SpringBoot2 集成OAuth2组件，模拟第三方授权机制

pom.xml

@@ -69,6 +69,8 @@
         <module>ware24-eht-cache</module>
         <!-- 自定义日志组件 -->
         <module>ware25-defined-log</module>
+        <!-- OAuth2授权模式 -->
+        <module>ware26-oauth2-parent</module>
     </modules>
 
     <!-- 依赖版本管理 -->

ware26-oauth2-parent/auth-server/pom.xml

@@ -0,0 +1,62 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+
+    <parent>
+        <groupId>org.springframework.boot</groupId>
+        <artifactId>spring-boot-starters</artifactId>
+        <version>2.1.3.RELEASE</version>
+    </parent>
+
+    <modelVersion>4.0.0</modelVersion>
+    <groupId>com.auth.server</groupId>
+    <artifactId>auth-server</artifactId>
+    <packaging>jar</packaging>
+
+    <dependencies>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-web</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.security.oauth</groupId>
+            <artifactId>spring-security-oauth2</artifactId>
+            <version>2.1.3.RELEASE</version>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-security</artifactId>
+        </dependency>
+    </dependencies>
+
+    <!-- 项目构建 -->
+    <build>
+        <finalName>${project.artifactId}</finalName>
+        <resources>
+            <resource>
+                <directory>src/main/java</directory>
+                <includes>
+                    <include>**/*.xml</include>
+                </includes>
+                <filtering>false</filtering>
+            </resource>
+        </resources>
+        <plugins>
+            <plugin>
+                <groupId>org.springframework.boot</groupId>
+                <artifactId>spring-boot-maven-plugin</artifactId>
+            </plugin>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-compiler-plugin</artifactId>
+                <version>2.3.2</version>
+                <configuration>
+                    <source>1.8</source>
+                    <target>1.8</target>
+                </configuration>
+            </plugin>
+        </plugins>
+    </build>
+
+</project>

ware26-oauth2-parent/auth-server/src/main/java/com/oauth2/example/Application.java

@@ -0,0 +1,11 @@
+package com.oauth2.example;
+
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+
+@SpringBootApplication
+public class Application {
+    public static void main(String[] args) {
+        SpringApplication.run(Application.class,args) ;
+    }
+}

ware26-oauth2-parent/auth-server/src/main/java/com/oauth2/example/config/AuthConfig.java

@@ -0,0 +1,81 @@
+package com.oauth2.example.config;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
+import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
+import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
+import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
+import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;
+import org.springframework.security.oauth2.provider.ClientDetailsService;
+import org.springframework.security.oauth2.provider.code.AuthorizationCodeServices;
+import org.springframework.security.oauth2.provider.code.InMemoryAuthorizationCodeServices;
+import org.springframework.security.oauth2.provider.token.AuthorizationServerTokenServices;
+import org.springframework.security.oauth2.provider.token.DefaultTokenServices;
+import org.springframework.security.oauth2.provider.token.TokenStore;
+import org.springframework.security.oauth2.provider.token.store.InMemoryTokenStore;
+import javax.annotation.Resource;
+
+/**
+ * 模拟第三方授权配置
+ */
+@EnableAuthorizationServer
+@Configuration
+public class AuthConfig extends AuthorizationServerConfigurerAdapter {
+
+    @Resource
+    ClientDetailsService clientDetailsService;
+
+    /**
+     * 资源服务器校验Token
+     */
+    @Override
+    public void configure(AuthorizationServerSecurityConfigurer security) {
+        security.checkTokenAccess("permitAll()").allowFormAuthenticationForClients();
+    }
+    /**
+     * 第三方客户端请求配置，和资源服务访问的配置，不设置默认都可以访问，提供默认回调地址
+     */
+    @Override
+    public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
+        clients.inMemory()
+                .withClient("third01")
+                .secret(new BCryptPasswordEncoder().encode("third01"))
+                .resourceIds("resource-01")
+                .authorizedGrantTypes("authorization_code","refresh_token")
+                .scopes("all")
+                .redirectUris("http://localhost:8082/notify.html");
+    }
+    /**
+     * 配置访问端点
+     */
+    @Override
+    public void configure(AuthorizationServerEndpointsConfigurer endpoints) {
+        endpoints.authorizationCodeServices(authorizationCodeServices()).tokenServices(tokenServices());
+    }
+    /**
+     * 内存管理
+     */
+    @Bean
+    AuthorizationCodeServices authorizationCodeServices() {
+        return new InMemoryAuthorizationCodeServices();
+    }
+    /**
+     * Token管理规则
+     */
+    @Bean
+    AuthorizationServerTokenServices tokenServices() {
+        DefaultTokenServices services = new DefaultTokenServices();
+        services.setClientDetailsService(clientDetailsService);
+        services.setSupportRefreshToken(true);
+        services.setTokenStore(tokenStore());
+        services.setAccessTokenValiditySeconds(3600);
+        services.setRefreshTokenValiditySeconds(3600*7);
+        return services;
+    }
+    @Bean
+    TokenStore tokenStore() {
+        return new InMemoryTokenStore();
+    }
+}

ware26-oauth2-parent/auth-server/src/main/java/com/oauth2/example/config/SecurityConfig.java

