具有oauth2授权代码和自定义登录页面的Spring引导
我对Spring和Spring Boot不是很有经验,所以这可能是一个noob问题。我正在尝试创建一个带有用户管理的简单页面和一个带有登录页面的单独oauth2服务器(仅限授权代码)。你能帮我吗 我看到了,但它似乎过于复杂,没有使用弹簧靴,这似乎使事情更容易 我也在那里看到了一些其他的项目。不幸的是,它似乎是在考虑API保护(@RestController)的情况下创建的,并且没有登录页面选项 你知道一些例子吗 我当前的代码如下所示:具有oauth2授权代码和自定义登录页面的Spring引导,spring,spring-security,spring-boot,oauth-2.0,spring-security-oauth2,Spring,Spring Security,Spring Boot,Oauth 2.0,Spring Security Oauth2,我对Spring和Spring Boot不是很有经验,所以这可能是一个noob问题。我正在尝试创建一个带有用户管理的简单页面和一个带有登录页面的单独oauth2服务器(仅限授权代码)。你能帮我吗 我看到了,但它似乎过于复杂,没有使用弹簧靴,这似乎使事情更容易 我也在那里看到了一些其他的项目。不幸的是,它似乎是在考虑API保护(@RestController)的情况下创建的,并且没有登录页面选项 你知道一些例子吗 我当前的代码如下所示: @SpringBootApplication @Enable
@SpringBootApplication
@EnableResourceServer
@Controller
public class AuthServerApplication {
public static void main(String[] args) {
SpringApplication.run(AuthServerApplication.class, args);
}
@RequestMapping("/")
public String home() {
return "index";
}
@RequestMapping("/login")
public String login() {
return "login";
}
@RequestMapping(value = "/", method = RequestMethod.POST)
@ResponseStatus(HttpStatus.CREATED)
public String create(@RequestBody MultiValueMap<String, String> map) {
return "OK";
}
@Configuration
@EnableAuthorizationServer
protected static class OAuth2Config extends AuthorizationServerConfigurerAdapter {
@Autowired
private AuthenticationManager authenticationManager;
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
endpoints.authenticationManager(authenticationManager);
}
@Override
public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
security.checkTokenAccess("isAuthenticated()");
}
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
// @formatter:off
clients.inMemory()
.withClient("my-trusted-client")
.authorizedGrantTypes("password", "authorization_code", "refresh_token", "implicit")
.authorities("ROLE_CLIENT", "ROLE_TRUSTED_CLIENT")
.scopes("read", "write", "trust")
.resourceIds("oauth2-resource")
.accessTokenValiditySeconds(600)
.and()
.withClient("my-client-with-registered-redirect")
.authorizedGrantTypes("authorization_code")
.authorities("ROLE_CLIENT")
.scopes("read", "trust")
.resourceIds("oauth2-resource")
.redirectUris("http://anywhere?key=value")
.and()
.withClient("my-client-with-secret")
.authorizedGrantTypes("client_credentials", "password")
.authorities("ROLE_CLIENT")
.scopes("read")
.resourceIds("oauth2-resource")
.secret("secret");
// @formatter:on
}
}
}
@RequestMapping("/login")
public String login() {
return "login";
}
@RequestMapping(value = "/", method = RequestMethod.POST)
@ResponseStatus(HttpStatus.CREATED)
public String create(@RequestBody MultiValueMap<String, String> map) {
return "OK";
}
@Configuration
@EnableAuthorizationServer
protected static class OAuth2Config extends AuthorizationServerConfigurerAdapter {
@Autowired
private AuthenticationManager authenticationManager;
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
endpoints.authenticationManager(authenticationManager);
}
@Override
public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
security.checkTokenAccess("isAuthenticated()");
}
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
// @formatter:off
