SpringCloud整合OAuth2升级Jwt学习笔记
其他
2021-02-28 15:24:35
阅读次数: 0
认证服务器升级
- 认证服务器添加jwtTokenStore配置
@Bean
public TokenStore tokenStore (){
return new JwtTokenStore(jwtTokenEnhancer()) ;
}
@Bean
public JwtAccessTokenConverter jwtTokenEnhancer() {
JwtAccessTokenConverter converter = new JwtAccessTokenConverter() ;
converter.setSigningKey("123456");
return converter ;
}
- 认证服务器配置使用tokenStore和jwtTokenEnhancer
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
endpoints.authenticationManager(authenticationManager)
.tokenStore(tokenStore())
.tokenEnhancer(jwtTokenEnhancer())
;
}
- 认证服务器配置tokenKeyAccess的配置
@Override
public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
security.checkTokenAccess("isAuthenticated()")
.tokenKeyAccess("isAuthenticated()");
}
Zuul网关升级
- 添加依赖
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-oauth2</artifactId>
</dependency>
- 添加token校验相关配置(替代之前OAuth2AuthenticationFilter中的业务)
# 网关启动的时候去认证服务器获取token_key
security.oauth2.resource.jwt.key-uri=http://localhost:9090/oauth/token_key
security.oauth2.client.client-id=gateway
security.oauth2.client.client-secret=123456
- 删除网关项目中自己实现的校验token的业务(jwt的token不需要去认证服务器上校验,直接将token传递到下游)
OAuth2AuthenticationFilter.java
OAuth2AuthorizationFilter.java
TokenInfo.java
- 配置部分地址不需要拦截(发往认证服务器的请求)
@Configuration
@EnableResourceServer
public class GatewaySecurityConfig extends ResourceServerConfigurerAdapter {
@Override
public void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/token/**").permitAll()
.anyRequest().authenticated();
}
@Override
public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
//access_denied: nvalid token does not contain resource id (oauth2-resource)
resources.resourceId("order-server") ;
}
}
下游REST服务升级
- 添加依赖
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-oauth2</artifactId>
</dependency>
- 添加token校验相关配置
# 应用启动的时候去认证服务器获取token_key
security.oauth2.resource.jwt.key-uri=http://localhost:9090/oauth/token_key
security.oauth2.client.client-id=orderService
security.oauth2.client.client-secret=123456
- 启动类上添加@EnableResourceServer注解
@EnableResourceServer
@SpringBootApplication
public class OrderApiApplication {
public static void main(String[] args) {
SpringApplication.run(OrderApiApplication.class, args) ;
}
}
- 业务Controller中通过@AuthenticationPrincipal String principal注解获取用户信息
@RestController
@RequestMapping("/orders")
public class OrderController {
@PostMapping
public PriceInfo create(@RequestBody OrderInfo info, @AuthenticationPrincipal String principal){
log.info("====> principal : {}", principal);
PriceInfo priceInfo = new PriceInfo() ;
priceInfo.setId(info.getProductId());
BigDecimal price = BigDecimal.valueOf(info.getProductId() *5) ;
priceInfo.setPrice(price);
log.info("price is : {}", priceInfo.getPrice());
return priceInfo ;
}
}
转载自blog.csdn.net/yichengjie_c/article/details/113531309