@@ -0,0 +1,39 @@
+package com.oauth2.example.config;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.crypto.password.PasswordEncoder;
+/**
+ * 模拟本地用户配置
+ */
+@Configuration
+public class SecurityConfig extends WebSecurityConfigurerAdapter {
+    /**
+     * 密码加密方式
+     */
+    @Bean
+    public PasswordEncoder passwordEncoder(){
+        return new BCryptPasswordEncoder();
+    }
+    /**
+     * 内存中虚拟用户和角色
+     */
+    @Override
+    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+        auth.inMemoryAuthentication()
+                .withUser("user")
+                .password(new BCryptPasswordEncoder().encode("123456"))
+                .roles("user");
+    }
+    /**
+     * 表单登录
+     */
+    @Override
+    protected void configure(HttpSecurity http) throws Exception {
+        http.csrf().disable().formLogin();
+    }
+}

ware26-oauth2-parent/auth-server/src/main/resources/application.yml

@@ -0,0 +1,12 @@
+server:
+  tomcat:
+    uri-encoding: UTF-8
+  port: 8080
+spring:
+  application:
+    name: auth-server
+  http:
+    encoding:
+      charset: UTF-8
+      force: true
+      enabled: true

ware26-oauth2-parent/pom.xml

@@ -0,0 +1,23 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+
+    <parent>
+        <groupId>org.springframework.boot</groupId>
+        <artifactId>spring-boot-starters</artifactId>
+        <version>2.1.3.RELEASE</version>
+    </parent>
+
+    <modelVersion>4.0.0</modelVersion>
+    <groupId>com.oauth2.parent</groupId>
+    <artifactId>ware26-oauth2-parent</artifactId>
+    <packaging>pom</packaging>
+
+    <modules>
+        <module>auth-server</module>
+        <module>resource-server</module>
+        <module>third-server</module>
+    </modules>
+
+</project>

ware26-oauth2-parent/resource-server/pom.xml

@@ -0,0 +1,61 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <parent>
+        <groupId>org.springframework.boot</groupId>
+        <artifactId>spring-boot-starters</artifactId>
+        <version>2.1.3.RELEASE</version>
+    </parent>
+
+    <modelVersion>4.0.0</modelVersion>
+    <groupId>com.resource.server</groupId>
+    <artifactId>resource-server</artifactId>
+    <packaging>jar</packaging>
+
+    <dependencies>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-web</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.security.oauth</groupId>
+            <artifactId>spring-security-oauth2</artifactId>
+            <version>2.1.3.RELEASE</version>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-security</artifactId>
+        </dependency>
+    </dependencies>
+
+    <!-- 项目构建 -->
+    <build>
+        <finalName>${project.artifactId}</finalName>
+        <resources>
+            <resource>
+                <directory>src/main/java</directory>
+                <includes>
+                    <include>**/*.xml</include>
+                </includes>
+                <filtering>false</filtering>
+            </resource>
+        </resources>
+        <plugins>
+            <plugin>
+                <groupId>org.springframework.boot</groupId>
+                <artifactId>spring-boot-maven-plugin</artifactId>
+            </plugin>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-compiler-plugin</artifactId>
+                <version>2.3.2</version>
+                <configuration>
+                    <source>1.8</source>
+                    <target>1.8</target>
+                </configuration>
+            </plugin>
+        </plugins>
+    </build>
+
+</project>

ware26-oauth2-parent/resource-server/src/main/java/com/oauth2/example/Application.java

@@ -0,0 +1,11 @@
+package com.oauth2.example;
+
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+
+@SpringBootApplication
+public class Application {
+    public static void main(String[] args) {
+        SpringApplication.run(Application.class,args) ;
+    }
+}

ware26-oauth2-parent/resource-server/src/main/java/com/oauth2/example/config/ResourceServerConfig.java

@@ -0,0 +1,44 @@
+package com.oauth2.example.config;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
+import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
+import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;
+import org.springframework.security.oauth2.provider.token.RemoteTokenServices;
+
+/**
+ * 资源服务管理配置
+ */
+@Configuration
+@EnableResourceServer
+public class ResourceServerConfig extends ResourceServerConfigurerAdapter {
+    /**
+     * Token令牌校验
+     */
+    @Bean
+    RemoteTokenServices tokenServices() {
+        RemoteTokenServices services = new RemoteTokenServices();
+        services.setCheckTokenEndpointUrl("http://localhost:8080/oauth/check_token");
+        services.setClientId("third01");
+        services.setClientSecret("third01");
+        return services;
+    }
+    /**
+     * 服务资源ID配置
+     */
+    @Override
+    public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
+        resources.resourceId("resource-01").tokenServices(tokenServices());
+    }
+    /**
+     * 模拟用户权限规则
+     */
+    @Override
+    public void configure(HttpSecurity http) throws Exception {
+        http.authorizeRequests()
+                .antMatchers("/user/**").hasRole("user")
+                .anyRequest().authenticated();
+    }
+}

ware26-oauth2-parent/resource-server/src/main/java/com/oauth2/example/controller/HelloController.java

@@ -0,0 +1,14 @@
+package com.oauth2.example.controller;
+
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+@RestController
+public class HelloController {
+
+    @GetMapping("/user/resource")
+    public String hello() {
+        return "8081user-resource";
+    }
+
+}

ware26-oauth2-parent/resource-server/src/main/resources/application.yml

@@ -0,0 +1,12 @@
+server:
+  tomcat:
+    uri-encoding: UTF-8
+  port: 8081
+spring:
+  application:
+    name: resource-server
+  http:
+    encoding:
+      charset: UTF-8
+      force: true
+      enabled: true