資源服務器就是業(yè)務服務 如用戶服務，訂單服務等 第三方需要到資源服務器調用接口獲取資源

ResourceServerConfig是資源服務器的核心配置 用于驗證token 與網關配置相似

其中.antMatchers('/**').access('#oauth2.hasScope(’user’)') 需要oauth_client_details表的scope配合 意思是訪問所有資源 需要客戶端有scope需要有user

@Configuration@EnableResourceServer // 標識為資源服務器，請求服務中的資源，就要帶著token過來，找不到token或token是無效訪問不了資源@EnableGlobalMethodSecurity(prePostEnabled = true) // 開啟方法級別權限控制public class ResourceServerConfig extends ResourceServerConfigurerAdapter implements CommandLineRunner { private final static Logger logger = LoggerFactory.getLogger(ResourceServerConfig.class); public static final String RESOURCE_ID = 'user'; /** * 權限不足返回給前端json */ @Autowired private CustomAccessDeniedHandlerConfig customAccessDeniedHandlerConfig; @Autowired private TokenStore tokenStore; /** * token無效返回前段json */ @Autowired private AuthExceptionEntryPointConfig authExceptionEntryPointConfig; @Override public void configure(ResourceServerSecurityConfigurer resources) throws Exception { // 當前資源服務器的資源id，認證服務會認證客戶端有沒有訪問這個資源id的權限，有則可以訪問當前服務 resources.tokenStore(tokenStore).resourceId(RESOURCE_ID) // token無效異常的處理 .authenticationEntryPoint(authExceptionEntryPointConfig) // 權限不足異常處理類 .accessDeniedHandler(customAccessDeniedHandlerConfig) // 會話機制stateless開啟 .stateless(true); } @Override public void configure(HttpSecurity http) throws Exception { http.sessionManagement() // SpringSecurity不會使用也不會創(chuàng)建HttpSession實例 因為整個oauth2后使用token .sessionCreationPolicy(SessionCreationPolicy.STATELESS).and().authorizeRequests() // 開放swagger請求 .antMatchers('/swagger-ui.html', '/webjars/**', '/swagger-resources/**','/v2/**').permitAll() // 所有請求，都需要有all范圍（scope） .antMatchers('/**').access('#oauth2.hasScope(’user’)'). anyRequest().authenticated().and().csrf() .disable(); } @Bean public PasswordEncoder passwordEncoder() { return new BCryptPasswordEncoder(); }}

AuthExceptionEntryPointConfig,CustomAccessDeniedHandlerConfig

用于異常返回前端json

@Componentpublic class CustomAccessDeniedHandlerConfig implements AccessDeniedHandler { @Override public void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException accessDeniedException) throws IOException, ServletException { response.setStatus(HttpStatus.OK.value()); response.setHeader('Content-Type', 'application/json;charset=UTF-8'); try { Result result = new Result(403, '權限不足'); response.getWriter().write(new ObjectMapper().writeValueAsString(result)); } catch (IOException e) { e.printStackTrace(); } }}

@Componentpublic class AuthExceptionEntryPointConfig implements AuthenticationEntryPoint{ private final static Logger logger = LoggerFactory.getLogger(AuthExceptionEntryPointConfig.class); @Value('${security.redirect-url}') private String redirectUrl; @Override public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authException) { Throwable cause = authException.getCause(); response.setStatus(HttpStatus.OK.value()); response.setHeader('Content-Type', 'application/json;charset=UTF-8'); Result result; try { if (cause instanceof InvalidTokenException) { result = new Result(402, '認證失敗,無效或過期token'); response.getWriter().write(new ObjectMapper().writeValueAsString(result)); } else { result = new Result(401, '認證失敗,沒有攜帶token'); response.sendRedirect(redirectUrl); } } catch (IOException e) { e.printStackTrace(); } }}

TokenConfig

不多說

@Configurationpublic class TokenConfig{ /** * 使用redis存儲 */ @Autowired private RedisConnectionFactory redisConnectionFactory; @Bean public TokenStore tokenStore() { return new RedisTokenStore(redisConnectionFactory); } }

application.yml

那么小伙伴又問了 既然網關驗證token的有效性 那么資源服務器是不是就不用驗證啦 答案是否 因為不添加配置 會報錯 同樣需要在application中添加以下配置

其他配置也spirng boot為準 這里不多說

security: oauth2: client: client-id: user-vue client-secret: 1234 resource: token-info-uri: http://localhost:8001/oauth/check_token

到此這篇關于spring cloud ouath2中的資源服務器的文章就介紹到這了,更多相關spring cloud ouath2資源服務器內容請搜索好吧啦網以前的文章或繼續(xù)瀏覽下面的相關文章希望大家以后多多支持好吧啦網！