上周从(1.5.10.RELEASE / Edgware.SR2)迁移到(2.0.5.RELEASE / Finchely)后,我再也无法请求我的AuthorizationServer。
这是我迁移后的新代码:
这是我在配置服务器中的配置:
eureka:
instance:
preferIpAddress: true
client:
registerWithEureka: true
fetchRegistry: true
serviceUrl:
defaultZone: http://user:password@localhost:8761/eureka/
security:
basic:
enabled: false
oauth2:
client-id: small-ads
signing-key: $2a$10$fcAHmFLPjfoqdIyc/2lNvusOoztfIYx4Qsu.UsH06nNO2Q/Ws1gDi
grant-type:
password: password
authorization-code: authorization_code
refresh-token: refresh_token
scope:
web: web
mobile: mobile
resources-ids:
buy-sell: buy-sell
gateway: gateway
upload: upload
access-token-validity-seconds: 120
#Setting logging levels
logging:
level:
org.springframework: DEBUG
org.springframework.security: DEBUG
com.smartmedia.smallads.cloud.oauth.server: DEBUG
这是我的SecurityConfig:
package com.smartmedia.smallads.cloud.oauth.server;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.UserDetailsService;
import com.smartmedia.smallads.cloud.oauth.server.service.UserServiceImpl;
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Bean
@Override
protected AuthenticationManager authenticationManager() throws Exception {
return super.authenticationManager();
}
@Bean
public UserDetailsService userDetailsService() {
return new UserServiceImpl();
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService());
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().antMatchers("/oauth/token", "/oauth/authorize", "/oauth/confirm_access").permitAll()
.anyRequest().authenticated().and().csrf().disable().cors();
}
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring().antMatchers(HttpMethod.OPTIONS);
}
}
这是我的ServersConfig:
package com.smartmedia.smallads.cloud.oauth.server;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
import org.springframework.security.oauth2.provider.token.DefaultTokenServices;
import org.springframework.security.oauth2.provider.token.TokenStore;
import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter;
import org.springframework.security.oauth2.provider.token.store.JwtTokenStore;
@EnableAuthorizationServer
@Configuration
public class ServersConfig extends AuthorizationServerConfigurerAdapter {
@Value("${security.oauth2.client-id}")
private String clientId;
@Value("${security.oauth2.signing-key}")
private String signingKey;
@Value("${security.oauth2.grant-type.password}")
private String grantTypePassword;
@Value("${security.oauth2.grant-type.authorization-code}")
private String grantTypeAuthorizationCode;
@Value("${security.oauth2.grant-type.refresh-token}")
private String grantTypeRefreshToken;
@Value("${security.oauth2.scope.web}")
private String scopeWeb;
@Value("${security.oauth2.scope.mobile}")
private String scopeMobile;
@Value("${security.oauth2.resources-ids.buy-sell}")
private String resourcesIdBuySell;
@Value("${security.oauth2.resources-ids.gateway}")
private String resourcesIdGateway;
@Value("${security.oauth2.resources-ids.upload}")
private String resourcesIdUpload;
@Value("${security.oauth2.access-token-validity-seconds}")
private String accessTokenValiditySeconds;
@Autowired
private AuthenticationManager authenticationManager;
@Bean
public JwtAccessTokenConverter accessTokenConverter() {
JwtAccessTokenConverter converter = new JwtAccessTokenConverter();
converter.setSigningKey(signingKey);
return converter;
}
@Bean
public TokenStore tokenStore() {
return new JwtTokenStore(accessTokenConverter());
}
@Bean
public DefaultTokenServices tokenServices() {
DefaultTokenServices defaultTokenServices = new DefaultTokenServices();
defaultTokenServices.setTokenStore(tokenStore());
defaultTokenServices.setSupportRefreshToken(true);
return defaultTokenServices;
}
@Override
public void configure(ClientDetailsServiceConfigurer configurer) throws Exception {
configurer.inMemory().withClient(clientId).secret(signingKey).autoApprove(true)
.authorizedGrantTypes(grantTypeAuthorizationCode, grantTypePassword, grantTypeRefreshToken)
.scopes(scopeWeb, scopeMobile).resourceIds(resourcesIdBuySell, resourcesIdGateway, resourcesIdUpload);
}
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
endpoints.tokenStore(tokenStore()).accessTokenConverter(accessTokenConverter())
.authenticationManager(authenticationManager);
}
@Bean
public BCryptPasswordEncoder passwordEncoder() {
System.out.println("password encrypted 123456: " + new BCryptPasswordEncoder().encode("123456") );
System.out.println("password encrypted password: " + new BCryptPasswordEncoder().encode("password") );
System.out.println("password decrypted password: " + new BCryptPasswordEncoder().matches("password", "$2a$10$WvV9OvIbs6iAjsARi7BJFOaIGENsopxJSS5WVJyjkW4M2GFoC4XUO") );
return new BCryptPasswordEncoder();
}
}
这是我的CorsConfig:
package com.smartmedia.smallads.cloud.oauth.server;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
import org.springframework.web.filter.CorsFilter;
@Configuration
public class CorsConfig {
@Bean
public CorsFilter corsFilter() {
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
CorsConfiguration config = new CorsConfiguration();
config.setAllowCredentials(true);
config.addAllowedOrigin("*");
config.setMaxAge(3600L);
config.addAllowedHeader("*");
config.addAllowedMethod("*");
source.registerCorsConfiguration("/**", config);
return new CorsFilter(source);
}
}
这是我的POM:
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>com.smart-media.small-ads</groupId>
<artifactId>small-ads-cloud-oauth-server</artifactId>
<version>0.0.1-SNAPSHOT</version>
<packaging>jar</packaging>
<name>small-ads-cloud-oauth-server</name>
<description>Small ads cloud oauth server</description>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.0.5.RELEASE</version>
<relativePath /> <!-- lookup parent from repository -->
</parent>
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
<java.version>1.8</java.version>
<spring-cloud.version>Finchley.RELEASE</spring-cloud.version>
</properties>
<dependencies>
<!-- Cloud config and ops -->
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-config</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-config-client</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-actuator</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-devtools</artifactId>
<scope>runtime</scope>
</dependency>
<!-- Cloud config and ops -->
<!-- Eureka client -->
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-netflix-eureka-client</artifactId>
</dependency>
<!-- Eureka client -->
<!-- Circuit breaker -->
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-netflix-hystrix</artifactId>
</dependency>
<!-- Circuit breaker -->
<!-- Feign client -->
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-openfeign</artifactId>
</dependency>
<!-- Feign client -->
<!-- Cloud security -->
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.security.oauth.boot</groupId>
<artifactId>spring-security-oauth2-autoconfigure</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-oauth2</artifactId>
</dependency>
<!-- Cloud security -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-mongodb</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-thymeleaf</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
</dependencies>
<dependencyManagement>
<dependencies>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-dependencies</artifactId>
<version>${spring-cloud.version}</version>
<type>pom</type>
<scope>import</scope>
</dependency>
</dependencies>
</dependencyManagement>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
</plugins>
</build>
</project>
这是我用来获取令牌的卷曲:
curl small-ads:123456@localhost:8901/uaa/oauth/token -d grant_type=password -d username=user -d password=password