![\"menu-r.4af5f7ec.gif\"](\"https:\/\/www.wsisp.com\/helps\/wp-content\/uploads\/2025\/05\/20250520231140-682d0c2ce02e8.gif\")
<\/p>\n \u672c\u6587\u8fd8\u6709\u914d\u5957\u7684\u7cbe\u54c1\u8d44\u6e90,\u70b9\u51fb\u83b7\u53d6 <\/p>\n
\u7b80\u4ecb:\u5728Web\u5e94\u7528\u5f00\u53d1\u4e2d,\u4fdd\u62a4API\u7684\u5b89\u5168\u6027\u81f3\u5173\u91cd\u8981\u3002Spring Security OAuth2\u4e3aJava\u5f00\u53d1\u8005\u63d0\u4f9b\u4e86\u4e00\u4e2a\u5f3a\u5927\u7684\u5b89\u5168\u6846\u67b6,\u7528\u4e8e\u6784\u5efa\u6388\u6743\u670d\u52a1\u5668,\u786e\u4fddAPI\u7684\u5b89\u5168\u8bbf\u95ee\u3002\u672c\u9879\u76ee\u8be6\u7ec6\u6307\u5bfc\u5982\u4f55\u4f7f\u7528Spring Security OAuth2\u521b\u5efa\u6388\u6743\u670d\u52a1\u5668,\u540c\u65f6\u6db5\u76d6\u4e86\u6388\u6743\u670d\u52a1\u5668\u3001\u8d44\u6e90\u670d\u52a1\u5668\u3001\u5ba2\u6237\u7aef\u914d\u7f6e\u548c\u7528\u6237\u6388\u6743\u7b49\u6838\u5fc3\u7ec4\u4ef6,\u65e8\u5728\u5e2e\u52a9\u5f00\u53d1\u8005\u7406\u89e3\u548c\u5e94\u7528OAuth2\u6807\u51c6,\u786e\u4fdd\u7528\u6237\u6570\u636e\u7684\u5b89\u5168\u6027\u5e76\u63d0\u5347\u5e94\u7528\u7684\u5b89\u5168\u6027\u3002 ![\"spring-security-oauth2-authorization-server.zip\"](\"https:\/\/www.wsisp.com\/helps\/wp-content\/uploads\/2025\/05\/20250520231140-682d0c2ce9592.png\")
<\/p>\n
Spring Security OAuth2 \u662f\u4e00\u4e2a\u5f00\u6e90\u7684\u5b89\u5168\u6846\u67b6,\u7528\u4e8e\u4e3a\u5e94\u7528\u6dfb\u52a0\u8ba4\u8bc1\u6388\u6743\u529f\u80fd,\u7279\u522b\u662f\u7528\u4e8e\u652f\u6301OAuth2\u534f\u8bae\u3002\u5b83\u4e0eSpring Security\u7d27\u5bc6\u96c6\u6210,\u63d0\u4f9b\u4e86\u4e00\u79cd\u5b89\u5168\u7684\u65b9\u5f0f\u6765\u4fdd\u62a4Web\u8d44\u6e90,\u4f7f\u5f97\u6211\u4eec\u53ef\u4ee5\u8f7b\u677e\u5730\u4e3a\u5e94\u7528\u7a0b\u5e8f\u6784\u5efa\u5b89\u5168\u7684API\u63a5\u53e3\u3002 <\/p>\n
OAuth2\u5e7f\u6cdb\u5e94\u7528\u4e8e\u7b2c\u4e09\u65b9\u767b\u5f55\u3001API\u5b89\u5168\u3001\u5fae\u670d\u52a1\u67b6\u6784\u7b49\u573a\u666f\u4e2d\u3002\u5b83\u901a\u8fc7\u4e00\u7cfb\u5217\u8ba4\u8bc1\u6388\u6743\u673a\u5236,\u4fdd\u8bc1\u4e86\u4e0d\u540c\u670d\u52a1\u95f4\u8c03\u7528\u7684\u5b89\u5168\u6027,\u8ba9\u670d\u52a1\u95f4\u7684\u8c03\u7528\u66f4\u52a0\u65b9\u4fbf\u3001\u5b89\u5168\u3002\u5728Spring\u6846\u67b6\u4e2d,OAuth2\u5df2\u7ecf\u6210\u4e3a\u5904\u7406\u8fd9\u7c7b\u95ee\u9898\u7684\u6807\u51c6\u89e3\u51b3\u65b9\u6848\u4e4b\u4e00\u3002 <\/p>\n
Spring Security OAuth2\u7684\u8bbe\u8ba1\u975e\u5e38\u7075\u6d3b,\u652f\u6301\u4e0d\u540c\u7684\u6388\u6743\u6a21\u5f0f,\u5982\u6388\u6743\u7801\u6a21\u5f0f\u3001\u7b80\u5316\u6a21\u5f0f\u3001\u5bc6\u7801\u6a21\u5f0f\u548c\u5ba2\u6237\u7aef\u6a21\u5f0f\u7b49\u3002\u5b83\u8fd8\u80fd\u591f\u4e0eSpring\u751f\u6001\u4e2d\u7684\u5176\u4ed6\u7ec4\u4ef6\u5982Spring Boot\u65e0\u7f1d\u96c6\u6210,\u4f7f\u5f97\u5b89\u5168\u914d\u7f6e\u66f4\u52a0\u7b80\u4fbf\u9ad8\u6548\u3002\u501f\u52a9Spring Security OAuth2,\u5f00\u53d1\u8005\u53ef\u4ee5\u4e13\u6ce8\u4e8e\u4e1a\u52a1\u903b\u8f91,\u4e0d\u5fc5\u4ece\u96f6\u5f00\u59cb\u6784\u5efa\u590d\u6742\u7684\u8ba4\u8bc1\u6388\u6743\u673a\u5236\u3002 <\/p>\n
\u5728\u6df1\u5165\u63a2\u8ba8\u6388\u6743\u670d\u52a1\u5668\u7684\u6838\u5fc3\u7ec4\u4ef6\u4e4b\u524d,\u7406\u89e3\u5b83\u4eec\u7684\u57fa\u672c\u529f\u80fd\u548c\u7528\u9014\u81f3\u5173\u91cd\u8981\u3002\u6388\u6743\u670d\u52a1\u5668\u662fOAuth 2.0\u534f\u8bae\u7684\u6838\u5fc3,\u4e3b\u8981\u8d1f\u8d23\u5904\u7406\u5ba2\u6237\u7aef\u7684\u8ba4\u8bc1\u8bf7\u6c42\u3001\u53d1\u653e\u8bbf\u95ee\u4ee4\u724c,\u4ee5\u53ca\u5176\u5b83\u4e0e\u6388\u6743\u76f8\u5173\u7684\u64cd\u4f5c\u3002 <\/p>\n
\u8ba4\u8bc1\u7ba1\u7406\u5668(AuthenticationManager)\u662fSpring Security\u6846\u67b6\u4e2d\u7684\u5173\u952e\u7ec4\u4ef6,\u8d1f\u8d23\u8ba4\u8bc1\u8fc7\u7a0b\u7684\u7ba1\u7406\u3002\u5176\u914d\u7f6e\u901a\u5e38\u5305\u62ec\u8bbe\u7f6e\u4e00\u4e2a\u6216\u591a\u4e2a\u8ba4\u8bc1\u63d0\u4f9b\u8005(AuthenticationProvider),\u8fd9\u4e9b\u63d0\u4f9b\u8005\u8d1f\u8d23\u6839\u636e\u4e0d\u540c\u7684\u8ba4\u8bc1\u673a\u5236\u8fdb\u884c\u7528\u6237\u8eab\u4efd\u9a8c\u8bc1\u3002 <\/p>\n
\u4ee5\u4e0b\u662f\u4e00\u4e2a\u7b80\u5355\u7684\u914d\u7f6e\u793a\u4f8b,\u4f7f\u7528\u5185\u5b58\u4e2d\u7684\u7528\u6237\u5b58\u50a8\u548c\u57fa\u4e8e\u5bc6\u7801\u7684\u8ba4\u8bc1\u673a\u5236: <\/p>\n
@Configuration
\npublic class AuthServerConfig extends AuthorizationServerConfigurerAdapter {
\n @Autowired
\n private AuthenticationManager authenticationManager;<\/p>\n
@Override
\n public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
\n endpoints.authenticationManager(authenticationManager);
\n }
\n \/\/ … \u5176\u4ed6\u914d\u7f6e\u4ee3\u7801 …
\n}<\/p>\n
\u5728\u6b64\u4ee3\u7801\u4e2d,\u6211\u4eec\u901a\u8fc7 AuthorizationServerConfigurerAdapter \u7c7b\u914d\u7f6e\u4e86\u6388\u6743\u670d\u52a1\u5668,\u5e76\u901a\u8fc7 configure(AuthorizationServerEndpointsConfigurer endpoints) \u65b9\u6cd5\u8bbe\u7f6e\u4e86 AuthenticationManager \u3002 AuthenticationManager \u662fSpring Security\u4e2d\u7528\u6765\u8fdb\u884c\u8ba4\u8bc1\u5904\u7406\u7684\u7ec4\u4ef6,\u5b83\u6700\u7ec8\u8d1f\u8d23\u8c03\u7528\u5177\u4f53\u7684 AuthenticationProvider \u6765\u5b8c\u6210\u8ba4\u8bc1\u4efb\u52a1\u3002 <\/p>\n
\u6388\u6743\u7801\u670d\u52a1\u662f\u6388\u6743\u670d\u52a1\u5668\u4e2d\u4e00\u4e2a\u91cd\u8981\u7684\u7ec4\u4ef6,\u7528\u4e8e\u5904\u7406\u6388\u6743\u7801\u6d41\u7a0b\u3002\u6388\u6743\u7801\u6d41\u7a0b\u662fOAuth 2.0\u534f\u8bae\u4e2d\u4e00\u79cd\u5e38\u89c1\u7684\u6388\u6743\u6a21\u5f0f,\u5b83\u6d89\u53ca\u5230\u7528\u6237\u4ee3\u7406(\u901a\u5e38\u662fWeb\u6d4f\u89c8\u5668)\u4e0e\u6388\u6743\u670d\u52a1\u5668\u4e4b\u95f4\u7684\u4e00\u7cfb\u5217\u4ea4\u4e92\u3002 <\/p>\n
\u4ee5\u4e0b\u662f\u4e00\u4e2a\u6388\u6743\u7801\u670d\u52a1\u7684\u7b80\u5355\u5b9e\u73b0\u793a\u4f8b: <\/p>\n
@Bean
\n@Primary
\npublic AuthorizationServerEndpointsConfigurer endpointsConfigurer() {
\n AuthorizationServerEndpointsConfigurer endpoints = new AuthorizationServerEndpointsConfigurer();
\n endpoints.authorizationCodeServices(new InMemoryAuthorizationCodeServices());
\n \/\/ \u5176\u4ed6\u914d\u7f6e\u4ee3\u7801…
\n return endpoints;
\n}<\/p>\n
@Bean
