spring Security4 和 oauth2整合 注解+xml混合使用(基础运行篇)

最新推荐文章于 2025-04-03 16:32:45 发布
最新推荐文章于 2025-04-03 16:32:45 发布
阅读量3.8k 收藏 7
点赞数
分类专栏: spring oauth2 文章标签: spring spring security oauth2 注解 配置
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.youkuaiyun.com/feiyangtianyao/article/details/78687161
版权

Spring Security4 和 oauth2整合

最近项目中需要用到oauth2,到网上找了好多资料,全是乱七八糟的,东拼西凑,终于跑出来了一版,xml的方式太乱了,跑不了,还是用注解方式,并把一些关键配置提到xml中。

git地址:https://gitee.com/ffch/OauthUmp

spring Security4 和 oauth2整合 注解+xml混合使用(基础运行篇)
spring Security4 和 oauth2整合 注解+xml混合使用(进阶篇)
spring Security4 和 oauth2整合 注解+xml混合使用(授权码篇)
spring Security4 和 oauth2整合 注解+xml混合使用(注意事项篇)
spring Security4 和 oauth2整合 注解+xml混合使用(替换6位的授权码)
spring Security4 和 oauth2整合 注解+xml混合使用(替换用户名密码认证)
spring Security4 和 oauth2整合 注解+xml混合使用(验证码等额外数据验证)

网上已有的注解版方案(运行有问题,后面修正)

链接:http://www.yiibai.com/spring-security/secure-spring-rest-api-using-oauth2.html
这个链接没说是springmvc或者springboot使用,反正我是用springmvc使用了,可以用,我这里搬过来,同时写上自己的代码。后面会修改。

pom.xml

<properties>
		<spring.version>4.0.5.RELEASE</spring.version>
		<jsonlib.version>2.4</jsonlib.version>
		<spring.security.version>4.0.1.RELEASE</spring.security.version>
	</properties>

	<dependencies>
		<dependency>
			<groupId>junit</groupId>
			<artifactId>junit</artifactId>
			<version>4.10</version>
			<scope>test</scope>
		</dependency>
		<dependency>
			<groupId>org.springframework</groupId>
			<artifactId>spring-core</artifactId>
			<version>${spring.version}</version>
		</dependency>
		<dependency>
			<groupId>org.springframework</groupId>
			<artifactId>spring-aop</artifactId>
			<version>${spring.version}</version>
		</dependency>

		<dependency>
			<groupId>org.springframework</groupId>
			<artifactId>spring-aspects</artifactId>
			<version>${spring.version}</version>
		</dependency>
		<dependency>
			<groupId>org.springframework</groupId>
			<artifactId>spring-context</artifactId>
			<version>${spring.version}</version>
		</dependency>
		<dependency>
			<groupId>org.springframework</groupId>
			<artifactId>spring-beans</artifactId>
			<version>${spring.version}</version>
		</dependency>
		<dependency>
			<groupId>org.springframework</groupId>
			<artifactId>spring-context-support</artifactId>
			<version>${spring.version}</version>
		</dependency>
		<dependency>
			<groupId>org.springframework</groupId>
			<artifactId>spring-expression</artifactId>
			<version>${spring.version}</version>
		</dependency>
		<dependency>
			<groupId>org.springframework</groupId>
			<artifactId>spring-web</artifactId>
			<version>${spring.version}</version>
		</dependency>
		<dependency>
			<groupId>org.springframework</groupId>
			<artifactId>spring-webmvc</artifactId>
			<version>${spring.version}</version>
		</dependency>
		<dependency>
			<groupId>org.springframework</groupId>
			<artifactId>spring-context-support</artifactId>
			<version>${spring.version}</version>
		</dependency>
		<dependency>
			<groupId>org.springframework</groupId>
			<artifactId>spring-orm</artifactId>
			<version>${spring.version}</version>
		</dependency>
		<dependency>
			<groupId>org.springframework</groupId>
			<artifactId>spring-tx</artifactId>
			<version>${spring.version}</version>
		</dependency>
		<dependency>
			<groupId>org.springframework</groupId>
			<artifactId>spring-test</artifactId>
			<version>${spring.version}</version>
			<scope>test</scope>
			<exclusions>
				<exclusion>
					<groupId>commons-logging</groupId>
					<artifactId>commons-logging</artifactId>
				</exclusion>
			</exclusions>
		</dependency>

