正式上市 || SAS 0.2.0 上手教程

背景

• Spring Authorization Server （以下簡稱 SAS）是 Spring 團隊最新開發(fā)適配 OAuth 協(xié)議的授權(quán)服務(wù)器項目，旨在替代原有的 Spring Security OAuth Server。

• 經(jīng)過半年的開發(fā)和孵化，目前已經(jīng)發(fā)布了 0.2.0 版本，已支持授權(quán)碼、客戶端、刷新、注銷等 OAuth 協(xié)議。

• 目前 SAS 項目已經(jīng)遷移至官方正式倉庫維護，成為官方的正式子項目。

• 筆者年初 《新年開箱 | Spring Authorization Server 全新的授權(quán)服務(wù)器上手
  》文章已經(jīng)不適配當(dāng)前版本，所以特寫整合上手文章。

• 本文環(huán)境基于 Spring Boot 2.5.3 && SAS 0.2.0

開始上手

1. 核心依賴

• 這里需要 SAS 、Security, 注意看注釋

<!-- 注意groupId 正式倉庫沒有 experimental ,特別注意不然下載不到j(luò)ar--> <dependency><groupId>org.springframework.security</groupId><artifactId>spring-security-oauth2-authorization-server</artifactId><version>0.2.0</version> </dependency><!--提供 form 認證--> <dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-security</artifactId> </dependency>

2. 配置 security 安全認證

• 定義用戶來源及其 form 認證的信息

@EnableWebSecurity public class DefaultSecurityConfig {@BeanUserDetailsService users() {UserDetails user = User.builder().username("lengleng").password("{noop}123456").roles("USER").build();return new InMemoryUserDetailsManager(user);}@BeanSecurityFilterChain defaultSecurityFilterChain(HttpSecurity http) throws Exception {http.authorizeRequests(authorizeRequests ->authorizeRequests.anyRequest().authenticated()).formLogin(withDefaults());return http.build();} }

3. 配置 SAS 服務(wù)器

@Configuration @EnableWebSecurity public class AuthServerConfiguration {// security 掛載 SAS 【最重要的一步】@Bean@Order(Ordered.HIGHEST_PRECEDENCE)public SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception {OAuth2AuthorizationServerConfiguration.applyDefaultSecurity(http);return http.formLogin(Customizer.withDefaults()).build();}// 客戶端來源@Beanpublic RegisteredClientRepository registeredClientRepository() {RegisteredClient client = RegisteredClient.withId("pig").clientId("pig").clientSecret("{noop}pig").clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_BASIC).authorizationGrantTypes(authorizationGrantTypes -> {authorizationGrantTypes.add(AuthorizationGrantType.AUTHORIZATION_CODE);authorizationGrantTypes.add(AuthorizationGrantType.REFRESH_TOKEN);}).redirectUri("https://pig4cloud.com").build();return new InMemoryRegisteredClientRepository(client);}// 以下兩個bean 定義 生成jwt 的配置，可以直接參考文末源碼介紹，這里就不在截圖@Bean@SneakyThrowspublic JWKSource<SecurityContext> jwkSource() {....}@Beanpublic static JwtDecoder jwtDecoder(JWKSource<SecurityContext> jwkSource) {...} }

測試運行

通過以上配置即可搭建完成 SAS 服務(wù)端，我們以授權(quán)碼模式測試

• 瀏覽器訪問如下鏈接，會重定向至登錄頁

http://localhost:3000/oauth2/authorize?client_id=pig&client_secret=pig&response_type=code&redirect_uri=https://pig4cloud.com

