資源服務器就是業務服務 如用戶服務，訂單服務等 第三方需要到資源服務器調用接口獲取資源

ResourceServerConfig是資源服務器的核心配置 用于驗證token 與網關配置相似

其中.antMatchers('/**').access('#oauth2.hasScope(’user’)') 需要oauth_client_details表的scope配合 意思是訪問所有資源 需要客戶端有scope需要有user

@Configuration@EnableResourceServer // 標識為資源服務器，請求服務中的資源，就要帶著token過來，找不到token或token是無效訪問不了資源@EnableGlobalMethodSecurity(prePostEnabled = true) // 開啟方法級別權限控制public class ResourceServerConfig extends ResourceServerConfigurerAdapter implements CommandLineRunner { private final static Logger logger = LoggerFactory.getLogger(ResourceServerConfig.class); public static final String RESOURCE_ID = 'user'; /** * 權限不足返回給前端json */ @Autowired private CustomAccessDeniedHandlerConfig customAccessDeniedHandlerConfig; @Autowired private TokenStore tokenStore; /** * token無效返回前段json */ @Autowired private AuthExceptionEntryPointConfig authExceptionEntryPointConfig; @Override public void configure(ResourceServerSecurityConfigurer resources) throws Exception { // 當前資源服務器的資源id，認證服務會認證客戶端有沒有訪問這個資源id的權限，有則可以訪問當前服務 resources.tokenStore(tokenStore).resourceId(RESOURCE_ID) // token無效異常的處理 .authenticationEntryPoint(authExceptionEntryPointConfig) // 權限不足異常處理類 .accessDeniedHandler(customAccessDeniedHandlerConfig) // 會話機制stateless開啟 .stateless(true); } @Override public void configure(HttpSecurity http) throws Exception { http.sessionManagement() // SpringSecurity不會使用也不會創建HttpSession實例 因為整個oauth2后使用token .sessionCreationPolicy(SessionCreationPolicy.STATELESS).and().authorizeRequests() // 開放swagger請求 .antMatchers('/swagger-ui.html', '/webjars/**', '/swagger-resources/**','/v2/**').permitAll() // 所有請求，都需要有all范圍（scope） .antMatchers('/**').access('#oauth2.hasScope(’user’)'). anyRequest().authenticated().and().csrf() .disable(); } @Bean public PasswordEncoder passwordEncoder() { return new BCryptPasswordEncoder(); }}

AuthExceptionEntryPointConfig,CustomAccessDeniedHandlerConfig

用于異常返回前端json

@Componentpublic class CustomAccessDeniedHandlerConfig implements AccessDeniedHandler { @Override public void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException accessDeniedException) throws IOException, ServletException { response.setStatus(HttpStatus.OK.value()); response.setHeader('Content-Type', 'application/json;charset=UTF-8'); try { Result result = new Result(403, '權限不足'); response.getWriter().write(new ObjectMapper().writeValueAsString(result)); } catch (IOException e) { e.printStackTrace(); } }}

@Componentpublic class AuthExceptionEntryPointConfig implements AuthenticationEntryPoint{ private final static Logger logger = LoggerFactory.getLogger(AuthExceptionEntryPointConfig.class); @Value('${security.redirect-url}') private String redirectUrl; @Override public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authException) { Throwable cause = authException.getCause(); response.setStatus(HttpStatus.OK.value()); response.setHeader('Content-Type', 'application/json;charset=UTF-8'); Result result; try { if (cause instanceof InvalidTokenException) { result = new Result(402, '認證失敗,無效或過期token'); response.getWriter().write(new ObjectMapper().writeValueAsString(result)); } else { result = new Result(401, '認證失敗,沒有攜帶token'); response.sendRedirect(redirectUrl); } } catch (IOException e) { e.printStackTrace(); } }}

TokenConfig

不多說

@Configurationpublic class TokenConfig{ /** * 使用redis存儲 */ @Autowired private RedisConnectionFactory redisConnectionFactory; @Bean public TokenStore tokenStore() { return new RedisTokenStore(redisConnectionFactory); } }

application.yml

那么小伙伴又問了 既然網關驗證token的有效性 那么資源服務器是不是就不用驗證啦 答案是否 因為不添加配置 會報錯 同樣需要在application中添加以下配置

其他配置也spirng boot為準 這里不多說

security: oauth2: client: client-id: user-vue client-secret: 1234 resource: token-info-uri: http://localhost:8001/oauth/check_token

到此這篇關于spring cloud ouath2中的資源服務器的文章就介紹到這了,更多相關spring cloud ouath2資源服務器內容請搜索好吧啦網以前的文章或繼續瀏覽下面的相關文章希望大家以后多多支持好吧啦網！