		<!-- Spring Security -->
		<dependency>
			<groupId>org.springframework.security</groupId>
			<artifactId>spring-security-core</artifactId>
			<version>${spring.security.version}</version>
		</dependency>
		<dependency>
			<groupId>org.springframework.security</groupId>
			<artifactId>spring-security-web</artifactId>
			<version>${spring.security.version}</version>
		</dependency>
		<dependency>
			<groupId>org.springframework.security</groupId>
			<artifactId>spring-security-config</artifactId>
			<version>${spring.security.version}</version>
		</dependency>
		<dependency>
			<groupId>org.springframework.security.oauth</groupId>
			<artifactId>spring-security-oauth2</artifactId>
			<version>2.1.0.RELEASE</version>
		</dependency>

		<!-- logging -->
		<dependency>
			<groupId>org.slf4j</groupId>
			<artifactId>slf4j-log4j12</artifactId>
			<version>1.7.5</version>
		</dependency>
		<dependency>
			<groupId>log4j</groupId>
			<artifactId>log4j</artifactId>
			<version>1.2.17</version>
		</dependency>
		<!-- end of logging -->

		<!-- jstl -->
		<dependency>
			<groupId>javax.servlet</groupId>
			<artifactId>jstl</artifactId>
			<version>1.2</version>
		</dependency>

		<dependency>
			<groupId>commons-httpclient</groupId>
			<artifactId>commons-httpclient</artifactId>
			<version>3.1</version>
		</dependency>

		<!-- Json -->
		<dependency>
			<groupId>org.codehaus.jackson</groupId>
			<artifactId>jackson-core-lgpl</artifactId>
			<version>1.8.1</version>
		</dependency>
		<dependency>
			<groupId>org.codehaus.jackson</groupId>
			<artifactId>jackson-mapper-lgpl</artifactId>
			<version>1.8.1</version>
		</dependency>
		<dependency>
			<groupId>net.sf.json-lib</groupId>
			<artifactId>json-lib</artifactId>
			<version>${jsonlib.version}</version>
			<classifier>jdk15</classifier>
		</dependency>
		<dependency>
			<groupId>com.fasterxml.jackson.core</groupId>
			<artifactId>jackson-annotations</artifactId>
			<version>2.3.0</version>
		</dependency>
		<dependency>
			<groupId>com.fasterxml.jackson.core</groupId>
			<artifactId>jackson-core</artifactId>
			<version>2.3.1</version>
		</dependency>
		<dependency>
			<groupId>com.fasterxml.jackson.core</groupId>
			<artifactId>jackson-databind</artifactId>
			<version>2.3.3</version>
		</dependency>
		<!-- end of Json -->

		<!-- xstream -->
		<dependency>
			<groupId>com.thoughtworks.xstream</groupId>
			<artifactId>xstream</artifactId>
			<version>1.4.10</version>
		</dependency>

		<!-- mybatis -->
		<dependency>
			<groupId>org.mybatis</groupId>
			<artifactId>mybatis</artifactId>
			<version>3.2.5</version>
		</dependency>
		<dependency>
			<groupId>org.mybatis</groupId>
			<artifactId>mybatis-spring</artifactId>
			<version>1.3.0</version>
		</dependency>
		<!-- druid -->
		<dependency>
			<groupId>com.alibaba</groupId>
			<artifactId>druid</artifactId>
			<version>1.0.20</version>
		</dependency>
		<dependency>
			<groupId>com.oracle</groupId>
			<artifactId>ojdbc6</artifactId>
			<version>11.2.2</version>
		</dependency>
		<!-- ehcache 相关依赖 -->
		<dependency>
			<groupId>net.sf.ehcache</groupId>
			<artifactId>ehcache</artifactId>
			<version>2.10.2</version>
		</dependency>
	</dependencies>

ResourceServer

package com.yiibai.springmvc.security;

import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;
import org.springframework.security.oauth2.provider.error.OAuth2AccessDeniedHandler;

@Configuration
@EnableResourceServer
public class ResourceServerConfiguration extends ResourceServerConfigurerAdapter {

	private static final String RESOURCE_ID = "my_rest_api";
	
