React>> springboot-oauth2-example>> 返回
项目作者: zacscoding

项目描述 :
spring boot oauth2 jdbc server and client examples
高级语言: Java
项目地址: git://github.com/zacscoding/springboot-oauth2-example.git
创建时间: 2019-10-01T07:42:18Z
项目社区:https://github.com/zacscoding/springboot-oauth2-example
开源协议:
下载


Oauth2 server & client with spring boot

Getting started

Git clone

  1. $ git clone https://github.com/zacscoding/springboot-oauth2-example.git
  2. $ cd springboot-oauth2-example

Start OAuth2 server

  1. $ ./gradlew oauth-server:bootRun

And then connect to http://localhost:3000/swagger-ui.html in browser.

Call /accounts/me without access token, then receive unauthorized response.

Sign in by using Authorize tab in swagger-ui and login with below info.


















username admin@email.com
password admin
client_id application
client_secret pass

Then will receive success response after signed in.

Can see full flow (get and refresh token) in tests code

Project structure

  1. springboot-oauth2-example$ tree ./ -L 2
  2. ├── oauth-server        <-- oauth2 resource server
  3.    ├── build.gradle
  4.    └── src

Resource and auth server

Oauth-server is a resource and auth server like facebook, google.

Token info is stored at database given DataSource i.e JdbcTokenStore.

Can see full example of configuration config package.

Configurer server

SecurityConfiguration extended WebSecurityConfigurerAdapter

  1. import org.springframework.context.annotation.Bean;
  2. import org.springframework.context.annotation.Configuration;
  3. import org.springframework.security.authentication.AuthenticationManager;
  4. import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
  5. import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
  6. import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
  7. import org.springframework.security.crypto.password.PasswordEncoder;
  9. import lombok.RequiredArgsConstructor;
  10. import server.account.service.AccountService;
  12. @RequiredArgsConstructor
  13. @Configuration
  14. @EnableWebSecurity
  15. public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
  17.     private final AccountService accountService;
  18.     private final PasswordEncoder passwordEncoder;
  20.     @Bean
  21.     @Override
  22.     public AuthenticationManager authenticationManagerBean() throws Exception {
  23.         return super.authenticationManagerBean();
  24.     }
  26.     @Override
  27.     public void configure(WebSecurity web) throws Exception {
  28.         // ignore swagger resources
  29.         web.ignoring().antMatchers(
  30.                 "/v2/api-docs", "/swagger-resources/**",
  31.                 "/swagger-ui.html", "/webjars/**", "/swagger/**");
  32.     }
  34.     @Override
  35.     protected void configure(AuthenticationManagerBuilder auth) throws Exception {
  36.         auth.userDetailsService(accountService)
  37.             .passwordEncoder(passwordEncoder);
  38.     }
  39. }

ResourceServerConfiguration extended ResourceServerConfigurerAdapter 

  1. import org.springframework.context.annotation.Configuration;
  2. import org.springframework.http.HttpMethod;
  3. import org.springframework.security.config.annotation.web.builders.HttpSecurity;
  4. import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
  5. import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
  6. import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;
  7. import org.springframework.security.oauth2.provider.error.OAuth2AccessDeniedHandler;
  9. @Configuration
  10. @EnableResourceServer
  11. public class ResourceServerConfiguration extends ResourceServerConfigurerAdapter {
  13.     @Override
  14.     public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
  15.         resources.resourceId("examples");
  16.     }
  18.     @Override
  19.     public void configure(HttpSecurity http) throws Exception {
  20.         http.headers().frameOptions().disable();
  21.         http.anonymous()
  22.             .and()
  23.             .authorizeRequests()
  24.             .mvcMatchers(HttpMethod.GET, "/api/hello")
  25.             .permitAll()
  26.             .anyRequest()
  27.             .authenticated()
  28.             .and()
  29.             .exceptionHandling()
  30.             .accessDeniedHandler(new OAuth2AccessDeniedHandler());
  31.     }
  32. }

AuthServerConfiguration extended AuthorizationServerConfigurerAdapter 

  1. import javax.sql.DataSource;
  3. import org.springframework.context.annotation.Bean;
  4. import org.springframework.context.annotation.Configuration;
  5. import org.springframework.security.authentication.AuthenticationManager;
  6. import org.springframework.security.crypto.password.PasswordEncoder;
  7. import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
  8. import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
  9. import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
  10. import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
  11. import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;
  12. import org.springframework.security.oauth2.provider.approval.ApprovalStore;
  13. import org.springframework.security.oauth2.provider.approval.JdbcApprovalStore;
  14. import org.springframework.security.oauth2.provider.token.TokenStore;
  15. import org.springframework.security.oauth2.provider.token.store.JdbcTokenStore;
  17. import lombok.RequiredArgsConstructor;
  18. import server.account.service.AccountService;
  20. @RequiredArgsConstructor
  21. @Configuration
  22. @EnableAuthorizationServer
  23. public class AuthServerConfiguration extends AuthorizationServerConfigurerAdapter {
  25.     // required
  26.     private final PasswordEncoder passwordEncoder;
  27.     private final AuthenticationManager authenticationManager;
  28.     private final AccountService accountService;
  29.     private final DataSource dataSource;
  31.     @Override
  32.     public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
  33.         security.passwordEncoder(passwordEncoder);
  34.     }
  36.     @Override
  37.     public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
  38.         clients.jdbc(dataSource);
  39.     }
  41.     @Override
  42.     public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
  43.         endpoints.authenticationManager(authenticationManager)
  44.                  .userDetailsService(accountService)
  45.                  .tokenStore(tokenStore())
  46.                  .approvalStore(approvalStore());
  47.     }
  49.     @Bean
  50.     public TokenStore tokenStore() {
  51.         return new JdbcTokenStore(dataSource);
  52.     }
  54.     @Bean
  55.     public ApprovalStore approvalStore() {
  56.         return new JdbcApprovalStore(dataSource);
  57.     }
  58. }

