github仓库地址:https://github.com/Sjj1024/SpringCloudDemo
目录结构:
pom文件:
- <?xml version="1.0" encoding="UTF-8"?>
- <project xmlns="http://maven.apache.org/POM/4.0.0"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
- <parent>
- <artifactId>springcloud1</artifactId>
- <groupId>org.example</groupId>
- <version>1.0-SNAPSHOT</version>
- </parent>
- <modelVersion>4.0.0</modelVersion>
- <artifactId>springcloud-oauth-order-8004</artifactId>
- <dependencies>
- <dependency>
- <groupId>org.springframework.cloud</groupId>
- <artifactId>spring-cloud-dependencies</artifactId>
- <version>Finchley.RELEASE</version>
- <type>pom</type>
- <scope>import</scope>
- </dependency>
- <dependency>
- <groupId>org.springframework.boot</groupId>
- <artifactId>spring-boot-starter-web</artifactId>
- <version>2.1.4.RELEASE</version>
- </dependency>
- <dependency>
- <groupId>org.springframework.boot</groupId>
- <artifactId>spring-boot-test</artifactId>
- </dependency>
- <dependency>
- <groupId>org.springframework.cloud</groupId>
- <artifactId>spring-cloud-netflix-eureka-client</artifactId>
- </dependency>
- <!-- https://mvnrepository.com/artifact/org.springframework.boot/spring-boot-starter-security -->
- <dependency>
- <groupId>org.springframework.boot</groupId>
- <artifactId>spring-boot-starter-security</artifactId>
- </dependency>
- <!-- https://mvnrepository.com/artifact/org.springframework.cloud/spring-cloud-starter-oauth2 -->
- <dependency>
- <groupId>org.springframework.cloud</groupId>
- <artifactId>spring-cloud-starter-oauth2</artifactId>
- </dependency>
- <!-- https://mvnrepository.com/artifact/org.springframework.security/spring-security-jwt -->
- <dependency>
- <groupId>org.springframework.security</groupId>
- <artifactId>spring-security-jwt</artifactId>
- </dependency>
- </dependencies>
- </project>
Mysecurityconfig配置:
- package com.shen.config;
- import org.springframework.context.annotation.Configuration;
- import org.springframework.security.config.annotation.web.builders.HttpSecurity;
- import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
- @Configuration
- public class MySecurityConfg extends WebSecurityConfigurerAdapter {
- @Override
- protected void configure(HttpSecurity http) throws Exception {
- // 决定那些请求被拦截
- http
- .csrf().disable()
- .authorizeRequests()
- .antMatchers("/css/**", "/js/**", "/fonts/**", "/index").permitAll() //都可以访问
- .antMatchers("/order/**").authenticated() // 所有order下的请求都要认证
- .anyRequest().permitAll(); // 其他请求都可以访问
- // .and()
- // .formLogin()
- // .loginProcessingUrl("/login")
- // .permitAll()// 表单登录允许任意权限访问
- // .and()
- // .logout().permitAll();// 注销操作允许任意权限访问
- }
- }
resourceconfig配置:
- package com.shen.config;
- import org.springframework.beans.factory.annotation.Autowired;
- import org.springframework.context.annotation.Bean;
- import org.springframework.context.annotation.Configuration;
- import org.springframework.security.config.annotation.web.builders.HttpSecurity;
- import org.springframework.security.config.http.SessionCreationPolicy;
- import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
- import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurer;
- import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
- import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;
- import org.springframework.security.oauth2.provider.token.RemoteTokenServices;
- import org.springframework.security.oauth2.provider.token.ResourceServerTokenServices;
- import org.springframework.security.oauth2.provider.token.TokenStore;
- import java.rmi.Remote;
- @Configuration
- @EnableResourceServer
- public class ResouceServeCongie extends ResourceServerConfigurerAdapter {
- // 配置资源ID
- public static final String RESOURCE_ID = "resource1";
- // // 配置令牌验证的服务
- // @Bean
- // public ResourceServerTokenServices tokenServices(){
- // RemoteTokenServices services = new RemoteTokenServices();
- // services.setCheckTokenEndpointUrl("http://localhost:8003/oauth/check_token");
- // services.setClientId("client1");
- // services.setClientSecret("secret");
- // return services;
- // }
- // 注入本地验证的配置类
- @Autowired
- TokenStore tokenStore;
- // 配置资源服务
- @Override
- public void configure(ResourceServerSecurityConfigurer resources){
- resources.resourceId(RESOURCE_ID)
- // .tokenServices(tokenServices()) // 验证令牌的服务
- .tokenStore(tokenStore) // 使用远程校验令牌的服务
- .stateless(true);
- }
- // 配置HTTP服务
- public void configure(HttpSecurity http) throws Exception {
- http.
- authorizeRequests()
- .antMatchers("/**").access("#oauth2.hasScope('all')")
- .and().csrf().disable()
- .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
- }
- }
Tokenconfig配置:
- package com.shen.config;
- import org.springframework.context.annotation.Bean;
- import org.springframework.context.annotation.Configuration;
- import org.springframework.security.oauth2.provider.token.TokenStore;
- import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter;
- import org.springframework.security.oauth2.provider.token.store.JwtTokenStore;
- @Configuration
- public class TokenConfig {
- // 使用本地校验token的方式,所以需要配置单独的令牌校验服务
- // 配置JWT令牌的相关配置
- // 配置**
- private String SIGNING_KEY = "uaa_authorization";
- // 配置JWT存储方案
- @Bean
- public TokenStore tokenStore(){
- return new JwtTokenStore(accessTokenConverter());
- }
- // 配置生成JWT令牌的过程
- @Bean
- public JwtAccessTokenConverter accessTokenConverter(){
- JwtAccessTokenConverter converter = new JwtAccessTokenConverter();
- converter.setSigningKey(SIGNING_KEY);
- return converter;
- }
- }
获取到的token: