\u5b8c\u5168\u652f\u6301OAuth 2.1\u548cOpenID Connect 1.0<\/p>\n<\/li>\n
\u6a21\u5757\u5316\u8bbe\u8ba1,\u6613\u4e8e\u6269\u5c55\u548c\u5b9a\u5236<\/p>\n<\/li>\n
\u5185\u7f6e\u591a\u79cd\u6388\u6743\u6a21\u5f0f\u652f\u6301<\/p>\n<\/li>\n
\u4e0eSpring\u751f\u6001\u7cfb\u7edf\u65e0\u7f1d\u96c6\u6210<\/p>\n<\/li>\n<\/ul>\n
\u5b98\u65b9\u8d44\u6e90:<\/p>\n
- \n
- \n
\u5b98\u7f51:https:\/\/spring.io\/projects\/spring-authorization-server<\/p>\n<\/li>\n
- \n
\u7248\u672c\u8981\u6c42:<\/p>\n
- \n
- \n
Spring Authorization Server: 1.1.2+<\/p>\n<\/li>\n
- \n
JDK: 17+<\/p>\n<\/li>\n
- \n
Spring Boot: 3.1.4+<\/p>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n
1.2 \u4e3a\u4ec0\u4e48\u9700\u8981Spring Authorization Server<\/h4>\n
\u968f\u7740\u7f51\u7edc\u548c\u8bbe\u5907\u7684\u53d1\u5c55,\u539f\u6709\u7684OAuth 2.0\u534f\u8bae\u5df2\u65e0\u6cd5\u6ee1\u8db3\u73b0\u4ee3\u5e94\u7528\u7684\u5b89\u5168\u9700\u6c42\u3002OAuth\u793e\u533a\u63a8\u51fa\u4e86OAuth 2.1\u534f\u8bae,\u5bf9\u539f\u6709\u6388\u6743\u6a21\u5f0f\u8fdb\u884c\u4e86\u4f18\u5316\u548c\u8c03\u6574:<\/p>\n
- \n
- \n
\u79fb\u9664\u4e86\u5bc6\u7801\u6a21\u5f0f(password)\u548c\u7b80\u5316\u6a21\u5f0f(implicit)<\/p>\n<\/li>\n
- \n
\u589e\u52a0\u4e86\u8bbe\u5907\u6388\u6743\u7801\u6a21\u5f0f<\/p>\n<\/li>\n
- \n
\u4e3a\u6388\u6743\u7801\u6a21\u5f0f\u589e\u52a0\u4e86PKCE\u6269\u5c55<\/p>\n<\/li>\n<\/ul>\n
Spring Security\u56e2\u961f\u56e0\u6b64\u91cd\u65b0\u5f00\u53d1\u4e86Spring Authorization Server,\u4ee5\u66ff\u4ee3\u539f\u6709\u7684Spring Security OAuth 2.0\u9879\u76ee\u3002<\/p>\n
\u4e8c\u3001OAuth 2.0\u534f\u8bae\u8be6\u89e3<\/h3>\n
2.1 OAuth 2.0\u6838\u5fc3\u6982\u5ff5<\/h4>\n
\u56db\u4e2a\u5173\u952e\u89d2\u8272:<\/p>\n
- \n
\u5ba2\u6237\u7aef(Client):\u7b2c\u4e09\u65b9\u5e94\u7528,\u8bf7\u6c42\u8bbf\u95ee\u7528\u6237\u8d44\u6e90<\/p>\n<\/li>\n
- \n
\u8d44\u6e90\u670d\u52a1\u5668(Resource Server):\u5b58\u50a8\u53d7\u4fdd\u62a4\u8d44\u6e90\u7684\u670d\u52a1\u5668<\/p>\n<\/li>\n
- \n
\u8d44\u6e90\u6240\u6709\u8005(Resource Owner):\u62e5\u6709\u8d44\u6e90\u7684\u7528\u6237<\/p>\n<\/li>\n
- \n
\u6388\u6743\u670d\u52a1\u5668(Authorization Server):\u9a8c\u8bc1\u7528\u6237\u8eab\u4efd\u5e76\u9881\u53d1\u4ee4\u724c<\/p>\n<\/li>\n
2.2 OAuth 2.0\u5de5\u4f5c\u6d41\u7a0b<\/h4>\n
![\"\"](\"https:\/\/www.wsisp.com\/helps\/wp-content\/uploads\/2026\/02\/20260205182457-6984e0795e9fe.png\")
<\/p>\n\u4ee4\u724c(Token)\u4e0e\u5bc6\u7801(Password)\u7684\u533a\u522b:<\/p>\n
- \n
- \n
\u4ee4\u724c\u662f\u77ed\u671f\u7684,\u5230\u671f\u81ea\u52a8\u5931\u6548<\/p>\n<\/li>\n
- \n
\u4ee4\u724c\u53ef\u4ee5\u88ab\u8d44\u6e90\u6240\u6709\u8005\u968f\u65f6\u64a4\u9500<\/p>\n<\/li>\n
- \n
\u4ee4\u724c\u6709\u6743\u9650\u8303\u56f4(scope),\u5bc6\u7801\u62e5\u6709\u5b8c\u6574\u6743\u9650<\/p>\n<\/li>\n<\/ul>\n
2.3 OAuth 2.0\u5e94\u7528\u573a\u666f<\/h4>\n
- \n
\u793e\u4ea4\u5a92\u4f53\u767b\u5f55:\u4f7f\u7528\u5fae\u4fe1\u3001QQ\u7b49\u7b2c\u4e09\u65b9\u8d26\u53f7\u767b\u5f55<\/p>\n<\/li>\n
- \n
\u7b2c\u4e09\u65b9\u5e94\u7528\u96c6\u6210:\u5e94\u7528\u95f4\u6570\u636e\u5171\u4eab\u548cAPI\u8c03\u7528<\/p>\n<\/li>\n
- \n
\u79fb\u52a8\u5e94\u7528\u8bbf\u95eeAPI:\u79fb\u52a8\u7aef\u5e94\u7528\u8bbf\u95ee\u540e\u7aef\u670d\u52a1<\/p>\n<\/li>\n
- \n
\u4e91\u670d\u52a1\u6388\u6743:\u8bbf\u95eeGoogle Drive\u3001Dropbox\u7b49\u4e91\u5b58\u50a8<\/p>\n<\/li>\n
- \n
IoT\u8bbe\u5907\u8bbf\u95ee:\u7269\u8054\u7f51\u8bbe\u5907\u5b89\u5168\u8bbf\u95ee\u4e91\u670d\u52a1<\/p>\n<\/li>\n
2.4 OAuth 2.0\u6388\u6743\u6a21\u5f0f<\/h4>\n
2.4.1 \u5ba2\u6237\u7aef\u6a21\u5f0f(Client Credentials Grant)<\/h5>\n
text<\/p>\n
\u9002\u7528\u4e8e:\u670d\u52a1\u7aef\u5e94\u7528\u95f4\u7684\u901a\u4fe1
\n\u6d41\u7a0b:\u5ba2\u6237\u7aef\u76f4\u63a5\u4f7f\u7528client_id\u548cclient_secret\u83b7\u53d6\u4ee4\u724c <\/p>\n\u8bf7\u6c42\u793a\u4f8b:<\/p>\n
text<\/p>\n
POST \/oauth2\/token
\ngrant_type=client_credentials
\n&client_id=CLIENT_ID
\n&client_secret=CLIENT_SECRET <\/p>\n2.4.2 \u5bc6\u7801\u6a21\u5f0f(Resource Owner Password Credentials Grant)<\/h5>\n
text<\/p>\n
\u9002\u7528\u4e8e:\u9ad8\u5ea6\u4fe1\u4efb\u7684\u5185\u90e8\u5e94\u7528
\n\u6d41\u7a0b:\u7528\u6237\u63d0\u4f9b\u7528\u6237\u540d\u5bc6\u7801,\u5ba2\u6237\u7aef\u4ee3\u7406\u83b7\u53d6\u4ee4\u724c
\n\u6ce8\u610f:OAuth 2.1\u4e2d\u5df2\u79fb\u9664\u6b64\u6a21\u5f0f <\/p>\n\u8bf7\u6c42\u793a\u4f8b:<\/p>\n
text<\/p>\n
POST \/oauth2\/token
\ngrant_type=password
\n&username=USERNAME
\n&password=PASSWORD
\n&client_id=CLIENT_ID
\n&client_secret=CLIENT_SECRET <\/p>\n2.4.3 \u6388\u6743\u7801\u6a21\u5f0f(Authorization Code Grant)<\/h5>\n
text<\/p>\n
\u9002\u7528\u4e8e:Web\u5e94\u7528\u3001\u79fb\u52a8\u5e94\u7528
\n\u6d41\u7a0b:\u901a\u8fc7\u6388\u6743\u7801\u4e2d\u95f4\u6b65\u9aa4,\u5b89\u5168\u6027\u6700\u9ad8 <\/p>\n\u6d41\u7a0b\u6b65\u9aa4:<\/p>\n
- \n
\u5ba2\u6237\u7aef\u5f15\u5bfc\u7528\u6237\u5230\u6388\u6743\u670d\u52a1\u5668<\/p>\n<\/li>\n
- \n
\u7528\u6237\u767b\u5f55\u5e76\u6388\u6743<\/p>\n<\/li>\n
- \n
\u6388\u6743\u670d\u52a1\u5668\u8fd4\u56de\u6388\u6743\u7801<\/p>\n<\/li>\n
- \n
\u5ba2\u6237\u7aef\u4f7f\u7528\u6388\u6743\u7801\u4ea4\u6362\u4ee4\u724c<\/p>\n<\/li>\n
\u8bf7\u6c42\u793a\u4f8b:<\/p>\n
text<\/p>\n
# 1. \u83b7\u53d6\u6388\u6743\u7801
\nGET \/oauth2\/authorize?
