成都高端企业网站建设,长沙做网站最好的公司有哪些,比58同城做的好的网站,wordpress云音乐插件1.简介 在本教程中#xff0c;我们将研究如何使用Spring Security和OAuth来基于路径模式#xff08; / api / ** #xff09;保护服务器上的管理资源。 我们配置的另一个路径模式#xff08; / oauth / token #xff09;将帮助已配置的授权服务器生成访问令牌。 请注意我们将研究如何使用Spring Security和OAuth来基于路径模式 / api / ** 保护服务器上的管理资源。 我们配置的另一个路径模式 / oauth / token 将帮助已配置的授权服务器生成访问令牌。 请注意我们将在此演示应用程序中使用“ 密码授予类型” 。 在继续实施之前让我们回顾一下与该授予类型有关的事件。 2.资源所有者密码凭证授予类型 在受信任的应用程序之间使用。 用户资源所有者直接与客户端应用程序共享凭据客户端应用程序在成功验证用户凭据并进一步授权用户访问服务器上的有限资源后请求授权服务器返回访问令牌。 有用的链接 了解有关其他授权授予类型的更多信息 了解OAuth2令牌认证 3.实施 确保将所需的pom条目正确添加到pom.xml文件中。 pom.xml !-- Spring dependencies --
dependencygroupIdorg.springframework/groupIdartifactIdspring-core/artifactIdversion${springframework.version}/version
/dependencydependencygroupIdorg.springframework/groupIdartifactIdspring-web/artifactIdversion${springframework.version}/version
/dependencydependencygroupIdorg.springframework/groupIdartifactIdspring-webmvc/artifactIdversion${springframework.version}/version
/dependency!-- Spring Security Dependencies --
dependencygroupIdorg.springframework.security/groupIdartifactIdspring-security-core/artifactIdversion${spring-security.version}/version
/dependency
dependencygroupIdorg.springframework.security/groupIdartifactIdspring-security-web/artifactIdversion${spring-security.version}/version
/dependency
dependencygroupIdorg.springframework.security/groupIdartifactIdspring-security-config/artifactIdversion${spring-security.version}/version
/dependency
dependencygroupIdorg.springframework.security.oauth/groupIdartifactIdspring-security-oauth2/artifactIdversion${spring-security.oauth.version}/version
/dependency web.xml 更新web.xml文件以加载上下文文件并配置Spring Security过滤器该过滤器将在处理请求之前重定向身份验证和授权请求。 web-app xmlnshttp://java.sun.com/xml/ns/javaeexmlns:xsihttp://www.w3.org/2001/XMLSchema-instancexsi:schemaLocationhttp://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsdversion3.0display-nameArchetype Created Web Application/display-nameservletservlet-namemvc-dispatcher/servlet-nameservlet-classorg.springframework.web.servlet.DispatcherServlet/servlet-classload-on-startup1/load-on-startup/servletservlet-mappingservlet-namemvc-dispatcher/servlet-nameurl-pattern//url-pattern/servlet-mappinglistenerlistener-classorg.springframework.web.context.ContextLoaderListener/listener-class/listener!-- Loads context files --context-paramparam-namecontextConfigLocation/param-nameparam-value/WEB-INF/mvc-dispatcher-servlet.xml,/WEB-INF/spring-security.xml/param-value/context-param!-- Spring Security --filterfilter-namespringSecurityFilterChain/filter-namefilter-classorg.springframework.web.filter.DelegatingFilterProxy/filter-class/filterfilter-mappingfilter-namespringSecurityFilterChain/filter-nameurl-pattern/*/url-pattern/filter-mapping
/web-app mvc-dispatcher-servlet.xml ?xml version1.0 encodingUTF-8?
beans xmlnshttp://www.springframework.org/schema/beansxmlns:xsihttp://www.w3.org/2001/XMLSchema-instance xmlns:contexthttp://www.springframework.org/schema/contextxmlns:utilhttp://www.springframework.org/schema/util xmlns:mvchttp://www.springframework.org/schema/mvcxsi:schemaLocationhttp://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.2.xsd http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-3.2.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.2.xsdcontext:component-scan base-packagecom.jcombat /mvc:annotation-driven /beanclassorg.springframework.web.servlet.view.InternalResourceViewResolverproperty nameprefixvalue/WEB-INF/pages//value/propertyproperty namesuffixvalue.jsp/value/property/bean
/beans 由于我们将使用admin JSP文件因此我们已经为其配置了相应的视图解析器。 现在让我们在其上下文文件中配置Spring Security OAuth。 spring-security.xml ?xml version1.0 encodingUTF-8 ?