\npublic AuthorizationCodeServices authorizationCodeServices() {
\n return new InMemoryAuthorizationCodeServices();
\n}<\/p>\n
\u5728\u8fd9\u6bb5\u4ee3\u7801\u4e2d,\u6211\u4eec\u9996\u5148\u521b\u5efa\u4e86\u4e00\u4e2a AuthorizationServerEndpointsConfigurer \u7684\u5b9e\u4f8b,\u5b83\u7528\u4e8e\u914d\u7f6e\u6388\u6743\u670d\u52a1\u5668\u7684\u7aef\u70b9\u3002\u7136\u540e,\u6211\u4eec\u901a\u8fc7\u8c03\u7528 authorizationCodeServices \u65b9\u6cd5\u8bbe\u7f6e\u4e86\u4e00\u4e2a\u7b80\u5355\u7684\u5185\u5b58\u5f0f\u6388\u6743\u7801\u670d\u52a1\u3002\u5728\u5b9e\u9645\u7684\u5e94\u7528\u4e2d,\u53ef\u80fd\u9700\u8981\u5c06\u5176\u66ff\u6362\u4e3a\u6570\u636e\u5e93\u5b58\u50a8\u6216\u5176\u4ed6\u7c7b\u578b\u7684\u6301\u4e45\u5316\u670d\u52a1\u4ee5\u652f\u6301\u9ad8\u5e76\u53d1\u573a\u666f\u3002 <\/p>\n
\u5b89\u5168\u9002\u914d\u5668(SecurityConfigurerAdapter)\u8d1f\u8d23\u5c06Spring Security\u5b89\u5168\u6846\u67b6\u96c6\u6210\u5230OAuth2\u6388\u6743\u670d\u52a1\u5668\u4e2d\u3002\u5b83\u5141\u8bb8\u6211\u4eec\u81ea\u5b9a\u4e49\u5b89\u5168\u914d\u7f6e,\u5982\u4f7f\u7528HTTPS\u3001\u914d\u7f6eCSRF\u4fdd\u62a4\u7b49\u3002 <\/p>\n
\u4ee5\u4e0b\u662f\u4e00\u4e2a\u4f7f\u7528 WebSecurityConfigurerAdapter \u6765\u914d\u7f6e\u6388\u6743\u670d\u52a1\u5668\u5b89\u5168\u9002\u914d\u5668\u7684\u793a\u4f8b: <\/p>\n
@Configuration
\npublic class WebSecurityConfig extends WebSecurityConfigurerAdapter {
\n @Override
\n protected void configure(HttpSecurity http) throws Exception {
\n http
\n .requestMatchers()
\n .antMatchers("\/oauth\/authorize", "\/oauth\/token")
\n .and()
\n .authorizeRequests()
\n .anyRequest().authenticated()
\n .and()
\n .csrf()
\n .disable(); \/\/OAuth2\u63a8\u8350\u5173\u95edCSRF\u4fdd\u62a4
\n }
\n \/\/ … \u5176\u4ed6\u914d\u7f6e\u4ee3\u7801 …
\n}<\/p>\n
\u5728\u6b64\u4ee3\u7801\u6bb5\u4e2d,\u6211\u4eec\u914d\u7f6e\u4e86HTTP\u5b89\u5168\u5904\u7406\u5668,\u6307\u5b9a\u4e86\u4ec5\u5bf9 \/oauth\/authorize \u548c \/oauth\/token \u7aef\u70b9\u8fdb\u884c\u4fdd\u62a4,\u5e76\u4e14\u8981\u6c42\u6240\u6709\u8fd9\u4e9b\u7aef\u70b9\u7684\u8bf7\u6c42\u5fc5\u987b\u7ecf\u8fc7\u8ba4\u8bc1\u3002\u6b64\u5916,\u6211\u4eec\u8fd8\u7981\u7528\u4e86CSRF\u4fdd\u62a4,\u56e0\u4e3aOAuth2\u534f\u8bae\u6709\u5176\u81ea\u8eab\u7684\u4fdd\u62a4\u63aa\u65bd\u3002 <\/p>\n
\u5ba2\u6237\u7aef\u8ba4\u8bc1\u7b56\u7565\u662f\u6388\u6743\u670d\u52a1\u5668\u5b89\u5168\u914d\u7f6e\u7684\u4e00\u4e2a\u91cd\u8981\u65b9\u9762\u3002\u5ba2\u6237\u7aef\u662f\u6307\u90a3\u4e9b\u60f3\u8981\u4ee3\u8868\u7528\u6237\u83b7\u53d6\u4ee4\u724c\u7684\u5e94\u7528\u7a0b\u5e8f\u3002\u4e3a\u4e86\u4fdd\u8bc1\u5b89\u5168\u6027,\u6388\u6743\u670d\u52a1\u5668\u9700\u8981\u5bf9\u8fd9\u4e9b\u5ba2\u6237\u7aef\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\u3002 <\/p>\n
\u5728Spring Security OAuth2\u4e2d,\u5ba2\u6237\u7aef\u8ba4\u8bc1\u7b56\u7565\u53ef\u4ee5\u975e\u5e38\u7075\u6d3b\u5730\u914d\u7f6e\u3002\u4ee5\u4e0b\u662f\u4e00\u4e2a\u57fa\u4e8eHTTP\u57fa\u672c\u8ba4\u8bc1\u7684\u5ba2\u6237\u7aef\u8ba4\u8bc1\u7b56\u7565\u914d\u7f6e\u793a\u4f8b: <\/p>\n
@Bean
\npublic ClientDetailsServiceConfigurer clientDetailsServiceConfigurer() {
\n return new ClientDetailsServiceConfigurer() {
\n @Override
\n public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
\n clients.inMemory()
\n .withClient("client-id")
\n .secret(new BCryptPasswordEncoder().encode("client-secret"))
\n .scopes("read", "write")
\n .authorizedGrantTypes("authorization_code", "refresh_token")
\n .redirectUris("http:\/\/localhost:8080\/callback")
\n .autoApprove(true);
\n }
\n };
\n}<\/p>\n
\u5728\u8fd9\u4e2a\u4f8b\u5b50\u4e2d,\u6211\u4eec\u4f7f\u7528\u5185\u5b58\u5b58\u50a8\u5b9a\u4e49\u4e86\u4e24\u4e2a\u5ba2\u6237\u7aef,\u5e76\u4e3a\u6bcf\u4e2a\u5ba2\u6237\u7aef\u6307\u5b9a\u4e86\u552f\u4e00\u7684\u5ba2\u6237\u7aefID\u548c\u5bc6\u94a5,\u5b83\u4eec\u7684\u6388\u6743\u7c7b\u578b\u3001\u4f5c\u7528\u57df\u4ee5\u53ca\u91cd\u5b9a\u5411URI\u3002\u8fd9\u4e2a\u914d\u7f6e\u786e\u4fdd\u4e86\u53ea\u6709\u7b26\u5408\u8fd9\u4e9b\u6761\u4ef6\u7684\u5ba2\u6237\u7aef\u624d\u80fd\u8bf7\u6c42\u4ee4\u724c\u3002 <\/p>\n
\u6388\u6743\u7801\u7aef\u70b9\u662f\u7528\u6237\u4ee3\u7406(\u6d4f\u89c8\u5668)\u8bbf\u95ee\u6388\u6743\u670d\u52a1\u5668\u4ee5\u83b7\u53d6\u6388\u6743\u7801\u7684\u5730\u5740\u3002\u4ee5\u4e0b\u662fSpring Security OAuth2\u4e2d\u6388\u6743\u7801\u7aef\u70b9\u914d\u7f6e\u7684\u4e00\u4e2a\u57fa\u672c\u793a\u4f8b: <\/p>\n
@Override
\npublic void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
\n endpoints
\n .authorizationCodeServices(authorizationCodeServices())
\n .pathMapping("\/oauth\/authorize", "\/custom\/authorize")
\n \/\/ … \u5176\u4ed6\u7aef\u70b9\u914d\u7f6e …
\n}<\/p>\n
\u5728\u8fd9\u6bb5\u4ee3\u7801\u4e2d, pathMapping \u65b9\u6cd5\u5141\u8bb8\u6211\u4eec\u91cd\u5199\u6388\u6743\u7801\u7aef\u70b9\u7684URL\u8def\u5f84,\u4f7f\u5176\u66f4\u52a0\u7b26\u5408\u7279\u5b9a\u7684\u5e94\u7528\u9700\u6c42\u3002\u4f8b\u5982,\u6211\u4eec\u5c06\u5176\u91cd\u5199\u4e3a \/custom\/authorize ,\u4ee5\u5b9e\u73b0\u66f4\u52a0\u4e2a\u6027\u5316\u7684\u7aef\u70b9\u547d\u540d\u3002 <\/p>\n
\u4ee4\u724c\u7aef\u70b9\u8d1f\u8d23\u5904\u7406\u5ba2\u6237\u7aef\u7684\u4ee4\u724c\u8bf7\u6c42,\u901a\u5e38\u7531\u5ba2\u6237\u7aef\u5728\u540e\u7aef\u53d1\u8d77\u3002\u4e3a\u4e86\u4fdd\u62a4\u8fd9\u4e2a\u7aef\u70b9\u4e0d\u88ab\u6076\u610f\u5229\u7528,\u6211\u4eec\u9700\u8981\u5bf9\u5176\u8fdb\u884c\u5b89\u5168\u914d\u7f6e\u3002 <\/p>\n
@Override
\npublic void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
\n endpoints
\n .tokenServices(tokenServices())
\n .pathMapping("\/oauth\/token", "\/custom\/token");
\n \/\/ … \u5176\u4ed6\u7aef\u70b9\u914d\u7f6e …
\n}<\/p>\n
\u5728\u8fd9\u4e2a\u914d\u7f6e\u4e2d,\u901a\u8fc7 pathMapping \u65b9\u6cd5\u540c\u6837\u53ef\u4ee5\u6539\u53d8\u9ed8\u8ba4\u7684\u4ee4\u724c\u7aef\u70b9URL\u8def\u5f84\u3002\u8fd9\u6837\u914d\u7f6e\u4e4b\u540e,\u5ba2\u6237\u7aef\u9700\u8981\u901a\u8fc7\u65b0\u7684\u8def\u5f84\u6765\u8bf7\u6c42\u4ee4\u724c,\u589e\u52a0\u4e86\u7aef\u70b9\u7684\u5b89\u5168\u6027\u3002 <\/p>\n