\nresponse_type=code
\n&client_id=CLIENT_ID
\n&redirect_uri=CALLBACK_URL
\n&scope=read<\/p>\n# 2. \u4f7f\u7528\u6388\u6743\u7801\u83b7\u53d6\u4ee4\u724c
\nPOST \/oauth2\/token
\ngrant_type=authorization_code
\n&code=AUTHORIZATION_CODE
\n&client_id=CLIENT_ID
\n&client_secret=CLIENT_SECRET
\n&redirect_uri=CALLBACK_URL <\/p>\n2.4.4 \u7b80\u5316\u6a21\u5f0f(Implicit Grant)<\/h5>\n
text<\/p>\n
\u9002\u7528\u4e8e:\u5355\u9875\u5e94\u7528(SPA)
\n\u6d41\u7a0b:\u76f4\u63a5\u8fd4\u56de\u4ee4\u724c,\u8df3\u8fc7\u6388\u6743\u7801\u6b65\u9aa4
\n\u6ce8\u610f:OAuth 2.1\u4e2d\u5df2\u79fb\u9664\u6b64\u6a21\u5f0f <\/p>\n2.4.5 \u5237\u65b0\u4ee4\u724c\u6a21\u5f0f(Refresh Token Grant)<\/h5>\n
text<\/p>\n
\u9002\u7528\u4e8e:\u4ee4\u724c\u7eed\u671f
\n\u6d41\u7a0b:\u4f7f\u7528refresh_token\u83b7\u53d6\u65b0\u7684access_token <\/p>\n\u8bf7\u6c42\u793a\u4f8b:<\/p>\n
text<\/p>\n
POST \/oauth2\/token
\ngrant_type=refresh_token
\n&client_id=CLIENT_ID
\n&client_secret=CLIENT_SECRET
\n&refresh_token=REFRESH_TOKEN <\/p>\n\u4e09\u3001OAuth 2.1\u534f\u8bae\u65b0\u7279\u6027<\/h3>\n
3.1 \u6388\u6743\u7801\u6a21\u5f0f+PKCE\u6269\u5c55<\/h4>\n
PKCE(Proof Key for Code Exchange)\u7528\u4e8e\u9632\u6b62\u6388\u6743\u7801\u88ab\u62e6\u622a\u653b\u51fb:<\/p>\n
\u5de5\u4f5c\u6d41\u7a0b:<\/p>\n
- \n
\u5ba2\u6237\u7aef\u751f\u6210code_verifier\u548ccode_challenge<\/p>\n<\/li>\n
- \n
\u6388\u6743\u8bf7\u6c42\u65f6\u53d1\u9001code_challenge<\/p>\n<\/li>\n
- \n
\u4ea4\u6362\u4ee4\u724c\u65f6\u53d1\u9001code_verifier<\/p>\n<\/li>\n
- \n
\u670d\u52a1\u5668\u9a8c\u8bc1\u4e24\u8005\u5339\u914d\u5173\u7cfb<\/p>\n<\/li>\n
3.2 \u8bbe\u5907\u6388\u6743\u7801\u6a21\u5f0f<\/h4>\n
\u9002\u7528\u4e8e\u667a\u80fd\u7535\u89c6\u3001\u6253\u5370\u673a\u7b49\u8f93\u5165\u53d7\u9650\u8bbe\u5907:<\/p>\n
\u5de5\u4f5c\u6d41\u7a0b:<\/p>\n
- \n
\u8bbe\u5907\u8bf7\u6c42\u8bbe\u5907\u7801\u548c\u7528\u6237\u7801<\/p>\n<\/li>\n
- \n
\u7528\u6237\u5728\u53e6\u4e00\u8bbe\u5907\u8bbf\u95ee\u9a8c\u8bc1\u9875\u9762\u8f93\u5165\u7528\u6237\u7801<\/p>\n<\/li>\n
- \n
\u8bbe\u5907\u8f6e\u8be2\u83b7\u53d6\u4ee4\u724c<\/p>\n<\/li>\n
3.3 \u62d3\u5c55\u6388\u6743\u6a21\u5f0f<\/h4>\n
\u867d\u7136OAuth 2.1\u79fb\u9664\u4e86\u5bc6\u7801\u6a21\u5f0f,\u4f46\u53ef\u901a\u8fc7\u62d3\u5c55\u6388\u6743\u6a21\u5f0f\u5b9e\u73b0\u7c7b\u4f3c\u529f\u80fd\u3002<\/p>\n
\u56db\u3001OpenID Connect 1.0\u534f\u8bae<\/h3>\n
OpenID Connect\u662f\u5efa\u7acb\u5728OAuth 2.0\u4e4b\u4e0a\u7684\u8eab\u4efd\u5c42,\u4e3b\u8981\u589e\u52a0\u4e86id_token:<\/p>\n
\u6838\u5fc3\u7279\u6027:<\/p>\n
- \n
- \n
\u57fa\u4e8eJWT\u683c\u5f0f\u7684id_token<\/p>\n<\/li>\n
- \n
\u7528\u6237\u4fe1\u606f\u7aef\u70b9(UserInfo Endpoint)<\/p>\n<\/li>\n
- \n
\u6807\u51c6\u5316\u58f0\u660e(Claims)<\/p>\n<\/li>\n<\/ul>\n
id_token\u793a\u4f8b:<\/p>\n
json<\/p>\n
{
\n "iss": "https:\/\/server.example.com",
\n "sub": "24400320",
\n "aud": "s6BhdRkqt3",
\n "exp": 1311281970,
\n "iat": 1311280970,
\n "auth_time": 1311280969,
\n "nonce": "n-0S6_WzA2Mj"
\n} <\/p>\n\u4e94\u3001Spring Authorization Server\u5b9e\u6218<\/h3>\n
5.1 \u6388\u6743\u670d\u52a1\u5668\u642d\u5efa<\/h4>\n
5.1.1 \u9879\u76ee\u4f9d\u8d56<\/h5>\n
xml<\/p>\n
<dependency>
\n <groupId>org.springframework.boot<\/groupId>
\n <artifactId>spring-boot-starter-oauth2-authorization-server<\/artifactId>
\n<\/dependency> <\/p>\n5.1.2 \u6838\u5fc3\u914d\u7f6e\u7c7b<\/h5>\n
java<\/p>\n
@Configuration
\n@EnableWebSecurity
\npublic class SecurityConfig {<\/p>\n\/\/ \u6388\u6743\u670d\u52a1\u5668\u5b89\u5168\u8fc7\u6ee4\u5668\u94fe
\n @Bean
\n @Order(1)
\n public SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http)
\n throws Exception {
\n OAuth2AuthorizationServerConfiguration.applyDefaultSecurity(http);
\n http
\n .getConfigurer(OAuth2AuthorizationServerConfigurer.class)
\n .oidc(Customizer.withDefaults()); \/\/ \u5f00\u542fOpenID Connect
\n return http.build();
\n }<\/p>\n\/\/ \u9ed8\u8ba4\u5b89\u5168\u8fc7\u6ee4\u5668\u94fe
\n @Bean
\n @Order(2)
\n public SecurityFilterChain defaultSecurityFilterChain(HttpSecurity http)
\n throws Exception {
\n http
\n .authorizeHttpRequests(authorize -> authorize
\n .anyRequest().authenticated()
\n )
\n .formLogin(Customizer.withDefaults());
\n return http.build();
\n }<\/p>\n\/\/ \u7528\u6237\u4fe1\u606f\u670d\u52a1
\n @Bean
\n public UserDetailsService userDetailsService() {
\n UserDetails userDetails = User.withDefaultPasswordEncoder()
\n .username("fox")
\n .password("123456")
\n .roles("USER")
\n .build();
\n return new InMemoryUserDetailsManager(userDetails);
\n }<\/p>\n\/\/ \u5ba2\u6237\u7aef\u6ce8\u518c\u4fe1\u606f
\n @Bean
\n public RegisteredClientRepository registeredClientRepository() {
\n RegisteredClient oidcClient = RegisteredClient.withId(UUID.randomUUID().toString())
\n .clientId("oidc-client")
\n .clientSecret("{noop}secret")
\n .clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_BASIC)
\n .authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
\n .authorizationGrantType(AuthorizationGrantType.REFRESH_TOKEN)
\n .authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS)
\n .redirectUri("http:\/\/www.baidu.com")
\n .scope(OidcScopes.OPENID)
\n .scope(OidcScopes.PROFILE)
\n .clientSettings(ClientSettings.builder()
\n .requireAuthorizationConsent(true)
\n .build())
\n .build();<\/p>\nreturn new InMemoryRegisteredClientRepository(oidcClient);
\n }<\/p>\n\/\/ JWT\u5bc6\u94a5\u914d\u7f6e
\n @Bean
\n public JWKSource<SecurityContext> jwkSource() {
\n KeyPair keyPair = generateRsaKey();
\n RSAPublicKey publicKey = (RSAPublicKey) keyPair.getPublic();
\n RSAPrivateKey privateKey = (RSAPrivateKey) keyPair.getPrivate();<\/p>\nRSAKey rsaKey = new RSAKey.Builder(publicKey)
\n .privateKey(privateKey)
\n .keyID(UUID.randomUUID().toString())
\n .build();<\/p>\nJWKSet jwkSet = new JWKSet(rsaKey);
\n return new ImmutableJWKSet<>(jwkSet);
\n }<\/p>\n\/\/ \u751f\u6210RSA\u5bc6\u94a5\u5bf9
\n private static KeyPair generateRsaKey() {
\n KeyPair keyPair;
\n try {
\n KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
\n keyPairGenerator.initialize(2048);
\n keyPair = keyPairGenerator.generateKeyPair();
\n } catch (Exception ex) {
\n throw new IllegalArgumentException(ex);
\n }
\n return keyPair;
\n }
\n} <\/p>\n5.1.3 \u6d4b\u8bd5\u7aef\u70b9<\/h5>\n
\u83b7\u53d6\u6388\u6743\u670d\u52a1\u5668\u914d\u7f6e\u4fe1\u606f:<\/p>\n
text<\/p>\n
GET http:\/\/127.0.0.1:9000\/.well-known\/openid-configuration <\/p>\n
\u6388\u6743\u7801\u6a21\u5f0f\u6d4b\u8bd5:<\/p>\n
- \n
\u83b7\u53d6\u6388\u6743\u7801:<\/p>\n<\/li>\n
text<\/p>\n
GET http:\/\/localhost:9000\/oauth2\/authorize?
