package com.springboot.auth.authorization.config; import com.springboot.auth.authorization.config.custom.CustomTokenEnhancer; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.beans.factory.annotation.Value; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer; import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter; import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer; import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer; import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer; import org.springframework.security.oauth2.provider.approval.ApprovalStore; import org.springframework.security.oauth2.provider.approval.JdbcApprovalStore; import org.springframework.security.oauth2.provider.code.AuthorizationCodeServices; import org.springframework.security.oauth2.provider.code.JdbcAuthorizationCodeServices; import org.springframework.security.oauth2.provider.token.TokenEnhancerChain; import org.springframework.security.oauth2.provider.token.TokenStore; import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter; import org.springframework.security.oauth2.provider.token.store.JwtTokenStore; import javax.sql.DataSource; import java.util.Arrays; @Configuration @EnableAuthorizationServer public class AuthenticationServerConfig extends AuthorizationServerConfigurerAdapter { @Autowired @Qualifier("authenticationManagerBean") private AuthenticationManager authenticationManager; @Qualifier("dataSource") @Autowired DataSource dataSource; @Autowired @Qualifier("userDetailsService") UserDetailsService userDetailsService; /** * jwt 对称加密密钥 */ @Value("${spring.security.oauth2.jwt.signingKey}") private String signingKey; @Override public void configure(AuthorizationServerSecurityConfigurer oauthServer) { oauthServer.tokenKeyAccess("isAuthenticated()") .checkTokenAccess("permitAll()"); } @Override public void configure(ClientDetailsServiceConfigurer clients) throws Exception { //配置客户端信息,从数据库中读取,对应oauth_client_details表 clients.jdbc(dataSource); } @Override public void configure(AuthorizationServerEndpointsConfigurer endpoints) { //配置token的数据源、自定义的tokenServices等信息,配置身份认证器,配置认证方式,TokenStore,TokenGranter,OAuth2RequestFactory endpoints.tokenStore(tokenStore()) .tokenEnhancer(tokenEnhancerChain()) .authenticationManager(authenticationManager) .userDetailsService(userDetailsService); } @Bean public ApprovalStore approvalStore() { return new JdbcApprovalStore(dataSource); } /** * 授权码模式持久名授权码 * * @return */ @Bean protected AuthorizationCodeServices authorizationCodeServices() { //授权码存储等处理方式类,使用jdbc,操作oauth_code表 return new JdbcAuthorizationCodeServices(dataSource); } /** * token的持久化 * * @return */ @Bean public TokenStore tokenStore() { return new JwtTokenStore(accessTokenConverter()); } /** * 自定义token * * @return */ @Bean public TokenEnhancerChain tokenEnhancerChain() { TokenEnhancerChain tokenEnhancerChain = new TokenEnhancerChain(); tokenEnhancerChain.setTokenEnhancers(Arrays.asList(new CustomTokenEnhancer(), accessTokenConverter())); return tokenEnhancerChain; } /** * jwt token的生成配置 * * @return */ @Bean public JwtAccessTokenConverter accessTokenConverter() { JwtAccessTokenConverter converter = new JwtAccessTokenConverter(); converter.setSigningKey(signingKey); return converter; } }