Oauth2使用postman登录获取token
-
网关请求拦截-(CheckJwtFilter.java)
package com.xiaoge.config; import com.fasterxml.jackson.core.JsonProcessingException; import com.fasterxml.jackson.databind.ObjectMapper; import com.xiaoge.constant.GatewayConstant; import org.apache.commons.lang.StringUtils; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.cloud.gateway.filter.GatewayFilter; import org.springframework.cloud.gateway.filter.GatewayFilterChain; import org.springframework.cloud.gateway.filter.GlobalFilter; import org.springframework.context.annotation.Configuration; import org.springframework.core.Ordered; import org.springframework.core.io.buffer.DataBuffer; import org.springframework.core.io.buffer.DataBufferFactory; import org.springframework.data.redis.core.StringRedisTemplate; import org.springframework.http.HttpHeaders; import org.springframework.http.HttpStatus; import org.springframework.http.server.reactive.ServerHttpRequest; import org.springframework.http.server.reactive.ServerHttpResponse; import org.springframework.util.CollectionUtils; import org.springframework.web.server.ServerWebExchange; import reactor.core.publisher.Mono; import java.util.HashMap; import java.util.List; import java.util.Map; /** * @Classname CheckJwtFilter * @Date 2022/3/20 下午4:49 * @Created by xiaoge * @Description TODO */ @Configuration public class CheckJwtFilter implements GlobalFilter, Ordered { @Autowired private StringRedisTemplate redisTemplate; /** * 过滤请求, 判断是否有jwt, 有放行, 没拦截 * @param exchange * @param chain * @return */ @Override public Mono<Void> filter(ServerWebExchange exchange, GatewayFilterChain chain) { ServerHttpRequest request = exchange.getRequest(); // 获取路径 String path = request.getURI().getPath(); // 判断该路径是否在放行路径中 if (GatewayConstant.ALLOW_PATH.contains(path)) { return chain.filter(exchange); } // 判断该请求头中是否包含Authorization HttpHeaders headers = request.getHeaders(); List<String> list = headers.get(GatewayConstant.AUTHORIZATION); if (!CollectionUtils.isEmpty(list)) { String token = list.get(0); if (StringUtils.isNotBlank(token)) { String jwt = token.replace("bearer ", ""); if (StringUtils.isNotBlank(jwt)) { // 看redis是否还有该token Boolean hasKey = redisTemplate.hasKey(GatewayConstant.OAUTH_PREFIX + jwt); if(hasKey) { return chain.filter(exchange); } } } } // 这里就是没有 jwt 了,返回 401 ServerHttpResponse response = exchange.getResponse(); // 设置响应头 response.getHeaders().add("content-type", "application/json;charset=utf-8"); Map<String, Object> map = new HashMap<>(); map.put("code", HttpStatus.UNAUTHORIZED.value()); map.put("msg", "非法访问!"); ObjectMapper objectMapper = new ObjectMapper(); byte[] bytes = null; try { bytes = objectMapper.writeValueAsBytes(map); } catch (JsonProcessingException e) { e.printStackTrace(); } DataBuffer buffer = response.bufferFactory().wrap(bytes); return response.writeWith(Mono.just(buffer)); } /** * 执行顺序 越小越先 要比-1 小 * @return */ @Override public int getOrder() { return -2; } } -
网关配置把获取到的token存入redis-(GatewayConfig.java)它是把我们访问网关的路由转发到授权微服务
package com.xiaoge.config; import cn.hutool.json.JSONObject; import cn.hutool.json.JSONUtil; import com.xiaoge.constant.GatewayConstant; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.cloud.gateway.route.RouteLocator; import org.springframework.cloud.gateway.route.builder.RouteLocatorBuilder; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.data.redis.core.StringRedisTemplate; import reactor.core.publisher.Mono; import java.time.Duration; import java.util.concurrent.TimeUnit; /** * @Classname GatewayConfig * @Date 2022/3/20 下午5:18 * @Created by xiaoge * @Description TODO */ @Configuration public class GatewayConfig { @Autowired private StringRedisTemplate redisTemplate; /** * 描述: 给授权专门做的存入 token 路由 * * @param builder: * @return org.springframework.cloud.gateway.route.RouteLocator */ @Bean public RouteLocator routeLocator(RouteLocatorBuilder builder) { return builder .routes() .route("auth-server-router", r -> r.path("/oauth/**") .filters(f -> f.modifyResponseBody(String.class, String.class, (exchanges, s) -> { String path = exchanges.getRequest().getURI().getPath(); if ("/oauth/token".equals(path)) { //如果是登录的请求,那么得到的 s 就是 token 的一套 JSONObject jsonObject = JSONUtil.parseObj(s); // 判断jsonObject 是否包含access_token if (jsonObject.containsKey("access_token")) { //如果包含 access_token 就放进 redis 里面 // token值 String access_token = jsonObject.getStr("access_token"); // 过期时间 Long expires_in = jsonObject.getLong("expires_in"); // 存入redis中 redisTemplate.opsForValue().set(GatewayConstant.OAUTH_PREFIX + access_token, "", Duration.ofSeconds(expires_in)); } } return Mono.just(s); })).uri("lb://auth-server")) .build(); } } -
授权服务认证配置-(AuthorizationConfig.java)
package com.xiaoge.config; import com.xiaoge.service.impl.UserDetailsServiceImpl; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.core.io.ClassPathResource; import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.crypto.password.PasswordEncoder; import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer; import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter; import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer; import org.springframework.security.oauth2.provider.token.TokenStore; import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter; import org.springframework.security.oauth2.provider.token.store.JwtTokenStore; import org.springframework.security.oauth2.provider.token.store.KeyStoreKeyFactory; import java.security.KeyPair; /** * @Author: ZhangXiao * @DateTime: 2022/4/7 15:59 * @Description: * 1. token的存储 * 2. jwt的转换器 * 3. 第三方应用 * 4. endpoints暴露 */ @Configuration public class AuthorizationConfig extends AuthorizationServerConfigurerAdapter { @Autowired private PasswordEncoder passwordEncoder; @Autowired private AuthenticationManager authenticationManager; @Autowired private UserDetailsServiceImpl userDetailsService; /** * 使用 jwt 存放 token * @return */ @Bean public TokenStore tokenStore() { return new JwtTokenStore(jwtAccessTokenConverter()); } /** * 使用非对称加密的方式 * @return */ @Bean public JwtAccessTokenConverter jwtAccessTokenConverter() { JwtAccessTokenConverter jwtAccessTokenConverter = new JwtAccessTokenConverter(); // 把私钥读到内存中 ClassPathResource resource = new ClassPathResource("cxs-jwt.jks"); // 创建一个钥匙工厂 KeyStoreKeyFactory keyStoreKeyFactory = new KeyStoreKeyFactory(resource,"cxs123".toCharArray()); // 获取钥匙, 传入钥匙别名 KeyPair privateKey = keyStoreKeyFactory.getKeyPair("cxs-jwt"); // 设置进转换器里面 jwtAccessTokenConverter.setKeyPair(privateKey); return jwtAccessTokenConverter; } /** * 配置第三方应用 * password 只要是登录都用这个授权方式 * 客户端授权 用于微服务之间自发的进行远程调用时 资源服务器必须要token的情况, 当然也是可以放行服务提供者的接口的 * * * 描述: 一个 web 平台,用于第三方访问 * 一个 sxt 平台,内部访问的,例如 mq 里发起远程调用 * @param clients * @throws Exception */ @Override public void configure(ClientDetailsServiceConfigurer clients) throws Exception { clients.inMemory() // 配置第三方引用 .withClient("web") // 浏览器 .secret(passwordEncoder.encode("web-secret")) // 密码加密方式 .scopes("all") // 作用域 .authorizedGrantTypes("password") // 授权类型 密码授权 .accessTokenValiditySeconds(7200) // token的时间7200秒 .redirectUris("https://www.baidu.com") // token过期从定向地址 .and() // 上面是密码授权方式, 下面是客户端授权 .withClient("client") // 微服务之间自发的调用 .secret(passwordEncoder.encode("client-secret")) // 密码加密方式 .scopes("read") // 只读 业务方面的一个配置 .authorizedGrantTypes("client_credentials") // 授权类型 客户端授权 .accessTokenValiditySeconds(Integer.MAX_VALUE) // token过期时间 66年 .redirectUris("https://www.baidu.com"); // token过期从定向地址 } /** * 暴露出去 * @param endpoints * @throws Exception */ @Override public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception { endpoints .userDetailsService(userDetailsService) // 暴露密码登录实现类 .authenticationManager(authenticationManager) // 暴露密码登录需要的认证管理器 .tokenStore(tokenStore()) // 暴露tokenStore .accessTokenConverter(jwtAccessTokenConverter()); // 暴露jwt转换器 super.configure(endpoints); } } -
授权服务安全配置-(WebSecurityConfig.java)