\nresponse_type=code
\n&client_id=oidc-client
\n&scope=profile openid
\n&redirect_uri=http:\/\/www.baidu.com <\/p>\n - \n
\u4f7f\u7528\u6388\u6743\u7801\u83b7\u53d6\u4ee4\u724c:<\/p>\n<\/li>\n
bash<\/p>\n
curl -X POST http:\/\/localhost:9000\/oauth2\/token \\\\
\n -H "Content-Type: application\/x-www-form-urlencoded" \\\\
\n -u "oidc-client:secret" \\\\
\n -d "grant_type=authorization_code" \\\\
\n -d "code={\u6388\u6743\u7801}" \\\\
\n -d "redirect_uri=http:\/\/www.baidu.com" <\/p>\n5.2 OAuth2\u5ba2\u6237\u7aef\u642d\u5efa<\/h4>\n
5.2.1 \u9879\u76ee\u4f9d\u8d56<\/h5>\n
xml<\/p>\n
<dependency>
\n <groupId>org.springframework.boot<\/groupId>
\n <artifactId>spring-boot-starter-oauth2-client<\/artifactId>
\n<\/dependency>
\n<dependency>
\n <groupId>org.springframework.boot<\/groupId>
\n <artifactId>spring-boot-starter-web<\/artifactId>
\n<\/dependency> <\/p>\n5.2.2 \u914d\u7f6e\u6587\u4ef6<\/h5>\n
yaml<\/p>\n
server:
\n port: 9001<\/p>\nspring:
\n application:
\n name: spring-oauth-client<\/p>\nsecurity:
\n oauth2:
\n client:
\n provider:
\n oauth-server:
\n issuer-uri: http:\/\/spring-oauth-server:9000
\n authorization-uri: http:\/\/spring-oauth-server:9000\/oauth2\/authorize
\n token-uri: http:\/\/spring-oauth-server:9000\/oauth2\/token<\/p>\nregistration:
\n messaging-client-oidc:
\n provider: oauth-server
\n client-name: web\u5e73\u53f0
\n client-id: web-client-id
\n client-secret: secret
\n client-authentication-method: client_secret_basic
\n authorization-grant-type: authorization_code
\n redirect-uri: http:\/\/spring-oauth-client:9001\/login\/oauth2\/code\/messaging-client-oidc
\n scope:
\n – profile
\n – openid <\/p>\n\u6ce8\u610f:\u9700\u8981\u5728hosts\u6587\u4ef6\u4e2d\u6dfb\u52a0\u57df\u540d\u6620\u5c04:<\/p>\n
text<\/p>\n
127.0.0.1 spring-oauth-client spring-oauth-server <\/p>\n
5.2.3 \u5ba2\u6237\u7aef\u63a7\u5236\u5668<\/h5>\n
java<\/p>\n
@RestController
\npublic class AuthenticationController {<\/p>\n@GetMapping("\/token")
\n @ResponseBody
\n public OAuth2AuthorizedClient token(
\n @RegisteredOAuth2AuthorizedClient OAuth2AuthorizedClient oAuth2AuthorizedClient) {
\n return oAuth2AuthorizedClient;
\n }
\n} <\/p>\n5.3 \u8d44\u6e90\u670d\u52a1\u5668\u642d\u5efa<\/h4>\n
5.3.1 \u9879\u76ee\u4f9d\u8d56<\/h5>\n
xml<\/p>\n
<dependency>
\n <groupId>org.springframework.boot<\/groupId>
\n <artifactId>spring-boot-starter-oauth2-resource-server<\/artifactId>
\n<\/dependency>
\n<dependency>
\n <groupId>org.springframework.boot<\/groupId>
\n <artifactId>spring-boot-starter-web<\/artifactId>
\n<\/dependency> <\/p>\n5.3.2 \u914d\u7f6e\u6587\u4ef6<\/h5>\n
yaml<\/p>\n
server:
\n port: 9002<\/p>\nspring:
\n application:
\n name: spring-oauth-resource<\/p>\nsecurity:
\n oauth2:
\n resource-server:
\n jwt:
\n issuer-uri: http:\/\/spring-oauth-server:9000 <\/p>\n5.3.3 \u5b89\u5168\u914d\u7f6e<\/h5>\n
java<\/p>\n
@Configuration
\n@EnableWebSecurity
\n@EnableMethodSecurity(jsr250Enabled = true, securedEnabled = true)
\npublic class ResourceServerConfig {<\/p>\n@Bean
\n SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
\n http
\n .authorizeHttpRequests(authorize -> authorize
\n .anyRequest().authenticated()
\n )
\n .oauth2ResourceServer(oauth2 -> oauth2
\n .jwt(Customizer.withDefaults())
\n );<\/p>\nreturn http.build();
\n }
\n} <\/p>\n5.3.4 \u8d44\u6e90\u63a5\u53e3<\/h5>\n
java<\/p>\n
@RestController
\npublic class MessagesController {<\/p>\n@GetMapping("\/messages1")
\n public String getMessages1() {
\n return "hello Message 1";
\n }<\/p>\n@GetMapping("\/messages2")
\n @PreAuthorize("hasAuthority('SCOPE_profile')")
\n public String getMessages2() {
\n return "hello Message 2";
\n }<\/p>\n@GetMapping("\/messages3")
\n @PreAuthorize("hasAuthority('SCOPE_Message')")
\n public String getMessages3() {
\n return "hello Message 3";
\n }
\n} <\/p>\n5.3.5 \u81ea\u5b9a\u4e49\u5f02\u5e38\u5904\u7406<\/h5>\n
java<\/p>\n
\/\/ \u8ba4\u8bc1\u5f02\u5e38\u5904\u7406
\n@Component
\npublic class MyAuthenticationEntryPoint implements AuthenticationEntryPoint {<\/p>\n@Override
\n public void commence(HttpServletRequest request, HttpServletResponse response,
\n AuthenticationException authException) throws IOException {<\/p>\nif (authException instanceof InvalidBearerTokenException) {
\n ResponseResult.exceptionResponse(response, "\u4ee4\u724c\u65e0\u6548\u6216\u5df2\u8fc7\u671f");
\n } else {
\n ResponseResult.exceptionResponse(response, "\u9700\u8981\u5e26\u4e0a\u4ee4\u724c\u8fdb\u884c\u8bbf\u95ee");
\n }
\n }
\n}<\/p>\n\/\/ \u6388\u6743\u5f02\u5e38\u5904\u7406
\n@Component
\npublic class MyAccessDeniedHandler implements AccessDeniedHandler {<\/p>\n@Override
\n public void handle(HttpServletRequest request, HttpServletResponse response,
\n AccessDeniedException accessDeniedException) throws IOException {
\n ResponseResult.exceptionResponse(response, "\u6743\u9650\u4e0d\u8db3");
\n }
\n} <\/p>\n\u914d\u7f6e\u5f02\u5e38\u5904\u7406\u5668:<\/p>\n
java<\/p>\n
http.oauth2ResourceServer(resourceServer -> resourceServer
\n .jwt(Customizer.withDefaults())
\n .authenticationEntryPoint(new MyAuthenticationEntryPoint())
\n .accessDeniedHandler(new MyAccessDeniedHandler())
\n); <\/p>\n\u516d\u3001\u57fa\u4e8e\u6570\u636e\u5e93\u5b58\u50a8\u6539\u9020<\/h3>\n
6.1 \u6570\u636e\u5e93\u8868\u7ed3\u6784<\/h4>\n
6.1.1 \u5ba2\u6237\u7aef\u4fe1\u606f\u8868<\/h5>\n
sql<\/p>\n
CREATE TABLE oauth2_registered_client (
\n id VARCHAR(100) NOT NULL,
\n client_id VARCHAR(100) NOT NULL,
\n client_id_issued_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP NOT NULL,
\n client_secret VARCHAR(200) DEFAULT NULL,
\n client_secret_expires_at TIMESTAMP DEFAULT NULL,
\n client_name VARCHAR(200) NOT NULL,
\n client_authentication_methods VARCHAR(1000) NOT NULL,
\n authorization_grant_types VARCHAR(1000) NOT NULL,
\n redirect_uris VARCHAR(1000) DEFAULT NULL,
