本人在工作中需要构建这么一个后台框架,基于springboot,登录时认证使用自定义AuthenticationManager;同时支持Oauth2访问指定API接口,认证时的AuthenticationManager和登录规则不同。在研究了源码的基础上参考很多文章,目前基本得以解决。
@Configuration
public class OAuth2Configuration {
@SpringBootApplication
@RestController
@EnableResourceServer
@Configuration
@EnableAuthorizationServer
protected static class AuthorizationServerConfiguration extends AuthorizationServerConfigurerAdapter implements EnvironmentAware {
private static final String ENV_OAUTH = “authentication.oauth.”;
private static final String PROP_CLIENTID = “clientid”;
private static final String PROP_SECRET = “secret”;
private static final String PROP_TOKEN_VALIDITY_SECONDS = “tokenValidityInSeconds”;
private RelaxedPropertyResolver propertyResolver;
@Autowired
private DataSource dataSource;
@Bean
public TokenStore tokenStore() {
return new JdbcTokenStore(dataSource);
}
// @Autowired
// @Qualifier(“authenticationManagerBean”)
// private AuthenticationManager authenticationManager;
@Autowired
@Qualifier(“daoAuhthenticationOauthProvider”)
private AuthenticationProvider daoAuhthenticationOauthProvider;
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints)
throws Exception {
// @formatter:off
endpoints
.tokenStore(tokenStore())
.authenticationManager(new AuthenticationManager(){
@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
// TODO Auto-generated method stub
return daoAuhthenticationOauthProvider.authenticate(authentication);
}
});
// @formatter:on
}
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients
.inMemory()
.withClient(propertyResolver.getProperty(PROP_CLIENTID))
.scopes(“read”, “write”)
.authorities(Authorities.ROLE_CHANNEL.name())
.authorizedGrantTypes(“password”, “refresh_token”)
.secret(propertyResolver.getProperty(PROP_SECRET))
.accessTokenValiditySeconds(propertyResolver.getProperty(PROP_TOKEN_VALIDITY_SECONDS, Integer.class, 1800));
}
@Override
public void setEnvironment(Environment environment) {
this.propertyResolver = new RelaxedPropertyResolver(environment, ENV_OAUTH);
}
@Configuration
@EnableResourceServer
protected static class ResourceServerConfiguration extends ResourceServerConfigurerAdapter {
@Override
public void configure(HttpSecurity http) throws Exception {
http
.antMatcher(“/api/dev/**”)
.authorizeRequests()
.anyRequest()
.hasRole(“DEVELEPOR”)
.and()
.antMatcher(“/api/channel/**”)
.authorizeRequests()
.anyRequest()
.hasRole(“CHANNEL”);
}
}
}
}
以上是Oauth2的主要配置,SecurityConfiguration的配置就不贴了,大家可以去github上找资料,如何自定一个daoAuhthenticationProvider。
@Bean(name=”daoAuhthenticationProvider”)
public AuthenticationProvider daoAuhthenticationProvider() {
DaoAuthenticationProvider daoAuthenticationProvider = new DaoAuthenticationProvider();
daoAuthenticationProvider.setUserDetailsService(userDetailsService);
daoAuthenticationProvider.setHideUserNotFoundExceptions(false);
daoAuthenticationProvider.setPasswordEncoder(passwordEncoder);
return daoAuthenticationProvider;
}
@Bean(name=”daoAuhthenticationOauthProvider”)
public AuthenticationProvider daoAuhthenticationOauthProvider() {
DaoAuthenticationProvider daoAuthenticationProvider = new DaoAuthenticationProvider();
daoAuthenticationProvider.setUserDetailsService(userDetailsOauthService);
daoAuthenticationProvider.setHideUserNotFoundExceptions(false);
daoAuthenticationProvider.setPasswordEncoder(passwordEncoder);
return daoAuthenticationProvider;
}
@Override
public void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.authenticationProvider(daoAuhthenticationProvider());
// auth.authenticationProvider(daoAuhthenticationProvider1());
}
@Bean
@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
————————————————
版权声明:本文为CSDN博主「huhanguang89」的原创文章,遵循CC 4.0 BY-SA版权协议,转载请附上原文出处链接及本声明。
原文链接:https://blog.csdn.net/huhanguang89/article/details/62045095