springboot 项目如何实现授权服务配置
Spring Boot 项目实现授权服务的配置可以通过以下步骤进行:
- 添加依赖
在项目的 pom.xml 文件中添加 Spring Security 和 OAuth2 相关的依赖:
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.security.oauth.boot</groupId>
<artifactId>spring-security-oauth2-autoconfigure</artifactId>
<version>2.1.2.RELEASE</version>
</dependency>
- 配置认证服务器
在 Spring Boot 项目的配置文件中添加 OAuth2 认证服务器的配置:
security:
oauth2:
client:
client-id: client
client-secret: secret
access-token-uri: http://localhost:8080/oauth/token
user-authorization-uri: http://localhost:8080/oauth/authorize
resource:
user-info-uri: http://localhost:8080/userinfo
- 配置资源服务器
在 Spring Boot 项目的配置文件中添加 OAuth2 资源服务器的配置:
security:
oauth2:
resource:
jwt:
key-value: -----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4e4G6nC+miJYl8l1S6yI\nAVvU6dq1U6O4O4QF4oZhxgAeYJfz1B6kMwEzJGzUGTl0VctEhfjI9ZV+kOz2P+7V\ns3qfL7VvN2QmW+8Xh3q1C/3MvYGPYzgk0JN/5NwRvKrrg5W8lX9G9JpDh5k5+5W8\n5RM5QmKP5JbRvD8JHtGpK0gKdJ3hOv8fJ3E0XtFQ2t5PvJ8c5Wb1jKwVz+Jp5D8\nOJLdX9x0CfjKvG6+YU6JmFwVcEof4Kj6L4a6dJ9GZfU6sN+7sB3D0uNwVQJ+R59L\njJlfTPI9CZVgH1kCvV7s3P6oFV7Q2HfKJa0KoT9T0T1xIk41Mjzv1YvtYfOz4w7o\nPQIDAQAB\n-----END PUBLIC KEY-----
- 配置安全拦截器
在 Spring Boot 项目中添加一个安全拦截器,用于拦截需要授权访问的请求:
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/admin/**").hasRole("ADMIN")
.antMatchers("/user/**").hasRole("USER")
.anyRequest().authenticated()
.and().formLogin().permitAll()
.and().logout().permitAll();
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication()
.withUser("admin").password("{noop}admin").roles("ADMIN")
.and()
.withUser("user").password("{noop}user").roles("USER");
}
}
通过以上步骤,Spring Boot 项目就可以实现授权服务的配置
原文地址: https://www.cveoy.top/t/topic/cPmy 著作权归作者所有。请勿转载和采集!