\n post_logout_redirect_uris VARCHAR(1000) DEFAULT NULL,
\n scopes VARCHAR(1000) NOT NULL,
\n client_settings VARCHAR(2000) NOT NULL,
\n token_settings VARCHAR(2000) NOT NULL,
\n PRIMARY KEY (id)
\n); <\/p>\n6.1.2 \u6388\u6743\u786e\u8ba4\u8868<\/h5>\n
sql<\/p>\n
CREATE TABLE oauth2_authorization_consent (
\n registered_client_id VARCHAR(100) NOT NULL,
\n principal_name VARCHAR(200) NOT NULL,
\n authorities VARCHAR(1000) NOT NULL,
\n PRIMARY KEY (registered_client_id, principal_name)
\n); <\/p>\n6.1.3 \u6388\u6743\u4fe1\u606f\u8868<\/h5>\n
sql<\/p>\n
CREATE TABLE oauth2_authorization (
\n id VARCHAR(100) NOT NULL,
\n registered_client_id VARCHAR(100) NOT NULL,
\n principal_name VARCHAR(200) NOT NULL,
\n authorization_grant_type VARCHAR(100) NOT NULL,
\n authorized_scopes VARCHAR(1000) DEFAULT NULL,
\n attributes BLOB DEFAULT NULL,
\n state VARCHAR(500) DEFAULT NULL,
\n authorization_code_value BLOB DEFAULT NULL,
\n authorization_code_issued_at TIMESTAMP DEFAULT NULL,
\n authorization_code_expires_at TIMESTAMP DEFAULT NULL,
\n authorization_code_metadata BLOB DEFAULT NULL,
\n access_token_value BLOB DEFAULT NULL,
\n access_token_issued_at TIMESTAMP DEFAULT NULL,
\n access_token_expires_at TIMESTAMP DEFAULT NULL,
\n access_token_metadata BLOB DEFAULT NULL,
\n access_token_type VARCHAR(100) DEFAULT NULL,
\n access_token_scopes VARCHAR(1000) DEFAULT NULL,
\n oidc_id_token_value BLOB DEFAULT NULL,
\n oidc_id_token_issued_at TIMESTAMP DEFAULT NULL,
\n oidc_id_token_expires_at TIMESTAMP DEFAULT NULL,
\n oidc_id_token_metadata BLOB DEFAULT NULL,
\n refresh_token_value BLOB DEFAULT NULL,
\n refresh_token_issued_at TIMESTAMP DEFAULT NULL,
\n refresh_token_expires_at TIMESTAMP DEFAULT NULL,
\n refresh_token_metadata BLOB DEFAULT NULL,
\n user_code_value BLOB DEFAULT NULL,
\n user_code_issued_at TIMESTAMP DEFAULT NULL,
\n user_code_expires_at TIMESTAMP DEFAULT NULL,
\n user_code_metadata BLOB DEFAULT NULL,
\n device_code_value BLOB DEFAULT NULL,
\n device_code_issued_at TIMESTAMP DEFAULT NULL,
\n device_code_expires_at TIMESTAMP DEFAULT NULL,
\n device_code_metadata BLOB DEFAULT NULL,
\n PRIMARY KEY (id)
\n); <\/p>\n6.1.4 \u7528\u6237\u8868<\/h5>\n
sql<\/p>\n
CREATE TABLE sys_user (
\n id BIGINT NOT NULL AUTO_INCREMENT COMMENT 'id',
\n username VARCHAR(20) NOT NULL DEFAULT '' COMMENT '\u7528\u6237\u540d',
\n password VARCHAR(255) NOT NULL DEFAULT '' COMMENT '\u5bc6\u7801',
\n name VARCHAR(50) DEFAULT NULL COMMENT '\u59d3\u540d',
\n description VARCHAR(255) DEFAULT NULL COMMENT '\u63cf\u8ff0',
\n status TINYINT DEFAULT NULL COMMENT '\u72b6\u6001(1:\u6b63\u5e38 0:\u505c\u7528)',
\n PRIMARY KEY (id),
\n UNIQUE KEY idx_username (username)
\n) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COMMENT='\u7528\u6237\u8868'; <\/p>\n6.2 \u6570\u636e\u5e93\u914d\u7f6e<\/h4>\n
6.2.1 \u914d\u7f6e\u6587\u4ef6<\/h5>\n
yaml<\/p>\n
spring:
\n application:
\n name: spring-oauth-server<\/p>\ndatasource:
\n driver-class-name: com.mysql.cj.jdbc.Driver
\n url: jdbc:mysql:\/\/localhost:3306\/oauth-server?serverTimezone=UTC&useUnicode=true&characterEncoding=utf-8
\n username: root
\n password: root <\/p>\n6.2.2 \u6570\u636e\u5e93\u670d\u52a1\u914d\u7f6e<\/h5>\n
java<\/p>\n
@Configuration
\npublic class DatabaseConfig {<\/p>\n\/\/ \u5ba2\u6237\u7aef\u4fe1\u606f\u5b58\u50a8
\n @Bean
\n public RegisteredClientRepository registeredClientRepository(JdbcTemplate jdbcTemplate) {
\n return new JdbcRegisteredClientRepository(jdbcTemplate);
\n }<\/p>\n\/\/ \u6388\u6743\u4fe1\u606f\u5b58\u50a8
\n @Bean
\n public OAuth2AuthorizationService authorizationService(
\n JdbcTemplate jdbcTemplate,
\n RegisteredClientRepository registeredClientRepository) {
\n return new JdbcOAuth2AuthorizationService(jdbcTemplate, registeredClientRepository);
\n }<\/p>\n\/\/ \u6388\u6743\u786e\u8ba4\u5b58\u50a8
\n @Bean
\n public OAuth2AuthorizationConsentService authorizationConsentService(
\n JdbcTemplate jdbcTemplate,
\n RegisteredClientRepository registeredClientRepository) {
\n return new JdbcOAuth2AuthorizationConsentService(jdbcTemplate, registeredClientRepository);
\n }<\/p>\n\/\/ \u5bc6\u7801\u7f16\u7801\u5668
\n @Bean
\n public PasswordEncoder passwordEncoder() {
\n return new BCryptPasswordEncoder();
\n }
\n} <\/p>\n6.2.3 \u81ea\u5b9a\u4e49\u7528\u6237\u8be6\u60c5\u670d\u52a1<\/h5>\n
java<\/p>\n
@Service
\npublic class UserDetailsServiceImpl implements UserDetailsService {<\/p>\n@Resource
\n private SysUserService sysUserService;<\/p>\n@Override
\n public UserDetails loadUserByUsername(String username)
\n throws UsernameNotFoundException {<\/p>\nSysUserEntity sysUserEntity = sysUserService.selectByUsername(username);<\/p>\n
List<SimpleGrantedAuthority> authorities = Arrays.asList("USER").stream()
\n .map(SimpleGrantedAuthority::new)
\n .collect(Collectors.toList());<\/p>\nreturn new User(
\n username,
\n sysUserEntity.getPassword(),
\n authorities
\n );
\n }
\n} <\/p>\n\u4e03\u3001\u5355\u70b9\u767b\u5f55(SSO)\u5b9e\u6218<\/h3>\n
7.1 SSO\u67b6\u6784\u8bbe\u8ba1<\/h4>\n
text<\/p>\n
\u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510
\n\u2502 \u8ba2\u5355\u670d\u52a1 \u2502 \u2502 \u5546\u54c1\u670d\u52a1 \u2502 \u2502 \u8ba4\u8bc1\u670d\u52a1\u5668 \u2502
\n\u2502 (\u5ba2\u6237\u7aef) \u2502 \u2502 (\u5ba2\u6237\u7aef) \u2502 \u2502 (\u6388\u6743\u670d\u52a1\u5668) \u2502
\n\u2514\u2500\u2500\u2500\u2500\u2500\u2500\u252c\u2500\u2500\u2500\u2500\u2500\u2500\u2518 \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u252c\u2500\u2500\u2500\u2500\u2500\u2500\u2518 \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u252c\u2500\u2500\u2500\u2500\u2500\u2500\u2518
\n \u2502 \u2502 \u2502
\n \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u253c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518
\n \u2502
\n \u250c\u2500\u2500\u2500\u2500\u2500\u2534\u2500\u2500\u2500\u2500\u2500\u2510