	@Override
	public void configure(ResourceServerSecurityConfigurer resources) {
		resources.resourceId(RESOURCE_ID).stateless(false);
	}

	@Override
	public void configure(HttpSecurity http) throws Exception {
		http.
		anonymous().disable()
		.requestMatchers().antMatchers("/user/**")
		.and().authorizeRequests()
		.antMatchers("/user/**").access("hasRole('ADMIN')")
		.and().exceptionHandling().accessDeniedHandler(new OAuth2AccessDeniedHandler());
	}

}

AuthorizationServer

package com.yiibai.springmvc.security;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;
import org.springframework.security.oauth2.provider.approval.UserApprovalHandler;
import org.springframework.security.oauth2.provider.token.TokenStore;

@Configuration
@EnableAuthorizationServer
public class AuthorizationServerConfiguration extends AuthorizationServerConfigurerAdapter {

	private static String REALM="MY_OAUTH_REALM";
	
	@Autowired
	private TokenStore tokenStore;

	@Autowired
	private UserApprovalHandler userApprovalHandler;

	@Autowired
	@Qualifier("authenticationManagerBean")
	private AuthenticationManager authenticationManager;

	@Override
	public void configure(ClientDetailsServiceConfigurer clients) throws Exception {

		clients.inMemory()
	        .withClient("my-trusted-client")
            .authorizedGrantTypes("password", "authorization_code", "refresh_token", "implicit")
            .authorities("ROLE_CLIENT", "ROLE_TRUSTED_CLIENT")
            .scopes("read", "write", "trust")
            .secret("secret")
            .accessTokenValiditySeconds(120).//Access token is only valid for 2 minutes.
            refreshTokenValiditySeconds(600);//Refresh token is only valid for 10 minutes.
	}

	@Override
	public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
		endpoints.tokenStore(tokenStore).userApprovalHandler(userApprovalHandler)
				.authenticationManager(authenticationManager);
	}

	@Override
	public void configure(AuthorizationServerSecurityConfigurer oauthServer) throws Exception {
		oauthServer.realm(REALM+"/client");
	}

}

OAuth2SecurityConfiguration

package com.yiibai.springmvc.security;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.oauth2.provider.ClientDetailsService;
import org.springframework.security.oauth2.provider.approval.ApprovalStore;
import org.springframework.security.oauth2.provider.approval.TokenApprovalStore;
import org.springframework.security.oauth2.provider.approval.TokenStoreUserApprovalHandler;
import org.springframework.security.oauth2.provider.request.DefaultOAuth2RequestFactory;
import org.springframework.security.oauth2.provider.token.TokenStore;
import org.springframework.security.oauth2.provider.token.store.InMemoryTokenStore;

@Configuration
@EnableWebSecurity
public class OAuth2SecurityConfiguration extends WebSecurityConfigurerAdapter {

	@Autowired
	private ClientDetailsService clientDetailsService;
	
	@Autowired
    public void globalUserDetails(AuthenticationManagerBuilder auth) throws Exception {
        auth.inMemoryAuthentication()
        .withUser("bill").password("abc123").roles("ADMIN").and()
        .withUser("bob").password("abc123").roles("USER");
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
		http
		.csrf().disable()
		.anonymous().disable()
	  	.authorizeRequests()
	  	.antMatchers("/oauth/token").permitAll();
    }

    @Override
    @Bean
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }


	@Bean
	public TokenStore tokenStore() {
		return new InMemoryTokenStore();
	}

	@Bean
	@Autowired
	public TokenStoreUserApprovalHandler userApprovalHandler(TokenStore tokenStore){
		TokenStoreUserApprovalHandler handler = new TokenStoreUserApprovalHandler();
		handler.setTokenStore(tokenStore);
		handler.setRequestFactory(new DefaultOAuth2RequestFactory(clientDetailsService));
		handler.setClientDetailsService(clientDetailsService);
		return handler;
	}
	
	@Bean
	@Autowired
	public ApprovalStore approvalStore(TokenStore tokenStore) throws Exception {
		TokenApprovalStore store = new TokenApprovalStore();
		store.setTokenStore(tokenStore);
		return store;
	}
	
