OAuth2RestTemplate实现远程调用

2023-08-21 10:54:45 +08:00
parent c4256d46f9
commit a8369b32a2
9 changed files with 68 additions and 23 deletions
--- a/book-service/src/main/java/com/test/BookApplication.java
+++ b/book-service/src/main/java/com/test/BookApplication.java
@@ -3,6 +3,7 @@ package com.test;
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
 import org.springframework.boot.autoconfigure.security.oauth2.client.EnableOAuth2Sso;
+import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;

 /**
 * ClassName: BookApplication
@@ -11,7 +12,7 @@ import org.springframework.boot.autoconfigure.security.oauth2.client.EnableOAuth
 * @author yovinchen
 * @Create 2023/8/14 16:23
 */
-@EnableOAuth2Sso
+@EnableResourceServer
@SpringBootApplication
 public class BookApplication {
    public static void main(String[] args) {
--- a/book-service/src/main/java/com/test/config/ResourceConfiguration.java
+++ b/book-service/src/main/java/com/test/config/ResourceConfiguration.java
@@ -0,0 +1,24 @@
+package com.test.config;
+
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
+
+/**
+ * ClassName: con
+ * Package: com.test.config
+ *
+ * @author yovinchen
+ * @Create 2023/8/21 10:23
+ */
+@Configuration
+public class ResourceConfiguration extends ResourceServerConfigurerAdapter { //继承此类进行高度自定义
+
+    @Override
+    public void configure(HttpSecurity http) throws Exception {  //这里也有HttpSecurity对象，方便我们配置SpringSecurity
+        http
+                .authorizeRequests()
+                .anyRequest().access("#oauth2.hasScope('lbwnb')");  //添加自定义规则
+        //Token必须要有我们自定义scope授权才可以访问此资源
+    }
+}
--- a/book-service/src/main/resources/application.yml
+++ b/book-service/src/main/resources/application.yml
@@ -9,13 +9,9 @@ spring:
 security:
  oauth2:
    client:
-      #不多说了
+      #基操
      client-id: web
      client-secret: 654321
-      #Token获取地址
-      access-token-uri: http://localhost:8500/sso/oauth/token
-      #验证页面地址
-      user-authorization-uri: http://localhost:8500/sso/oauth/authorize
    resource:
-      #Token信息获取和校验地址
+      #因为资源服务器得验证你的Token是否有访问此资源的权限以及用户信息，所以只需要一个验证地址
      token-info-uri: http://localhost:8500/sso/oauth/check_token