\n \u2502 \u7528\u6237 \u2502
\n \u2502 (\u6d4f\u89c8\u5668) \u2502
\n \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 <\/p>\n7.2 \u8ba2\u5355\u670d\u52a1\u914d\u7f6e<\/h4>\n
yaml<\/p>\n
server:
\n ip: spring-oauth-client-order
\n port: 9003<\/p>\nspring:
\n application:
\n name: spring-oauth-client-order<\/p>\nsecurity:
\n oauth2:
\n client:
\n provider:
\n oauth-server:
\n issuer-uri: http:\/\/spring-oauth-server:9000
\n authorization-uri: http:\/\/spring-oauth-server:9000\/oauth2\/authorize
\n token-uri: http:\/\/spring-oauth-server:9000\/oauth2\/token<\/p>\nregistration:
\n messaging-client-oidc:
\n provider: oauth-server
\n client-name: web\u5e73\u53f0-SSO\u5ba2\u6237\u7aef-\u8ba2\u5355\u670d\u52a1
\n client-id: web-client-id-order
\n client-secret: secret
\n client-authentication-method: client_secret_basic
\n authorization-grant-type: authorization_code
\n redirect-uri: http:\/\/spring-oauth-client-order:9003\/login\/oauth2\/code\/messaging-client-oidc
\n scope:
\n – profile
\n – openid <\/p>\n7.3 \u5546\u54c1\u670d\u52a1\u914d\u7f6e<\/h4>\n
yaml<\/p>\n
server:
\n ip: spring-oauth-client-product
\n port: 9004<\/p>\nspring:
\n application:
\n name: spring-oauth-client-product<\/p>\nsecurity:
\n oauth2:
\n client:
\n provider:
\n oauth-server:
\n issuer-uri: http:\/\/spring-oauth-server:9000
\n authorization-uri: http:\/\/spring-oauth-server:9000\/oauth2\/authorize
\n token-uri: http:\/\/spring-oauth-server:9000\/oauth2\/token<\/p>\nregistration:
\n messaging-client-oidc:
\n provider: oauth-server
\n client-name: web\u5e73\u53f0-SSO\u5ba2\u6237\u7aef-\u5546\u54c1\u670d\u52a1
\n client-id: web-client-id-product
\n client-secret: secret
\n client-authentication-method: client_secret_basic
\n authorization-grant-type: authorization_code
\n redirect-uri: http:\/\/spring-oauth-client-product:9004\/login\/oauth2\/code\/messaging-client-oidc
\n scope:
\n – profile
\n – openid <\/p>\n7.4 SSO\u6d4b\u8bd5\u6d41\u7a0b<\/h4>\n
- \n
\u9996\u6b21\u8bbf\u95ee\u8ba2\u5355\u670d\u52a1:\u8df3\u8f6c\u5230\u8ba4\u8bc1\u670d\u52a1\u5668\u767b\u5f55<\/p>\n<\/li>\n
- \n
\u767b\u5f55\u6210\u529f\u540e:\u8fd4\u56de\u8ba2\u5355\u670d\u52a1\u9875\u9762<\/p>\n<\/li>\n
- \n
\u8df3\u8f6c\u5230\u5546\u54c1\u670d\u52a1:\u65e0\u9700\u91cd\u65b0\u767b\u5f55,\u76f4\u63a5\u8bbf\u95ee<\/p>\n<\/li>\n
- \n
\u65e0\u611f\u6388\u6743\u914d\u7f6e:\u8bbe\u7f6erequire-authorization-consent=false\u8df3\u8fc7\u6388\u6743\u786e\u8ba4<\/p>\n<\/li>\n
\u516b\u3001\u5fae\u670d\u52a1\u7f51\u5173\u6574\u5408OAuth2<\/h3>\n
8.1 \u7f51\u5173\u5b89\u5168\u67b6\u6784<\/h4>\n
text<\/p>\n
\u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510
\n\u2502 \u7528\u6237 \u2502\u2500\u2500\u2500\u25b6\u2502 \u7f51\u5173 \u2502\u2500\u2500\u2500\u25b6\u2502 \u8ba4\u8bc1\u670d\u52a1\u5668 \u2502
\n\u2502 (\u6d4f\u89c8\u5668) \u2502 \u2502 (Gateway) \u2502 \u2502 (OAuth2) \u2502
\n\u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u252c\u2500\u2500\u2500\u2500\u2500\u2500\u2518 \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518
\n \u2502
\n \u250c\u2500\u2500\u2500\u2500\u2500\u2534\u2500\u2500\u2500\u2500\u2500\u2510
\n \u2502 \u8d44\u6e90\u670d\u52a1 \u2502
\n \u2502 (\u5fae\u670d\u52a1) \u2502
\n \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 <\/p>\n8.2 \u7f51\u5173\u914d\u7f6e<\/h4>\n
8.2.1 \u9879\u76ee\u4f9d\u8d56<\/h5>\n
xml<\/p>\n
<!– OAuth2\u5ba2\u6237\u7aef –>
\n<dependency>
\n <groupId>org.springframework.boot<\/groupId>
\n <artifactId>spring-boot-starter-oauth2-client<\/artifactId>
\n <version>3.1.4<\/version>
\n<\/dependency><\/p>\n<!– OAuth2\u8d44\u6e90\u670d\u52a1\u5668 –>
\n<dependency>
\n <groupId>org.springframework.boot<\/groupId>
\n <artifactId>spring-boot-starter-oauth2-resource-server<\/artifactId>
\n <version>3.1.4<\/version>
\n<\/dependency> <\/p>\n8.2.2 \u914d\u7f6e\u6587\u4ef6<\/h5>\n
yaml<\/p>\n
server:
\n port: 8888<\/p>\nspring:
\n application:
\n name: mall-gateway<\/p>\nsecurity:
\n oauth2:
\n # \u8d44\u6e90\u670d\u52a1\u5668\u914d\u7f6e
\n resourceserver:
\n jwt:
\n issuer-uri: http:\/\/spring-oauth-server:9000<\/p>\n# \u5ba2\u6237\u7aef\u914d\u7f6e
\n client:
\n provider:
\n oauth-server:
\n issuer-uri: http:\/\/spring-oauth-server:9000
\n authorization-uri: http:\/\/spring-oauth-server:9000\/oauth2\/authorize
\n token-uri: http:\/\/spring-oauth-server:9000\/oauth2\/token<\/p>\nregistration:
\n messaging-client-oidc:
\n provider: oauth-server
\n client-name: \u7f51\u5173\u670d\u52a1
\n client-id: mall-gateway-id
\n client-secret: secret
\n client-authentication-method: client_secret_basic
\n authorization-grant-type: authorization_code
\n redirect-uri: http:\/\/mall-gateway:8888\/login\/oauth2\/code\/messaging-client-oidc
\n scope:
\n – profile
\n – openid<\/p>\ncloud:
\n gateway:
\n default-filters:
\n # \u4ee4\u724c\u4e2d\u7ee7,\u81ea\u52a8\u4f20\u9012token\u5230\u4e0b\u6e38\u670d\u52a1
\n – TokenRelay= <\/p>\n8.2.3 \u5b89\u5168\u914d\u7f6e<\/h5>\n
java<\/p>\n
@Configuration
\n@EnableWebFluxSecurity
\n@EnableReactiveMethodSecurity
\npublic class WebSecurityConfig {<\/p>\n@Bean
\n public SecurityWebFilterChain defaultSecurityFilterChain(ServerHttpSecurity http) {
\n \/\/ \u6240\u6709\u8bf7\u6c42\u90fd\u9700\u8981\u8ba4\u8bc1
\n http.authorizeExchange(authorize -> authorize
\n .anyExchange().authenticated()
\n );<\/p>\n\/\/ \u5f00\u542fOAuth2\u767b\u5f55
\n http.oauth2Login(Customizer.withDefaults());<\/p>\n\/\/ \u914d\u7f6e\u8d44\u6e90\u670d\u52a1\u5668
\n http.oauth2ResourceServer(resourceServer -> resourceServer
\n .jwt(Customizer.withDefaults())
\n );<\/p>\n\/\/ \u7981\u7528CSRF\u548cCORS
\n http.csrf(csrf -> csrf.disable());
\n http.cors(cors -> cors.disable());<\/p>\nreturn http.build();
\n }
\n} <\/p>\n8.3 \u5fae\u670d\u52a1\u8d44\u6e90\u670d\u52a1\u5668\u914d\u7f6e<\/h4>\n
8.3.1 \u9879\u76ee\u4f9d\u8d56<\/h5>\n
