Spring Boot 2.0 integrates Spring Security Oauth2

preface

In Spring Security source code analysis xi: In JWT, we use Spring Boot 1.5.6.RELEASE to implement the authorization code mode, password mode, and user custom login return token. However, there are some minor issues with updates to Spring Boot 2.0.1.RELEASE. Here, help everyone step on the pit. Please see understanding OAuth 2.0 for OAuth2

Modified pom. XML

Update the Spring Boot version to Spring Boot 2.0.1.RELEASE

   <parent>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-parent</artifactId>
        <version>2.0.1. RELEASE</version>
        <relativePath/> <! -- lookup parent from repository -->
    </parent>
Copy the code

Added the SecurityConfig configuration

Added SecurityConfig to expose AuthenticationManager

@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Bean
    @Override
    public AuthenticationManager authenticationManagerBean(a) throws Exception {
        AuthenticationManager manager = super.authenticationManagerBean();
        return manager;
    }

    @Bean
    public PasswordEncoder passwordEncoder(a) {
        return new BCryptPasswordEncoder();
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
// .formLogin().and().httpBasic().and() .csrf().disable(); }}Copy the code

Modify MerryyouAuthorizationServerConfig

Modify MerryyouAuthorizationServerConfig used to encrypt clientsecret and setting up the redirection address

.@Override
    public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
        InMemoryClientDetailsServiceBuilder build = clients.inMemory();
        if (ArrayUtils.isNotEmpty(oAuth2Properties.getClients())) {
            for (OAuth2ClientProperties config : oAuth2Properties.getClients()) {
                build.withClient(config.getClientId())
                        .secret(passwordEncoder.encode(config.getClientSecret()))
                        .accessTokenValiditySeconds(config.getAccessTokenValiditySeconds())
                        .refreshTokenValiditySeconds(60 * 60 * 24 * 15)
                        .authorizedGrantTypes("refresh_token"."password"."authorization_code")//OAuth2 supports the authentication mode
                        .redirectUris("http://www.merryyou.cn")
                        .scopes("all"); }}...Copy the code

Modify the application. Yml

Since different clients were introduced in the 2.x release, you need to specify which connection pool to configure.

server:
  port: 8888
  redis:
    host: localhost
    port: 6379
    jedis:
      pool:
        max-active: 8
        max-wait: - 1
        min-idle: 0
        max-idle: 8
logging:
  level:
    org.springframework: info
merryyou:
  security:
    oauth2:
      storeType: redis # or JWT
      jwtSigningKey: merryyou
      clients[0]:
        clientId: merryyou
        clientSecret: merryyou
      clients[1]:
              clientId: merryyou1
              clientSecret: merryyou1

Copy the code

Results the following

Authorization code mode

Password mode

Custom Login

The refresh token

The code download

• Making: springboot2.0 – oauth2
• Gitee: springboot2.0 – oauth2

reference

• Github.com/lexburner/o…
• Stackoverflow.com/questions/4…
• www.jianshu.com/p/be2c09cd2…

Recommend the article

1. Java creates the blockchain family
2. Spring Security source code analysis series
3. Spring Data Jpa series
4. All about Trees in Data Structures (Java Edition)
5. SpringBoot+Docker+Git+Jenkins realize easy continuous integration and continuous deployment

🙂🙂🙂 focus on wechat small program Java architect journey Bored on the commute? Still reading novels, news? Don’t know how to improve your skills? Here’s the Java architecture article you need. 1.5W + Java engineers are reading it. What are you waiting for?