springboot Oauth2 springboot+Oauth2实现自定义AuthenticationManager和认证path

软件发布|下载排行|最新软件

当前位置:首页IT学院IT技术

springboot Oauth2 springboot+Oauth2实现自定义AuthenticationManager和认证path

huhanguang89   2021-03-29 我要评论
想了解springboot+Oauth2实现自定义AuthenticationManager和认证path的相关内容吗,huhanguang89在本文为您仔细讲解springboot Oauth2的相关知识和一些Code实例,欢迎阅读和指正,我们先划重点:springboot,Oauth2,springboot集成oauth2,spring,boot,oauth2,下面大家一起来学习吧。

本人在工作中需要构建这么一个后台框架,基于springboot,登录时认证使用自定义AuthenticationManager;同时支持Oauth2访问指定API接口,认证时的AuthenticationManager和登录规则不同。在研究了源码的基础上参考很多文章,目前基本得以解决。

@Configuration
public class OAuth2Configuration {
 


   @SpringBootApplication
   @RestController
   @EnableResourceServer
   @Configuration
   @EnableAuthorizationServer
   protected static class AuthorizationServerConfiguration extends AuthorizationServerConfigurerAdapter implements EnvironmentAware {
 
     private static final String ENV_OAUTH = "authentication.oauth.";
     private static final String PROP_CLIENTID = "clientid";
     private static final String PROP_SECRET = "secret";
     private static final String PROP_TOKEN_VALIDITY_SECONDS = "tokenValidityInSeconds";
 
     private RelaxedPropertyResolver propertyResolver;
 
     @Autowired
     private DataSource dataSource;
 
     @Bean
     public TokenStore tokenStore() {
       return new JdbcTokenStore(dataSource);
     }
 
//     @Autowired
//   @Qualifier("authenticationManagerBean")  
//     private AuthenticationManager authenticationManager;
     
     @Autowired
   @Qualifier("daoAuhthenticationOauthProvider")  
     private AuthenticationProvider daoAuhthenticationOauthProvider;
    
     
  @Override
  public void configure(AuthorizationServerEndpointsConfigurer endpoints)
   throws Exception {
  // @formatter:off
  endpoints
  .tokenStore(tokenStore())
  .authenticationManager(new AuthenticationManager(){
   @Override
   public Authentication authenticate(Authentication authentication) throws AuthenticationException {
   // TODO Auto-generated method stub
   return daoAuhthenticationOauthProvider.authenticate(authentication);
   }
   
  });
  
  // @formatter:on
  }
  
     
     @Override
     public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
       clients
         .inMemory()
         .withClient(propertyResolver.getProperty(PROP_CLIENTID))
         .scopes("read", "write")
         .authorities(Authorities.ROLE_CHANNEL.name())
         .authorizedGrantTypes("password", "refresh_token")
         .secret(propertyResolver.getProperty(PROP_SECRET))
         .accessTokenValiditySeconds(propertyResolver.getProperty(PROP_TOKEN_VALIDITY_SECONDS, Integer.class, 1800));
     }
  
     
     @Override
     public void setEnvironment(Environment environment) {
       this.propertyResolver = new RelaxedPropertyResolver(environment, ENV_OAUTH);
     }
     
     @Configuration
     @EnableResourceServer
     protected static class ResourceServerConfiguration extends ResourceServerConfigurerAdapter {
       @Override
       public void configure(HttpSecurity http) throws Exception {
         http
         .antMatcher("/api/dev/**")
         .authorizeRequests()
         .anyRequest()
         .hasRole("DEVELEPOR")
       .and()
         .antMatcher("/api/channel/**")
         .authorizeRequests()
         .anyRequest()
         .hasRole("CHANNEL");
       }
     }

   }

}

以上是Oauth2的主要配置,SecurityConfiguration的配置就不贴了,大家可以去github上找资料,下面是如何自定一个daoAuhthenticationProvider。

@Bean(name="daoAuhthenticationProvider")
public AuthenticationProvider daoAuhthenticationProvider() {
DaoAuthenticationProvider daoAuthenticationProvider = new DaoAuthenticationProvider();
daoAuthenticationProvider.setUserDetailsService(userDetailsService);
daoAuthenticationProvider.setHideUserNotFoundExceptions(false);
daoAuthenticationProvider.setPasswordEncoder(passwordEncoder);
return daoAuthenticationProvider;
}
@Bean(name="daoAuhthenticationOauthProvider")
public AuthenticationProvider daoAuhthenticationOauthProvider() {
DaoAuthenticationProvider daoAuthenticationProvider = new DaoAuthenticationProvider();
daoAuthenticationProvider.setUserDetailsService(userDetailsOauthService);
daoAuthenticationProvider.setHideUserNotFoundExceptions(false);
daoAuthenticationProvider.setPasswordEncoder(passwordEncoder);
return daoAuthenticationProvider;
}

@Override
public void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.authenticationProvider(daoAuhthenticationProvider());
// auth.authenticationProvider(daoAuhthenticationProvider1());
}

@Bean
@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}

Copyright 2022 版权所有 软件发布 访问手机版

声明:所有软件和文章来自软件开发商或者作者 如有异议 请与本站联系 联系我们