| \u529f\u80fd\u70b9 | \u914d\u7f6e\u9009\u9879 | \u5907\u6ce8 | |———————-|———————————-|————————————————————-| | \u8ba4\u8bc1\u7ba1\u7406\u5668\u914d\u7f6e | AuthenticationManager | \u63a7\u5236\u6388\u6743\u670d\u52a1\u5668\u7684\u8ba4\u8bc1\u6d41\u7a0b\u3002 | | \u6388\u6743\u7801\u670d\u52a1\u914d\u7f6e | AuthorizationCodeServices | \u7ba1\u7406\u6388\u6743\u7801\u7684\u751f\u6210\u3001\u5b58\u50a8\u4e0e\u9a8c\u8bc1\u3002 | | \u5b89\u5168\u9002\u914d\u5668\u914d\u7f6e | WebSecurityConfigurerAdapter | \u8bbe\u7f6e\u6388\u6743\u670d\u52a1\u5668\u7684\u5b89\u5168\u4fdd\u62a4\u673a\u5236\u3002 | | \u5ba2\u6237\u7aef\u8ba4\u8bc1\u7b56\u7565\u914d\u7f6e | ClientDetailsServiceConfigurer | \u7ba1\u7406\u5ba2\u6237\u7aef\u7684\u6ce8\u518c\u4fe1\u606f\u53ca\u5176\u8ba4\u8bc1\u65b9\u5f0f\u3002 | | \u6388\u6743\u7801\u7aef\u70b9\u8def\u5f84\u914d\u7f6e | pathMapping | \u81ea\u5b9a\u4e49\u6388\u6743\u7801\u7aef\u70b9URL\u8def\u5f84\u3002 | | \u4ee4\u724c\u7aef\u70b9\u8def\u5f84\u914d\u7f6e | pathMapping | \u81ea\u5b9a\u4e49\u4ee4\u724c\u7aef\u70b9URL\u8def\u5f84,\u589e\u5f3a\u5b89\u5168\u6027\u3002 | <\/p>\n
\u5728\u914d\u7f6e\u6388\u6743\u670d\u52a1\u5668\u65f6,\u52a1\u5fc5\u786e\u4fdd\u6bcf\u4e2a\u7ec4\u4ef6\u90fd\u6b63\u786e\u8bbe\u7f6e,\u4ee5\u907f\u514d\u53ef\u80fd\u7684\u5b89\u5168\u6f0f\u6d1e\u3002\u4ece\u8ba4\u8bc1\u7ba1\u7406\u5668\u5230\u7aef\u70b9\u914d\u7f6e,\u6bcf\u4e00\u6b65\u90fd\u662f\u6784\u5efa\u5b89\u5168\u53ef\u9760\u7684\u6388\u6743\u670d\u52a1\u5668\u7684\u5173\u952e\u3002 <\/p>\n
\u8d44\u6e90\u670d\u52a1\u5668\u5728OAuth2\u67b6\u6784\u4e2d\u626e\u6f14\u7740\u4fdd\u62a4\u8d44\u6e90\u7684\u89d2\u8272\u3002\u5b83\u8d1f\u8d23\u5904\u7406\u7ecf\u8fc7\u6388\u6743\u7684\u8bbf\u95ee\u4ee4\u724c,\u786e\u4fdd\u53ea\u6709\u5408\u6cd5\u7528\u6237\u624d\u80fd\u8bbf\u95ee\u5176\u7ba1\u7406\u7684\u8d44\u6e90\u3002\u8d44\u6e90\u670d\u52a1\u5668\u901a\u5e38\u4e0e\u6388\u6743\u670d\u52a1\u5668\u5206\u79bb,\u4f46\u5b83\u4eec\u53ef\u4ee5\u662f\u540c\u4e00\u5e94\u7528\u7684\u4e00\u90e8\u5206,\u6216\u8005\u901a\u8fc7\u7f51\u7edc\u4e0e\u6388\u6743\u670d\u52a1\u5668\u901a\u4fe1\u3002 <\/p>\n
\u5728Spring Security OAuth2\u4e2d,\u8d44\u6e90\u670d\u52a1\u5668\u7684\u6838\u5fc3\u804c\u8d23\u662f\u9a8c\u8bc1\u4ee4\u724c,\u5e76\u6839\u636e\u4ee4\u724c\u4e2d\u5305\u542b\u7684\u58f0\u660e\u6765\u6388\u6743\u6216\u62d2\u7edd\u7528\u6237\u7684\u8bbf\u95ee\u8bf7\u6c42\u3002\u8d44\u6e90\u670d\u52a1\u5668\u901a\u5e38\u901a\u8fc7\u62e6\u622a\u5668\u6765\u5b9e\u73b0\u5bf9\u8bf7\u6c42\u7684\u62e6\u622a\u548c\u4ee4\u724c\u7684\u9a8c\u8bc1\u3002 <\/p>\n
\u8d44\u6e90\u670d\u52a1\u5668\u9700\u8981\u4e0e\u6388\u6743\u670d\u52a1\u5668\u534f\u4f5c,\u4ee5\u83b7\u53d6\u516c\u94a5\u6765\u9a8c\u8bc1\u7b7e\u540d\u7684\u8bbf\u95ee\u4ee4\u724c\u3002\u5728Spring Security OAuth2\u4e2d,\u8d44\u6e90\u670d\u52a1\u5668\u901a\u8fc7\u914d\u7f6e\u6765\u6307\u5b9a\u4ee4\u724c\u670d\u52a1\u548c\u4ee4\u724c\u7684\u5b58\u50a8\u65b9\u5f0f,\u4ece\u800c\u5b9e\u73b0\u5bf9\u8bbf\u95ee\u4ee4\u724c\u7684\u9a8c\u8bc1\u3002 <\/p>\n
\u8d44\u6e90\u670d\u52a1\u5668\u7684\u5b89\u5168\u914d\u7f6e\u6d89\u53ca\u5230\u5982\u4f55\u5904\u7406\u4ee4\u724c\u8bf7\u6c42\u4ee5\u53ca\u5982\u4f55\u9a8c\u8bc1\u4ee4\u724c\u7684\u6709\u6548\u6027\u3002\u4ee5\u4e0b\u662f\u4e00\u4e2a\u7b80\u5316\u7684Spring Security\u914d\u7f6e\u4ee3\u7801\u5757: <\/p>\n
@Configuration
\n@EnableWebSecurity
\npublic class ResourceServerConfiguration extends WebSecurityConfigurerAdapter {<\/p>\n
@Override
\n protected void configure(HttpSecurity http) throws Exception {
\n http
\n .authorizeRequests()
\n .anyRequest().authenticated()
\n .and()
\n .oauth2ResourceServer()
\n .jwt();
\n }
\n}<\/p>\n
\u5728\u8fd9\u4e2a\u914d\u7f6e\u4e2d,\u6211\u4eec\u6307\u5b9a\u4e86\u8d44\u6e90\u670d\u52a1\u5668\u5c06\u5904\u7406\u7ecf\u8fc7\u9a8c\u8bc1\u7684JWT\u4ee4\u724c\u3002 <\/p>\n
\u8d44\u6e90\u670d\u52a1\u5668\u9700\u8981\u77e5\u9053\u8bbf\u95ee\u4ee4\u724c\u7684\u5b58\u50a8\u65b9\u5f0f\u3002\u8bbf\u95ee\u4ee4\u724c\u53ef\u4ee5\u5b58\u50a8\u5728HTTP\u8bf7\u6c42\u7684\u5934\u90e8\u3001\u67e5\u8be2\u53c2\u6570\u4e2d,\u6216\u662f\u4f5c\u4e3a\u4e00\u4e2a\u8868\u5355\u53c2\u6570\u3002Spring Security OAuth2\u63d0\u4f9b\u4e86\u4e0d\u540c\u7684\u65b9\u5f0f\u6765\u6307\u5b9a\u4ee4\u724c\u7684\u5b58\u50a8\u4f4d\u7f6e,\u5305\u62ec authorizationHeaderTokenExtractor , cookieTokenExtractor , formSubmissionTokenExtractor \u7b49\u3002 <\/p>\n
\u8d44\u6e90\u670d\u52a1\u5668\u9700\u8981\u914d\u7f6e\u4e00\u4e2a\u5b89\u5168\u9002\u914d\u5668,\u4ee5\u786e\u4fdd\u6240\u6709\u8bf7\u6c42\u90fd\u7ecf\u8fc7\u6388\u6743\u3002\u8fd9\u4e2a\u9002\u914d\u5668\u901a\u5e38\u4f1a\u5728Spring Security\u7684\u914d\u7f6e\u4e2d\u5b9a\u4e49,\u5982\u4e0b\u6240\u793a: <\/p>\n
@Configuration
\npublic class SecurityConfig extends WebSecurityConfigurerAdapter {<\/p>\n
@Override
\n protected void configure(HttpSecurity http) throws Exception {
\n http
\n .csrf().disable() \/\/ OAuth2\u4e0d\u9700\u8981CSRF\u4fdd\u62a4
\n .authorizeRequests()
\n .antMatchers("\/api\/public\/**").permitAll()
\n .antMatchers("\/api\/private\/**").authenticated();
\n }
\n}<\/p>\n
\u5728\u8fd9\u4e2a\u4f8b\u5b50\u4e2d,\u6211\u4eec\u5b9a\u4e49\u4e86\u4e24\u4e2a\u4e0d\u540c\u7684\u8def\u5f84\u6a21\u5f0f,\u4e00\u4e2a\u662f\u516c\u5f00\u8bbf\u95ee\u7684,\u53e6\u4e00\u4e2a\u662f\u9700\u8981\u8ba4\u8bc1\u624d\u80fd\u8bbf\u95ee\u7684\u3002 <\/p>\n
\u8d44\u6e90\u670d\u52a1\u5668\u901a\u8fc7\u914d\u7f6e\u4ee4\u724c\u670d\u52a1\u6765\u5904\u7406\u8bbf\u95ee\u4ee4\u724c\u3002\u8fd9\u4e2a\u670d\u52a1\u901a\u5e38\u88ab\u7528\u6765\u4ece\u6388\u6743\u670d\u52a1\u5668\u83b7\u53d6\u516c\u94a5,\u5e76\u4f7f\u7528\u5b83\u6765\u9a8c\u8bc1\u4ee4\u724c\u7684\u7b7e\u540d\u3002 <\/p>\n
\u8d44\u6e90\u670d\u52a1\u5668\u9700\u8981\u77e5\u9053\u6388\u6743\u670d\u52a1\u5668\u7684\u4ee4\u724c\u7aef\u70b9\u5730\u5740,\u4ee5\u4fbf\u5728\u9700\u8981\u65f6\u9a8c\u8bc1\u4ee4\u724c\u3002\u8fd9\u901a\u5e38\u901a\u8fc7\u914d\u7f6e\u8d44\u6e90\u670d\u52a1\u5668\u65f6\u6307\u5b9a\u7aef\u70b9\u6765\u5b9e\u73b0\u3002\u4f8b\u5982: <\/p>\n
@Bean
\npublic ResourceServerConfigurer resourceServerConfigurer() {
\n return new ResourceServerConfigurerAdapter() {
\n @Override
\n public void configure(ResourceServerSecurityConfigurer resources) {
\n resources.tokenServices(tokenServices());
\n }<\/p>\n
@Override
\n public void configure(HttpSecurity http) throws Exception {
\n http
\n \/\/ \u5176\u4ed6\u914d\u7f6e…
\n ;
\n }
\n private RemoteTokenServices tokenServices() {
\n RemoteTokenServices services = new RemoteTokenServices();
\n services.setCheckTokenEndpointUrl("http:\/\/auth-server:8080\/oauth\/check_token");
\n services.setClientId("client-id");
\n services.setClientSecret("client-secret");
\n return services;
\n }
\n };
\n}<\/p>\n
\u5728\u8fd9\u4e2a\u914d\u7f6e\u4e2d, RemoteTokenServices \u7528\u4e8e\u8fdc\u7a0b\u8c03\u7528\u6388\u6743\u670d\u52a1\u5668\u7684\u4ee4\u724c\u9a8c\u8bc1\u7aef\u70b9\u3002 <\/p>\n
\u8d44\u6e90\u670d\u52a1\u5668\u7684\u5b89\u5168\u9002\u914d\u5668\u9700\u8981\u5904\u7406\u7528\u6237\u8eab\u4efd\u8ba4\u8bc1\u5931\u8d25\u7684\u60c5\u51b5\u3002\u4f8b\u5982,\u5f53\u8bbf\u95ee\u4ee4\u724c\u65e0\u6548\u65f6,\u8d44\u6e90\u670d\u52a1\u5668\u5e94\u8be5\u62d2\u7edd\u8bbf\u95ee\u5e76\u8fd4\u56de\u9002\u5f53\u7684HTTP\u72b6\u6001\u7801\u3002\u5728Spring Security\u4e2d,\u8fd9\u901a\u5e38\u901a\u8fc7\u914d\u7f6e\u5f02\u5e38\u5904\u7406\u5668\u6765\u5b9e\u73b0\u3002 <\/p>\n
http.exceptionHandling()
\n .authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("\/login"));<\/p>\n
\u5728\u4e0a\u8ff0\u914d\u7f6e\u4e2d,\u5f53\u7528\u6237\u672a\u8ba4\u8bc1\u8bbf\u95ee\u53d7\u4fdd\u62a4\u7684\u8d44\u6e90\u65f6,\u4f1a\u88ab\u91cd\u5b9a\u5411\u5230\u767b\u5f55\u9875\u9762\u3002 <\/p>\n
\u901a\u8fc7\u4e0a\u8ff0\u7684\u914d\u7f6e\u548c\u4ee3\u7801\u5206\u6790,\u6211\u4eec\u53ef\u4ee5\u770b\u5230\u8d44\u6e90\u670d\u52a1\u5668\u5728Spring Security OAuth2\u67b6\u6784\u4e2d\u6240\u626e\u6f14\u7684\u89d2\u8272\u3002\u8d44\u6e90\u670d\u52a1\u5668\u786e\u4fdd\u4e86\u5bf9\u7528\u6237\u8bbf\u95ee\u8bf7\u6c42\u7684\u6b63\u786e\u5904\u7406,\u5e76\u4e0e\u6388\u6743\u670d\u52a1\u5668\u7d27\u5bc6\u534f\u4f5c,\u4ee5\u786e\u4fdd\u8d44\u6e90\u7684\u5b89\u5168\u6027\u3002\u5728\u63a5\u4e0b\u6765\u7684\u7ae0\u8282\u4e2d,\u6211\u4eec\u5c06\u7ee7\u7eed\u6df1\u5165\u63a2\u8ba8\u5982\u4f55\u5b9e\u73b0\u548c\u914d\u7f6e\u8d44\u6e90\u670d\u52a1\u5668,\u4ee5\u53ca\u5982\u4f55\u786e\u4fdd\u5176\u4e0e\u6388\u6743\u670d\u52a1\u5668\u7684\u6709\u6548\u534f\u4f5c\u3002 <\/p>\n
OAuth2 \u662f\u4e00\u4e2a\u5de5\u4e1a\u6807\u51c6\u7684\u6388\u6743\u534f\u8bae,\u5b83\u5141\u8bb8\u5e94\u7528\u83b7\u53d6\u7528\u6237\u7684\u6709\u9650\u6388\u6743,\u5e76\u4f7f\u7528\u8fd9\u4e9b\u6388\u6743\u4ee3\u8868\u7528\u6237\u83b7\u53d6\u8bbf\u95ee\u4ee4\u724c\u6765\u8bbf\u95ee\u670d\u52a1\u3002\u5728Spring Security OAuth2\u4e2d,\u5ba2\u6237\u7aef\u7684\u5b9a\u4e49\u4e0e\u914d\u7f6e\u662f\u6784\u5efaOAuth2\u751f\u6001\u7cfb\u7edf\u7684\u4e00\u4e2a\u91cd\u8981\u73af\u8282\u3002\u63a5\u4e0b\u6765,\u6211\u4eec\u5c06\u6df1\u5165\u63a2\u8ba8\u5ba2\u6237\u7aef\u7684\u6838\u5fc3\u6982\u5ff5\u4ee5\u53ca\u5982\u4f55\u6ce8\u518c\u548c\u7ba1\u7406\u5ba2\u6237\u7aef\u3002 <\/p>\n
\u5ba2\u6237\u7aefID\u548c\u5bc6\u94a5\u662f\u5ba2\u6237\u7aef\u5e94\u7528\u5728\u6ce8\u518c\u65f6\u7531\u6388\u6743\u670d\u52a1\u5668\u9881\u53d1\u7684\u4e00\u5bf9\u51ed\u8bc1,\u7528\u4e8e\u6807\u8bc6\u5ba2\u6237\u7aef\u8eab\u4efd\u548c\u9a8c\u8bc1\u5ba2\u6237\u7aef\u8bf7\u6c42\u3002\u5ba2\u6237\u7aefID\u662f\u4e00\u4e2a\u516c\u5f00\u7684\u6807\u8bc6\u7b26,\u800c\u5bc6\u94a5\u662f\u4e00\u4e2a\u4fdd\u5bc6\u7684\u5b57\u7b26\u4e32,\u8fd9\u4e24\u8005\u5171\u540c\u6784\u6210\u4e86\u5ba2\u6237\u7aef\u7684\u51ed\u8bc1\u3002 <\/p>\n
\u5728\u914d\u7f6eOAuth2\u5ba2\u6237\u7aef\u65f6,\u5ba2\u6237\u7aefID\u548c\u5bc6\u94a5\u901a\u5e38\u88ab\u8bbe\u7f6e\u5728\u5e94\u7528\u7684\u914d\u7f6e\u6587\u4ef6\u4e2d\u3002\u4f8b\u5982,\u5728Spring Security OAuth2\u4e2d,\u53ef\u4ee5\u5728 application.yml \u6216 application.properties \u6587\u4ef6\u4e2d\u6dfb\u52a0\u4ee5\u4e0b\u914d\u7f6e: <\/p>\n
spring:
\n security:
\n oauth2:
\n client:
\n registration:
\n my-client:
\n clientId: your-client-id
\n clientSecret: your-client-secret<\/p>\n
\u8fd9\u91cc\u7684 my-client \u662f\u4e3a\u8be5\u5ba2\u6237\u7aef\u5b9a\u4e49\u7684\u552f\u4e00\u540d\u79f0\u3002 clientId \u548c clientSecret \u5206\u522b\u5bf9\u5e94\u6ce8\u518c\u65f6\u83b7\u5f97\u7684\u5ba2\u6237\u7aefID\u548c\u5bc6\u94a5\u3002 <\/p>\n
OAuth2\u652f\u6301\u591a\u79cd\u6388\u6743\u6a21\u5f0f,\u5982\u6388\u6743\u7801\u6a21\u5f0f\u3001\u7b80\u5316\u6a21\u5f0f\u3001\u5bc6\u7801\u6a21\u5f0f\u548c\u5ba2\u6237\u7aef\u51ed\u8bc1\u6a21\u5f0f\u3002\u5ba2\u6237\u7aef\u9700\u8981\u5728\u6ce8\u518c\u65f6\u660e\u786e\u5176\u652f\u6301\u7684\u6388\u6743\u6a21\u5f0f\u3002\u4f5c\u7528\u57df(Scopes)\u662f\u53e6\u4e00\u79cd\u91cd\u8981\u7684\u914d\u7f6e\u9879,\u5b83\u5b9a\u4e49\u4e86\u5ba2\u6237\u7aef\u8bf7\u6c42\u8bbf\u95ee\u6743\u9650\u7684\u8303\u56f4\u3002 <\/p>\n
\u5728Spring Security OAuth2\u4e2d\u914d\u7f6e\u6388\u6743\u6a21\u5f0f\u548c\u4f5c\u7528\u57df\u901a\u5e38\u5728\u5ba2\u6237\u7aef\u914d\u7f6e\u7c7b\u4e2d\u5b8c\u6210\u3002\u4e0b\u9762\u662f\u4e00\u4e2a\u914d\u7f6e\u4ee3\u7801\u793a\u4f8b: <\/p>\n
@Configuration
\n@EnableOAuth2Client
\npublic class OAuth2ClientConfig {<\/p>\n
@Bean
\n public OAuth2RestTemplate oauth2RestTemplate(OAuth2ProtectedResourceDetails details, OAuth2ClientContext context) {
\n return new OAuth2RestTemplate(details, context);
\n }<\/p>\n
@Bean
\n @ConfigurationProperties("my.client")
\n public OAuth2ProtectedResourceDetails clientCredentialsResource() {
\n return new ClientCredentialsResourceDetails();
\n }
\n}<\/p>\n
\u5728\u4e0a\u8ff0\u4ee3\u7801\u4e2d, my.client \u90e8\u5206\u9700\u8981\u5728\u914d\u7f6e\u6587\u4ef6\u4e2d\u5b9a\u4e49\u76f8\u5e94\u7684\u6388\u6743\u6a21\u5f0f\u548c\u4f5c\u7528\u57df\u3002 <\/p>\n
\u5ba2\u6237\u7aef\u5e94\u7528\u5728\u6388\u6743\u670d\u52a1\u5668\u8fdb\u884c\u6ce8\u518c\u662f\u83b7\u53d6\u6388\u6743\u7684\u7b2c\u4e00\u6b65\u3002\u8fd9\u4e00\u8fc7\u7a0b\u53ef\u4ee5\u624b\u5de5\u5b8c\u6210,\u4e5f\u53ef\u4ee5\u901a\u8fc7\u7279\u5b9a\u7684API\u63a5\u53e3\u5b9e\u73b0\u81ea\u52a8\u5316\u6ce8\u518c\u3002\u5728\u624b\u52a8\u6ce8\u518c\u8fc7\u7a0b\u4e2d,\u5e94\u7528\u5f00\u53d1\u8005\u901a\u5e38\u9700\u8981\u63d0\u4f9b\u4ee5\u4e0b\u4fe1\u606f: <\/p>\n
