SpringBoot3集成Spring Authorization Server搭建服务认证中心
1. 概述
OAuth 是描述授权过程的开放标准,它可用于授权用户访问 API,OAuth 授权服务器负责对用户进行身份验证并颁发包含用户数据和适当访问策略的访问令牌。之前介绍过低版本的集成方案SpringCloud搭建微服务之OAuth2.1认证和授权,在新版本中集成SpringBoot更加方便和简洁,只需要在application.yml中配置就行
2. 版本说明
SpringBoot:3.3.3
Spring Authorization Server:1.3.2
JDK:17
3. 搭建认证中心
可以直接使用Spring Initializr搭建基础框架,选择需要的maven依赖
3.1. 引入核心依赖
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-oauth2-authorization-server</artifactId>
</dependency>
3.2. 编写application.yml配置文件
server:
port: 9000
spring:
security:
user:
name: admin
password: 123456
oauth2:
authorizationserver:
issuer: http://localhost:9000
client:
messageing-client:
registration:
client-id: messageing-client
client-secret: '{noop}secret'
client-name: Articles Client
client-authentication-methods:
- client_secret_basic
authorization-grant-types:
- authorization_code
- refresh_token
redirect-uris:
- http://127.0.0.1:8080/login/oauth2/code/messageing-client-oidc
- http://127.0.0.1:8080/authorized
scopes:
- openid
- profile
- message.read
- message.write
require-authorization-consent: true
3.3. 编写主启动类
编写一个SpringBoot项目的主启动类
@SpringBootApplication
public class AuthorizationServerApplication {
public static void main(String[] args) {
SpringApplication.run(AuthorizationServerApplication.class, args);
}
}
至此就完成了认证中心的搭建
后记
如果不想直接配置在application.yml文件中,也可以编写config配置文件,如果需要持久化用户登录信息和客户端信息,需要在config配置文件中声明,如下所示:
@Bean
UserDetailsService userDetailsService() {
PasswordEncoder encoder = PasswordEncoderFactories.createDelegatingPasswordEncoder();
UserDetails userDetails = User.builder()
.username("admin")
.password("123456")
.passwordEncoder(encoder::encode)
.roles("USER")
.build();
return new InMemoryUserDetailsManager(userDetails);
}