• 輸入賬號密碼后，會攜帶 code 自動回調(diào)至目標(biāo)頁面

• 使用 code 換 token

curl --location --request POST 'http://localhost:3000/oauth2/token' \ > --header 'Authorization: Basic cGlnOnBpZw==' \ > --header 'Content-Type: application/x-www-form-urlencoded' \ > --data-urlencode 'grant_type=authorization_code' \ > --data-urlencode 'code=dn0GmDB-4hAfg-Kc9luUkuqZn4keJF9ZkUTlmcSRnYn8uzfEV9Ih429MH-9O77TPEVqPxXAJLPgxq-znOpiI-28Sek305db8Rezd46ods95FrjCSMq_HAswCtAJV4Vrt' \ > --data-urlencode 'redirect_uri=https://pig4cloud.com' {"access_token":"eyJraWQiOiI2YmU4YzhlYi0wNDA2LTQxZGMtOGE2ZS0xOWZmNThlYzY4MTIiLCJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJsZW5nbGVuZyIsImF1ZCI6InBpZyIsIm5iZiI6MTYyOTM2OTcwMSwiZXhwIjoxNjI5MzcwMDAxLCJpYXQiOjE2MjkzNjk3MDF9.Vb_1kGTqRTejBN8aPRFZPs_3cAa7jFC7XPuG4pPptpTtVbso0iHE5ghuNfFAk3DO4vDBjokYSWwNBfj9RuiwI5ElWbbK71leE8BAGpQa35pKYoKgXybf92KWbNIxHI3BXuQww8iWtQI5_xgNUWVJ6sx0uI4f5hA_vGZEM0vHza0FZZWPAFt9X6j_R0tmu0JPnnnQ2sTQyFJUzQomqbF1OpZaJi3_HjnjX7g_Z-NdJi-1s9jItNtzaaYzkyXnhmKLQoEq-OVxOOL0C2hP_bAZ1dy39HDUHuosxtGPsw49wWuqZQTcMbr9YojbyUMkR7k30zAAByjUmkXzjaS4T-EIaA","refresh_token":"YlxCAnSyvtq1HcKqE3D3o-P_lT90wxdRQ6jfWbwQoKQaeFUZr51gQQQawSfpUUH4yf9kW51v7ENH2o4pDot7yIeN2tljVpKU6zuolj6gFKq0uDA6KkDDz54cDzfx1aw4","token_type":"Bearer","expires_in":"299"}

• 刷新 token

curl --location --request POST 'http://localhost:3000/oauth2/token' \ > --header 'Authorization: Basic cGlnOnBpZw==' \ > --header 'Content-Type: application/x-www-form-urlencoded' \ > --data-urlencode 'grant_type=authorization_code' \ > --data-urlencode 'code=dn0GmDB-4hAfg-Kc9luUkuqZn4keJF9ZkUTlmcSRnYn8uzfEV9Ih429MH-9O77TPEVqPxXAJLPgxq-znOpiI-28Sek305db8Rezd46ods95FrjCSMq_HAswCtAJV4Vrt' \ > --data-urlencode 'redirect_uri=https://pig4cloud.com' {"access_token":"eyJraWQiOiI2YmU4YzhlYi0wNDA2LTQxZGMtOGE2ZS0xOWZmNThlYzY4MTIiLCJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJsZW5nbGVuZyIsImF1ZCI6InBpZyIsIm5iZiI6MTYyOTM2OTcwMSwiZXhwIjoxNjI5MzcwMDAxLCJpYXQiOjE2MjkzNjk3MDF9.Vb_1kGTqRTejBN8aPRFZPs_3cAa7jFC7XPuG4pPptpTtVbso0iHE5ghuNfFAk3DO4vDBjokYSWwNBfj9RuiwI5ElWbbK71leE8BAGpQa35pKYoKgXybf92KWbNIxHI3BXuQww8iWtQI5_xgNUWVJ6sx0uI4f5hA_vGZEM0vHza0FZZWPAFt9X6j_R0tmu0JPnnnQ2sTQyFJUzQomqbF1OpZaJi3_HjnjX7g_Z-NdJi-1s9jItNtzaaYzkyXnhmKLQoEq-OVxOOL0C2hP_bAZ1dy39HDUHuosxtGPsw49wWuqZQTcMbr9YojbyUMkR7k30zAAByjUmkXzjaS4T-EIaA","refresh_token":"YlxCAnSyvtq1HcKqE3D3o-P_lT90wxdRQ6jfWbwQoKQaeFUZr51gQQQawSfpUUH4yf9kW51v7ENH2o4pDot7yIeN2tljVpKU6zuolj6gFKq0uDA6KkDDz54cDzfx1aw4","token_type":"Bearer","expires_in":"299"}% lengleng@MacBook-Pro  ~/Downloads/auth-server-demo   password ± lengleng@MacBook-Pro  ~/Downloads/auth-server-demo   password ±  curl --location --request POST 'http://localhost:3000/oauth2/token' \ > --header 'Authorization: Basic cGlnOnBpZw==' \ > --header 'Content-Type: application/x-www-form-urlencoded' \ > --data-urlencode 'grant_type=refresh_token' \ > --data-urlencode 'refresh_token=YlxCAnSyvtq1HcKqE3D3o-P_lT90wxdRQ6jfWbwQoKQaeFUZr51gQQQawSfpUUH4yf9kW51v7ENH2o4pDot7yIeN2tljVpKU6zuolj6gFKq0uDA6KkDDz54cDzfx1aw4' \ > {"access_token":"eyJraWQiOiI2YmU4YzhlYi0wNDA2LTQxZGMtOGE2ZS0xOWZmNThlYzY4MTIiLCJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJsZW5nbGVuZyIsImF1ZCI6InBpZyIsIm5iZiI6MTYyOTM2OTc2OSwiZXhwIjoxNjI5MzcwMDY5LCJpYXQiOjE2MjkzNjk3Njl9.dj_ktchQnTKRXGSQK7EZ3FAdz8StPOo27rURdCI8FN6jM3RFRD0s67v4LB1SRexl5KKHPuH6yYHhlr_u0um8ZpeQIrkumA2COukJAzy5O3SLsBYvLqipz-Ea9h9RZvC7EQZG-AbVJ378X214WxdsOYj1UPTv4Iegy4QsgERJSijINrCQZc0msHqSWIc_p61o2KIc8qaekrkZgY_JqCOz8K7x6drKvJ5gyWc9CyzeOrob5WrJfQGqqhjwjTl76g-9YyZ5Q97LX5lKRh8HOU6AUgKCyd4Jdol6PR6CkYd3gd4kyd5Ra7c3GbhzGUaxDrez79NDPx0aRAB9GA9mSohtsw","refresh_token":"YlxCAnSyvtq1HcKqE3D3o-P_lT90wxdRQ6jfWbwQoKQaeFUZr51gQQQawSfpUUH4yf9kW51v7ENH2o4pDot7yIeN2tljVpKU6zuolj6gFKq0uDA6KkDDz54cDzfx1aw4","token_type":"Bearer","expires_in":"299"}%