beans xmlnshttp://www.springframework.org/schema/beansxmlns:xsihttp://www.w3.org/2001/XMLSchema-instance xmlns:oauthhttp://www.springframework.org/schema/security/oauth2xmlns:contexthttp://www.springframework.org/schema/contextxmlns:sechttp://www.springframework.org/schema/security xmlns:mvchttp://www.springframework.org/schema/mvcxsi:schemaLocationhttp://www.springframework.org/schema/security/oauth2 http://www.springframework.org/schema/security/spring-security-oauth2-2.0.xsd http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.2.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.2.xsd http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.1.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.1.xsd !-- Default url to get a token from OAuth --http pattern/oauth/token create-sessionstatelessauthentication-manager-refclientAuthenticationManagerxmlnshttp://www.springframework.org/schema/securityintercept-url pattern/oauth/token accessIS_AUTHENTICATED_FULLY /anonymous enabledfalse /http-basic entry-point-refclientAuthenticationEntryPoint /custom-filter refclientCredentialsTokenEndpointFilterafterBASIC_AUTH_FILTER /access-denied-handler refoauthAccessDeniedHandler //http!-- URLs should be protected and what roles have access to them --!-- Can define more patterns based on the protected resources hosted on the server --http pattern/api/** create-sessionneverentry-point-refoauthAuthenticationEntryPointaccess-decision-manager-refaccessDecisionManagerxmlnshttp://www.springframework.org/schema/securityanonymous enabledfalse /intercept-url pattern/api/** accessROLE_APP /!-- Protect oauth clients with resource ids --custom-filter refresourceServerFilter beforePRE_AUTH_FILTER /access-denied-handler refoauthAccessDeniedHandler //httpbean idoauthAuthenticationEntryPointclassorg.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPointproperty namerealmName valuedemo/client //beanbean idclientAuthenticationEntryPointclassorg.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPointproperty namerealmName valuedemo/client /property nametypeName valueBasic //beanbean idoauthAccessDeniedHandlerclassorg.springframework.security.oauth2.provider.error.OAuth2AccessDeniedHandler /bean idclientCredentialsTokenEndpointFilterclassorg.springframework.security.oauth2.provider.client.ClientCredentialsTokenEndpointFilterproperty nameauthenticationManager refclientAuthenticationManager //beanbean idaccessDecisionManager classorg.springframework.security.access.vote.UnanimousBasedxmlnshttp://www.springframework.org/schema/beansconstructor-arglistbean classorg.springframework.security.oauth2.provider.vote.ScopeVoter /bean classorg.springframework.security.access.vote.RoleVoter /bean classorg.springframework.security.access.vote.AuthenticatedVoter //list/constructor-arg/beanauthentication-manager idclientAuthenticationManagerxmlnshttp://www.springframework.org/schema/securityauthentication-provider user-service-refclientDetailsUserService //authentication-manager!-- This is simple authentication manager, with a hard-coded username/password combination. We can replace this with a user defined service to fetch user credentials from DB instead --authentication-manager aliasauthenticationManagerxmlnshttp://www.springframework.org/schema/securityauthentication-provideruser-serviceuser nameadmin password123 authoritiesROLE_APP //user-service/authentication-provider/authentication-managerbean idclientDetailsUserServiceclassorg.springframework.security.oauth2.provider.client.ClientDetailsUserDetailsServiceconstructor-arg refclientDetails //bean!-- This defines the token store. We have currently used in-memory token store but we can instead use a user defined one --bean idtokenStoreclassorg.springframework.security.oauth2.provider.token.InMemoryTokenStore /!-- If need to store tokens in DB bean idtokenStoreclassorg.springframework.security.oauth2.provider.token.store.JdbcTokenStoreconstructor-arg refjdbcTemplate //bean --!-- This is where we defined token based configurations, token validity and other things --bean idtokenServicesclassorg.springframework.security.oauth2.provider.token.DefaultTokenServicesproperty nametokenStore reftokenStore /property namesupportRefreshToken valuetrue /property nameaccessTokenValiditySeconds value120 /property nameclientDetailsService refclientDetails //beanbean iduserApprovalHandlerclassorg.springframework.security.oauth2.provider.approval.TokenServicesUserApprovalHandlerproperty nametokenServices reftokenServices //bean!