springboot+Oauth2实现自定义AuthenticationManager和认证path

2017-09-06 09:51:39 作者：huhanguang89

本篇文章主要介绍了springboot+Oauth2实现自定义AuthenticationManager和认证path，具有一定的参考价值，感兴趣的小伙伴们可以参考一下

本人在工作中需要构建这么一个后台框架，基于springboot，登录时认证使用自定义AuthenticationManager；同时支持Oauth2访问指定API接口，认证时的AuthenticationManager和登录规则不同。在研究了源码的基础上参考很多文章，目前基本得以解决。

@Configuration public class OAuth2Configuration { @SpringBootApplication @RestController @EnableResourceServer @Configuration @EnableAuthorizationServer protected static class AuthorizationServerConfiguration extends AuthorizationServerConfigurerAdapter implements EnvironmentAware { private static final String ENV_OAUTH = "authentication.oauth."; private static final String PROP_CLIENTID = "clientid"; private static final String PROP_SECRET = "secret"; private static final String PROP_TOKEN_VALIDITY_SECONDS = "tokenValidityInSeconds"; private RelaxedPropertyResolver propertyResolver; @Autowired private DataSource dataSource; @Bean public TokenStore tokenStore() { return new JdbcTokenStore(dataSource); // @Autowired // @Qualifier("authenticationManagerBean") // private AuthenticationManager authenticationManager; @Autowired @Qualifier("daoAuhthenticationOauthProvider") private AuthenticationProvider daoAuhthenticationOauthProvider; @Override public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception { // @formatter:off endpoints .tokenStore(tokenStore()) .authenticationManager(new AuthenticationManager(){ @Override public Authentication authenticate(Authentication authentication) throws AuthenticationException { // TODO Auto-generated method stub return daoAuhthenticationOauthProvider.authenticate(authentication); // @formatter:on @Override public void configure(ClientDetailsServiceConfigurer clients) throws Exception { clients .inMemory() .withClient(propertyResolver.getProperty(PROP_CLIENTID)) .scopes("read", "write") .authorities(Authorities.ROLE_CHANNEL.name()) .authorizedGrantTypes("password", "refresh_token") .secret(propertyResolver.getProperty(PROP_SECRET)) .accessTokenValiditySeconds(propertyResolver.getProperty(PROP_TOKEN_VALIDITY_SECONDS, Integer.class, 1800)); @Override public void setEnvironment(Environment environment) { this.propertyResolver = new RelaxedPropertyResolver(environment, ENV_OAUTH); @Configuration @EnableResourceServer protected static class ResourceServerConfiguration extends ResourceServerConfigurerAdapter { @Override public void configure(HttpSecurity http) throws Exception { .antMatcher("/api/dev/**") .authorizeRequests() .anyRequest() .hasRole("DEVELEPOR") .and() .antMatcher("/api/channel/**") .authorizeRequests() .anyRequest() .hasRole("CHANNEL");

以上是Oauth2的主要配置，SecurityConfiguration的配置就不贴了，大家可以去github上找资料，下面是如何自定一个daoAuhthenticationProvider。
@Bean(name="daoAuhthenticationProvider") public AuthenticationProvider daoAuhthenticationProvider() { DaoAuthenticationProvider daoAuthenticationProvider = new DaoAuthenticationProvider(); daoAuthenticationProvider.setUserDetailsService(userDetailsService); daoAuthenticationProvider.setHideUserNotFoundExceptions(false); daoAuthenticationProvider.setPasswordEncoder(passwordEncoder); return daoAuthenticationProvider; @Bean(name="daoAuhthenticationOauthProvider") public AuthenticationProvider daoAuhthenticationOauthProvider() { DaoAuthenticationProvider daoAuthenticationProvider = new DaoAuthenticationProvider(); daoAuthenticationProvider.setUserDetailsService(userDetailsOauthService); daoAuthenticationProvider.setHideUserNotFoundExceptions(false); daoAuthenticationProvider.setPasswordEncoder(passwordEncoder); return daoAuthenticationProvider; @Override public void configure(AuthenticationManagerBuilder auth) throws Exception { auth.authenticationProvider(daoAuhthenticationProvider()); // auth.authenticationProvider(daoAuhthenticationProvider1()); @Bean @Override public AuthenticationManager authenticationManagerBean() throws Exception { return super.authenticationManagerBean();

以上就是本文的全部内容，希望对大家的学习有所帮助，也希望大家多多支持脚本之家。

您可能感兴趣的文章:

工信部称网盘企业免费用户最低速率应满足基本下载需求，天翼云盘回应：坚决支持，始终

电脑版 - 返回首页