欢迎您访问程序员文章站本站旨在为大家提供分享程序员计算机编程知识!
您现在的位置是: 首页  >  IT编程

前后端分离,注册和登录。涉及Oauth2 Password-Flow 授权方式

程序员文章站 2022-07-10 18:27:04
1.0 概要Oauth2.0 Password Flow 授权前后端分离.前端Vue,后端Spring Oauth2.0代码分为前端Vue和后端Java两工程2.0代码2.1Maven依赖

前后端分离,注册和登录。涉及Oauth2 Password-Flow 授权方式

前后端分离,注册和登录。涉及Oauth2 Password-Flow 授权方式

前后端分离,注册和登录。涉及Oauth2 Password-Flow 授权方式

1.0 概要

  • Oauth2.0 Password Flow 授权

  • 前后端分离.前端Vue,后端Spring Oauth2.0

  • 代码分为前端Vue和后端Java两工程

2.0代码

2.1Maven依赖

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
    <modelVersion>4.0.0</modelVersion>
    <parent>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-parent</artifactId>
        <version>2.4.0-SNAPSHOT</version>
        <relativePath/> <!-- lookup parent from repository -->
    </parent>
    <groupId>com.example</groupId>
    <artifactId>oauth2-password-flow-server</artifactId>
    <version>0.0.1-SNAPSHOT</version>
    <name>oauth2-password-flow-server</name>
    <description>Demo project for Spring Boot</description>

    <properties>
        <java.version>15</java.version>
        <spring-cloud.version>2020.0.0-SNAPSHOT</spring-cloud.version>
    </properties>

    <dependencies>

        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-web</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-data-jpa</artifactId>
            <version>2.3.5.RELEASE</version>
        </dependency>
        <dependency>
            <groupId>org.hibernate.validator</groupId>
            <artifactId>hibernate-validator</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.cloud</groupId>
            <artifactId>spring-cloud-starter-oauth2</artifactId>
        </dependency>
        <dependency>
            <groupId>mysql</groupId>
            <artifactId>mysql-connector-java</artifactId>
            <scope>runtime</scope>
        </dependency>
        <dependency>
            <groupId>com.h2database</groupId>
            <artifactId>h2</artifactId>
            <scope>runtime</scope>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-devtools</artifactId>
            <scope>runtime</scope>
            <optional>true</optional>
        </dependency>
        <dependency>
            <groupId>org.projectlombok</groupId>
            <artifactId>lombok</artifactId>
            <optional>true</optional>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-test</artifactId>
            <scope>test</scope>
        </dependency>
    </dependencies>

    <dependencyManagement>
        <dependencies>
            <dependency>
                <groupId>org.springframework.cloud</groupId>
                <artifactId>spring-cloud-dependencies</artifactId>
                <version>${spring-cloud.version}</version>
                <type>pom</type>
                <scope>import</scope>
            </dependency>
        </dependencies>
    </dependencyManagement>

    <build>
        <plugins>
            <plugin>
                <groupId>org.springframework.boot</groupId>
                <artifactId>spring-boot-maven-plugin</artifactId>
            </plugin>
        </plugins>
    </build>

    <repositories>
        <repository>
            <id>spring-milestones</id>
            <name>Spring Milestones</name>
            <url>https://repo.spring.io/milestone</url>
        </repository>
        <repository>
            <id>spring-snapshots</id>
            <name>Spring Snapshots</name>
            <url>https://repo.spring.io/snapshot</url>
            <snapshots>
                <enabled>true</enabled>
            </snapshots>
        </repository>
    </repositories>
    <pluginRepositories>
        <pluginRepository>
            <id>spring-milestones</id>
            <name>Spring Milestones</name>
            <url>https://repo.spring.io/milestone</url>
        </pluginRepository>
        <pluginRepository>
            <id>spring-snapshots</id>
            <name>Spring Snapshots</name>
            <url>https://repo.spring.io/snapshot</url>
            <snapshots>
                <enabled>true</enabled>
            </snapshots>
        </pluginRepository>
    </pluginRepositories>

</project>


2.2授权服务配置类

OAuth2AuthorizationServer.java

package com.example.oauth2passwordflowserver.config;

import com.example.oauth2passwordflowserver.service.DemoUserDetailsService;
import lombok.RequiredArgsConstructor;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;

@Configuration
@EnableAuthorizationServer
@RequiredArgsConstructor
public class OAuth2AuthorizationServer extends AuthorizationServerConfigurerAdapter
{
    private final BCryptPasswordEncoder passwordEncoder;
    private final AuthenticationManager authenticationManager;
    private final DemoUserDetailsService userDetailsService;