撤銷令牌

• 通過 access_token

curl --location --request POST 'http://localhost:3000/oauth2/revoke' \ --header 'Authorization: Basic cGlnOnBpZw==' \ --header 'Content-Type: application/x-www-form-urlencoded' \ --data-urlencode 'token=eyJraWQiOiI0NmM3Zjk0OS01NmZmLTRlMjgtYmI4Zi0wNjZjYWU4ODllNDkiLCJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJsZW5nbGVuZyIsImF1ZCI6InBpZyIsIm5iZiI6MTYyOTM0MzM4NiwiZXhwIjoxNjI5MzQzNjg2LCJpYXQiOjE2MjkzNDMzODZ9.avRZ9NuybP8bqenEstvDq3SAKuSI6Y3ihh2PqeiQvwkUAWBPY6N9JCaxJllKhrcS6OgL76I38Yvt0B1ICMFistqemWl1rxQUB2aXpZuTwnPjxtxV6deDxyr--Y1w7I9jVpT5jnaqOXDIZ6dhIlUCfqBPT9a4DmwuEsz5H60KUO-NbMM66DPDxvTgauuylhrjiPQgaDyaxFHbtdw6qq_pgFI023fkIASodauCFiUcl64HKV3or9B3OkXW0EgnA553ofTbgz0hlROMfee15wuzOAXTUkhlUOjjosuEslimT9vFM9wtRza4o864Gi_j_zIhIoSSmRfUScXTgt9aZT1xlQ' \ --data-urlencode 'token_type_hint=access_token'

• 通過 refresh_token

curl --location --request POST 'http://localhost:3000/oauth2/revoke' \ --header 'Authorization: Basic cGlnOnBpZw==' \ --header 'Content-Type: application/x-www-form-urlencoded' \ --data-urlencode 'token=ku4R4n7YD1f584KXj4k_3GP9o-HbdY-PDIIh-twPVJTmvHa5mLIoifaNhbBvFNBbse6_wAMcRoOWuVs9qeBWpxQ5zIFrF1A4g1Q7LhVAfH1vo9Uc7WL3SP3u82j0XU5x' \ --data-urlencode 'token_type_hint=refresh_token'

下期預(yù)告

SAS 是 OAuth 2.1 協(xié)議的實現(xiàn)，不支持密碼模式。 那么怎么擴展實現(xiàn)呢 ？下一篇文章我會分享擴展實現(xiàn)密碼模式，歡迎關(guān)注。

本文源碼: https://github.com/lltx/auth-server-demo

總結(jié)

以上是生活随笔為你收集整理的Spring SAS 0.2.0 上手教程的全部內(nèi)容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網(wǎng)站內(nèi)容還不錯，歡迎將生活随笔推薦給好友。