类 AuthorizationServerConfig
java.lang.Object
io.github.mangocrisp.spring.taybct.auth.security.config.AuthorizationServerConfig
@AutoConfiguration
@Import({org.springframework.security.oauth2.server.authorization.config.annotation.web.configuration.OAuth2AuthorizationServerConfiguration.class,JdbcAuthConfig.class})
public class AuthorizationServerConfig
extends Object
-
字段概要
字段 -
构造器概要
构造器 -
方法概要
修饰符和类型方法说明org.springframework.security.web.SecurityFilterChainauthorizationServerSecurityFilterChain(org.springframework.security.config.annotation.web.builders.HttpSecurity http, ICustomizeTokenEndpointConfigurer customizeTokenEndpointConfigurer, io.github.mangocrisp.spring.taybct.tool.core.exception.handler.IGlobalExceptionReporter globalExceptionReporter, io.github.mangocrisp.spring.taybct.tool.core.exception.handler.IGlobalPrinter globalPrinter, IUserDetailsHandle userDetailsHandle, io.github.mangocrisp.spring.taybct.tool.core.support.IEncryptedPassable encryptedPassable) A Spring Security filter chain for the Protocol Endpoints.
协议端点的Spring Security过滤器链。org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettingsAn instance of AuthorizationServerSettings to configure Spring Authorization Server.
用于配置Spring Authorization Server的AuthorizationServerSettings实例。clientDetailsHandle(ClientConfig clientConfig) 配置获取客户端的处理类,这里默认配置了一个使用 properties 获取客户端的处理类,也就是从 yaml 里面获取到客户端的配置信息
这里,就可以自己去配置一个获取客户端的 bean 了比如从 Feign 远程调用?org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepositorycustomizeClientRepository(org.springframework.security.crypto.password.PasswordEncoder passwordEncoder, IClientDetailsHandle clientDetailsHandle) An instance of RegisteredClientRepository for managing clients.
oauth2 用于第三方认证,RegisteredClientRepository 主要用于管理第三方(每个第三方就是一个客户端)
如果没有配置 IClientDetailsHandle,就不会配置这个customizeTokenEndpointConfigurer(org.springframework.security.crypto.password.PasswordEncoder passwordEncoder, ICustomizeUserDetailsService customizeUserDetailsService, org.springframework.security.oauth2.server.authorization.token.OAuth2TokenGenerator<?> tokenGenerator, IUserDetailsHandle userDetailsHandle, org.springframework.data.redis.core.RedisTemplate<Object, Object> redisTemplate, IOtherTokenEndpointConfigurer otherTokenEndpointConfigurer, org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService authorizationService, io.github.mangocrisp.spring.taybct.tool.core.support.IEncryptedPassable encryptedPassable, ResponseHandler responseHandler) 自定义 token 端点配置,这里注意一下:
RestControllerAdvice在这里不好使 也就是说,只要你不是抛出的OAuth2AuthenticationException,就不会被AuthenticationFailureHandler拦截 ,也不会被RestControllerAdvice拦截,那,意思就是说 ,根本就不会返回给客户端任何提示了。。。com.nimbusds.jose.jwk.JWKSetcom.nimbusds.jose.jwk.source.JWKSource<com.nimbusds.jose.proc.SecurityContext>jwkSource(com.nimbusds.jose.jwk.JWKSet jwkSet) An instance of com.nimbusds.jose.jwk.source.JWKSource for signing access tokens.org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationConverterorg.springframework.security.oauth2.server.authorization.token.OAuth2TokenCustomizer<org.springframework.security.oauth2.server.authorization.token.JwtEncodingContext>jwtCustomizer(IUserDetailsHandle userDetailsHandle) 自定义添加修改 token 的内容,不过 headers 好像只能加,不能删???org.springframework.security.oauth2.jwt.JwtDecoderjwtDecoder(com.nimbusds.jose.jwk.source.JWKSource<com.nimbusds.jose.proc.SecurityContext> jwkSource) An instance of JwtDecoder for decoding signed access tokens.
JwtDecoder的一个实例,用于解码签名的访问令牌。org.springframework.security.oauth2.jwt.JwtEncoderjwtEncoder(com.nimbusds.jose.jwk.source.JWKSource<com.nimbusds.jose.proc.SecurityContext> jwkSource) jwt 加密keyPair(io.github.mangocrisp.spring.taybct.tool.core.util.rsa.RSAProperties properties) An instance of java.security.KeyPair with keys generated on startup used to create the JWKSource above.
