Spring Cloud Gateway安全性oauth2

时间:2019-03-20 16:03:58

标签: spring security cloud gateway

我拥有带有AuthorizationServer的uthentication服务,该服务创建了一个JWT令牌,并且在我与ResourceServer相同的服务中。当我启动服务并尝试以邮递员的身份访问令牌时,它将返回JWT令牌。之后,当我尝试使用该服务时,需要进行“身份验证”的端点“ / home”可以正常工作。

我的问题是如何做春季云网关oauth2客户端,当我尝试使用Bearer Token到达某个端点以通过身份验证服务对请求进行身份验证时。我花了很多时间,无法为我找到合适的解决方案。

我的授权服务器:

@Configuration
@EnableAuthorizationServer
public class AuthorizationServer extends AuthorizationServerConfigurerAdapter {

    private static final String ID_CLIENT = "client";
    private static final String SECRET = "secret";
    private static final String AUTHORIZATION_CODE = "authorization_code";
    private static final String SCOPE = "user_info";
    private static final String TOKEN_KEY_ACCESS = "permitAll()";
    private static final String CHECK_TOKEN_ACCESS = "isAuthenticated()";
    private static final String SIGNING_KEY = "privateKey";
    private static final String PASSWORD = "password";

    @Autowired
    private AuthenticationManager authenticationManager;
    @Autowired
    private PasswordEncoder passwordEncoder;

    @Override
    public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
        security.tokenKeyAccess(TOKEN_KEY_ACCESS)
                .checkTokenAccess(CHECK_TOKEN_ACCESS);
    }

    @Override
    public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
        clients
                .inMemory()
                .withClient(ID_CLIENT)
                .secret(passwordEncoder.encode(SECRET))
                .autoApprove(true)
                .authorizedGrantTypes(AUTHORIZATION_CODE, PASSWORD)
                .scopes(SCOPE)
                .accessTokenValiditySeconds(20000)
                .refreshTokenValiditySeconds(20000);
    }

    @Override
    public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
        endpoints
                .authenticationManager(authenticationManager)
                .tokenStore(tokenStore())
                .accessTokenConverter(tokenConverter());
    }

    @Bean
    public JwtAccessTokenConverter tokenConverter() {
        JwtAccessTokenConverter converter = new JwtAccessTokenConverter();
        converter.setSigningKey(SIGNING_KEY);
        converter.setVerifierKey(SIGNING_KEY);
        return converter;
    }

    @Bean
    public JwtTokenStore tokenStore() {
        return new JwtTokenStore(tokenConverter());
    }
}

我的资源服务器

@Configuration
@EnableResourceServer
public class ResourcesServer extends ResourceServerConfigurerAdapter {

    private static final String CLIENT_ID = "clientId";
    private static final String SECRET = "secret";
    private static final String TOKEN_ENDPOINT_URL = "http://localhost:9004/oauth/check_token";

    @Override
    public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
        resources.tokenServices(tokenServices());
    }

    @Bean
    public RemoteTokenServices tokenServices() {
        RemoteTokenServices tokenServices = new RemoteTokenServices();
        tokenServices.setCheckTokenEndpointUrl(TOKEN_ENDPOINT_URL);
        tokenServices.setClientId(CLIENT_ID);
        tokenServices.setClientSecret(SECRET);
        return tokenServices;
    }
}

我有一个带有LDAP身份验证的WebSecurityConfiguration ...

0 个答案:

没有答案
相关问题
最新问题