    @Override
    public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
        // clients 配置信息,这里是Vue前端。可放在数据库里。我们这里放在内存
        clients
                .inMemory()
                //客户端名称
                .withClient("clientApp")
                //客户端秘钥
                .secret(passwordEncoder.encode("123456"))
                //允许授权方式有password和refresh_token
                //如果删除refresh_token,返回的token对象将没有refresh_token项
                .authorizedGrantTypes("password", "refresh_token")
                //可以随意填写,必须和前端client传过来的参数一致
                .scopes("all");
    }

    @Override
    public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
        //如果是password授权,必须使用userDetailsService。因为需要使用用户名和密码
        endpoints.userDetailsService(userDetailsService);
        //必须使用认证管理器
        endpoints.authenticationManager(authenticationManager);
    }

}

2.3用户控制类

UserController.java

package com.example.oauth2passwordflowserver.controller;


import com.example.oauth2passwordflowserver.entity.User;
import com.example.oauth2passwordflowserver.models.RegisterForm;
import com.example.oauth2passwordflowserver.models.UserInfo;
import com.example.oauth2passwordflowserver.service.UserService;
import lombok.RequiredArgsConstructor;
import org.springframework.security.core.Authentication;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RestController;

import java.util.List;
import java.util.stream.Collectors;

@RestController
@RequiredArgsConstructor
public class UserController {

    private final UserService userService;
    private final BCryptPasswordEncoder passwordEncoder;

    @GetMapping(value ={"/"})
    public String hello(){
        return "hello";
    }

    /**
     * 获取用户信息
     * 在Controller里任何一个方法都可以获取用户信息
     * @param authentication
     * @return
     */
    @GetMapping("/userInfo")
    public UserInfo userInfo(Authentication authentication){
        UserInfo userInfo = new UserInfo();
        userInfo.setUsername(authentication.getName());
        userInfo.setAuthenticated(authentication.isAuthenticated());
        List<String> authorities = authentication.getAuthorities()
                .stream().map(g ->g.getAuthority()).collect(Collectors.toList());
        userInfo.setAuthority(authorities);
        return userInfo;
    }


    /**
     * 注册用户
     * @param registerForm
     * @return
     */
    @PostMapping("/register")
    public Boolean register(@RequestBody RegisterForm registerForm){
        User user = new User();
        user.setUsername(registerForm.getUsername());
        user.setPassword(passwordEncoder.encode(registerForm.getPassword()));
        return userService.register(user);
    }

}


2.4实体类

Authority.java

package com.example.oauth2passwordflowserver.entity;

import com.example.oauth2passwordflowserver.enums.AuthorityType;
import lombok.Data;
import lombok.NoArgsConstructor;

import javax.persistence.*;
import java.util.ArrayList;
import java.util.List;

@Entity
@Data
@NoArgsConstructor
public class Authority {
    @Id
    @GeneratedValue(strategy = GenerationType.AUTO)
    private long id;

    @Enumerated(EnumType.STRING)
    private AuthorityType name;

    @ManyToMany(mappedBy = "authorities")
    private List<User> users =  new ArrayList<>();
}


User.java

package com.example.oauth2passwordflowserver.entity;


import lombok.Data;
import lombok.NoArgsConstructor;

import javax.persistence.*;
import javax.validation.constraints.NotBlank;
import java.util.ArrayList;
import java.util.List;

@Entity
@Data
@NoArgsConstructor
public class User {

    @Id
    @GeneratedValue(strategy = GenerationType.IDENTITY)
    private long id;

    @NotBlank
    @Column(nullable = false, unique = true)
    private String username;
    @NotBlank
    private String password;

    @ManyToMany(cascade = CascadeType.ALL, fetch = FetchType.EAGER)
    @JoinTable(name = "user_authority",
            joinColumns = {@JoinColumn(name = "user_id")},
            inverseJoinColumns = {@JoinColumn(name = "authority_id")})
    private List<Authority> authorities = new ArrayList<>();

}

3.0 使用

1、运行后端Java工程,输入http://localhost:8081/ 返回 hello。后台启动成功

2、运行前端Vue工程,输入http://localhost:8080/ 进入登录页面。先注册用户,再登录成功进入首页

4.0代码下载

前后端分离,注册和登录。涉及Oauth2 Password-Flow 授权方式

 

本文地址:https://blog.csdn.net/wenhaipan/article/details/109637697