Schema of oauth2

See schema-oauth2-h2.sql.

Test OAuth2

Tests with spring test

See OAuth2ClientIT.

  1. @RunWith(SpringRunner.class)
  2. @SpringBootTest
  3. @AutoConfigureMockMvc
  4. @ActiveProfiles("test")
  5. public class OAuth2ClientIT {
  7.     @Autowired
  8.     protected MockMvc mockMvc;
  10.     @Autowired
  11.     protected ObjectMapper objectMapper;
  13.     @Test
  14.     public void runOauthClient() throws Exception {
  15.         /**
  16.          * 1) /accounts/me with anonymous user
  17.          * Try to access "/accounts/me" without access token.
  18.          * Then receive unauthorized response
  19.          */
  20.         mockMvc.perform(get("/accounts/me"))
  21.                .andDo(print())
  22.                .andExpect(status().isUnauthorized());
  24.         /**
  25.          * 2) getting access token
  26.          *
  27.          * Try to get access token with BasicAuth.
  28.          *
  29.          * * Header
  30.          *  - Key : "Authentication", Value: Base64Enc("application:pass")
  31.          *
  32.          * * Body with form-data
  33.          *  - username=user@gmail.com
  34.          *  - password=user
  35.          *  - grant_type=password
  36.          */
  37.         final String username = "user@gmail.com";
  38.         final String password = "user";
  39.         final String clientId = "application";
  40.         final String clientSecret = "pass";
  42.         ResultActions perform = mockMvc.perform(post("/oauth/token")
  43.                                                         .with(httpBasic(clientId, clientSecret))
  44.                                                         .param("username", username)
  45.                                                         .param("password", password)
  46.                                                         .param("grant_type", "password"));
  48.         String response = perform.andReturn().getResponse().getContentAsString();
  49.         System.out.println("/oauth/token response : " + response);
  51.         Map<String, Object> results = new Jackson2JsonParser().parseMap(response);
  52.         String accessToken = results.get("access_token").toString();
  53.         String refreshToken = results.get("refresh_token").toString();
  54.         String bearerToken = "Bearer " + accessToken;
  56.         /**
  57.          * 3) request with auth token
  58.          * Try to get resource with access token (Bearer)
  59.          * * Header
  60.          *  - Key : "Authentication", Value: Bearer <access-token>
  61.          */
  62.         mockMvc.perform(get("/accounts/me")
  63.                                 .header(HttpHeaders.AUTHORIZATION, bearerToken))
  64.                .andDo(print())
  65.                .andExpect(jsonPath("id").exists())
  66.                .andExpect(jsonPath("email").value(username))
  67.                .andExpect(jsonPath("age").exists());
  69.         /**
  70.          * 4) refresh token
  71.          * Try to get a new access token with refresh token
  72.          *
  73.          * * Header
  74.          *  - Key : "Authentication", Value: Base64Enc("application:pass")
  75.          *
  76.          * * Body with form-data
  77.          * - grant_type=refresh_token
  78.          * - refresh_token=<refresh-token>
  79.          */
  80.         perform = mockMvc.perform(post("/oauth/token")
  81.                                           .with(httpBasic(clientId, clientSecret))
  82.                                           .param("grant_type", "refresh_token")
  83.                                           .param("refresh_token", refreshToken));
  85.         response = perform.andReturn().getResponse().getContentAsString();
  86.         results = new Jackson2JsonParser().parseMap(response);
  87.         String updatedAccessToken = results.get("access_token").toString();
  88.         String updatedBearerToken = "Bearer " + updatedAccessToken;
  90.         assertThat(accessToken).isNotEqualTo(updatedAccessToken);
  92.         // failed to request if access with prev token.
  93.         mockMvc.perform(get("/accounts/me")
  94.                                 .header(HttpHeaders.AUTHORIZATION, bearerToken))
  95.                .andExpect(status().isUnauthorized());
  97.         // success to request if access with new token
  98.         mockMvc.perform(get("/accounts/me")
  99.                                 .header(HttpHeaders.AUTHORIZATION, updatedBearerToken))
  100.                .andDo(print())
  101.                .andExpect(jsonPath("id").exists())
  102.                .andExpect(jsonPath("email").value(username))
  103.                .andExpect(jsonPath("age").exists());
  105.     }
  106. }

Oauth2 client