增加 OAuth2 授权码模式

YunaiV · YunaiV · commit c39271019c2a · 2020-06-25T19:44:58.000+08:00
diff --git a/lab-68/lab-68-demo02-authorization-server-with-authorization-code/pom.xml b/lab-68/lab-68-demo02-authorization-server-with-authorization-code/pom.xml
@@ -0,0 +1,55 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <parent>
+        <artifactId>lab-68</artifactId>
+        <groupId>cn.iocoder.springboot.labs</groupId>
+        <version>1.0-SNAPSHOT</version>
+    </parent>
+    <modelVersion>4.0.0</modelVersion>
+
+    <artifactId>lab-68-demo02-authorization-server-with-authorization-code</artifactId>
+
+    <properties>
+        <!-- 依赖相关配置 -->
+        <spring.boot.version>2.2.4.RELEASE</spring.boot.version>
+        <!-- 插件相关配置 -->
+        <maven.compiler.target>1.8</maven.compiler.target>
+        <maven.compiler.source>1.8</maven.compiler.source>
+    </properties>
+
+    <dependencyManagement>
+        <dependencies>
+            <dependency>
+                <groupId>org.springframework.boot</groupId>
+                <artifactId>spring-boot-starter-parent</artifactId>
+                <version>${spring.boot.version}</version>
+                <type>pom</type>
+                <scope>import</scope>
+            </dependency>
+        </dependencies>
+    </dependencyManagement>
+
+    <dependencies>
+        <!-- 实现对 Spring MVC 的自动配置 -->
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-web</artifactId>
+        </dependency>
+
+        <!-- 实现对 Spring Security 的自动配置 -->
+<!--        <dependency>-->
+<!--            <groupId>org.springframework.boot</groupId>-->
+<!--            <artifactId>spring-boot-starter-security</artifactId>-->
+<!--        </dependency>-->
+
+        <!-- 实现对 Spring Security OAuth2 的自动配置 -->
+        <dependency>
+            <groupId>org.springframework.security.oauth.boot</groupId>
+            <artifactId>spring-security-oauth2-autoconfigure</artifactId>
+            <version>${spring.boot.version}</version>
+        </dependency>
+    </dependencies>
+
+</project>
diff --git a/lab-68/lab-68-demo02-authorization-server-with-authorization-code/src/main/java/cn/iocoder/springboot/lab68/authorizationserverdemo/AuthorizationServerApplication.java b/lab-68/lab-68-demo02-authorization-server-with-authorization-code/src/main/java/cn/iocoder/springboot/lab68/authorizationserverdemo/AuthorizationServerApplication.java
@@ -0,0 +1,13 @@
+package cn.iocoder.springboot.lab68.authorizationserverdemo;
+
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+
+@SpringBootApplication
+public class AuthorizationServerApplication {
+
+    public static void main(String[] args) {
+        SpringApplication.run(AuthorizationServerApplication.class, args);
+    }
+
+}
diff --git a/lab-68/lab-68-demo02-authorization-server-with-authorization-code/src/main/java/cn/iocoder/springboot/lab68/authorizationserverdemo/config/OAuth2AuthorizationServerConfig.java b/lab-68/lab-68-demo02-authorization-server-with-authorization-code/src/main/java/cn/iocoder/springboot/lab68/authorizationserverdemo/config/OAuth2AuthorizationServerConfig.java
@@ -0,0 +1,48 @@
+package cn.iocoder.springboot.lab68.authorizationserverdemo.config;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
+import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
+import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
+import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
+import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;
+
+/**
+ * 授权服务器配置
+ */
+@Configuration
+@EnableAuthorizationServer
+public class OAuth2AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {
+
+    /**
+     * 用户认证 Manager
+     */
+    @Autowired
+    private AuthenticationManager authenticationManager;
+
+    @Override
+    public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
+        endpoints.authenticationManager(authenticationManager);
+    }
+
+    @Override
+    public void configure(AuthorizationServerSecurityConfigurer oauthServer) throws Exception {
+        oauthServer.checkTokenAccess("isAuthenticated()")
+//            .tokenKeyAccess("permitAll()")
+        ;
+    }
+
+    @Override
+    public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
+        clients.inMemory()
+                .withClient("clientapp").secret("112233") // Client 账号、密码。
+                .authorizedGrantTypes("authorization_code") // 授权码模式
+                .redirectUris("http://127.0.0.1:9090/callback") // 配置回调地址，选填。TODO 待修改
+                .scopes("read_userinfo", "read_contacts") // 可授权的 Scope
+//                .and().withClient() // 可以继续配置新的 Client
+                ;
+    }
+
+}
diff --git a/lab-68/lab-68-demo02-authorization-server-with-authorization-code/src/main/java/cn/iocoder/springboot/lab68/authorizationserverdemo/config/SecurityConfig.java b/lab-68/lab-68-demo02-authorization-server-with-authorization-code/src/main/java/cn/iocoder/springboot/lab68/authorizationserverdemo/config/SecurityConfig.java
@@ -0,0 +1,49 @@
+package cn.iocoder.springboot.lab68.authorizationserverdemo.config;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.config.BeanIds;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.crypto.password.NoOpPasswordEncoder;