}

MethodSecurityConfig

package com.yiibai.springmvc.security;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.access.expression.method.MethodSecurityExpressionHandler;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration;
import org.springframework.security.oauth2.provider.expression.OAuth2MethodSecurityExpressionHandler;

@Configuration
@EnableGlobalMethodSecurity(prePostEnabled = true, proxyTargetClass = true)
public class MethodSecurityConfig extends GlobalMethodSecurityConfiguration {
	@Autowired
	private OAuth2SecurityConfiguration securityConfig;

	@Override
	protected MethodSecurityExpressionHandler createExpressionHandler() {
		return new OAuth2MethodSecurityExpressionHandler();
	}
}

最后

这样就copy完了,不过springmvc不能用,需要在web.xml加上filter

  <filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
  </filter>
  <filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
  </filter-mapping>

这样就可以跑起来了,按照http://www.yiibai.com/spring-security/secure-spring-rest-api-using-oauth2.html提供的方法跑,不过你会发现,总是提示token错误。原因是tokenstore不一致。这样就不要用@Bean注解了,写在xml里,用@AutoWired就行。

xml配置tokenstore

	<bean id="tokenStore" class="org.springframework.security.oauth2.provider.token.store.InMemoryTokenStore">
	</bean>

配置完成后,就可以将OAuth2SecurityConfiguration文件中的tokenstore注掉。

//
//	@Bean
//	public TokenStore tokenStore() {
//		return new InMemoryTokenStore();
//	}

然后在文件AuthorizationServerConfiguration和ResourceServerConfiguration中的TokenStore @Autowired一下。

@Autowired
	private TokenStore tokenStore;

将clientdetails提到xml中

clientdetails写在代码里,不方便替换,可以写到配置文件中。

<bean id="myClientDetailsService"
		class="org.springframework.security.oauth2.provider.client.InMemoryClientDetailsService">
		<property name="clientDetailsStore">
			<map>
				<entry key="MwonYjDKBuPtLLlK" value-ref="clientDetails" />
				<entry key="VJUpAlhdWPbvkpPy" value-ref="clientDetails1" />
			</map>
		</property>

	</bean>

	<bean id="clientDetails"
		class="org.springframework.security.oauth2.provider.client.BaseClientDetails">
		<property name="clientId" value="MwonYjDKBuPtLLlK" />
		<property name="clientSecret" value="secret" />
		<property name="accessTokenValiditySeconds" value="120" />
		<property name="refreshTokenValiditySeconds" value="600" />
		<property name="scope">
			<set>
				<value>read</value>
				<value>write</value>
				<value>trust</value>
			</set>
		</property>
		<property name="authorizedGrantTypes">
			<set>
				<value>password</value>
				<value>authorization_code</value>
				<value>refresh_token</value>
				<value>implicit</value>
			</set>
		</property>
		<property name="authorities">
			<list>
				<bean
					class="org.springframework.security.core.authority.SimpleGrantedAuthority">
					<constructor-arg type="java.lang.String" value="ROLE_CLIENT"></constructor-arg>
				</bean>
				<bean
					class="org.springframework.security.core.authority.SimpleGrantedAuthority">
					<constructor-arg type="java.lang.String" value="ROLE_TRUSTED_CLIENT"></constructor-arg>
				</bean>
			</list>
		</property>
	</bean>
	<bean id="clientDetails1"
		class="org.springframework.security.oauth2.provider.client.BaseClientDetails">
		<property name="clientId" value="VJUpAlhdWPbvkpPy" />
		<property name="clientSecret" value="secret" />
		<property name="accessTokenValiditySeconds" value="120" />
		<property name="refreshTokenValiditySeconds" value="600" />
		<property name="scope">
			<set>
				<value>read</value>
				<value>write</value>
				<value>trust</value>
			</set>
		</property>
		<property name="authorizedGrantTypes">
			<set>
				<value>password</value>
				<value>authorization_code</value>
				<value>refresh_token</value>
				<value>implicit</value>
			</set>
		</property>
		<property name="authorities">
			<list>
				<bean
					class="org.springframework.security.core.authority.SimpleGrantedAuthority">
					<constructor-arg type="java.lang.String" value="ROLE_CLIENT"></constructor-arg>
				</bean>
				<bean
					class="org.springframework.security.core.authority.SimpleGrantedAuthority">
					<constructor-arg type="java.lang.String" value="ROLE_TRUSTED_CLIENT"></constructor-arg>
				</bean>
			</list>
		</property>
	</bean>