生成秘钥对,为jwkSource提供服务。我在下面配置了默认的端点配置,主要是加上了用户名密码的鉴权模式,所以,如果还有其他的要添加的模式,你可以尝试去实现一个 IOtherTokenEndpointConfigurer,然后可以参考 ICustomizeTokenEndpointConfigurer 里面的写法自己配置这些端点private io.github.mangocrisp.spring.taybct.tool.core.result.R<?>printResponse(org.springframework.security.core.Authentication authentication, jakarta.servlet.http.HttpServletResponse response) 打印结果给前端private voidresultHandle(IUserDetailsHandle userDetailsHandle, org.springframework.security.core.Authentication authentication) 鉴权结果处理org.springframework.security.oauth2.server.authorization.token.OAuth2TokenGenerator<?>tokenGenerator(org.springframework.security.oauth2.jwt.JwtEncoder jwtEncoder, org.springframework.security.oauth2.server.authorization.token.OAuth2TokenCustomizer<org.springframework.security.oauth2.server.authorization.token.JwtEncodingContext> jwtCustomizer) token 生成器
-
字段详细资料
-
authContextPath
请求前缀 -
contextPath
-
applicationName
-
-
构造器详细资料
-
AuthorizationServerConfig
public AuthorizationServerConfig()
-
-
方法详细资料
-
authorizationServerSecurityFilterChain
@Bean @Order(1) public org.springframework.security.web.SecurityFilterChain authorizationServerSecurityFilterChain(org.springframework.security.config.annotation.web.builders.HttpSecurity http, ICustomizeTokenEndpointConfigurer customizeTokenEndpointConfigurer, io.github.mangocrisp.spring.taybct.tool.core.exception.handler.IGlobalExceptionReporter globalExceptionReporter, io.github.mangocrisp.spring.taybct.tool.core.exception.handler.IGlobalPrinter globalPrinter, IUserDetailsHandle userDetailsHandle, io.github.mangocrisp.spring.taybct.tool.core.support.IEncryptedPassable encryptedPassable) throws Exception A Spring Security filter chain for the Protocol Endpoints.
协议端点的Spring Security过滤器链。
这些协议端点,只有配置了他才能够访问的到接口地址(类似mvc的controller)。- 参数:
http- HttpSecurity- 返回:
- SecurityFilterChain
- 抛出:
Exception- Exception- 另请参阅:
-
ClientSecretBasicAuthenticationConverter.convert(HttpServletRequest)OAuth2AuthorizationCodeAuthenticationProvider.authenticate(Authentication)PublicClientAuthenticationProvider.authenticate(Authentication)AuthenticationSuccessHandlerAuthenticationFailureHandler
-
clientDetailsHandle
@Bean @ConditionalOnMissingBean(IClientDetailsHandle.class) public IClientDetailsHandle clientDetailsHandle(ClientConfig clientConfig) 配置获取客户端的处理类,这里默认配置了一个使用 properties 获取客户端的处理类,也就是从 yaml 里面获取到客户端的配置信息
这里,就可以自己去配置一个获取客户端的 bean 了比如从 Feign 远程调用?- 参数:
clientConfig- 配置- 返回:
- 处理类
-
customizeClientRepository
@Bean @Order(1) @ConditionalOnMissingBean(org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository.class) @ConditionalOnBean(IClientDetailsHandle.class) public org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository customizeClientRepository(org.springframework.security.crypto.password.PasswordEncoder passwordEncoder, IClientDetailsHandle clientDetailsHandle) An instance of RegisteredClientRepository for managing clients.
oauth2 用于第三方认证,RegisteredClientRepository 主要用于管理第三方(每个第三方就是一个客户端)
如果没有配置 IClientDetailsHandle,就不会配置这个- 返回:
- RegisteredClientRepository
-
keyPair
@Bean @ConditionalOnMissingBean(java.security.KeyPair.class) public KeyPair keyPair(@Nullable io.github.mangocrisp.spring.taybct.tool.core.util.rsa.RSAProperties properties) An instance of java.security.KeyPair with keys generated on startup used to create the JWKSource above.
生成秘钥对,为jwkSource提供服务。- 返回:
- KeyPair
-
jwkSet
-
jwkSource
@Bean public com.nimbusds.jose.jwk.source.JWKSource<com.nimbusds.jose.proc.SecurityContext> jwkSource(com.nimbusds.jose.jwk.JWKSet jwkSet) An instance of com.nimbusds.jose.jwk.source.JWKSource for signing access tokens.- 返回:
- JWKSource
-
jwtDecoder
@Bean public org.springframework.security.oauth2.jwt.JwtDecoder jwtDecoder(com.nimbusds.jose.jwk.source.JWKSource<com.nimbusds.jose.proc.SecurityContext> jwkSource) An instance of JwtDecoder for decoding signed access tokens.