\u6ce8\u518c\u8fc7\u7a0b\u53ef\u4ee5\u901a\u8fc7\u586b\u5199\u8868\u5355,\u6216\u901a\u8fc7\u7f16\u5199\u811a\u672c\u8c03\u7528\u6388\u6743\u670d\u52a1\u5668\u7684\u6ce8\u518c\u63a5\u53e3\u5b8c\u6210\u3002\u5728Spring Security OAuth2\u4e2d,\u5ba2\u6237\u7aef\u6ce8\u518c\u4fe1\u606f\u901a\u5e38\u914d\u7f6e\u5728\u5e94\u7528\u7684 application.yml \u6587\u4ef6\u4e2d\u3002 <\/p>\n
\u5ba2\u6237\u7aef\u6ce8\u518c\u5b8c\u6210\u540e,\u6388\u6743\u670d\u52a1\u5668\u4f1a\u7ed9\u5ba2\u6237\u7aef\u5e94\u7528\u53d1\u653e\u51ed\u8bc1,\u5305\u62ec\u5ba2\u6237\u7aefID\u548c\u5bc6\u94a5\u3002\u5728\u5ba2\u6237\u7aef\u5e94\u7528\u4e2d,\u8fd9\u4e9b\u51ed\u8bc1\u88ab\u7528\u4e8e\u53d1\u9001\u8bf7\u6c42\u5230\u6388\u6743\u670d\u52a1\u5668,\u4ee5\u83b7\u53d6\u8bbf\u95ee\u4ee4\u724c\u3002 <\/p>\n
\u5ba2\u6237\u7aef\u5e94\u7528\u9700\u8981\u59a5\u5584\u7ba1\u7406\u8fd9\u4e9b\u51ed\u8bc1,\u907f\u514d\u6cc4\u9732\u7ed9\u672a\u6388\u6743\u7684\u7b2c\u4e09\u65b9\u3002\u540c\u65f6,\u5ba2\u6237\u7aef\u5728\u53d1\u9001\u8bf7\u6c42\u65f6,\u901a\u5e38\u9700\u8981\u5728\u8bf7\u6c42\u5934\u4e2d\u9644\u52a0 Authorization \u5b57\u6bb5,\u5e76\u5c06\u5176\u503c\u8bbe\u7f6e\u4e3a Basic \u540e\u8ddf\u7ecf\u8fc7Base64\u7f16\u7801\u7684\u5ba2\u6237\u7aefID\u548c\u5bc6\u94a5\u7684\u7ec4\u5408\u3002 <\/p>\n
String credentials = "clientId:clientSecret";
\nString basicAuthValue = "Basic " + new String(Base64.getEncoder().encode(credentials.getBytes(StandardCharsets.UTF_8)));
\nHttpHeaders headers = new HttpHeaders();
\nheaders.set("Authorization", basicAuthValue);<\/p>\n
\u8fd9\u6bb5Java\u4ee3\u7801\u5c06\u51ed\u8bc1\u7f16\u7801\u5e76\u8bbe\u7f6e\u5230\u8bf7\u6c42\u5934\u4e2d\u3002\u8fd9\u91cc\u53ea\u662f\u793a\u4f8b,\u5b9e\u9645\u5e94\u7528\u4e2d\u8fd8\u9700\u8981\u6dfb\u52a0\u5176\u4ed6\u5fc5\u8981\u7684HTTP\u8bf7\u6c42\u5934\u90e8\u4fe1\u606f\u3002 <\/p>\n
\u5728\u63a5\u4e0b\u6765\u7684\u7ae0\u8282\u4e2d,\u6211\u4eec\u5c06\u63a2\u8ba8\u5982\u4f55\u5728Spring Boot\u5e94\u7528\u4e2d\u6574\u5408MySQL\u6570\u636e\u5e93,\u4ee5\u53ca\u5982\u4f55\u914d\u7f6e\u548c\u7ba1\u7406\u4ee4\u724c\u3002\u6211\u4eec\u5c06\u9010\u6b65\u63ed\u793a\u5982\u4f55\u521b\u5efa\u8bbf\u95ee\u4ee4\u724c,\u4ee5\u53ca\u5982\u4f55\u5b89\u5168\u5730\u4f7f\u7528\u5237\u65b0\u4ee4\u724c\u6765\u5ef6\u957f\u8bbf\u95ee\u6743\u9650\u7684\u6709\u6548\u671f\u3002 <\/p>\n
\u7528\u6237\u548c\u4f5c\u7528\u57df(Scopes)\u7684\u7ba1\u7406\u662fOAuth2\u6388\u6743\u4f53\u7cfb\u4e2d\u6781\u4e3a\u5173\u952e\u7684\u4e00\u73af,\u5b83\u6d89\u53ca\u5230\u5bf9\u7cfb\u7edf\u5185\u8ba4\u8bc1\u7684\u7528\u6237\u8eab\u4efd\u7684\u7ba1\u7406,\u4ee5\u53ca\u5b9a\u4e49\u6743\u9650\u8303\u56f4\u4ee5\u4f9b\u5ba2\u6237\u7aef\u5e94\u7528\u4f7f\u7528\u3002\u5728\u672c\u7ae0\u8282\u4e2d,\u6211\u4eec\u5c06\u6df1\u5165\u63a2\u8ba8\u5982\u4f55\u5b9e\u73b0\u7528\u6237\u8ba4\u8bc1\u673a\u5236\u4ee5\u53ca\u4f5c\u7528\u57df\u7684\u5b9a\u4e49\u548c\u7ba1\u7406\u3002 <\/p>\n
\u7528\u6237\u8ba4\u8bc1\u673a\u5236\u7684\u5b9e\u73b0\u786e\u4fdd\u4e86\u53ea\u6709\u5408\u6cd5\u7528\u6237\u80fd\u591f\u8bbf\u95ee\u6388\u6743\u670d\u52a1\u5668\u63d0\u4f9b\u7684\u8d44\u6e90\u3002\u5bf9\u4e8e\u7528\u6237\u8eab\u4efd\u7684\u8bc6\u522b\u548c\u9a8c\u8bc1\u662f\u6574\u4e2a\u5b89\u5168\u4f53\u7cfb\u7684\u57fa\u7840,\u63a5\u4e0b\u6765\u6211\u4eec\u5c06\u4e86\u89e3\u5982\u4f55\u914d\u7f6e\u7528\u6237\u4fe1\u606f\u670d\u52a1\u4ee5\u53ca\u5904\u7406\u8ba4\u8bc1\u8fc7\u7a0b\u4e2d\u7684\u7528\u6237\u4fe1\u606f\u3002 <\/p>\n
\u4e3a\u4e86\u5b9e\u73b0\u7528\u6237\u8ba4\u8bc1,\u9996\u5148\u9700\u8981\u914d\u7f6e\u7528\u6237\u4fe1\u606f\u670d\u52a1\u3002\u5728Spring Security OAuth2\u4e2d,\u901a\u5e38\u4f7f\u7528 UserDetailsService \u63a5\u53e3\u6765\u52a0\u8f7d\u7528\u6237\u4fe1\u606f\u3002\u4ee5\u4e0b\u662f\u4e00\u4e2a\u914d\u7f6e UserDetailsService \u7684\u57fa\u672c\u793a\u4f8b: <\/p>\n
@Configuration
\npublic class UserDetailsServiceConfig {<\/p>\n
@Autowired
\n private DataSource dataSource;<\/p>\n
@Bean
\n public UserDetailsService userDetailsService() {
\n JdbcUserDetailsManager manager = new JdbcUserDetailsManager(dataSource);
\n manager.setUsersByUsernameQuery("SELECT username, password, enabled FROM users WHERE username = ?");
\n manager.setAuthoritiesByUsernameQuery("SELECT username, authority FROM authorities WHERE username = ?");
\n return manager;
\n }
\n}<\/p>\n
\u5728\u4e0a\u8ff0\u4ee3\u7801\u6bb5\u4e2d,\u6211\u4eec\u901a\u8fc7 JdbcUserDetailsManager \u5b9e\u73b0\u6765\u521b\u5efa\u7528\u6237\u8be6\u60c5\u670d\u52a1,\u5e76\u901a\u8fc7\u914d\u7f6e\u6570\u636e\u6e90\u6765\u8fde\u63a5\u6570\u636e\u5e93,\u5176\u4e2d setUsersByUsernameQuery \u548c setAuthoritiesByUsernameQuery \u65b9\u6cd5\u7528\u4e8e\u81ea\u5b9a\u4e49\u7528\u6237\u67e5\u8be2\u548c\u6743\u9650\u67e5\u8be2\u3002 <\/p>\n
\u786e\u4fdd\u6570\u636e\u5e93\u4e2d\u7528\u6237\u8868\u7684\u7ed3\u6784\u548c\u6743\u9650\u8868\u7684\u7ed3\u6784\u8981\u4e0e\u67e5\u8be2\u76f8\u5339\u914d,\u5426\u5219\u5c06\u65e0\u6cd5\u6b63\u786e\u52a0\u8f7d\u7528\u6237\u4fe1\u606f\u3002 <\/p>\n
\u5728\u7528\u6237\u767b\u5f55\u8ba4\u8bc1\u8fc7\u7a0b\u4e2d,\u8ba4\u8bc1\u7ba1\u7406\u5668( AuthenticationManager )\u4f1a\u4f7f\u7528 UserDetailsService \u6765\u52a0\u8f7d\u7528\u6237\u4fe1\u606f,\u5e76\u4e0e\u7528\u6237\u63d0\u4f9b\u7684\u51ed\u636e\u8fdb\u884c\u5bf9\u6bd4,\u4ee5\u9a8c\u8bc1\u7528\u6237\u8eab\u4efd\u3002\u8fd9\u4e2a\u8fc7\u7a0b\u6d89\u53ca\u5230\u5bc6\u7801\u7f16\u7801\u5668( PasswordEncoder )\u7684\u4f7f\u7528,\u5b83\u7528\u4e8e\u5bf9\u7528\u6237\u8f93\u5165\u7684\u5bc6\u7801\u8fdb\u884c\u52a0\u5bc6\u5904\u7406,\u4ee5\u4fbf\u4e0e\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u7684\u52a0\u5bc6\u5bc6\u7801\u8fdb\u884c\u5339\u914d\u3002 <\/p>\n
@Bean
\npublic PasswordEncoder passwordEncoder() {
\n return new BCryptPasswordEncoder();
\n}<\/p>\n
\u5728\u8fd9\u4e2a\u4f8b\u5b50\u4e2d,\u6211\u4eec\u4f7f\u7528\u4e86 BCryptPasswordEncoder ,\u5b83\u662f\u4e00\u79cd\u5f3a\u54c8\u5e0c\u65b9\u6cd5,\u9002\u7528\u4e8e\u5c06\u7528\u6237\u5bc6\u7801\u4ee5\u52a0\u5bc6\u7684\u5f62\u5f0f\u5b58\u50a8\u5230\u6570\u636e\u5e93\u4e2d\u3002 <\/p>\n