package com.xiaoge.config; import com.xiaoge.service.impl.UserDetailsServiceImpl; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; /** * @Author: ZhangXiao * @DateTime: 2022/4/7 15:56 * @Description: */ @Configuration public class WebSecurityConfig extends WebSecurityConfigurerAdapter { @Autowired private UserDetailsServiceImpl userDetailsService; /** * 认证管理器 密码登录需要认证管理器 * @return * @throws Exception */ @Bean public AuthenticationManager authenticationManager() throws Exception { return super.authenticationManager(); } /** * 走自己的登录 密码登录需要的 * @param auth * @throws Exception */ @Override protected void configure(AuthenticationManagerBuilder auth) throws Exception { //走自己的登录 auth.userDetailsService(userDetailsService); } } -
授权服务登录-(UserDetailsServiceImpl.java)
package com.xiaoge.service.impl; import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper; import com.xiaoge.constant.AuthConstant; import com.xiaoge.domain.SysUser; import com.xiaoge.mapper.SysUserMapper; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.core.userdetails.UsernameNotFoundException; import org.springframework.stereotype.Service; import org.springframework.util.CollectionUtils; import org.springframework.util.ObjectUtils; import org.springframework.util.StringUtils; import org.springframework.web.context.request.RequestContextHolder; import org.springframework.web.context.request.ServletRequestAttributes; import javax.servlet.http.HttpServletRequest; import java.util.List; /** * @Author: ZhangXiao * @DateTime: 2022/4/7 16:10 * @Description: */ @Service public class UserDetailsServiceImpl implements UserDetailsService { @Autowired private SysUserMapper sysUserMapper; /** * 登录方法 * @param username * @return * @throws UsernameNotFoundException */ @Override public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException { // 获取request ServletRequestAttributes requestAttributes = (ServletRequestAttributes) RequestContextHolder.getRequestAttributes(); HttpServletRequest request = requestAttributes.getRequest(); // 获取请求头信息 String loginType = request.getHeader(AuthConstant.LOGIN_TYPE); if (StringUtils.isEmpty(loginType)) { return null; } // 选择 switch (loginType) { case AuthConstant.SYS_USER: // 后台用户 就查后台的sys_user表 SysUser sysUser = sysUserMapper.selectOne(new LambdaQueryWrapper<SysUser>().eq( SysUser::getUsername, username )); if (!ObjectUtils.isEmpty(sysUser)) { // 查询权限 List<String> auths = sysUserMapper.findUserAuthsById(sysUser.getUserId()); if (!CollectionUtils.isEmpty(auths)) { // 设置权限 sysUser.setAuths(auths); } } return sysUser; case AuthConstant.MEMBER: // 前台用户 return null; default: return null; } } } -
授权服务启动类-(AuthServerApplication.class) (一定要加这个认证注解EnableAuthorizationServer, 因为WebSecurityConfig配置了认证管理器)文章来源:https://www.toymoban.com/news/detail-400303.html
package com.xiaoge; import org.mybatis.spring.annotation.MapperScan; import org.springframework.boot.SpringApplication; import org.springframework.boot.autoconfigure.SpringBootApplication; import org.springframework.cloud.netflix.eureka.EnableEurekaClient; import org.springframework.context.annotation.Bean; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import org.springframework.security.crypto.password.PasswordEncoder; import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer; /** * @Author: ZhangXiao * @DateTime: 2022/4/7 15:36 * @Description: */ @SpringBootApplication @EnableAuthorizationServer // 开启授权服务器 @EnableEurekaClient // 开启eureka客户端 @MapperScan(basePackages = "com.xiaoge.mapper") public class AuthServerApplication { public static void main(String[] args) { SpringApplication.run(AuthServerApplication.class, args); } /** * 密码加密器 * @return */ @Bean public PasswordEncoder passwordEncoder(){ return new BCryptPasswordEncoder(); } } -
postman-Authorization(web web-secret grant_type(认证方式)是AuthorizationConfig类中配置的)
源码地址:https://gitee.com/xiaogectwbq/ego-shop-cloud文章来源地址https://www.toymoban.com/news/detail-400303.html
到了这里,关于Oauth2使用postman登录获取token的文章就介绍完了。如果您还想了解更多内容,请在右上角搜索TOY模板网以前的文章或继续浏览下面的相关文章,希望大家以后多多支持TOY模板网!