下一篇介绍如何替换其他东西和一些页面问题。

Spring Cloud Spring Security Oauth2Spring Security Oauth2 + Redis + Gateway网关 + Mybatis + Mysql 整合
泯灭于众生,高歌于孤夜!
12-20 4171
目录一、环境要求二、源码下载地址三、参考文献四、项目预览截图说明五、oauth2.0认证授权项目5.1 POM依赖5.2 yml配置及启动类5.3 认证配置与资源配置5.4 自定义UserDetailsService5.5 security配置5.6 自定义无加密密码验证5.7 druid连接池配置5.8 执行数据库脚本5.9 测试认证授权5.9.1 获取token5.9.2 测试访问授权资源5....
SpringCloud+SpringBoot+OAuth2+Spring Security+Redis实现的微服务统一认证授权
2401_84008985的博客
04-18 584
金三银四到了,送上一个小福利!《互联网大厂面试真题解析、进阶开发核心学习笔记、全套讲解视频、实战项目源码讲义》点击传送门即可获取!配置文件server:port: 1202自我介绍一下,小编13上海交大毕业,曾经在小公司待过,也去过华为、OPPO等大厂,18进入阿里一直到现在。深知大多数Java工程师,想要提升技能,往往是自己摸索成长或者是报班学习,但对于培训机构动则几千的学费,着实压力不小。自己不成体系的自学效果低效又漫长,而且极易碰到天花板技术停滞不前!
spring-oauth2:Spring Security OAuth2 XML放置演示
05-10
spring-oauth2 Spring security oauth2 xml配置Demo 授权服务资源服务分离 缺失部分:authorization_code模式下,直接访问资源服务受保护资源时,无法自动跳转到授权服务的oauth/authorize
Spring MVC+pring-security-oauth2 xml配置等注意事项 jdk1.7
A_len的博客
01-19 526
maven引入jar包(适配jdk1.7老项目) <dependency> <groupId>org.springframework.security.oauth</groupId> <artifactId>spring-security-oauth2</artifactId> <version>2.0.7.RELEASE</version> </dependency> &
SpringSecurityOAuth2入门到实战
最新发布
qq_40823822的博客
04-03 818
实际开发的过程中,我们需要应用程序更加灵活,可以在SpringSecurity中创建自定义配置文件Java自定义配置用来管理用户信息,是UserDetailsService的一个实现,用来管理基于内存的用户信息。创建一个WebSecurityConfig文件:定义一个@Bean,类型是UserDetailsService,实现是InMemoryUserDetailsManager@EnableWebSecurity//Spring项目总需要添加此注解SpringBoot项目中不需要@Bean。
spring Security4 oauth2整合 注解+xml混合使用(进阶
feiyangtianyao的专栏
12-01 1788
Spring Security4 oauth2整合用户密码授权模式上已经可以正常运行了,不过拿来测试还不够,下面介绍如何测试oauth2的用户密码模式,授权码模式下一说。
OAuth2学习笔记
一个有趣、有料、有内涵的地方!
12-13 220
目前很多开放平台如新浪微博开放平台都在使用提供开放API接口供开发者使用,随之带来了第三方应用要到开放平台进行授权的问题,OAuth就是干这个的,OAuth2是OAu...
Spring Security OAuth2# Scope
来啊 快活啊
09-08 1万+
怎么传递scopehttp://localhost:8080/oauth/token?grant_type=password&scope=ROLE_CLIENT_ADMIN+Hidelo&client_id=business&client_secret=business&username=user&password=password 解析的逻辑如下: DefaultOAuth2Request
Spring Security整合Oauth2实现流程详解
09-07
Spring Security 是一个强大的安全框架,它为Java应用程序提供了全面的安全管理解决方案。而OAuth2则是一种开放标准,用于授权第三方应用访问...希望这文章能帮助你更好地理解应用Spring SecurityOAuth2的集成。
注解 spring boot +spring security + mybatis+druid+thymeleaf+mysql+bootstrap
12-20
标题中的"全注解 spring boot +spring security + mybatis+druid+thymeleaf+mysql+bootstrap"是一个集成开发环境的配置,涉及到的主要技术有Spring Boot、Spring Security、MyBatis、Druid、Thymeleaf、MySQL以及...
