blame | 历史 | 原始文档
陶杰
2024-08-22 ee9032d9baf5f33e376d2d2699136e0a7b26bec7 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77

package com.mzl.flower.config;


 


import com.mzl.flower.service.impl.BaseUserDetailsService;


import org.springframework.beans.factory.annotation.Autowired;


import org.springframework.context.annotation.Configuration;


import org.springframework.data.redis.connection.RedisConnectionFactory;


import org.springframework.http.HttpMethod;


import org.springframework.security.authentication.AuthenticationManager;


import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;


import org.springframework.security.oauth2.config.annotation.builders.InMemoryClientDetailsServiceBuilder;


import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;


import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;


import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;


import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;


import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;


import org.springframework.security.oauth2.provider.token.TokenStore;


 


import java.util.List;


 


@Configuration


@EnableAuthorizationServer


public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {


 


    @Autowired


    private AuthenticationManager authenticationManager;


 


    @Autowired


    private RedisConnectionFactory redisConnectionFactory;


 


    @Autowired


    private BaseUserDetailsService baseUserDetailsService;


 


 


    @Autowired


    private OAuth2Properties oAuth2Properties;


 


    @Autowired


    private TokenStore tokenStore;


 


    @Override


    public void configure(ClientDetailsServiceConfigurer clients) throws Exception {


        InMemoryClientDetailsServiceBuilder builder = clients.inMemory();


        List<OAuth2Properties.ClientConfiguration> configurations =  oAuth2Properties.getClientConfigurations();


 


        for(OAuth2Properties.ClientConfiguration configuration:configurations){


            builder.withClient(configuration.getClientId())


                    .secret(new BCryptPasswordEncoder().encode(configuration.getSecret()))


                    .authorizedGrantTypes("implicit", "refresh_token", "password", "authorization_code")


                    .scopes("openid")


                    .accessTokenValiditySeconds(configuration.getAccessTokenValidityInSeconds())


                    .refreshTokenValiditySeconds(configuration.getRefreshTokenValidityInSecondsForRememberMe());


        }


    }


 


    /**


     * 认证服务端点配置


     */


    @Override


    public void configure(AuthorizationServerEndpointsConfigurer endpoints) {


        endpoints


                //用户管理


                .userDetailsService(baseUserDetailsService)


                //token存到redis


                .tokenStore(tokenStore)


                //启用oauth2管理


                .authenticationManager(authenticationManager)


                //接收GET和POST


                .allowedTokenEndpointRequestMethods(HttpMethod.GET, HttpMethod.POST);


    }


 


    @Override


    public void configure(AuthorizationServerSecurityConfigurer oauthServer) {


        oauthServer.allowFormAuthenticationForClients()


                .tokenKeyAccess("permitAll()")


                .checkTokenAccess("permitAll()");


    }


}