * @Create 2023/8/19 20:17
+ */
+@EnableAuthorizationServer   //开启验证服务器
+@Configuration
+public class OAuth2Configuration extends AuthorizationServerConfigurerAdapter {
+
+    private final BCryptPasswordEncoder encoder = new BCryptPasswordEncoder();
+    @Resource
+    private AuthenticationManager manager;
+
+    /**
+     * 这个方法是对客户端进行配置，一个验证服务器可以预设很多个客户端，
+     * 之后这些指定的客户端就可以按照下面指定的方式进行验证
+     *
+     * @param clients 客户端配置工具
+     */
+    @Override
+    public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
+        clients.inMemory()   //这里我们直接硬编码创建，当然也可以像Security那样自定义或是使用JDBC从数据库读取
+                .withClient("web")   //客户端名称，随便起就行
+                .secret(encoder.encode("654321"))      //只与客户端分享的secret，随便写，但是注意要加密
+                .autoApprove(false)    //自动审批，这里关闭，要的就是一会体验那种感觉
+                .scopes("book", "user", "borrow")     //授权范围，这里我们使用全部all
+                .authorizedGrantTypes("client_credentials", "password", "implicit", "authorization_code", "refresh_token");
+        //授权模式，一共支持5种，除了之前我们介绍的四种之外，还有一个刷新Token的模式
+        //这里我们直接把五种都写上，方便一会实验，当然各位也可以单独只写一种一个一个进行测试
+        //现在我们指定的客户端就支持这五种类型的授权方式了
+    }
+
+    @Override
+    public void configure(AuthorizationServerSecurityConfigurer security) {
+        security.passwordEncoder(encoder)    //编码器设定为BCryptPasswordEncoder
+                .allowFormAuthenticationForClients()  //允许客户端使用表单验证，一会我们POST请求中会携带表单信息
+                .checkTokenAccess("permitAll()");     //允许所有的Token查询请求
+    }
+
+    @Override
+    public void configure(AuthorizationServerEndpointsConfigurer endpoints) {
+        endpoints.authenticationManager(manager);
+        //由于SpringSecurity新版本的一些底层改动，这里需要配置一下authenticationManager，才能正常使用password模式
+    }
+}
--- a/auth-service/src/main/java/com/test/config/SecurityConfiguration.java
+++ b/auth-service/src/main/java/com/test/config/SecurityConfiguration.java
@@ -0,0 +1,40 @@
+package com.test.config;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+
+/**
+ * ClassName: SecurityConfiguration
+ * Package: com.test.config
+ *
+ * @author yovinchen
+ * @Create 2023/8/19 20:14
+ */
+@Configuration
+public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
+
+    @Override
+    protected void configure(HttpSecurity http) throws Exception {
+        http.authorizeRequests().anyRequest().authenticated()  //
+                .and().formLogin().permitAll();    //使用表单登录
+    }
+
+
+    @Override
+    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+        BCryptPasswordEncoder encoder = new BCryptPasswordEncoder();
+        auth.inMemoryAuthentication()   //直接创建一个用户，懒得搞数据库了
+                .passwordEncoder(encoder).withUser("test").password(encoder.encode("123456")).roles("USER");
+    }
+
+    @Bean   //这里需要将AuthenticationManager注册为Bean，在OAuth配置中使用
+    @Override
+    public AuthenticationManager authenticationManagerBean() throws Exception {
+        return super.authenticationManagerBean();
+    }
+}
--- a/auth-service/src/main/resources/application.yml
+++ b/auth-service/src/main/resources/application.yml
@@ -0,0 +1,7 @@
+server:
+  port: 8500
+  servlet:
+    #为了防止一会在服务之间跳转导致Cookie打架（因为所有服务地址都是localhost，都会存JSESSIONID）
+    #这里修改一下context-path，这样保存的Cookie会使用指定的路径，就不会和其他服务打架了
+    #但是注意之后的请求都得在最前面加上这个路径
+    context-path: /sso