|
@@ -0,0 +1,145 @@
|
|
1
|
+package com.yaozhitech.spring5.config;
|
|
2
|
+
|
|
3
|
+import org.springframework.context.annotation.Configuration;
|
|
4
|
+
|
|
5
|
+@Configuration
|
|
6
|
+public class AuthorizationServerConfig {
|
|
7
|
+
|
|
8
|
+// @Bean
|
|
9
|
+// SecurityWebFilterChain configure(ServerHttpSecurity http) throws Exception {
|
|
10
|
+// http
|
|
11
|
+// // ...
|
|
12
|
+// .oauth2Client(withDefaults());
|
|
13
|
+// return http.build();
|
|
14
|
+// }
|
|
15
|
+
|
|
16
|
+// @Autowired
|
|
17
|
+// @Qualifier("authenticationManagerBean")
|
|
18
|
+// private AuthenticationManager authenticationManager;
|
|
19
|
+//
|
|
20
|
+// @Qualifier("dataSource")
|
|
21
|
+// @Autowired
|
|
22
|
+// DataSource dataSource;
|
|
23
|
+//
|
|
24
|
+// @Autowired
|
|
25
|
+// @Qualifier("userDetailsService")
|
|
26
|
+// UserDetailsService userDetailsService;
|
|
27
|
+//
|
|
28
|
+// /**
|
|
29
|
+// * jwt 对称加密密钥
|
|
30
|
+// */
|
|
31
|
+// @Value("${spring.security.oauth2.jwt.signingKey}")
|
|
32
|
+// private String signingKey;
|
|
33
|
+//
|
|
34
|
+// @Override
|
|
35
|
+// public void configure(AuthorizationServerSecurityConfigurer oauthServer) {
|
|
36
|
+// // 支持将client参数放在header或body中
|
|
37
|
+// oauthServer.allowFormAuthenticationForClients();
|
|
38
|
+// oauthServer.tokenKeyAccess("isAuthenticated()")
|
|
39
|
+// .checkTokenAccess("permitAll()");
|
|
40
|
+// }
|
|
41
|
+//
|
|
42
|
+// @Override
|
|
43
|
+// public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
|
|
44
|
+// // 配置客户端信息,从数据库中读取,对应oauth_client_details表
|
|
45
|
+// clients.jdbc(dataSource);
|
|
46
|
+// }
|
|
47
|
+//
|
|
48
|
+// @Override
|
|
49
|
+// public void configure(AuthorizationServerEndpointsConfigurer endpoints) {
|
|
50
|
+// // 配置token的数据源、自定义的tokenServices等信息,配置身份认证器,配置认证方式,TokenStore,TokenGranter,OAuth2RequestFactory
|
|
51
|
+// endpoints.tokenStore(tokenStore())
|
|
52
|
+// .authorizationCodeServices(authorizationCodeServices())
|
|
53
|
+// .approvalStore(approvalStore())
|
|
54
|
+// .exceptionTranslator(customExceptionTranslator())
|
|
55
|
+// .tokenEnhancer(tokenEnhancerChain())
|
|
56
|
+// .authenticationManager(authenticationManager)
|
|
57
|
+// .userDetailsService(userDetailsService)
|
|
58
|
+// //update by joe_chen add granter
|
|
59
|
+// .tokenGranter(tokenGranter(endpoints));
|
|
60
|
+//
|
|
61
|
+// }
|
|
62
|
+//
|
|
63
|
+// /**
|
|
64
|
+// * 自定义OAuth2异常处理
|
|
65
|
+// *
|
|
66
|
+// * @return CustomWebResponseExceptionTranslator
|
|
67
|
+// */
|
|
68
|
+// @Bean
|
|
69
|
+// public WebResponseExceptionTranslator<OAuth2Exception> customExceptionTranslator() {
|
|
70
|
+// return new CustomWebResponseExceptionTranslator();
|
|
71
|
+// }
|
|
72
|
+//
|
|
73
|
+// /**
|
|
74
|
+// * 授权信息持久化实现
|
|
75
|
+// *
|
|
76
|
+// * @return JdbcApprovalStore
|
|
77
|
+// */
|
|
78
|
+// @Bean
|
|
79
|
+// public ApprovalStore approvalStore() {
|
|
80
|
+// return new JdbcApprovalStore(dataSource);
|
|
81
|
+// }
|
|
82
|
+//
|
|
83
|
+// /**
|
|
84
|
+// * 授权码模式持久化授权码code
|
|
85
|
+// *
|
|
86
|
+// * @return JdbcAuthorizationCodeServices
|
|
87
|
+// */
|
|
88
|
+// @Bean
|
|
89
|
+// protected AuthorizationCodeServices authorizationCodeServices() {
|
|
90
|
+// // 授权码存储等处理方式类,使用jdbc,操作oauth_code表
|
|
91
|
+// return new JdbcAuthorizationCodeServices(dataSource);
|
|
92
|
+// }
|
|
93
|
+//
|
|
94
|
+// /**
|
|
95
|
+// * token的持久化
|
|
96
|
+// *
|
|
97
|
+// * @return JwtTokenStore
|
|
98
|
+// */
|
|
99
|
+// @Bean
|
|
100
|
+// public TokenStore tokenStore() {
|
|
101
|
+// return new JwtTokenStore(accessTokenConverter());
|
|
102
|
+// }
|
|
103
|
+//
|
|
104
|
+// /**
|
|
105
|
+// * 自定义token
|
|
106
|
+// *
|
|
107
|
+// * @return tokenEnhancerChain
|
|
108
|
+// */
|
|
109
|
+// @Bean
|
|
110
|
+// public TokenEnhancerChain tokenEnhancerChain() {
|
|
111
|
+// TokenEnhancerChain tokenEnhancerChain = new TokenEnhancerChain();
|
|
112
|
+// tokenEnhancerChain.setTokenEnhancers(Arrays.asList(new CustomTokenEnhancer(), accessTokenConverter()));
|
|
113
|
+// return tokenEnhancerChain;
|
|
114
|
+// }
|
|
115
|
+//
|
|
116
|
+// /**
|
|
117
|
+// * jwt token的生成配置
|
|
118
|
+// *
|
|
119
|
+// * @return
|
|
120
|
+// */
|
|
121
|
+// @Bean
|
|
122
|
+// public JwtAccessTokenConverter accessTokenConverter() {
|
|
123
|
+// JwtAccessTokenConverter converter = new JwtAccessTokenConverter();
|
|
124
|
+// converter.setSigningKey(signingKey);
|
|
125
|
+// return converter;
|
|
126
|
+// }
|
|
127
|
+//
|
|
128
|
+// /**
|
|
129
|
+// * 配置自定义的granter,手机号验证码登陆
|
|
130
|
+// *
|
|
131
|
+// * @param endpoints
|
|
132
|
+// * @return
|
|
133
|
+// * @auth joe_chen
|
|
134
|
+// */
|
|
135
|
+// public TokenGranter tokenGranter(final AuthorizationServerEndpointsConfigurer endpoints) {
|
|
136
|
+// List<TokenGranter> granters = Lists.newArrayList(endpoints.getTokenGranter());
|
|
137
|
+// granters.add(new MobileTokenGranter(
|
|
138
|
+// authenticationManager,
|
|
139
|
+// endpoints.getTokenServices(),
|
|
140
|
+// endpoints.getClientDetailsService(),
|
|
141
|
+// endpoints.getOAuth2RequestFactory()));
|
|
142
|
+// return new CompositeTokenGranter(granters);
|
|
143
|
+// }
|
|
144
|
+
|
|
145
|
+}
|