xml<\/p>\n
<dependency>
\n <groupId>org.springframework.boot<\/groupId>
\n <artifactId>spring-boot-starter-oauth2-resource-server<\/artifactId>
\n <version>3.1.4<\/version>
\n<\/dependency> <\/p>\n8.3.2 \u914d\u7f6e\u6587\u4ef6<\/h5>\n
yaml<\/p>\n
spring:
\n security:
\n oauth2:
\n resourceserver:
\n jwt:
\n issuer-uri: http:\/\/spring-oauth-server:9000 <\/p>\n8.3.3 \u5b89\u5168\u914d\u7f6e<\/h5>\n
java<\/p>\n
@Configuration
\n@EnableWebSecurity
\n@EnableMethodSecurity(jsr250Enabled = true, securedEnabled = true)
\npublic class ResourceServerConfig {<\/p>\n@Bean
\n SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
\n http
\n .authorizeHttpRequests(authorize -> authorize
\n .anyRequest().authenticated()
\n )
\n .oauth2ResourceServer(oauth2 -> oauth2
\n .jwt(Customizer.withDefaults())
\n );<\/p>\nreturn http.build();
\n }
\n} <\/p>\n8.3.4 Feign\u62e6\u622a\u5668(\u4ee4\u724c\u4f20\u9012)<\/h5>\n
java<\/p>\n
@Slf4j
\n@Component
\npublic class FeignAuthRequestInterceptor implements RequestInterceptor {<\/p>\n@Override
\n public void apply(RequestTemplate template) {
\n ServletRequestAttributes attributes =
\n (ServletRequestAttributes) RequestContextHolder.getRequestAttributes();<\/p>\nif (attributes != null) {
\n HttpServletRequest request = attributes.getRequest();
\n String accessToken = request.getHeader("Authorization");
\n log.info("\u4eceRequest\u4e2d\u89e3\u6790\u8bf7\u6c42\u5934: {}", accessToken);<\/p>\n\/\/ \u8bbe\u7f6etoken\u5230Feign\u8bf7\u6c42\u5934
\n template.header("Authorization", accessToken);
\n }
\n }
\n} <\/p>\n8.4 \u6d4b\u8bd5\u6d41\u7a0b<\/h4>\n
- \n
\u8bbf\u95ee\u7f51\u5173\u53d7\u4fdd\u62a4\u63a5\u53e3:http:\/\/mall-gateway:8888\/user\/findOrderByUserId\/1<\/p>\n<\/li>\n
- \n
\u7f51\u5173\u68c0\u6d4b\u672a\u8ba4\u8bc1:\u91cd\u5b9a\u5411\u5230\u8ba4\u8bc1\u670d\u52a1\u5668\u767b\u5f55\u9875\u9762<\/p>\n<\/li>\n
- \n
\u7528\u6237\u767b\u5f55\u6388\u6743:\u8f93\u5165\u7528\u6237\u540d\u5bc6\u7801,\u786e\u8ba4\u6388\u6743<\/p>\n<\/li>\n
- \n
\u8fd4\u56de\u7f51\u5173\u9875\u9762:\u643a\u5e26token,\u6b63\u5e38\u8bbf\u95ee\u8d44\u6e90<\/p>\n<\/li>\n
- \n
\u7f51\u5173\u8f6c\u53d1\u8bf7\u6c42:\u81ea\u52a8\u4f20\u9012token\u5230\u4e0b\u6e38\u5fae\u670d\u52a1<\/p>\n<\/li>\n
- \n
\u5fae\u670d\u52a1\u9a8c\u8bc1token:\u9a8c\u8bc1\u901a\u8fc7,\u8fd4\u56de\u6570\u636e<\/p>\n<\/li>\n
\u4e5d\u3001\u603b\u7ed3\u4e0e\u6700\u4f73\u5b9e\u8df5<\/h3>\n
9.1 \u7248\u672c\u9009\u62e9\u5efa\u8bae<\/h4>\n
\n
\u7ec4\u4ef6\u63a8\u8350\u7248\u672c\u8bf4\u660e<\/tr>\n \n\n Spring Boot<\/td>\n 3.1.4+<\/td>\n \u652f\u6301Spring Authorization Server\u6700\u65b0\u7279\u6027<\/td>\n<\/tr>\n \n Spring Authorization Server<\/td>\n 1.1.2+<\/td>\n \u7a33\u5b9a\u7248\u672c,\u529f\u80fd\u5b8c\u6574<\/td>\n<\/tr>\n \n JDK<\/td>\n 17+<\/td>\n Spring Boot 3.x\u8981\u6c42<\/td>\n<\/tr>\n \n MySQL<\/td>\n 8.0+<\/td>\n \u652f\u6301JSON\u5b57\u6bb5,\u6027\u80fd\u66f4\u597d<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n 9.2 \u5b89\u5168\u5efa\u8bae<\/h4>\n
- \n
\u4ee4\u724c\u7ba1\u7406:<\/p>\n
- \n
- \n
Access Token\u6709\u6548\u671f\u5efa\u8bae\u8bbe\u7f6e\u4e3a30\u5206\u949f<\/p>\n<\/li>\n
- \n
Refresh Token\u6709\u6548\u671f\u5efa\u8bae\u8bbe\u7f6e\u4e3a7\u5929<\/p>\n<\/li>\n
- \n
\u4f7f\u7528HTTPS\u4f20\u8f93\u4ee4\u724c<\/p>\n<\/li>\n<\/ul>\n<\/li>\n
- \n
\u5ba2\u6237\u7aef\u5b89\u5168:<\/p>\n
- \n
- \n
\u4f7f\u7528BCrypt\u52a0\u5bc6\u5b58\u50a8client_secret<\/p>\n<\/li>\n
- \n
\u5b9a\u671f\u8f6e\u6362\u5ba2\u6237\u7aef\u5bc6\u94a5<\/p>\n<\/li>\n
- \n
\u9650\u5236\u5ba2\u6237\u7aefIP\u767d\u540d\u5355<\/p>\n<\/li>\n<\/ul>\n<\/li>\n
- \n
\u6743\u9650\u63a7\u5236:<\/p>\n
- \n
- \n
\u6700\u5c0f\u6743\u9650\u539f\u5219,\u6309\u9700\u5206\u914dscope<\/p>\n<\/li>\n
- \n
\u4f7f\u7528@PreAuthorize\u6ce8\u89e3\u8fdb\u884c\u65b9\u6cd5\u7ea7\u6743\u9650\u63a7\u5236<\/p>\n<\/li>\n
- \n
\u8bb0\u5f55\u654f\u611f\u64cd\u4f5c\u65e5\u5fd7<\/p>\n<\/li>\n<\/ul>\n<\/li>\n
9.3 \u6027\u80fd\u4f18\u5316<\/h4>\n
- \n
\u7f13\u5b58\u7b56\u7565:<\/p>\n
- \n
- \n
\u7f13\u5b58JWK\u516c\u94a5,\u51cf\u5c11\u7f51\u7edc\u8bf7\u6c42<\/p>\n<\/li>\n
- \n
\u4f7f\u7528Redis\u7f13\u5b58\u7528\u6237\u4fe1\u606f<\/p>\n<\/li>\n
- \n
\u6570\u636e\u5e93\u8fde\u63a5\u6c60\u4f18\u5316<\/p>\n<\/li>\n<\/ul>\n<\/li>\n
- \n
\u6570\u636e\u5e93\u4f18\u5316:<\/p>\n
- \n
- \n
\u4e3aoauth2_authorization\u8868\u6dfb\u52a0\u7d22\u5f15<\/p>\n<\/li>\n
- \n
\u5b9a\u671f\u6e05\u7406\u8fc7\u671f\u4ee4\u724c\u8bb0\u5f55<\/p>\n<\/li>\n
- \n
\u4f7f\u7528\u8bfb\u5199\u5206\u79bb\u67b6\u6784<\/p>\n<\/li>\n<\/ul>\n<\/li>\n
9.4 \u76d1\u63a7\u4e0e\u544a\u8b66<\/h4>\n
- \n
\u76d1\u63a7\u6307\u6807:<\/p>\n
- \n
- \n
\u8ba4\u8bc1\u6210\u529f\/\u5931\u8d25\u7387<\/p>\n<\/li>\n
- \n
\u4ee4\u724c\u53d1\u653e\u9891\u7387<\/p>\n<\/li>\n
- \n
\u63a5\u53e3\u54cd\u5e94\u65f6\u95f4<\/p>\n<\/li>\n<\/ul>\n<\/li>\n
- \n
\u544a\u8b66\u89c4\u5219:<\/p>\n
- \n
- \n
\u5f02\u5e38\u767b\u5f55\u5c1d\u8bd5<\/p>\n<\/li>\n
- \n
\u4ee4\u724c\u6ee5\u7528\u68c0\u6d4b<\/p>\n<\/li>\n
- \n
\u7cfb\u7edf\u5f02\u5e38\u7387<\/p>\n<\/li>\n<\/ul>\n<\/li>\n
9.5 \u6269\u5c55\u529f\u80fd<\/h4>\n
- \n
\u591a\u56e0\u7d20\u8ba4\u8bc1:\u96c6\u6210\u77ed\u4fe1\u3001\u90ae\u7bb1\u9a8c\u8bc1\u7801<\/p>\n<\/li>\n
- \n
\u793e\u4ea4\u767b\u5f55:\u96c6\u6210\u5fae\u4fe1\u3001QQ\u7b49\u7b2c\u4e09\u65b9\u767b\u5f55<\/p>\n<\/li>\n
- \n
\u8bbe\u5907\u7ba1\u7406:\u7ba1\u7406\u5df2\u6388\u6743\u8bbe\u5907,\u652f\u6301\u4e00\u952e\u4e0b\u7ebf<\/p>\n<\/li>\n
- \n
\u5ba1\u8ba1\u65e5\u5fd7:\u5b8c\u6574\u8bb0\u5f55\u8ba4\u8bc1\u6388\u6743\u64cd\u4f5c\u65e5\u5fd7<\/p>\n<\/li>\n
\n\u5341\u3001\u5e38\u89c1\u95ee\u9898\u89e3\u51b3<\/h3>\n
10.1 \u8de8\u57df\u95ee\u9898<\/h4>\n
\u89e3\u51b3\u65b9\u6848:<\/p>\n
java<\/p>\n
@Bean
\npublic CorsConfigurationSource corsConfigurationSource() {
\n CorsConfiguration configuration = new CorsConfiguration();
