生活随笔
收集整理的這篇文章主要介紹了
Spring SAS 0.2.0 上手教程
小編覺得挺不錯的,現在分享給大家,幫大家做個參考.
正式上市 || SAS 0.2.0 上手教程
背景
-
Spring Authorization Server (以下簡稱 SAS)是 Spring 團隊最新開發適配 OAuth 協議的授權服務器項目,旨在替代原有的 Spring Security OAuth Server。
-
經過半年的開發和孵化,目前已經發布了 0.2.0 版本,已支持授權碼、客戶端、刷新、注銷等 OAuth 協議。
-
目前 SAS 項目已經遷移至官方正式倉庫維護,成為官方的正式子項目。
-
筆者年初 《新年開箱 | Spring Authorization Server 全新的授權服務器上手
》文章已經不適配當前版本,所以特寫整合上手文章。
-
本文環境基于 Spring Boot 2.5.3 && SAS 0.2.0
開始上手
1. 核心依賴
- 這里需要 SAS 、Security, 注意看注釋
<dependency><groupId>org.springframework.security
</groupId><artifactId>spring-security-oauth2-authorization-server
</artifactId><version>0.2.0
</version>
</dependency>
<dependency><groupId>org.springframework.boot
</groupId><artifactId>spring-boot-starter-security
</artifactId>
</dependency>
2. 配置 security 安全認證
@EnableWebSecurity
public class DefaultSecurityConfig {@BeanUserDetailsService users() {UserDetails user
= User.builder().username("lengleng").password("{noop}123456").roles("USER").build();return new InMemoryUserDetailsManager(user
);}@BeanSecurityFilterChain defaultSecurityFilterChain(HttpSecurity http
) throws Exception {http
.authorizeRequests(authorizeRequests
->authorizeRequests
.anyRequest().authenticated()).formLogin(withDefaults());return http
.build();}
}
3. 配置 SAS 服務器
@Configuration
@EnableWebSecurity
public class AuthServerConfiguration {@Bean@Order(Ordered.HIGHEST_PRECEDENCE
)public SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http
) throws Exception {OAuth2AuthorizationServerConfiguration.applyDefaultSecurity(http
);return http
.formLogin(Customizer.withDefaults()).build();}@Beanpublic RegisteredClientRepository registeredClientRepository() {RegisteredClient client
= RegisteredClient.withId("pig").clientId("pig").clientSecret("{noop}pig").clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_BASIC
).authorizationGrantTypes(authorizationGrantTypes
-> {authorizationGrantTypes
.add(AuthorizationGrantType.AUTHORIZATION_CODE
);authorizationGrantTypes
.add(AuthorizationGrantType.REFRESH_TOKEN
);}).redirectUri("https://pig4cloud.com").build();return new InMemoryRegisteredClientRepository(client
);}@Bean@SneakyThrowspublic JWKSource<SecurityContext> jwkSource() {....}@Beanpublic static JwtDecoder jwtDecoder(JWKSource<SecurityContext> jwkSource
) {...}
}
測試運行
通過以上配置即可搭建完成 SAS 服務端,我們以授權碼模式測試
http://localhost:3000/oauth2/authorize?client_id
=pig
&client_secret=pig
&response_type=code
&redirect_uri=https://pig4cloud.com
-
- 輸入賬號密碼后,會攜帶 code 自動回調至目標頁面
curl --location --request POST
'http://localhost:3000/oauth2/token' \