\u5f53\u7528\u6237\u5c1d\u8bd5\u767b\u5f55\u65f6,\u8ba4\u8bc1\u7ba1\u7406\u5668\u4f1a\u8c03\u7528 UserDetailsService ,\u540e\u8005\u901a\u8fc7\u7528\u6237\u540d\u67e5\u8be2\u6570\u636e\u5e93\u5e76\u52a0\u8f7d\u7528\u6237\u8be6\u7ec6\u4fe1\u606f,\u5305\u62ec\u5bc6\u7801\u548c\u6743\u9650\u3002\u7136\u540e, PasswordEncoder \u5c06\u7528\u6237\u63d0\u4f9b\u7684\u5bc6\u7801\u8fdb\u884c\u52a0\u5bc6\u5e76\u4e0e\u6570\u636e\u5e93\u4e2d\u7684\u52a0\u5bc6\u5bc6\u7801\u8fdb\u884c\u5bf9\u6bd4\u3002\u5982\u679c\u5339\u914d,\u5219\u7528\u6237\u8ba4\u8bc1\u6210\u529f\u3002 <\/p>\n
\u4f5c\u7528\u57df(Scopes)\u5b9a\u4e49\u4e86\u4e00\u7ec4\u9884\u5b9a\u4e49\u7684\u6743\u9650,\u5ba2\u6237\u7aef\u5e94\u7528\u53ef\u4ee5\u8bf7\u6c42\u8fd9\u4e9b\u6743\u9650\u4ee5\u8bbf\u95ee\u7528\u6237\u8d44\u6e90\u3002\u4f5c\u7528\u57df\u662f\u6388\u6743\u8fc7\u7a0b\u4e2d\u7075\u6d3b\u6027\u548c\u7c92\u5ea6\u63a7\u5236\u7684\u6838\u5fc3\u3002\u672c\u8282\u5c06\u4ecb\u7ecd\u4f5c\u7528\u57df\u7684\u4f5c\u7528\u548c\u914d\u7f6e\u65b9\u5f0f,\u4ee5\u53ca\u4f5c\u7528\u57df\u4e0e\u6743\u9650\u4e4b\u95f4\u7684\u5173\u8054\u3002 <\/p>\n
\u4f5c\u7528\u57df\u4e3a\u5ba2\u6237\u7aef\u5e94\u7528\u63d0\u4f9b\u4e86\u4e00\u79cd\u65b9\u5f0f,\u6765\u58f0\u660e\u5176\u8bbf\u95ee\u7528\u6237\u8d44\u6e90\u6240\u9700\u7684\u5177\u4f53\u6743\u9650\u3002\u8fd9\u4e9b\u6743\u9650\u4f1a\u5728\u7528\u6237\u6388\u6743\u65f6\u8fdb\u884c\u5c55\u793a,\u5e76\u4e14\u4ec5\u5f53\u7528\u6237\u660e\u786e\u540c\u610f\u540e,\u5ba2\u6237\u7aef\u5e94\u7528\u624d\u80fd\u83b7\u5f97\u76f8\u5e94\u7684\u6743\u9650\u3002 <\/p>\n
\u5728Spring Security OAuth2\u4e2d,\u53ef\u4ee5\u901a\u8fc7\u914d\u7f6e\u6388\u6743\u670d\u52a1\u5668\u6765\u5b9a\u4e49\u4f5c\u7528\u57df,\u4ee5\u53ca\u5b83\u4eec\u4ee3\u8868\u7684\u6743\u9650: <\/p>\n
@Configuration
\n@EnableAuthorizationServer
\nprotected static class AuthServerConfig extends AuthorizationServerConfigurerAdapter {<\/p>\n
@Autowired
\n private AuthenticationManager authenticationManager;<\/p>\n
@Autowired
\n private UserDetailsService userDetailsService;<\/p>\n
@Override
\n public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
\n endpoints.authenticationManager(authenticationManager)
\n .userDetailsService(userDetailsService);
\n }<\/p>\n
@Override
\n public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
\n clients.inMemory()
\n .withClient("client-id")
\n .secret(passwordEncoder().encode("client-secret"))
\n .authorizedGrantTypes("authorization_code", "refresh_token", "password")
\n .scopes("read", "write", "trust")
\n .autoApprove(false);
\n }
\n}<\/p>\n
\u5728\u8fd9\u6bb5\u4ee3\u7801\u4e2d,\u6211\u4eec\u901a\u8fc7 AuthorizationServerConfigurerAdapter \u914d\u7f6e\u4e86\u6388\u6743\u670d\u52a1\u5668\u3002\u6211\u4eec\u5b9a\u4e49\u4e86\u4e00\u4e2a\u5ba2\u6237\u7aef\u5e94\u7528,\u5e76\u4e3a\u5176\u8bbe\u7f6e\u4e86\u4f5c\u7528\u57df\u3002\u8fd9\u4e9b\u4f5c\u7528\u57df\u5305\u62ec read \u3001 write \u548c trust \u3002 <\/p>\n
\u4f5c\u7528\u57df\u4e0e\u5b9e\u9645\u6743\u9650\u4e4b\u95f4\u7684\u5173\u8054\u901a\u5e38\u901a\u8fc7\u914d\u7f6e AuthorizationServerEndpointsConfigurer \u5b9e\u73b0\u3002\u5728\u4e0a\u8ff0\u793a\u4f8b\u4e2d, userDetailsService \u626e\u6f14\u4e86\u5173\u952e\u89d2\u8272,\u5b83\u8d1f\u8d23\u52a0\u8f7d\u7528\u6237\u7684\u6743\u9650\u4fe1\u606f,\u8fd9\u4e9b\u4fe1\u606f\u5c06\u4e0e\u8bf7\u6c42\u7684\u4f5c\u7528\u57df\u8fdb\u884c\u5339\u914d\u3002 <\/p>\n
@Override
\npublic void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
\n endpoints.authenticationManager(authenticationManager)
\n .userDetailsService(userDetailsService);
\n}<\/p>\n
\u5728\u8fd9\u90e8\u5206\u914d\u7f6e\u4e2d,\u5f53\u5ba2\u6237\u7aef\u5e94\u7528\u5c1d\u8bd5\u8bbf\u95ee\u53d7\u4fdd\u62a4\u7684\u8d44\u6e90\u65f6, userDetailsService \u4f1a\u6839\u636e\u7528\u6237\u7684\u8eab\u4efd\u4fe1\u606f\u52a0\u8f7d\u5176\u6743\u9650,\u5e76\u5c06\u5176\u4e0e\u5ba2\u6237\u7aef\u8bf7\u6c42\u7684\u4f5c\u7528\u57df\u8fdb\u884c\u6bd4\u8f83\u3002\u5982\u679c\u7528\u6237\u5177\u6709\u76f8\u5e94\u7684\u6743\u9650,\u8bf7\u6c42\u5c06\u88ab\u5141\u8bb8,\u5426\u5219\u5c06\u88ab\u62d2\u7edd\u3002 <\/p>\n
\u4f5c\u7528\u57df\u548c\u6743\u9650\u4e4b\u95f4\u7684\u8fd9\u79cd\u5173\u8054\u673a\u5236,\u4e3a\u5f00\u53d1\u8005\u63d0\u4f9b\u4e86\u9ad8\u5ea6\u7684\u7075\u6d3b\u6027\u548c\u63a7\u5236\u529b,\u4f7f\u5f97\u6388\u6743\u7b56\u7565\u53ef\u4ee5\u6839\u636e\u4e0d\u540c\u7684\u5e94\u7528\u573a\u666f\u8fdb\u884c\u5b9a\u5236\u3002 <\/p>\n
\u5728\u672c\u7ae0\u8282\u4e2d,\u6211\u4eec\u6df1\u5165\u63a2\u8ba8\u4e86\u5982\u4f55\u901a\u8fc7Spring Security OAuth2\u5b9e\u73b0\u7528\u6237\u8ba4\u8bc1\u673a\u5236\u548c\u4f5c\u7528\u57df\u7ba1\u7406\u3002\u901a\u8fc7\u5206\u6790\u914d\u7f6e UserDetailsService \u548c AuthorizationServerEndpointsConfigurer \u7684\u65b9\u5f0f,\u6211\u4eec\u4e86\u89e3\u5230\u7528\u6237\u8ba4\u8bc1\u548c\u4f5c\u7528\u57df\u5b9a\u4e49\u7684\u5177\u4f53\u5b9e\u73b0\u903b\u8f91\u3002\u8fd9\u4e9b\u73af\u8282\u662f\u6784\u5efa\u5b89\u5168\u7684OAuth2\u6388\u6743\u670d\u52a1\u5668\u4e0d\u53ef\u6216\u7f3a\u7684\u90e8\u5206,\u786e\u4fdd\u4e86\u7cfb\u7edf\u7684\u5b89\u5168\u6027\u548c\u7075\u6d3b\u6027\u3002 <\/p>\n
Spring Boot \u7684\u51fa\u73b0\u6781\u5927\u5730\u7b80\u5316\u4e86 Java \u5e94\u7528\u7684\u5f00\u53d1\u548c\u90e8\u7f72,\u800c\u4e0e\u6570\u636e\u5e93\u7684\u6574\u5408\u662f\u73b0\u4ee3\u5e94\u7528\u4e0d\u53ef\u6216\u7f3a\u7684\u90e8\u5206\u3002\u5728\u672c\u7ae0\u8282\u4e2d,\u6211\u4eec\u5c06\u63a2\u8ba8\u5982\u4f55\u5728\u4f7f\u7528 Spring Boot \u65f6\u5c06 MySQL \u6570\u636e\u5e93\u96c6\u6210\u5e94\u7528\u5230\u9879\u76ee\u4e2d\u3002\u6211\u4eec\u4f1a\u4ece\u9879\u76ee\u7ed3\u6784\u642d\u5efa\u5f00\u59cb,\u9010\u6b65\u6df1\u5165\u5230\u6570\u636e\u5e93\u8fde\u63a5\u914d\u7f6e,\u5b9e\u4f53\u7c7b\u6620\u5c04,\u4ee5\u53ca\u6570\u636e\u8bbf\u95ee\u5c42\u7684\u5b9e\u73b0\u3002 <\/p>\n
\u5f53\u4f7f\u7528 Maven \u4f5c\u4e3a\u6784\u5efa\u5de5\u5177\u65f6,\u6211\u4eec\u9700\u8981\u5728 pom.xml \u6587\u4ef6\u4e2d\u6dfb\u52a0\u4f9d\u8d56\u6765\u652f\u6301 Spring Boot \u548c MySQL \u7684\u6574\u5408\u3002Spring Boot \u63d0\u4f9b\u4e86\u8d77\u6b65\u4f9d\u8d56(starter),\u4f7f\u5f97\u4f9d\u8d56\u7684\u7ba1\u7406\u53d8\u5f97\u7b80\u5355\u3002 <\/p>\n