clients.inMemory()
.withClient("my-trusted-client")
.authorizedGrantTypes("password", "authorization_code", "refresh_token", "implicit")
.authorities("ROLE_CLIENT", "ROLE_TRUSTED_CLIENT")
.scopes("read", "write", "trust")
.resourceIds("oauth2-resource")
.accessTokenValiditySeconds(600)
.and()
.withClient("my-client-with-registered-redirect")
.authorizedGrantTypes("authorization_code")
.authorities("ROLE_CLIENT")
.scopes("read", "trust")
.resourceIds("oauth2-resource")
.redirectUris("http://anywhere?key=value")
.and()
.withClient("my-client-with-secret")
.authorizedGrantTypes("client_credentials", "password")
.authorities("ROLE_CLIENT")
.scopes("read")
.resourceIds("oauth2-resource")
.secret("secret");
// @formatter:on
}
}
@springboot应用程序
@EnableResourceServer
@控制器
公共类AuthServerApplication{
公共静态void main(字符串[]args){
run(AuthServerApplication.class,args);
}
@请求映射(“/”)
公共字符串home(){
返回“索引”;
}
@请求映射(“/login”)
公共字符串登录(){
返回“登录”;
}
@RequestMapping(value=“/”,method=RequestMethod.POST)
@ResponseStatus(HttpStatus.CREATED)
创建公共字符串(@RequestBody多值映射){
返回“OK”;
}
@配置
@EnableAuthorizationServer
受保护的静态类OAuth2Config扩展了AuthorizationServerConfigurerAdapter{
@自动连线
私人AuthenticationManager AuthenticationManager;
@凌驾
public void configure(AuthorizationServerEndpointsConfigurer端点)引发异常{
endpoints.authenticationManager(authenticationManager);
}
@凌驾
public void configure(AuthorizationServerSecurityConfigure安全)引发异常{
security.checkTokenAccess(“isAuthenticated()”);
}
@凌驾
公共无效配置(ClientDetailsServiceConfigurer客户端)引发异常{
//@formatter:off
clients.inMemory()
.withClient(“我信任的客户”)
.authorizedGrantTypes(“密码”、“授权码”、“刷新令牌”、“隐式”)
.权限(“角色客户”、“角色受信任客户”)
.scopes(“读”、“写”、“信任”)
.ResourceId(“oauth2资源”)
.accessTokenValiditySeconds(600)
.及()
.withClient(“已注册重定向的我的客户”)
.authorizedGrantTypes(“授权代码”)
.当局(“角色/客户”)
.范围(“读取”、“信任”)
.ResourceId(“oauth2资源”)
.重定向URI(“http://anywhere?key=value")
.及()
.withClient(“我的秘密客户”)
.authorizedGrantTypes(“客户端凭据”、“密码”)
.当局(“角色/客户”)
.范围(“读取”)
.ResourceId(“oauth2资源”)
.秘密(“秘密”);
//@formatter:on
}
}
}
@请求映射(“/login”)
公共字符串登录(){
返回“登录”;
}
@RequestMapping(value=“/”,method=RequestMethod.POST)
@ResponseStatus(HttpStatus.CREATED)
创建公共字符串(@RequestBody多值映射){
返回“OK”;
}
@配置
@EnableAuthorizationServer
受保护的静态类OAuth2Config扩展了AuthorizationServerConfigurerAdapter{
@自动连线
私人AuthenticationManager AuthenticationManager;
@凌驾
public void configure(AuthorizationServerEndpointsConfigurer端点)引发异常{
endpoints.authenticationManager(authenticationManager);
}
@凌驾
public void configure(AuthorizationServerSecurityConfigure安全)引发异常{
security.checkTokenAccess(“isAuthenticated()”);
}
@凌驾
公共无效配置(ClientDetailsServiceConfigurer客户端)引发异常{
//@formatter:off
clients.inMemory()
.withClient(“我信任的客户”)
.authorizedGrantTypes(“密码”、“授权码”、“刷新令牌”、“隐式”)
.权限(“角色客户”、“角色受信任客户”)
.scopes(“读”、“写”、“信任”)
.ResourceId(“oauth2资源”)
.accessTokenValiditySeconds(600)
.及()
.withClient(“已注册重定向的我的客户”)
.authorizedGrantTypes(“授权代码”)
.当局(“角色/客户”)
.范围(“读取”、“信任”)
.ResourceId(“oauth2资源”)
.重定向URI(“http://anywhere?key=value")
.及()
.withClient(“我的秘密客户”)
.authorizedGrantTypes(“客户端凭据”、“密码”)
.当局(“角色/客户”)
.范围(“读取”)
.ResourceId(“oauth2资源”)
.秘密(“秘密”);
//@formatter:on
}
}
}好的,我刚刚找到了一个我一直在寻找的最好的简单例子:万一有人来这里找我