> --header
'Authorization: Basic cGlnOnBpZw==' \
> --header
'Content-Type: application/x-www-form-urlencoded' \
> --data-urlencode
'grant_type=authorization_code' \
> --data-urlencode
'code=dn0GmDB-4hAfg-Kc9luUkuqZn4keJF9ZkUTlmcSRnYn8uzfEV9Ih429MH-9O77TPEVqPxXAJLPgxq-znOpiI-28Sek305db8Rezd46ods95FrjCSMq_HAswCtAJV4Vrt' \
> --data-urlencode
'redirect_uri=https://pig4cloud.com'
{"access_token":"eyJraWQiOiI2YmU4YzhlYi0wNDA2LTQxZGMtOGE2ZS0xOWZmNThlYzY4MTIiLCJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJsZW5nbGVuZyIsImF1ZCI6InBpZyIsIm5iZiI6MTYyOTM2OTcwMSwiZXhwIjoxNjI5MzcwMDAxLCJpYXQiOjE2MjkzNjk3MDF9.Vb_1kGTqRTejBN8aPRFZPs_3cAa7jFC7XPuG4pPptpTtVbso0iHE5ghuNfFAk3DO4vDBjokYSWwNBfj9RuiwI5ElWbbK71leE8BAGpQa35pKYoKgXybf92KWbNIxHI3BXuQww8iWtQI5_xgNUWVJ6sx0uI4f5hA_vGZEM0vHza0FZZWPAFt9X6j_R0tmu0JPnnnQ2sTQyFJUzQomqbF1OpZaJi3_HjnjX7g_Z-NdJi-1s9jItNtzaaYzkyXnhmKLQoEq-OVxOOL0C2hP_bAZ1dy39HDUHuosxtGPsw49wWuqZQTcMbr9YojbyUMkR7k30zAAByjUmkXzjaS4T-EIaA",
"refresh_token":"YlxCAnSyvtq1HcKqE3D3o-P_lT90wxdRQ6jfWbwQoKQaeFUZr51gQQQawSfpUUH4yf9kW51v7ENH2o4pDot7yIeN2tljVpKU6zuolj6gFKq0uDA6KkDDz54cDzfx1aw4",
"token_type":"Bearer",
"expires_in":"299"}
curl --location --request POST
'http://localhost:3000/oauth2/token' \
> --header
'Authorization: Basic cGlnOnBpZw==' \
> --header
'Content-Type: application/x-www-form-urlencoded' \
> --data-urlencode
'grant_type=authorization_code' \
> --data-urlencode
'code=dn0GmDB-4hAfg-Kc9luUkuqZn4keJF9ZkUTlmcSRnYn8uzfEV9Ih429MH-9O77TPEVqPxXAJLPgxq-znOpiI-28Sek305db8Rezd46ods95FrjCSMq_HAswCtAJV4Vrt' \
> --data-urlencode
'redirect_uri=https://pig4cloud.com'
{"access_token":"eyJraWQiOiI2YmU4YzhlYi0wNDA2LTQxZGMtOGE2ZS0xOWZmNThlYzY4MTIiLCJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJsZW5nbGVuZyIsImF1ZCI6InBpZyIsIm5iZiI6MTYyOTM2OTcwMSwiZXhwIjoxNjI5MzcwMDAxLCJpYXQiOjE2MjkzNjk3MDF9.Vb_1kGTqRTejBN8aPRFZPs_3cAa7jFC7XPuG4pPptpTtVbso0iHE5ghuNfFAk3DO4vDBjokYSWwNBfj9RuiwI5ElWbbK71leE8BAGpQa35pKYoKgXybf92KWbNIxHI3BXuQww8iWtQI5_xgNUWVJ6sx0uI4f5hA_vGZEM0vHza0FZZWPAFt9X6j_R0tmu0JPnnnQ2sTQyFJUzQomqbF1OpZaJi3_HjnjX7g_Z-NdJi-1s9jItNtzaaYzkyXnhmKLQoEq-OVxOOL0C2hP_bAZ1dy39HDUHuosxtGPsw49wWuqZQTcMbr9YojbyUMkR7k30zAAByjUmkXzjaS4T-EIaA",
"refresh_token":"YlxCAnSyvtq1HcKqE3D3o-P_lT90wxdRQ6jfWbwQoKQaeFUZr51gQQQawSfpUUH4yf9kW51v7ENH2o4pDot7yIeN2tljVpKU6zuolj6gFKq0uDA6KkDDz54cDzfx1aw4",
"token_type":"Bearer",
"expires_in":"299"}% lengleng@MacBook-Pro ~/Downloads/auth-server-demo password ± lengleng@MacBook-Pro ~/Downloads/auth-server-demo password ±
curl --location --request POST
