SpringOauth2 授权码模式(authorization_code)访问和密码模式访问

AuthorizationServer 授权服务器（ouath2)

• pom

<dependency>
	<groupId>org.springframework.cloud</groupId>
	<artifactId>spring-cloud-starter-oauth2</artifactId>
</dependency>
<dependency>
	<groupId>org.springframework.cloud</groupId>
	<artifactId>spring-cloud-starter-security</artifactId>
</dependency>
<dependency>
	<groupId>org.springframework.boot</groupId>
	<artifactId>spring-boot-starter-web</artifactId>
</dependency>

• application.properties 配置

server.port=9300
server.servlet.context-path=/oauth

• 启动类

@SpringBootApplication
@EnableAuthorizationServer
public class Oauth2Application {
    public static void main(String[] args) {
        SpringApplication.run(Oauth2Application.class, args);
    }
}

• config配置
  1.AuthorizationServerConfig配置

@Configuration
public class AuthorizationServerConfig {
    @Bean
    public TokenStore tokenStore() {
        return new JwtTokenStore(jwtAccessTokenConverter());
    }
    @Bean
    public JwtAccessTokenConverter jwtAccessTokenConverter() {
        JwtAccessTokenConverter converter = new JwtAccessTokenConverter();
        converter.setSigningKey("123");
        return converter;
    }
}

2. MyAuthorizationServerConfigurer配置

@Configuration
public class MyAuthorizationServerConfigurer extends AuthorizationServerConfigurerAdapter {

    @Autowired
    private AuthenticationManager authenticationManager;
    @Autowired
    private TokenStore tokenStore;
    @Autowired
    private JwtAccessTokenConverter jwtAccessTokenConverter;
    @Autowired
    PasswordEncoder passwordEncoder;
    @Override
    public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
        endpoints.tokenStore(tokenStore)
                .accessTokenConverter(jwtAccessTokenConverter)
                .authenticationManager(authenticationManager);
    }

    @Override
    public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
        clients.inMemory()
                .withClient("client")
                .secret(passwordEncoder.encode("123456"))
                .redirectUris("http://localhost:9999/test")
                .authorizedGrantTypes("authorization_code")
                .scopes("read_profile", "read_contacts");
    }
    /**
     * 用来配置令牌端点(Token Endpoint)的安全约束.
     * @param security
     * @throws Exception
     */
    @Override
    public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
         //配置token获取合验证时的策略
        security.tokenKeyAccess("permitAll()").checkTokenAccess("isAuthenticated()");
    }
	@Bean
    public PasswordEncoder passwordEncoder(){
        return new BCryptPasswordEncoder();
    }
   }

3. MyPasswordEncoder

public class MyPasswordEncoder implements PasswordEncoder {

    @Override
    public String encode(CharSequence rawPassword) {
        return rawPassword.toString();
    }
    @Override
    public boolean matches(CharSequence rawPassword, String encodedPassword) {
        return encodedPassword.equals(rawPassword.toString());
    }
}

4. MySecurityConfigurerAdapter

@Configuration
public class MySecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.inMemoryAuthentication()
                .passwordEncoder(new MyPasswordEncoder())
                .withUser("user").password("123456").authorities("USER").and()
                .withUser("admin").password("123456").authorities("USER", "ADMIN");
    }

    @Bean
    @Override
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }
}

• 测试
  打开浏览器访问:
  http://localhost:9300/oauth/authorize?client_id=client&redirect_uri=http://localhost:9999/test&response_type=code&scope=read_profile
  会出现登陆页，输入配置的账号密码，出现验证界面
  
  通过验证跳转至，配置的 url： http://localhost:9999/test，返回授权码code
  
• 拿到code后，通过postman获取token
  
  参数注意：
  （1）code为上一步操作返回的code
  （2）url为 配置中的url，否则会报错
  （3）uesrName为：MyAuthorizationServerConfigurer配置中 .withClient(“client”)
  （4）password为：MyAuthorizationServerConfigurer配置中.secret(…“123456”)
• 得到 token
  

AuthorizationServer 授权服务器（密码模式)

• 在上述示例中进行修改，

1. 在：MyAuthorizationServerConfigurer配置中添加

   @Override
    public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
        clients.inMemory()
                .withClient("client")
                .secret(passwordEncoder.encode("123456"))
                .redirectUris("http://localhost:9999/test")
                //添加passwword
                .authorizedGrantTypes("authorization_code","password")
                .scopes("read_profile", "read_contacts");
    }

2. MySecurityConfigurerAdapter配置中不做修改则使用设置在内存中的密码，可修改关联数据库进行验证
3. 测试访问