詳解spring cloud ouath2中的資源服務器
資源服務器就是業務服務 如用戶服務,訂單服務等 第三方需要到資源服務器調用接口獲取資源
ResourceServerConfig
ResourceServerConfig是資源服務器的核心配置 用於驗證token 與網關配置相似
其中.antMatchers(“/**”).access(“#oauth2.hasScope(‘user’)”) 需要oauth_client_details表的scope配合 意思是訪問所有資源 需要客戶端有scope需要有user
@Configuration @EnableResourceServer // 標識為資源服務器,請求服務中的資源,就要帶著token過來,找不到token或token是無效訪問不瞭資源 @EnableGlobalMethodSecurity(prePostEnabled = true) // 開啟方法級別權限控制 public class ResourceServerConfig extends ResourceServerConfigurerAdapter implements CommandLineRunner { private final static Logger logger = LoggerFactory.getLogger(ResourceServerConfig.class); public static final String RESOURCE_ID = "user"; /** * 權限不足返回給前端json */ @Autowired private CustomAccessDeniedHandlerConfig customAccessDeniedHandlerConfig; @Autowired private TokenStore tokenStore; /** * token無效返回前段json */ @Autowired private AuthExceptionEntryPointConfig authExceptionEntryPointConfig; @Override public void configure(ResourceServerSecurityConfigurer resources) throws Exception { // 當前資源服務器的資源id,認證服務會認證客戶端有沒有訪問這個資源id的權限,有則可以訪問當前服務 resources.tokenStore(tokenStore).resourceId(RESOURCE_ID) // token無效異常的處理 .authenticationEntryPoint(authExceptionEntryPointConfig) // 權限不足異常處理類 .accessDeniedHandler(customAccessDeniedHandlerConfig) // 會話機制stateless開啟 .stateless(true); } @Override public void configure(HttpSecurity http) throws Exception { http.sessionManagement() // SpringSecurity不會使用也不會創建HttpSession實例 因為整個oauth2後使用token .sessionCreationPolicy(SessionCreationPolicy.STATELESS).and().authorizeRequests() // 開放swagger請求 .antMatchers("/swagger-ui.html", "/webjars/**", "/swagger-resources/**","/v2/**").permitAll() // 所有請求,都需要有all范圍(scope) .antMatchers("/**").access("#oauth2.hasScope('user')"). anyRequest().authenticated().and().csrf() .disable(); } @Bean public PasswordEncoder passwordEncoder() { return new BCryptPasswordEncoder(); } }
AuthExceptionEntryPointConfig,CustomAccessDeniedHandlerConfig
用於異常返回前端json
@Component public class CustomAccessDeniedHandlerConfig implements AccessDeniedHandler { @Override public void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException accessDeniedException) throws IOException, ServletException { response.setStatus(HttpStatus.OK.value()); response.setHeader("Content-Type", "application/json;charset=UTF-8"); try { Result result = new Result(403, "權限不足"); response.getWriter().write(new ObjectMapper().writeValueAsString(result)); } catch (IOException e) { e.printStackTrace(); } } }
@Component public class AuthExceptionEntryPointConfig implements AuthenticationEntryPoint{ private final static Logger logger = LoggerFactory.getLogger(AuthExceptionEntryPointConfig.class); @Value("${security.redirect-url}") private String redirectUrl; @Override public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authException) { Throwable cause = authException.getCause(); response.setStatus(HttpStatus.OK.value()); response.setHeader("Content-Type", "application/json;charset=UTF-8"); Result result; try { if (cause instanceof InvalidTokenException) { result = new Result(402, "認證失敗,無效或過期token"); response.getWriter().write(new ObjectMapper().writeValueAsString(result)); } else { result = new Result(401, "認證失敗,沒有攜帶token"); response.sendRedirect(redirectUrl); } } catch (IOException e) { e.printStackTrace(); } } }
TokenConfig
不多說
@Configuration public class TokenConfig{ /** * 使用redis存儲 */ @Autowired private RedisConnectionFactory redisConnectionFactory; @Bean public TokenStore tokenStore() { return new RedisTokenStore(redisConnectionFactory); } }
application.yml
那麼小夥伴又問瞭 既然網關驗證token的有效性 那麼資源服務器是不是就不用驗證啦 答案是否 因為不添加配置 會報錯 同樣需要在application中添加以下配置
其他配置也spirng boot為準 這裡不多說
security: oauth2: client: client-id: user-vue client-secret: 1234 resource: token-info-uri: http://localhost:8001/oauth/check_token
到此這篇關於spring cloud ouath2中的資源服務器的文章就介紹到這瞭,更多相關spring cloud ouath2資源服務器內容請搜索WalkonNet以前的文章或繼續瀏覽下面的相關文章希望大傢以後多多支持WalkonNet!
推薦閱讀:
- SpringBoot Security的自定義異常處理
- SpringSecurityOAuth2 如何自定義token信息
- Springboot開發OAuth2認證授權與資源服務器操作
- 基於spring-security 401 403錯誤自定義處理方案
- Spring Cloud OAuth2實現自定義token返回格式