安装httpie 需要 python 环境
pip install --upgrade httpie
进入D:\Project目录,在此目录下打开CMD,调用httpie,创建 oauth2 项目
http -d https://start.spring.io/starter.zip javaVersion==17 groupId==com.my.demo artifactId==oauthService name==oauth-service baseDir==oauth-service bootVersion==2.6.6.RELEASE dependencies==cloud-starter
将生成的oauthService.zip解压缩到当前目录,然后进入到oauth-service文件夹
CREATE DATABASE IF NOT EXISTS `oauth2`;
USE `oauth2`;
CREATE TABLE IF NOT EXISTS `oauth_access_token` (
`token_id` varchar(256) DEFAULT NULL,
`token` blob,
`authentication_id` varchar(128) NOT NULL,
`user_name` varchar(256) DEFAULT NULL,
`client_id` varchar(256) DEFAULT NULL,
`authentication` blob,
`refresh_token` varchar(256) DEFAULT NULL,
PRIMARY KEY (`authentication_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb3;
CREATE TABLE IF NOT EXISTS `oauth_approvals` (
`userId` varchar(256) DEFAULT NULL,
`clientId` varchar(256) DEFAULT NULL,
`scope` varchar(256) DEFAULT NULL,
`status` varchar(10) DEFAULT NULL,
`expiresAt` datetime DEFAULT NULL,
`lastModifiedAt` datetime DEFAULT NULL
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb3;
CREATE TABLE IF NOT EXISTS `oauth_client_details` (
`client_id` varchar(128) NOT NULL,
`resource_ids` varchar(256) DEFAULT NULL,
`client_secret` varchar(256) DEFAULT NULL,
`scope` varchar(256) DEFAULT NULL,
`authorized_grant_types` varchar(256) DEFAULT NULL,
`web_server_redirect_uri` varchar(256) DEFAULT NULL,
`authorities` varchar(256) DEFAULT NULL,
`access_token_validity` int DEFAULT NULL,
`refresh_token_validity` int DEFAULT NULL,
`additional_information` varchar(4096) DEFAULT NULL,
`autoapprove` varchar(256) DEFAULT NULL,
PRIMARY KEY (`client_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb3;
CREATE TABLE IF NOT EXISTS `oauth_client_token` (
`token_id` varchar(256) DEFAULT NULL,
`token` blob,
`authentication_id` varchar(128) NOT NULL,
`user_name` varchar(256) DEFAULT NULL,
`client_id` varchar(256) DEFAULT NULL,
PRIMARY KEY (`authentication_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb3;
CREATE TABLE IF NOT EXISTS `oauth_code` (
`code` varchar(256) DEFAULT NULL,
`authentication` blob
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb3;
CREATE TABLE IF NOT EXISTS `oauth_refresh_token` (
`token_id` varchar(256) DEFAULT NULL,
`token` blob,
`authentication` blob
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb3;
CREATE TABLE IF NOT EXISTS `rbac_role` (
`id` int NOT NULL AUTO_INCREMENT,
`name` varchar(100) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL,
PRIMARY KEY (`id`)
) ENGINE=InnoDB AUTO_INCREMENT=2 DEFAULT CHARSET=utf8mb3;
CREATE TABLE IF NOT EXISTS `rbac_user` (
`id` int NOT NULL AUTO_INCREMENT,
`username` varchar(100) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL,
`password` varchar(255) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL,
`phone` varchar(11) CHARACTER SET utf8 COLLATE utf8_general_ci DEFAULT NULL,
`email` varchar(255) CHARACTER SET utf8 COLLATE utf8_general_ci DEFAULT NULL,
`create_time` datetime NOT NULL,
`isactive` smallint DEFAULT NULL,
PRIMARY KEY (`id`)
) ENGINE=InnoDB AUTO_INCREMENT=4 DEFAULT CHARSET=utf8mb3;
CREATE TABLE IF NOT EXISTS `rbac_user_role` (
`user_id` int NOT NULL,
`role_id` int NOT NULL,
KEY `user_id_fk` (`user_id`) USING BTREE,
KEY `role_id_fk` (`role_id`) USING BTREE,
CONSTRAINT `rbac_user_role_ibfk_1` FOREIGN KEY (`role_id`) REFERENCES `rbac_role` (`id`) ON DELETE RESTRICT ON UPDATE RESTRICT,
CONSTRAINT `rbac_user_role_ibfk_2` FOREIGN KEY (`user_id`) REFERENCES `rbac_user` (`id`) ON DELETE RESTRICT ON UPDATE RESTRICT
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb3;
INSERT INTO `oauth_client_details` (`client_id`, `resource_ids`, `client_secret`, `scope`, `authorized_grant_types`, `web_server_redirect_uri`, `authorities`, `access_token_validity`, `refresh_token_validity`, `additional_information`, `autoapprove`) VALUES
('client', NULL, '{noop}123456', 'server', 'password,refresh_token', '', 'oauth2', NULL, NULL, NULL, NULL),
('client_01', NULL, '{noop}123456', 'all', 'authorization_code,implicit', '', 'oauth2', NULL, NULL, NULL, NULL);
INSERT INTO `rbac_role` (`id`, `name`) VALUES
(1, 'USER');
INSERT INTO `rbac_user` (`id`, `username`, `password`, `phone`, `email`, `create_time`, `isactive`) VALUES
(1, 'user_1', '{noop}123456', NULL, NULL, '2021-09-08 11:21:43', 0),
(2, 'user_2', '{noop}123456', NULL, NULL, '2021-09-08 11:22:21', 1),
(3, 'Test', '{noop}123456', NULL, NULL, '2021-09-08 14:15:51', 1);
INSERT INTO `rbac_user_role` (`user_id`, `role_id`) VALUES
(1, 1),
(2, 1),
(3, 1);
可见 user_1的 isactive 为 0,用户的密码都是 {noop}123456 的明文方式
添加引用 javax.xml.bind等等一堆库 是为解决springSecurityFilterChain的编译错误
修改 application.properties 配置文件
server.port=8509 spring.application.name=oauth-service spring.redis.database=0 spring.redis.host=127.0.0.1 spring.redis.port=6379 spring.redis.password= spring.redis.timeout=2000 spring.datasource.driver-class-name=com.mysql.cj.jdbc.Driver spring.datasource.url=jdbc:mysql://127.0.0.1:3306/oauth2?serverTimezone=GMT%2B8&useSSL=false spring.datasource.username=root spring.datasource.password=
主类文件夹下建立 config, service 两个文件夹
config下添加两个配置文件(WebSecurityConfig.java,AuthorizationServerConfig.java),service目录下添加Redis缓存Token实现(RedisTokenStoreService)
如果想用bcrypt编码 则所有的数据库端的密码都保存成
{bcrypt}$2a$10$l4Su6LU.w.HIgpHXn31Hc.1VKbkv7.EY.P7VDzJxyImrZEMDW3Hkq同时修改AuthorizationServerConfig.java 文件
@Autowired
private PasswordEncoder passwordEncoder;
@Bean
public ClientDetailsService clientDetails() {
JdbcClientDetailsService jdbcClientDetailsService = new JdbcClientDetailsService(dataSource);
jdbcClientDetailsService.setPasswordEncoder(passwordEncoder);
return jdbcClientDetailsService;
}
可以看到 user_1 是被禁用的
换成 Test用户,则可以获取到Token