-- The server issuing access tokens to the client after successfully authenticating the resource owner and obtaining authorization --oauth:authorization-serverclient-details-service-refclientDetails token-services-reftokenServicesuser-approval-handler-refuserApprovalHandleroauth:authorization-code /oauth:implicit /oauth:refresh-token /oauth:client-credentials /oauth:password //oauth:authorization-server!-- Define protected resources hosted by the resource server --oauth:resource-server idresourceServerFilterresource-idadminProfile token-services-reftokenServices /!-- OAuth clients allowed to access the protected resources, can be something like facebook, google if we are sharing any resource with them --oauth:client-details-service idclientDetailsoauth:client client-idfbAppauthorized-grant-typespassword,refresh_tokensecretfbApp authoritiesROLE_APP resource-idsadminProfile //oauth:client-details-servicesec:global-method-securitypre-post-annotationsenabled proxy-target-classtruesec:expression-handler refoauthExpressionHandler //sec:global-method-securityoauth:expression-handler idoauthExpressionHandler /oauth:web-expression-handler idoauthWebExpressionHandler //beans 我们已经配置了/ oauth / token URL来发布访问和刷新令牌并且/ api / **映射到服务器上实际受保护的资源。 因此要访问与模式/ api / **匹配的任何URL需要将有效令牌与请求一起传递。 身份验证管理器是进行身份验证的容器。 在我们的情况下身份验证管理器检查– 用户是否通过身份验证。 用户是否请求了正确的客户ID。 如果client-id正确则该用户是否有权使用它来访问服务器上的管理配置文件。 请参阅以下代码段– authentication-manager idclientAuthenticationManagerxmlnshttp://www.springframework.org/schema/securityauthentication-provider user-service-refclientDetailsUserService /
/authentication-managerbean idclientDetailsUserServiceclassorg.springframework.security.oauth2.provider.client.ClientDetailsUserDetailsServiceconstructor-arg refclientDetails /
/bean!-- OAuth clients allowed to access the protected resources, can be something like facebook, google if we are sharing any resource with them --
oauth:client-details-service idclientDetailsoauth:client client-idfbAppauthorized-grant-typespassword,refresh_tokensecretfbApp authoritiesROLE_APP resource-idsadminProfile /
/oauth:client-details-service 用户通过身份验证后 授权服务器将调用tokenServices并颁发访问令牌。 oauth:authorization-serverclient-details-service-refclientDetails token-services-reftokenServicesuser-approval-handler-refuserApprovalHandleroauth:authorization-code /oauth:implicit /oauth:refresh-token /oauth:client-credentials /oauth:password /
/oauth:authorization-serverbean idtokenServicesclassorg.springframework.security.oauth2.provider.token.DefaultTokenServicesproperty nametokenStore reftokenStore /property namesupportRefreshToken valuetrue /property nameaccessTokenValiditySeconds value120 /property nameclientDetailsService refclientDetails /
/beanbean idtokenStoreclassorg.springframework.security.oauth2.provider.token.InMemoryTokenStore /bean iduserApprovalHandlerclassorg.springframework.security.oauth2.provider.approval.TokenServicesUserApprovalHandlerproperty nametokenServices reftokenServices /
/bean 在指定客户端时请注意我们指定的授权类型即password 。 oauth:client-details-service idclientDetailsoauth:client client-idfbAppauthorized-grant-typespassword,refresh_tokensecretfbApp authoritiesROLE_APP resource-idsadminProfile /
/oauth:client-details-service 发出访问令牌后我们便可以访问服务器上受保护的资源并将其与每个请求一起传递。 最后让我们看看我们编写的Spring Controller – DemoController.java package com.jcombat.controller;import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;Controller
public class DemoController {RequestMapping(/api/admin)public String getAdminPage() {return /secured/admin;}
}4.运行应用程序 要运行该应用程序让我们首先从授权服务器请求访问令牌- http// localhost8080 / SpringSecurityOAuth / oauth / token grant_type 密码和client_id fbApp client_secret fbApp 用户名 admin 密码 123 { access_token:5c0c1a28-9603-4818-9ebb-6014600c3de9,token_type:bearer,refresh_token:ada8a736-3082-4c3d-9cbf-f043ab8f415f,expires_in:119
} 生成访问令牌后我们准备将其与服务器上对受保护资源的所有后续请求一起传递。 http// localhost8080 / SpringSecurityOAuth / api / admin access_token 5c0c1a28-9603-4818-9ebb-6014600c3de9 5.下载代码 下载源代码 翻译自: https://www.javacodegeeks.com/2017/09/securing-resources-using-spring-security-oauth.html