JwtDecoder的一个实例,用于解码签名的访问令牌。- 参数:
jwkSource- JWKSource- 返回:
- JwtDecoder
-
authorizationServerSettings
@Bean public org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings authorizationServerSettings()An instance of AuthorizationServerSettings to configure Spring Authorization Server.
用于配置Spring Authorization Server的AuthorizationServerSettings实例。
就是可以配置鉴权服务器- 返回:
- AuthorizationServerSettings
-
jwtEncoder
@Bean public org.springframework.security.oauth2.jwt.JwtEncoder jwtEncoder(com.nimbusds.jose.jwk.source.JWKSource<com.nimbusds.jose.proc.SecurityContext> jwkSource) jwt 加密- 参数:
jwkSource- 签名- 返回:
- 加密器
-
jwtCustomizer
@Bean @ConditionalOnMissingBean(org.springframework.security.oauth2.server.authorization.token.OAuth2TokenCustomizer.class) public org.springframework.security.oauth2.server.authorization.token.OAuth2TokenCustomizer<org.springframework.security.oauth2.server.authorization.token.JwtEncodingContext> jwtCustomizer(IUserDetailsHandle userDetailsHandle) 自定义添加修改 token 的内容,不过 headers 好像只能加,不能删???还是我打开的方式不对- 返回:
- 自定义
-
jwtAuthenticationConverter
@Bean @ConditionalOnMissingBean(org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationConverter.class) public org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationConverter jwtAuthenticationConverter() -
tokenGenerator
@Bean public org.springframework.security.oauth2.server.authorization.token.OAuth2TokenGenerator<?> tokenGenerator(org.springframework.security.oauth2.jwt.JwtEncoder jwtEncoder, org.springframework.security.oauth2.server.authorization.token.OAuth2TokenCustomizer<org.springframework.security.oauth2.server.authorization.token.JwtEncodingContext> jwtCustomizer) token 生成器- 参数:
jwtEncoder- jwt 加密器- 返回:
- token 生成器
-
otherTokenEndpointConfigurer
@Bean @ConditionalOnMissingBean(IOtherTokenEndpointConfigurer.class) public IOtherTokenEndpointConfigurer otherTokenEndpointConfigurer()我在下面配置了默认的端点配置,主要是加上了用户名密码的鉴权模式,所以,如果还有其他的要添加的模式,你可以尝试去实现一个 IOtherTokenEndpointConfigurer,然后可以参考 ICustomizeTokenEndpointConfigurer 里面的写法自己配置这些端点- 返回:
- IOtherTokenEndpointConfigurer
-
customizeTokenEndpointConfigurer
@Bean @ConditionalOnMissingBean(ICustomizeTokenEndpointConfigurer.class) public ICustomizeTokenEndpointConfigurer customizeTokenEndpointConfigurer(org.springframework.security.crypto.password.PasswordEncoder passwordEncoder, ICustomizeUserDetailsService customizeUserDetailsService, org.springframework.security.oauth2.server.authorization.token.OAuth2TokenGenerator<?> tokenGenerator, IUserDetailsHandle userDetailsHandle, org.springframework.data.redis.core.RedisTemplate<Object, Object> redisTemplate, @Qualifier("otherTokenEndpointConfigurer") IOtherTokenEndpointConfigurer otherTokenEndpointConfigurer, org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService authorizationService, io.github.mangocrisp.spring.taybct.tool.core.support.IEncryptedPassable encryptedPassable, ResponseHandler responseHandler) 自定义 token 端点配置,这里注意一下:
RestControllerAdvice在这里不好使 也就是说,只要你不是抛出的OAuth2AuthenticationException,就不会被AuthenticationFailureHandler拦截 ,也不会被RestControllerAdvice拦截,那,意思就是说 ,根本就不会返回给客户端任何提示了。。。属实是有点难搞,所以我这里还是老老实实按他的要求,配置好了异常返回。- 参数:
passwordEncoder- 加密器customizeUserDetailsService- 自定义用户查询 Service- 返回:
- ICustomizeTokenEndpointConfigurer
-
printResponse
private io.github.mangocrisp.spring.taybct.tool.core.result.R<?> printResponse(org.springframework.security.core.Authentication authentication, jakarta.servlet.http.HttpServletResponse response) 打印结果给前端- 参数:
authentication- 鉴权信息response- response- 返回:
- 返回结果对象
-
resultHandle
private void resultHandle(IUserDetailsHandle userDetailsHandle, org.springframework.security.core.Authentication authentication) 鉴权结果处理- 参数:
userDetailsHandle- 用户结果处理器authentication- 鉴权信息
-