<dependencies>
\n <!– Spring Boot Web Starter –>
\n <dependency>
\n <groupId>org.springframework.boot<\/groupId>
\n <artifactId>spring-boot-starter-web<\/artifactId>
\n <\/dependency>
\n <!– Spring Boot Data JPA Starter –>
\n <dependency>
\n <groupId>org.springframework.boot<\/groupId>
\n <artifactId>spring-boot-starter-data-jpa<\/artifactId>
\n <\/dependency>
\n <!– MySQL Connector –>
\n <dependency>
\n <groupId>mysql<\/groupId>
\n <artifactId>mysql-connector-java<\/artifactId>
\n <scope>runtime<\/scope>
\n <\/dependency>
\n<\/dependencies><\/p>\n
\u4ee5\u4e0a\u4f9d\u8d56\u5305\u62ec Spring Web MVC\u3001Spring Data JPA \u548c MySQL \u9a71\u52a8\u3002\u5176\u4e2d, spring-boot-starter-web \u5305\u542b\u4e86\u6784\u5efa Web \u5e94\u7528\u6240\u9700\u7684\u5168\u90e8\u4f9d\u8d56, spring-boot-starter-data-jpa \u63d0\u4f9b\u4e86\u5bf9 JPA(Java Persistence API)\u7684\u652f\u6301,\u5e76\u4e14\u5305\u542b\u4e86 Hibernate \u7684\u4f9d\u8d56\u3002 mysql-connector-java \u662f MySQL \u8fde\u63a5\u5668,\u5b83\u7528\u4e8e\u5728\u8fd0\u884c\u65f6\u8fde\u63a5 MySQL \u6570\u636e\u5e93\u3002 <\/p>\n
Spring Boot \u63d0\u4f9b\u4e86\u81ea\u52a8\u914d\u7f6e\u548c\u5916\u90e8\u5316\u914d\u7f6e\u7684\u7279\u6027,\u8fd9\u610f\u5473\u7740\u4f60\u53ef\u4ee5\u901a\u8fc7\u5c5e\u6027\u6587\u4ef6\u8f7b\u677e\u914d\u7f6e\u6570\u636e\u5e93\u8fde\u63a5\u3002 <\/p>\n
\u5728 application.properties \u6216 application.yml \u6587\u4ef6\u4e2d\u6dfb\u52a0\u5982\u4e0b\u914d\u7f6e: <\/p>\n
# application.properties
\nspring.datasource.url=jdbc:mysql:\/\/localhost:3306\/your_database?useSSL=false&serverTimezone=UTC
\nspring.datasource.username=your_username
\nspring.datasource.password=your_password<\/p>\n
spring.jpa.hibernate.ddl-auto=update
\nspring.jpa.show-sql=true
\nspring.jpa.properties.hibernate.dialect=org.hibernate.dialect.MySQL5InnoDBDialect<\/p>\n
\u8fd9\u4e9b\u914d\u7f6e\u9879\u6307\u5b9a\u4e86\u6570\u636e\u5e93\u7684 URL\u3001\u7528\u6237\u540d\u548c\u5bc6\u7801\u3002 spring.jpa.hibernate.ddl-auto \u8bbe\u7f6e\u4e86 Hibernate \u7684\u64cd\u4f5c\u6a21\u5f0f, update \u6a21\u5f0f\u4f1a\u5728\u5e94\u7528\u542f\u52a8\u65f6\u81ea\u52a8\u66f4\u65b0\u6570\u636e\u5e93\u7ed3\u6784,\u8fd9\u5728\u5f00\u53d1\u8fc7\u7a0b\u4e2d\u975e\u5e38\u65b9\u4fbf\u3002 spring.jpa.show-sql \u8bbe\u7f6e\u4e3a true \u65f6,Hibernate \u4f1a\u5728\u63a7\u5236\u53f0\u6253\u5370\u51fa\u751f\u6210\u7684 SQL \u8bed\u53e5,\u4fbf\u4e8e\u8c03\u8bd5\u3002 <\/p>\n
\u5728 Spring Data JPA \u4e2d,\u5b9e\u4f53\u7c7b\u4e0e\u6570\u636e\u5e93\u8868\u7684\u6620\u5c04\u662f\u901a\u8fc7\u6ce8\u89e3\u6765\u5b9e\u73b0\u7684\u3002\u9996\u5148,\u6211\u4eec\u5b9a\u4e49\u4e00\u4e2a\u5b9e\u4f53\u7c7b\u6765\u8868\u793a\u6570\u636e\u5e93\u4e2d\u7684\u8868\u3002 <\/p>\n
import javax.persistence.Entity;
\nimport javax.persistence.Id;<\/p>\n
@Entity
\npublic class User {
\n @Id
\n private Long id;
\n private String username;
\n private String password;
\n \/\/ Getters and setters
\n}<\/p>\n
\u5728\u4e0a\u8ff0\u4ee3\u7801\u4e2d, @Entity \u6ce8\u89e3\u6807\u8bb0\u4e86\u8be5\u7c7b\u4e3a\u4e00\u4e2a\u5b9e\u4f53\u7c7b,\u5e76\u4e14\u4e0e\u6570\u636e\u5e93\u4e2d\u7684\u67d0\u5f20\u8868\u76f8\u5bf9\u5e94\u3002 @Id \u6ce8\u89e3\u8868\u793a id \u5b57\u6bb5\u662f\u8be5\u5b9e\u4f53\u7684\u4e3b\u952e\u3002 <\/p>\n
\u6570\u636e\u8bbf\u95ee\u5c42\u901a\u5e38\u4f7f\u7528 Spring Data JPA \u63d0\u4f9b\u7684 JpaRepository \u63a5\u53e3\u6765\u5b9e\u73b0\u3002\u901a\u8fc7\u7ee7\u627f JpaRepository ,\u6211\u4eec\u53ef\u4ee5\u5f97\u5230\u5f88\u591a\u9884\u5b9a\u4e49\u7684\u65b9\u6cd5,\u5982 findAll() , findById() , save() , \u548c delete() \u7b49\u3002 <\/p>\n
import org.springframework.data.jpa.repository.JpaRepository;<\/p>\n
public interface UserRepository extends JpaRepository<User, Long> {
\n}<\/p>\n
\u5728\u8fd9\u91cc,\u6211\u4eec\u5b9a\u4e49\u4e86\u4e00\u4e2a\u63a5\u53e3 UserRepository \u7ee7\u627f\u4e86 JpaRepository \u3002Spring Data JPA \u5c06\u81ea\u52a8\u4e3a\u6211\u4eec\u63d0\u4f9b UserRepository \u63a5\u53e3\u7684\u5b9e\u73b0,\u6211\u4eec\u65e0\u9700\u624b\u52a8\u7f16\u5199\u5b9e\u73b0\u4ee3\u7801\u3002\u8fd9\u6837,\u6211\u4eec\u5c31\u53ef\u4ee5\u76f4\u63a5\u5728\u6211\u4eec\u7684\u670d\u52a1\u5c42\u4ee3\u7801\u4e2d\u6ce8\u5165 UserRepository \u5e76\u4f7f\u7528\u5b83\u3002 <\/p>\n
\u901a\u8fc7\u8fd9\u79cd\u6a21\u5f0f,Spring Boot \u548c MySQL \u7684\u6574\u5408\u53d8\u5f97\u7b80\u5355\u5feb\u6377,\u5927\u5927\u964d\u4f4e\u4e86\u6570\u636e\u5e93\u64cd\u4f5c\u7684\u590d\u6742\u6027,\u540c\u65f6\u4fdd\u7559\u4e86\u5f3a\u5927\u7684\u529f\u80fd\u548c\u7075\u6d3b\u6027\u3002\u5728\u4e0b\u4e00\u7ae0\u8282\u4e2d,\u6211\u4eec\u5c06\u7ee7\u7eed\u63a2\u8ba8 OAuth2 \u4ee4\u724c\u7684\u751f\u6210\u4e0e\u7ba1\u7406,\u6df1\u5165\u7406\u89e3\u5176\u5728\u73b0\u4ee3\u5e94\u7528\u4e2d\u7684\u4f5c\u7528\u548c\u914d\u7f6e\u7ec6\u8282\u3002 <\/p>\n
OAuth2 \u534f\u8bae\u7684\u4e00\u4e2a\u6838\u5fc3\u90e8\u5206\u662f\u8bbf\u95ee\u4ee4\u724c(Access Tokens)\u7684\u751f\u6210\u548c\u7ba1\u7406,\u5b83\u5141\u8bb8\u5ba2\u6237\u7aef\u8bbf\u95ee\u8d44\u6e90\u670d\u52a1\u5668\u4e0a\u7684\u8d44\u6e90\u3002\u4e3a\u4e86\u5b9e\u73b0\u8fd9\u4e00\u70b9,\u9700\u8981\u8be6\u7ec6\u7406\u89e3\u4ee4\u724c\u7684\u751f\u6210\u7b56\u7565\u3001\u6301\u4e45\u5316\u5b58\u50a8,\u4ee5\u53ca\u5237\u65b0\u4ee4\u724c(Refresh Tokens)\u7684\u4f7f\u7528\u548c\u5b89\u5168\u8003\u8651\u3002 <\/p>\n
\u8bbf\u95ee\u4ee4\u724c\u662f\u5ba2\u6237\u7aef\u8bbf\u95ee\u53d7\u4fdd\u62a4\u8d44\u6e90\u7684\u51ed\u8bc1,\u5b83\u901a\u8fc7\u6388\u6743\u670d\u52a1\u5668\u8fdb\u884c\u751f\u6210\u3002\u4ee4\u724c\u7684\u751f\u6210\u7b56\u7565\u901a\u5e38\u5305\u542b\u4ee5\u4e0b\u6b65\u9aa4: <\/p>\n
Spring Security OAuth2 \u63d0\u4f9b\u4e86 DefaultTokenServices \u7c7b\u6765\u5904\u7406\u4ee4\u724c\u7684\u751f\u6210,\u53ef\u4ee5\u901a\u8fc7\u4ee5\u4e0b\u914d\u7f6e\u6765\u6307\u5b9a\u4ee4\u724c\u7684\u751f\u6210\u7b56\u7565: <\/p>\n
@Bean
\npublic AuthorizationServerTokenServices tokenServices() {
\n DefaultTokenServices services = new DefaultTokenServices();