\n configuration.setAllowedOrigins(Arrays.asList("http:\/\/localhost:8080"));
\n configuration.setAllowedMethods(Arrays.asList("GET", "POST", "PUT", "DELETE"));
\n configuration.setAllowedHeaders(Arrays.asList("Authorization", "Content-Type"));<\/p>\nUrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
\n source.registerCorsConfiguration("\/**", configuration);<\/p>\nreturn source;
\n} <\/p>\n10.2 \u4f1a\u8bdd\u7ba1\u7406<\/h4>\n
\u914d\u7f6e\u5206\u5e03\u5f0f\u4f1a\u8bdd:<\/p>\n
yaml<\/p>\n
spring:
\n session:
\n store-type: redis
\n redis:
\n namespace: spring:session <\/p>\n10.3 \u4ee4\u724c\u5237\u65b0<\/h4>\n
\u81ea\u52a8\u5237\u65b0\u4ee4\u724c\u7b56\u7565:<\/p>\n
java<\/p>\n
@Component
\npublic class TokenRefreshService {<\/p>\n@Scheduled(fixedDelay = 5 * 60 * 1000) \/\/ \u6bcf5\u5206\u949f\u68c0\u67e5\u4e00\u6b21
\n public void refreshTokens() {
\n \/\/ \u68c0\u67e5\u5373\u5c06\u8fc7\u671f\u7684token\u5e76\u5237\u65b0
\n }
\n} <\/p>\n
\n\u53c2\u8003\u8d44\u6599:<\/p>\n
- \n
- \n
Spring Authorization Server\u5b98\u65b9\u6587\u6863<\/p>\n<\/li>\n
- \n
OAuth 2.1\u89c4\u8303<\/p>\n<\/li>\n
- \n
OpenID Connect\u89c4\u8303<\/p>\n<\/li>\n<\/ul>\n
\u672c\u6587\u57fa\u4e8eSpring Authorization Server 1.1.2\u548cSpring Boot 3.1.4\u7f16\u5199,\u6db5\u76d6\u4e86\u4ece\u57fa\u7840\u6982\u5ff5\u5230\u751f\u4ea7\u7ea7\u90e8\u7f72\u7684\u5168\u6d41\u7a0b\u3002\u5728\u5b9e\u9645\u9879\u76ee\u4e2d,\u5efa\u8bae\u6839\u636e\u5177\u4f53\u4e1a\u52a1\u9700\u6c42\u548c\u5b89\u5168\u8981\u6c42\u8fdb\u884c\u8c03\u6574\u548c\u4f18\u5316\u3002<\/p>\n","protected":false},"excerpt":{"rendered":"
\u4e00\u3001Spring Authorization Server\u6982\u8ff0
\n1.1 \u4ec0\u4e48\u662fSpring Authorization Server
\nSpring Authorization Server\u662fSpring\u5b98\u65b9\u63a8\u51fa\u7684\u65b0\u4e00\u4ee3\u8ba4\u8bc1\u6388\u6743\u6846\u67b6,\u63d0\u4f9b\u4e86OAuth 2.1\u548cOpenID Connect 1.0\u89c4\u8303\u7684\u5b8c\u6574\u5b9e\u73b0\u3002\u5b83\u5efa\u7acb\u5728Spring Security\u4e4b\u4e0a,\u4e3a\u6784\u5efa\u8eab\u4efd\u63d0\u4f9b\u8005\u548c\u6388\u6743\u670d\u52a1\u5668\u63d0\u4f9b\u4e86\u5b89\u5168\u3001\u8f7b\u91cf\u7ea7\u4e14\u53ef\u5b9a\u5236\u7684\u57fa\u7840\u3002
\n\u6838\u5fc3\u7279\u6027: \u5b8c<\/p>\n","protected":false},"author":2,"featured_media":72583,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[1188,101,1348],"topic":[],"class_list":["post-72584","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-server","tag-oauth2","tag-spring","tag-1348"],"yoast_head":"\nSpring Security OAuth2\u5b9e\u6218\uff1a\u4ece\u6388\u6743\u670d\u52a1\u5668\u5230\u5fae\u670d\u52a1\u7f51\u5173\u7684\u5b8c\u6574\u89e3\u51b3\u65b9\u6848 - \u7f51\u7855\u4e92\u8054\u5e2e\u52a9\u4e2d\u5fc3<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.wsisp.com\/helps\/72584.html\" \/>\n<meta property=\"og:locale\" content=\"zh_CN\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Spring Security OAuth2\u5b9e\u6218\uff1a\u4ece\u6388\u6743\u670d\u52a1\u5668\u5230\u5fae\u670d\u52a1\u7f51\u5173\u7684\u5b8c\u6574\u89e3\u51b3\u65b9\u6848 - \u7f51\u7855\u4e92\u8054\u5e2e\u52a9\u4e2d\u5fc3\" \/>\n<meta property=\"og:description\" content=\"\u4e00\u3001Spring Authorization Server\u6982\u8ff0 1.1 \u4ec0\u4e48\u662fSpring Authorization Server Spring Authorization Server\u662fSpring\u5b98\u65b9\u63a8\u51fa\u7684\u65b0\u4e00\u4ee3\u8ba4\u8bc1\u6388\u6743\u6846\u67b6,\u63d0\u4f9b\u4e86OAuth 2.1\u548cOpenID Connect 1.0\u89c4\u8303\u7684\u5b8c\u6574\u5b9e\u73b0\u3002\u5b83\u5efa\u7acb\u5728Spring Security\u4e4b\u4e0a,\u4e3a\u6784\u5efa\u8eab\u4efd\u63d0\u4f9b\u8005\u548c\u6388\u6743\u670d\u52a1\u5668\u63d0\u4f9b\u4e86\u5b89\u5168\u3001\u8f7b\u91cf\u7ea7\u4e14\u53ef\u5b9a\u5236\u7684\u57fa\u7840\u3002 \u6838\u5fc3\u7279\u6027: \u5b8c\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.wsisp.com\/helps\/72584.html\" \/>\n<meta property=\"og:site_name\" content=\"\u7f51\u7855\u4e92\u8054\u5e2e\u52a9\u4e2d\u5fc3\" \/>\n<meta property=\"article:published_time\" content=\"2026-02-05T18:24:59+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.wsisp.com\/helps\/wp-content\/uploads\/2026\/02\/20260205182457-6984e0795e9fe.png\" \/>\n<meta name=\"author\" content=\"admin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"\u4f5c\u8005\" \/>\n\t<meta name=\"twitter:data1\" content=\"admin\" \/>\n\t<meta name=\"twitter:label2\" content=\"\u9884\u8ba1\u9605\u8bfb\u65f6\u95f4\" \/>\n\t<meta name=\"twitter:data2\" content=\"11 \u5206\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.wsisp.com\/helps\/72584.html\",\"url\":\"https:\/\/www.wsisp.com\/helps\/72584.html\",\"name\":\"Spring Security OAuth2\u5b9e\u6218\uff1a\u4ece\u6388\u6743\u670d\u52a1\u5668\u5230\u5fae\u670d\u52a1\u7f51\u5173\u7684\u5b8c\u6574\u89e3\u51b3\u65b9\u6848 - \u7f51\u7855\u4e92\u8054\u5e2e\u52a9\u4e2d\u5fc3\",\"isPartOf\":{\"@id\":\"https:\/\/www.wsisp.com\/helps\/#website\"},\"datePublished\":\"2026-02-05T18:24:59+00:00\",\"dateModified\":\"2026-02-05T18:24:59+00:00\",\"author\":{\"@id\":\"https:\/\/www.wsisp.com\/helps\/#\/schema\/person\/358e386c577a3ab51c4493330a20ad41\"},\"breadcrumb\":{\"@id\":\"https:\/\/www.wsisp.com\/helps\/72584.html#breadcrumb\"},\"inLanguage\":\"zh-Hans\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.wsisp.com\/helps\/72584.html\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.wsisp.com\/helps\/72584.html#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"\u9996\u9875\",\"item\":\"https:\/\/www.wsisp.com\/helps\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Spring Security