'http://localhost:3000/oauth2/token' \
> --header
'Authorization: Basic cGlnOnBpZw==' \
> --header
'Content-Type: application/x-www-form-urlencoded' \
> --data-urlencode
'grant_type=refresh_token' \
> --data-urlencode
'refresh_token=YlxCAnSyvtq1HcKqE3D3o-P_lT90wxdRQ6jfWbwQoKQaeFUZr51gQQQawSfpUUH4yf9kW51v7ENH2o4pDot7yIeN2tljVpKU6zuolj6gFKq0uDA6KkDDz54cDzfx1aw4' \
>
{"access_token":"eyJraWQiOiI2YmU4YzhlYi0wNDA2LTQxZGMtOGE2ZS0xOWZmNThlYzY4MTIiLCJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJsZW5nbGVuZyIsImF1ZCI6InBpZyIsIm5iZiI6MTYyOTM2OTc2OSwiZXhwIjoxNjI5MzcwMDY5LCJpYXQiOjE2MjkzNjk3Njl9.dj_ktchQnTKRXGSQK7EZ3FAdz8StPOo27rURdCI8FN6jM3RFRD0s67v4LB1SRexl5KKHPuH6yYHhlr_u0um8ZpeQIrkumA2COukJAzy5O3SLsBYvLqipz-Ea9h9RZvC7EQZG-AbVJ378X214WxdsOYj1UPTv4Iegy4QsgERJSijINrCQZc0msHqSWIc_p61o2KIc8qaekrkZgY_JqCOz8K7x6drKvJ5gyWc9CyzeOrob5WrJfQGqqhjwjTl76g-9YyZ5Q97LX5lKRh8HOU6AUgKCyd4Jdol6PR6CkYd3gd4kyd5Ra7c3GbhzGUaxDrez79NDPx0aRAB9GA9mSohtsw",
"refresh_token":"YlxCAnSyvtq1HcKqE3D3o-P_lT90wxdRQ6jfWbwQoKQaeFUZr51gQQQawSfpUUH4yf9kW51v7ENH2o4pDot7yIeN2tljVpKU6zuolj6gFKq0uDA6KkDDz54cDzfx1aw4",
"token_type":"Bearer",
"expires_in":"299"}%
撤銷令牌
curl --location --request POST
'http://localhost:3000/oauth2/revoke' \
--header
'Authorization: Basic cGlnOnBpZw==' \
--header
'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode
'token=eyJraWQiOiI0NmM3Zjk0OS01NmZmLTRlMjgtYmI4Zi0wNjZjYWU4ODllNDkiLCJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJsZW5nbGVuZyIsImF1ZCI6InBpZyIsIm5iZiI6MTYyOTM0MzM4NiwiZXhwIjoxNjI5MzQzNjg2LCJpYXQiOjE2MjkzNDMzODZ9.avRZ9NuybP8bqenEstvDq3SAKuSI6Y3ihh2PqeiQvwkUAWBPY6N9JCaxJllKhrcS6OgL76I38Yvt0B1ICMFistqemWl1rxQUB2aXpZuTwnPjxtxV6deDxyr--Y1w7I9jVpT5jnaqOXDIZ6dhIlUCfqBPT9a4DmwuEsz5H60KUO-NbMM66DPDxvTgauuylhrjiPQgaDyaxFHbtdw6qq_pgFI023fkIASodauCFiUcl64HKV3or9B3OkXW0EgnA553ofTbgz0hlROMfee15wuzOAXTUkhlUOjjosuEslimT9vFM9wtRza4o864Gi_j_zIhIoSSmRfUScXTgt9aZT1xlQ' \
--data-urlencode
'token_type_hint=access_token'
curl --location --request POST
'http://localhost:3000/oauth2/revoke' \
--header
'Authorization: Basic cGlnOnBpZw==' \
--header
'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode
'token=ku4R4n7YD1f584KXj4k_3GP9o-HbdY-PDIIh-twPVJTmvHa5mLIoifaNhbBvFNBbse6_wAMcRoOWuVs9qeBWpxQ5zIFrF1A4g1Q7LhVAfH1vo9Uc7WL3SP3u82j0XU5x' \
--data-urlencode
'token_type_hint=refresh_token'
下期預告
SAS 是 OAuth 2.1 協議的實現,不支持密碼模式。 那么怎么擴展實現呢 ?下一篇文章我會分享擴展實現密碼模式,歡迎關注。
本文源碼: https://github.com/lltx/auth-server-demo
總結
以上是生活随笔為你收集整理的Spring SAS 0.2.0 上手教程的全部內容,希望文章能夠幫你解決所遇到的問題。
如果覺得生活随笔網站內容還不錯,歡迎將生活随笔推薦給好友。