\n services.setSupportRefreshToken(true);
\n services.setTokenStore(tokenStore());
\n \/\/ \u8bbe\u7f6e\u8bbf\u95ee\u4ee4\u724c\u7684\u9ed8\u8ba4\u751f\u547d\u5468\u671f
\n services.setAccessTokenValiditySeconds(3600);
\n \/\/ \u8bbe\u7f6e\u5237\u65b0\u4ee4\u724c\u7684\u9ed8\u8ba4\u751f\u547d\u5468\u671f
\n services.setRefreshTokenValiditySeconds(259200);
\n return services;
\n}<\/p>\n
\u751f\u6210\u7684\u4ee4\u724c\u9700\u8981\u6301\u4e45\u5316\u5b58\u50a8,\u4ee5\u4fbf\u6388\u6743\u670d\u52a1\u5668\u80fd\u591f\u9a8c\u8bc1\u4ee4\u724c\u7684\u6709\u6548\u6027\u3002Spring Security OAuth2 \u652f\u6301\u591a\u79cd\u4ee4\u724c\u5b58\u50a8\u673a\u5236,\u4f8b\u5982\u5185\u5b58\u3001JWT\u3001JDBC \u7b49\u3002 <\/p>\n
\u4ee5\u4f7f\u7528 JDBC \u5b58\u50a8\u4ee4\u724c\u4e3a\u4f8b,\u6211\u4eec\u9700\u8981\u914d\u7f6e\u4e00\u4e2a JdbcTokenStore ,\u5e76\u8bbe\u7f6e\u6570\u636e\u5e93\u8fde\u63a5\u4fe1\u606f: <\/p>\n
@Bean
\npublic TokenStore tokenStore() {
\n return new JdbcTokenStore(dataSource());
\n}<\/p>\n
@Bean
\npublic DataSource dataSource() {
\n \/\/ \u914d\u7f6e\u6570\u636e\u5e93\u8fde\u63a5,\u8fd9\u91cc\u4ee5 H2 \u6570\u636e\u5e93\u4e3a\u4f8b
\n BasicDataSource dataSource = new BasicDataSource();
\n dataSource.setDriverClassName("org.h2.Driver");
\n dataSource.setUrl("jdbc:h2:mem:testdb;DB_CLOSE_DELAY=-1");
\n dataSource.setUsername("sa");
\n dataSource.setPassword("");
\n return dataSource;
\n}<\/p>\n
\u786e\u4fdd\u6570\u636e\u5e93\u8fde\u63a5\u914d\u7f6e\u6b63\u786e,\u5e76\u4e14\u6570\u636e\u5e93\u4e2d\u5b58\u5728 OAuth \u76f8\u5173\u7684\u8868\u7ed3\u6784\u3002 <\/p>\n
\u5237\u65b0\u4ee4\u724c\u5141\u8bb8\u5ba2\u6237\u7aef\u5728\u8bbf\u95ee\u4ee4\u724c\u8fc7\u671f\u540e,\u4e0d\u91cd\u65b0\u5411\u7528\u6237\u8bf7\u6c42\u6388\u6743\u5373\u53ef\u83b7\u53d6\u65b0\u7684\u8bbf\u95ee\u4ee4\u724c\u3002\u5237\u65b0\u4ee4\u724c\u7684\u5de5\u4f5c\u539f\u7406\u5982\u4e0b: <\/p>\n
\u5728 Spring Security OAuth2 \u4e2d, DefaultTokenServices \u9ed8\u8ba4\u652f\u6301\u5237\u65b0\u4ee4\u724c\u7684\u4f7f\u7528,\u53ea\u9700\u8981\u914d\u7f6e\u597d\u5237\u65b0\u4ee4\u724c\u7684\u6709\u6548\u671f\u5373\u53ef\u3002 <\/p>\n
\u7531\u4e8e\u5237\u65b0\u4ee4\u724c\u5177\u6709\u8f83\u957f\u7684\u751f\u547d\u5468\u671f,\u5e76\u4e14\u80fd\u591f\u5728\u4e0d\u4e0e\u7528\u6237\u4ea4\u4e92\u7684\u60c5\u51b5\u4e0b\u83b7\u53d6\u65b0\u7684\u8bbf\u95ee\u4ee4\u724c,\u56e0\u6b64\u5fc5\u987b\u786e\u4fdd\u5176\u5b89\u5168\u3002 <\/p>\n
\/\/ \u4e3a DefaultTokenServices \u6dfb\u52a0\u5237\u65b0\u4ee4\u724c\u7ea6\u675f
\nservices.setSupportRefreshToken(true);
\nservices.setReuseRefreshToken(false); \/\/ \u786e\u4fdd\u6bcf\u6b21\u8bf7\u6c42\u5237\u65b0\u4ee4\u724c\u90fd\u751f\u6210\u65b0\u7684\u4ee4\u724c<\/p>\n
\u5728\u914d\u7f6e\u5237\u65b0\u4ee4\u724c\u65f6,\u9700\u8981\u8003\u8651\u5230\u8fd9\u4e9b\u5b89\u5168\u56e0\u7d20,\u786e\u4fdd\u7cfb\u7edf\u5b89\u5168\u7684\u540c\u65f6,\u4e5f\u4fdd\u8bc1\u7528\u6237\u4f53\u9a8c\u7684\u6d41\u7545\u6027\u3002 <\/p>\n
\u4ee5\u4e0a\u7ae0\u8282\u5185\u5bb9\u8be6\u7ec6\u89e3\u6790\u4e86 OAuth2 \u4ee4\u724c\u7684\u751f\u6210\u548c\u7ba1\u7406,\u6db5\u76d6\u4e86\u4ee4\u724c\u751f\u6210\u7b56\u7565\u3001\u6301\u4e45\u5316\u5b58\u50a8\u65b9\u6cd5\u3001\u5237\u65b0\u4ee4\u724c\u7684\u4f7f\u7528\u4ee5\u53ca\u5b89\u5168\u8003\u91cf\u3002\u8fd9\u4e9b\u77e5\u8bc6\u5bf9\u4e8e\u7406\u89e3\u548c\u5b9e\u65bd OAuth2 \u534f\u8bae\u81f3\u5173\u91cd\u8981,\u5e76\u4e3a\u540e\u7eed\u7ae0\u8282\u4e2d\u5bf9\u7528\u6237\u8ba4\u8bc1\u903b\u8f91\u548c\u5b89\u5168\u914d\u7f6e\u7684\u6df1\u5165\u8ba8\u8bba\u63d0\u4f9b\u4e86\u575a\u5b9e\u7684\u57fa\u7840\u3002 <\/p>\n
\u672c\u6587\u8fd8\u6709\u914d\u5957\u7684\u7cbe\u54c1\u8d44\u6e90,\u70b9\u51fb\u83b7\u53d6 <\/p>\n
\u7b80\u4ecb:\u5728Web\u5e94\u7528\u5f00\u53d1\u4e2d,\u4fdd\u62a4API\u7684\u5b89\u5168\u6027\u81f3\u5173\u91cd\u8981\u3002Spring Security OAuth2\u4e3aJava\u5f00\u53d1\u8005\u63d0\u4f9b\u4e86\u4e00\u4e2a\u5f3a\u5927\u7684\u5b89\u5168\u6846\u67b6,\u7528\u4e8e\u6784\u5efa\u6388\u6743\u670d\u52a1\u5668,\u786e\u4fddAPI\u7684\u5b89\u5168\u8bbf\u95ee\u3002\u672c\u9879\u76ee\u8be6\u7ec6\u6307\u5bfc\u5982\u4f55\u4f7f\u7528Spring Security OAuth2\u521b\u5efa\u6388\u6743\u670d\u52a1\u5668,\u540c\u65f6\u6db5\u76d6\u4e86\u6388\u6743\u670d\u52a1\u5668\u3001\u8d44\u6e90\u670d\u52a1\u5668\u3001\u5ba2\u6237\u7aef\u914d\u7f6e\u548c\u7528\u6237\u6388\u6743\u7b49\u6838\u5fc3\u7ec4\u4ef6,\u65e8\u5728\u5e2e\u52a9\u5f00\u53d1\u8005\u7406\u89e3\u548c\u5e94\u7528OAuth2\u6807\u51c6,\u786e\u4fdd\u7528\u6237\u6570\u636e\u7684\u5b89\u5168\u6027\u5e76\u63d0\u5347\u5e94\u7528\u7684\u5b89\u5168\u6027\u3002 <\/p>\n
\u672c\u6587\u8fd8\u6709\u914d\u5957\u7684\u7cbe\u54c1\u8d44\u6e90,\u70b9\u51fb\u83b7\u53d6 <\/p><\/p>\n","protected":false},"excerpt":{"rendered":"
\u6587\u7ae0\u6d4f\u89c8\u9605\u8bfb881\u6b21\uff0c\u70b9\u8d5e23\u6b21\uff0c\u6536\u85cf27\u6b21\u3002Spring Security OAuth2 \u662f\u4e00\u4e2a\u5f00\u6e90\u7684\u5b89\u5168\u6846\u67b6\uff0c\u7528\u4e8e\u4e3a\u5e94\u7528\u6dfb\u52a0\u8ba4\u8bc1\u6388\u6743\u529f\u80fd\uff0c\u7279\u522b\u662f\u7528\u4e8e\u652f\u6301OAuth2\u534f\u8bae\u3002\u5b83\u4e0eSpring Security\u7d27\u5bc6\u96c6\u6210\uff0c\u63d0\u4f9b\u4e86\u4e00\u79cd\u5b89\u5168\u7684\u65b9\u5f0f\u6765\u4fdd\u62a4Web\u8d44\u6e90\uff0c\u4f7f\u5f97\u6211\u4eec\u53ef\u4ee5\u8f7b\u677e\u5730\u4e3a\u5e94\u7528\u7a0b\u5e8f\u6784\u5efa\u5b89\u5168\u7684API\u63a5\u53e3\u3002OAuth2 \u662f\u4e00\u4e2a\u5de5\u4e1a\u6807\u51c6\u7684\u6388\u6743\u534f\u8bae\uff0c\u5b83\u5141\u8bb8\u5e94\u7528\u83b7\u53d6\u7528\u6237\u7684\u6709\u9650\u6388\u6743\uff0c\u5e76\u4f7f\u7528\u8fd9\u4e9b\u6388\u6743\u4ee3\u8868\u7528\u6237\u83b7\u53d6\u8bbf\u95ee\u4ee4\u724c\u6765\u8bbf\u95ee\u670d\u52a1\u3002\u5728Spring Security OAuth2\u4e2d\uff0c\u5ba2\u6237\u7aef\u7684\u5b9a\u4e49\u4e0e\u914d\u7f6e\u662f\u6784\u5efaOAuth2\u751f\u6001\u7cfb\u7edf\u7684\u4e00\u4e2a\u91cd\u8981\u73af\u8282\u3002_auth2<\/p>\n","protected":false},"author":2,"featured_media":38678,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"topic":[],"class_list":["post-38680","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-server"],"yoast_head":"\n