Spring Boot與OAuth2資源服務(wù)器配置

在Spring Boot中配置OAuth2資源服務(wù)器是一個(gè)相對(duì)直接的過程。以下是一個(gè)基本的步驟指南，幫助你完成這個(gè)配置。

1. 添加依賴

首先，在你的pom.xml文件中添加Spring Security和OAuth2相關(guān)的依賴：

<dependencies>
    <!-- Spring Boot Starter Web Security -->
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-security</artifactId>
    </dependency>

    <!-- Spring Boot Starter Web -->
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-web</artifactId>
    </dependency>

    <!-- Spring Boot Starter Test -->
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-test</artifactId>
        <scope>test</scope>
    </dependency>
</dependencies>

2. 配置資源服務(wù)器

創(chuàng)建一個(gè)新的類來配置你的資源服務(wù)器。這個(gè)類需要使用@Configuration注解，并且實(shí)現(xiàn)WebSecurityConfigurerAdapter接口。

import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;

@Configuration
@EnableResourceServer
public class ResourceServerConfig extends ResourceServerConfigurerAdapter {

    @Override
    public void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests()
            .antMatchers("/api/**").authenticated();
    }
}

在這個(gè)配置中，/api/**路徑下的所有請(qǐng)求都需要進(jìn)行身份驗(yàn)證。你可以根據(jù)需要調(diào)整這個(gè)路徑。

3. 配置授權(quán)服務(wù)器

為了完整性，這里也提供一個(gè)簡(jiǎn)單的授權(quán)服務(wù)器配置示例。你可以使用Spring Security OAuth2來配置一個(gè)授權(quán)服務(wù)器。

import org.springframework.context.annotation.Configuration;
import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configurers.OAuth2AccessDeniedHandler;
import org.springframework.security.oauth2.config.annotation.web.configurers.OAuth2LoginHandler;
import org.springframework.security.oauth2.provider.token.TokenStore;
import org.springframework.security.oauth2.provider.token.store.InMemoryTokenStore;

@Configuration
public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {

    @Override
    public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
        clients.inMemory()
            .withClient("client")
            .secret("{noop}secret")
            .authorizedGrantTypes("authorization_code", "refresh_token")
            .scopes("read", "write")
            .accessTokenValiditySeconds(3600) // 1 hour
            .refreshTokenValiditySeconds(2592000); // 30 days
    }

    @Override
    public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
        endpoints
            .tokenStore(tokenStore())
            .authenticationManager(authenticationManager);
    }

    @Override
    public void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests()
            .antMatchers("/oauth/token").permitAll()
            .anyRequest().authenticated();
    }

    @Bean
    public TokenStore tokenStore() {
        return new InMemoryTokenStore();
    }
}

4. 啟動(dòng)類

確保你有一個(gè)Spring Boot啟動(dòng)類來啟動(dòng)你的應(yīng)用程序。

import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;

@SpringBootApplication
public class Application {

    public static void main(String[] args) {
        SpringApplication.run(Application.class, args);
    }
}

總結(jié)

以上步驟展示了如何在Spring Boot中配置一個(gè)OAuth2資源服務(wù)器和一個(gè)簡(jiǎn)單的授權(quán)服務(wù)器。你可以根據(jù)需要進(jìn)一步調(diào)整和擴(kuò)展這些配置。確保你的授權(quán)服務(wù)器和客戶端配置正確，以便資源服務(wù)器能夠驗(yàn)證訪問令牌并保護(hù)你的資源。