OAuth2\u5b9e\u6218\uff1a\u4ece\u6388\u6743\u670d\u52a1\u5668\u5230\u5fae\u670d\u52a1\u7f51\u5173\u7684\u5b8c\u6574\u89e3\u51b3\u65b9\u6848\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.wsisp.com\/helps\/#website\",\"url\":\"https:\/\/www.wsisp.com\/helps\/\",\"name\":\"\u7f51\u7855\u4e92\u8054\u5e2e\u52a9\u4e2d\u5fc3\",\"description\":\"\u9999\u6e2f\u670d\u52a1\u5668_\u9999\u6e2f\u4e91\u670d\u52a1\u5668\u8d44\u8baf_\u670d\u52a1\u5668\u5e2e\u52a9\u6587\u6863_\u670d\u52a1\u5668\u6559\u7a0b\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.wsisp.com\/helps\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"zh-Hans\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.wsisp.com\/helps\/#\/schema\/person\/358e386c577a3ab51c4493330a20ad41\",\"name\":\"admin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"zh-Hans\",\"@id\":\"https:\/\/www.wsisp.com\/helps\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/gravatar.wp-china-yes.net\/avatar\/?s=96&d=mystery\",\"contentUrl\":\"https:\/\/gravatar.wp-china-yes.net\/avatar\/?s=96&d=mystery\",\"caption\":\"admin\"},\"sameAs\":[\"http:\/\/wp.wsisp.com\"],\"url\":\"https:\/\/www.wsisp.com\/helps\/author\/admin\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Spring Security OAuth2\u5b9e\u6218\uff1a\u4ece\u6388\u6743\u670d\u52a1\u5668\u5230\u5fae\u670d\u52a1\u7f51\u5173\u7684\u5b8c\u6574\u89e3\u51b3\u65b9\u6848 - \u7f51\u7855\u4e92\u8054\u5e2e\u52a9\u4e2d\u5fc3","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.wsisp.com\/helps\/72584.html","og_locale":"zh_CN","og_type":"article","og_title":"Spring Security OAuth2\u5b9e\u6218\uff1a\u4ece\u6388\u6743\u670d\u52a1\u5668\u5230\u5fae\u670d\u52a1\u7f51\u5173\u7684\u5b8c\u6574\u89e3\u51b3\u65b9\u6848 - \u7f51\u7855\u4e92\u8054\u5e2e\u52a9\u4e2d\u5fc3","og_description":"\u4e00\u3001Spring Authorization Server\u6982\u8ff0 1.1 \u4ec0\u4e48\u662fSpring Authorization Server Spring Authorization Server\u662fSpring\u5b98\u65b9\u63a8\u51fa\u7684\u65b0\u4e00\u4ee3\u8ba4\u8bc1\u6388\u6743\u6846\u67b6,\u63d0\u4f9b\u4e86OAuth 2.1\u548cOpenID Connect 1.0\u89c4\u8303\u7684\u5b8c\u6574\u5b9e\u73b0\u3002\u5b83\u5efa\u7acb\u5728Spring Security\u4e4b\u4e0a,\u4e3a\u6784\u5efa\u8eab\u4efd\u63d0\u4f9b\u8005\u548c\u6388\u6743\u670d\u52a1\u5668\u63d0\u4f9b\u4e86\u5b89\u5168\u3001\u8f7b\u91cf\u7ea7\u4e14\u53ef\u5b9a\u5236\u7684\u57fa\u7840\u3002 \u6838\u5fc3\u7279\u6027: \u5b8c","og_url":"https:\/\/www.wsisp.com\/helps\/72584.html","og_site_name":"\u7f51\u7855\u4e92\u8054\u5e2e\u52a9\u4e2d\u5fc3","article_published_time":"2026-02-05T18:24:59+00:00","og_image":[{"url":"https:\/\/www.wsisp.com\/helps\/wp-content\/uploads\/2026\/02\/20260205182457-6984e0795e9fe.png"}],"author":"admin","twitter_card":"summary_large_image","twitter_misc":{"\u4f5c\u8005":"admin","\u9884\u8ba1\u9605\u8bfb\u65f6\u95f4":"11 \u5206"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.wsisp.com\/helps\/72584.html","url":"https:\/\/www.wsisp.com\/helps\/72584.html","name":"Spring Security OAuth2\u5b9e\u6218\uff1a\u4ece\u6388\u6743\u670d\u52a1\u5668\u5230\u5fae\u670d\u52a1\u7f51\u5173\u7684\u5b8c\u6574\u89e3\u51b3\u65b9\u6848 - \u7f51\u7855\u4e92\u8054\u5e2e\u52a9\u4e2d\u5fc3","isPartOf":{"@id":"https:\/\/www.wsisp.com\/helps\/#website"},"datePublished":"2026-02-05T18:24:59+00:00","dateModified":"2026-02-05T18:24:59+00:00","author":{"@id":"https:\/\/www.wsisp.com\/helps\/#\/schema\/person\/358e386c577a3ab51c4493330a20ad41"},"breadcrumb":{"@id":"https:\/\/www.wsisp.com\/helps\/72584.html#breadcrumb"},"inLanguage":"zh-Hans","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.wsisp.com\/helps\/72584.html"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.wsisp.com\/helps\/72584.html#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"\u9996\u9875","item":"https:\/\/www.wsisp.com\/helps"},{"@type":"ListItem","position":2,"name":"Spring Security OAuth2\u5b9e\u6218\uff1a\u4ece\u6388\u6743\u670d\u52a1\u5668\u5230\u5fae\u670d\u52a1\u7f51\u5173\u7684\u5b8c\u6574\u89e3\u51b3\u65b9\u6848"}]},{"@type":"WebSite","@id":"https:\/\/www.wsisp.com\/helps\/#website","url":"https:\/\/www.wsisp.com\/helps\/","name":"\u7f51\u7855\u4e92\u8054\u5e2e\u52a9\u4e2d\u5fc3","description":"\u9999\u6e2f\u670d\u52a1\u5668_\u9999\u6e2f\u4e91\u670d\u52a1\u5668\u8d44\u8baf_\u670d\u52a1\u5668\u5e2e\u52a9\u6587\u6863_\u670d\u52a1\u5668\u6559\u7a0b","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.wsisp.com\/helps\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"zh-Hans"},{"@type":"Person","@id":"https:\/\/www.wsisp.com\/helps\/#\/schema\/person\/358e386c577a3ab51c4493330a20ad41","name":"admin","image":{"@type":"ImageObject","inLanguage":"zh-Hans","@id":"https:\/\/www.wsisp.com\/helps\/#\/schema\/person\/image\/","url":"https:\/\/gravatar.wp-china-yes.net\/avatar\/?s=96&d=mystery","contentUrl":"https:\/\/gravatar.wp-china-yes.net\/avatar\/?s=96&d=mystery","caption":"admin"},"sameAs":["http:\/\/wp.wsisp.com"],"url":"https:\/\/www.wsisp.com\/helps\/author\/admin"}]}},"_links":{"self":[{"href":"https:\/\/www.wsisp.com\/helps\/wp-json\/wp\/v2\/posts\/72584","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.wsisp.com\/helps\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.wsisp.com\/helps\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.wsisp.com\/helps\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.wsisp.com\/helps\/wp-json\/wp\/v2\/comments?post=72584"}],"version-history":[{"count":0,"href":"https:\/\/www.wsisp.com\/helps\/wp-json\/wp\/v2\/posts\/72584\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.wsisp.com\/helps\/wp-json\/wp\/v2\/media\/72583"}],"wp:attachment":[{"href":"https:\/\/www.wsisp.com\/helps\/wp-json\/wp\/v2\/media?parent=72584"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.wsisp.com\/helps\/wp-json\/wp\/v2\/categories?post=72584"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.wsisp.com\/helps\/wp-json\/wp\/v2\/tags?post=72584"},{"taxonomy":"topic","embeddable":true,"href":"https:\/\/www.wsisp.com\/helps\/wp-json\/wp\/v2\/topic?post=72584"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
- \n
- \n
- \n
- \n
- \n
- \n
- \n
- \n
- \n
- \n
- \n
- \n