我已经创建了一个带有spring boot的授权服务器,我想在资源服务器中使用资源所有者的角色 . 我有一个类 SecurityConfig 扩展 WebSecurityConfigurerAdapter ,我已经从mongodb检查了资源所有者的凭据以进行身份验证 . 为此,我有一个实现 AuthenticationProvider 的类 MongoAuthProvider ,我从中返回 UsernamePasswordAuthenticationToken 的实例,其中包含用户名,密码和 ROLES ,例如"ROLE_ADMIN","ROLE_APPUSER" .
@SpringBootApplication
@RestController
@EnableResourceServer
public class AuthserverApplication extends WebMvcConfigurerAdapter {
public static void main(String[] args) {
SpringApplication.run(AuthserverApplication.class, args);
}
@Configuration
@EnableAuthorizationServer
protected static class OAuth2Config extends
AuthorizationServerConfigurerAdapter {
@Autowired
private AuthenticationManager authenticationManager;
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints)
throws Exception {
endpoints.authenticationManager(authenticationManager);
}
@Override
public void configure(ClientDetailsServiceConfigurer clients)
throws Exception {
clients.inMemory()
.withClient("acme")
.secret("acmesecret")
.authorizedGrantTypes("authorization_code","implicit",
"refresh_token", "password").scopes("openid");
}
}
@Configuration
protected static class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private MongoAuthProvider mongoAuthProvider;
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth)
throws Exception {
auth.authenticationProvider(mongoAuthProvider);
}
@Bean
public MongoAuthProvider getMongoAuthProvider(){
return new MongoAuthProvider();
}
}
@RequestMapping("/user")
public Principal user(OAuth2Authentication user) {
return user;
}
}
class MongoAuthProvider implements AuthenticationProvider {
@Autowired
UserRepo userrepo;
@Override
public Authentication authenticate(Authentication authentication)
throws AuthenticationException {
String userName = authentication.getName().trim();
String password = authentication.getCredentials().toString().trim();
User user = userrepo.findByUserNameAndPassword(userName, password);
if(user != null){
return new UsernamePasswordAuthenticationToken(userName, password,
AuthorityUtils.createAuthorityList("ROLE_ADMIN" , "ROLE_APPUSER"));
} else {
return null;
}
}
@Override
public boolean supports(Class<?> authentication) {
return authentication.equals(UsernamePasswordAuthenticationToken.class);
}
}
在auth服务器中,我还有一个用户信息休息 endpoints :
@RequestMapping("/user")
public Principal user(OAuth2Authentication user) {
return user;
}
我想在资源服务器中使用授权服务器数据库中的资源所有者的角色 . 为此,我有一个类 ResourceServer 扩展 ResourceServerConfigurerAdapter 我正在尝试从auth服务器检查用户角色 . 资源服务器工作正常 . 问题是它无法从auth服务器检查角色 .
@SpringBootApplication
@EnableResourceServer
@EnableOAuth2Sso
public class AuthserverClientApplication extends WebMvcConfigurerAdapter {
public static void main(String[] args) {
SpringApplication.run(AuthserverClientApplication.class, args);
}
@Configuration
protected static class ResourceServer extends ResourceServerConfigurerAdapter {
@Override
public void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("**")
//.hasAuthority("ROLE_ADMIN")
.hasRole("ADMIN")
.anyRequest().authenticated();
}
}
}
}
请帮助我如何使用资源服务器中授权服务器的角色进行基于角色的访问 .