+
+@Configuration
+@EnableWebSecurity
+public class SecurityConfig extends WebSecurityConfigurerAdapter {
+
+    @Override
+    @Bean(name = BeanIds.AUTHENTICATION_MANAGER)
+    public AuthenticationManager authenticationManagerBean() throws Exception {
+        return super.authenticationManagerBean();
+    }
+
+    @Bean
+    public static NoOpPasswordEncoder passwordEncoder() {
+        return (NoOpPasswordEncoder) NoOpPasswordEncoder.getInstance();
+    }
+
+    @Override
+    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+        auth.
+                // 使用内存中的 InMemoryUserDetailsManager
+                inMemoryAuthentication()
+                // 不使用 PasswordEncoder 密码编码器
+                .passwordEncoder(passwordEncoder())
+                // 配置 yunai 用户
+                .withUser("yunai").password("1024").roles("USER");
+    }
+
+//    @Override
+//    protected void configure(HttpSecurity http) throws Exception {
+//        http
+//                .authorizeRequests()
+//                .antMatchers("/oauth/**").permitAll() // 允许无权限访问
+//                .anyRequest().authenticated()
+//                .and()
+//                .formLogin().and()
+//                .httpBasic();
+//    }
+
+}
diff --git a/lab-68/lab-68-demo02-resource-server/src/main/java/cn/iocoder/springboot/lab68/resourceserverdemo/config/OAuth2ResourceServerConfig.java b/lab-68/lab-68-demo02-resource-server/src/main/java/cn/iocoder/springboot/lab68/resourceserverdemo/config/OAuth2ResourceServerConfig.java
@@ -17,6 +17,8 @@ public void configure(HttpSecurity http) throws Exception {
         http.authorizeRequests()
             // 设置 /login 无需权限访问
             .antMatchers("/login").permitAll()
+            /// 设置 /callback 无需权限访问
+            .antMatchers("/callback").permitAll()
             // 设置其它请求，需要认证后访问
             .anyRequest().authenticated()
             ;
diff --git a/lab-68/lab-68-demo02-resource-server/src/main/java/cn/iocoder/springboot/lab68/resourceserverdemo/controller/CallbackController.java b/lab-68/lab-68-demo02-resource-server/src/main/java/cn/iocoder/springboot/lab68/resourceserverdemo/controller/CallbackController.java
@@ -0,0 +1,44 @@
+package cn.iocoder.springboot.lab68.resourceserverdemo.controller;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.boot.autoconfigure.security.oauth2.OAuth2ClientProperties;
+import org.springframework.security.oauth2.client.OAuth2RestTemplate;
+import org.springframework.security.oauth2.client.token.grant.code.AuthorizationCodeAccessTokenProvider;
+import org.springframework.security.oauth2.client.token.grant.code.AuthorizationCodeResourceDetails;
+import org.springframework.security.oauth2.common.OAuth2AccessToken;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestParam;
+import org.springframework.web.bind.annotation.RestController;
+
+@RestController
+@RequestMapping("/")
+public class CallbackController {
+
+    @Autowired
+    private OAuth2ClientProperties oauth2ClientProperties;
+
+    @Value("${security.oauth2.access-token-uri}")
+    private String accessTokenUri;
+
+    @GetMapping("/callback")
+    public OAuth2AccessToken login(@RequestParam("code") String code) {
+        // 创建 ResourceOwnerPasswordResourceDetails 对象
+        AuthorizationCodeResourceDetails resourceDetails = new AuthorizationCodeResourceDetails();
+        resourceDetails.setAccessTokenUri(accessTokenUri);
+        resourceDetails.setClientId(oauth2ClientProperties.getClientId());
+        resourceDetails.setClientSecret(oauth2ClientProperties.getClientSecret());
+//        resourceDetails.setPreEstablishedRedirectUri();
+        // 创建
+        // 创建 OAuth2RestTemplate 对象
+        OAuth2RestTemplate restTemplate = new OAuth2RestTemplate(resourceDetails);
+        restTemplate.getOAuth2ClientContext().getAccessTokenRequest().setAuthorizationCode(code); // 设置 code
+        restTemplate.getOAuth2ClientContext().getAccessTokenRequest().setPreservedState("http://127.0.0.1:9090/callback"); // 设置 state
+        restTemplate.setAccessTokenProvider(new AuthorizationCodeAccessTokenProvider());
+        // 获取访问令牌
+        return restTemplate.getAccessToken();
+    }
+
+
+}
diff --git a/lab-68/pom.xml b/lab-68/pom.xml
@@ -15,6 +15,7 @@
         <module>lab-68-demo01-resource-owner-password-credentials-server</module>
         <module>lab-68-demo02-resource-server</module>
         <module>lab-68-demo02-authorization-server-with-resource-owner-password-credentials</module>
+        <module>lab-68-demo02-authorization-server-with-authorization-code</module>
     </modules>
 
 

Original file line number	Diff line number	Diff line change
`@@ -17,6 +17,8 @@ public void configure(HttpSecurity http) throws Exception {`
`17`	`17`	`http.authorizeRequests()`
`18`	`18`	`// 设置 /login 无需权限访问`
`19`	`19`	`.antMatchers("/login").permitAll()`
	`20`	`+ /// 设置 /callback 无需权限访问`
	`21`	`+ .antMatchers("/callback").permitAll()`
`20`	`22`	`// 设置其它请求，需要认证后访问`
`21`	`23`	`.anyRequest().authenticated()`
`22`	`24`	`;`