Oauth2+jwt+redis+cookie+springsecurity+springboot+springcloud(用户登录认证授权)
种一颗十年前的树
02-25 6522
用户认证分析 1). 单点登录 一处登录 , 处处运行 ; SSO —> Single Sign On 作用: A. 解决集群环境下的登录问题 ; B. 解决多套互信的系统之间的登录问题 ; ----------> 天猫 , 淘宝 , 天猫超市 , 天猫国际 ; 2). 第三方登录 QQ登录 微博登录 微信登录 认证解决方案 1). 单点登录流程 2). 第三方登录 第三方登...
spring security + spring oauth2 +spring mvc SSO单点登录需要的最小jar包集合
06-14
实现功能需要的最小jar集合,其中lib文件夹是导出的jar,maven pom文件夹是maven组织的pom.xml文件。二选一。
基于spring4spring security实现oauth2.0教程(注解
chuibian2204的博客
12-06 258
一、OAuth是什么? OAuth的英文全称是Open Authorization,它是一种开放授权协议。OAuth目前共有2个版本,200712月的1.0版(之后有一个修正版1.0a)20104月的2.0版,1.0版本存在严重安全漏洞,而2.0版解决了该问题。 二、...
Spring Securityoauth2的关系
geejkse_seff的博客
08-02 4118
网上有很多SpringSecurityoauth2的介绍,但是对于初学者来说,上手比较复杂,本从原理上梳理一下两者之间的联系区别参见【SpringSecurity】基本功能介绍springsecurity的核心功能主要包括认证(你是谁)通过注解开启简单来说,就是需要登录,你需要输入用户名密码,才能访问某个url。授权(你能干什么)不需要通过指定的开关开启,而是通过配置来增加授权规则来生效,不增加授权规则就不生效一种是同步session不需要再次输入用户名密码。...
SpringSecurity + OAuth2 详解
初心不忘、始终方得
02-19 8847
SpringSecurity入门到精通************************************************************************** SpringSecurity 介绍 **************************************************************************一、入门1.简介与选择2.入门案例-默认的登录登出接口3.登录经过了哪些步骤二、基础的自定义认证1.自定义UserDetailsServi
Re:从零开始的Spring Security Oauth2(一)
热门推荐
徐靖峰的专栏
08-08 8万+
前言今天来聊聊一个接口对接的场景,A厂家有一套HTTP接口需要提供给B厂家使用,由于是外网环境,所以需要有一套安全机制保障,这个时候oauth2就可以作为一个方案。关于oauth2,其实是一个规范,本文重点讲解spring对他进行的实现,如果你还不清楚授权服务器,资源服务器,认证授权等基础概念,可以移步理解OAuth 2.0 - 阮一峰,这是一对于oauth2很好的科普文章。 需要对spring
Spring Security 4.X xml配置,草稿记录
qq519805712的专栏
05-10 8096
"org.springframework.security:spring-security-web:4.1.0.RELEASE", "org.springframework.security:spring-security-taglibs:4.1.0.RELEASE", "org.springframework.security:spring-security-config:4.1.0.REL
spring security oauth2 的 scope 概念
qq_41045651的博客
03-12 1400
通常,如果你想实现用户登录认证功能,你会请求"openid" scope。如果你的应用程序需要用户的许可来执行一些操作,比如发布消息到他们的社交媒体账户,你可以请求"write" scope以获取修改用户资源的权限。例如,如果你正在开发一个应用程序,需要从用户的个人资料中读取信息,比如用户名、龄等,你可以请求"read" scope来获取这些信息。自定义scope:除了上述内置的scope之外,你还可以定义自己的scope,根据你的应用程序的特定需求,例如"photos"、"documents"等。
Spring Security 4 自定义登录表单 注解XML例子(带源码)
明明如月的技术博客
05-05 1万+
上一文章: Spring Security 4 Hello World 基于注解 XML 例子  原文地址:http://websystique.com/spring-security/spring-security-4-custom-login-form-annotation-example/ 【争取最近几周完成此系列的翻译,敬请关注】 本文演示Spring Securi
评论 1
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值