用spring security Oauth2.0写一个授权登录的详情步骤流程
时间: 2023-08-12 21:05:04 浏览: 56
使用 Spring Security OAuth2.0 实现授权登录的步骤如下:
1. 添加 Spring Security OAuth2.0 依赖:在 `pom.xml` 文件中添加以下依赖:
```xml
<dependency>
<groupId>org.springframework.security.oauth</groupId>
<artifactId>spring-security-oauth2</artifactId>
<version>2.3.4.RELEASE</version>
</dependency>
```
2. 创建一个实体类 `User`,用来表示用户信息,包括 `id`、`username`、`password`、`roles` 等信息。
3. 创建一个 `UserDetailsService` 接口的实现类 `UserDetailsServiceImpl`,用来从数据库中获取用户信息,并返回一个 `UserDetails` 对象。
```java
@Service
public class UserDetailsServiceImpl implements UserDetailsService {
@Autowired
private UserRepository userRepository;
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
User user = userRepository.findByUsername(username);
if (user == null) {
throw new UsernameNotFoundException("用户不存在");
}
List<GrantedAuthority> authorities = new ArrayList<>();
for (String role : user.getRoles()) {
authorities.add(new SimpleGrantedAuthority(role));
}
return new org.springframework.security.core.userdetails.User(user.getUsername(), user.getPassword(), authorities);
}
}
```
4. 创建一个 `AuthorizationServerConfigurerAdapter` 类来配置授权服务器。
```java
@Configuration
@EnableAuthorizationServer
public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {
@Autowired
private AuthenticationManager authenticationManager;
@Autowired
private UserDetailsService userDetailsService;
@Autowired
private DataSource dataSource;
@Bean
public TokenStore tokenStore() {
return new JdbcTokenStore(dataSource);
}
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients.jdbc(dataSource);
}
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
endpoints.tokenStore(tokenStore())
.authenticationManager(authenticationManager)
.userDetailsService(userDetailsService);
}
}
```
5. 创建一个 `WebSecurityConfigurerAdapter` 类来配置 Spring Security。
```java
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private UserDetailsServiceImpl userDetailsService;
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder());
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/oauth/**").permitAll()
.anyRequest().authenticated()
.and()
.formLogin().permitAll()
.and()
.csrf().disable();
}
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
}
```
6. 在控制器中添加一个请求 `/oauth/authorize`,用来处理授权请求。
```java
@Controller
public class AuthorizationController {
@RequestMapping("/oauth/authorize")
public String authorize() {
return "authorize";
}
}
```
7. 创建一个视图 `authorize.html`,用来显示授权界面。该视图中包含一个表单,用来输入用户名和密码。
```html
<!DOCTYPE html>
<html xmlns:th="http://www.thymeleaf.org">
<head>
<title>授权</title>
</head>
<body>
<form th:action="@{/oauth/authorize}" method="post">
<label>用户名:</label>
<input type="text" name="username"><br>
<label>密码:</label>
<input type="password" name="password"><br>
<button type="submit">授权</button>
</form>
</body>
</html>
```
8. 启动应用程序,并访问 `/oauth/authorize`,输入用户名和密码后,将跳转到授权页面,选择授权后,将返回一个授权码或令牌,用于后续的访问。
以上就是使用 Spring Security OAuth2.0 实现授权登录的详细步骤流程。