auth2.0，把token存数据库，另外提供存redis

auth-center/pom.xml

@@ -26,12 +26,12 @@
 			<artifactId>spring-cloud-starter-eureka</artifactId>
 		</dependency>
 		<dependency>
-			<groupId>org.springframework.boot</groupId>
-			<artifactId>spring-boot-starter-security</artifactId>
+			<groupId>org.springframework.cloud</groupId>
+			<artifactId>spring-cloud-starter-oauth2</artifactId>
 		</dependency>
 		<dependency>
 			<groupId>org.springframework.cloud</groupId>
-			<artifactId>spring-cloud-starter-oauth2</artifactId>
+			<artifactId>spring-cloud-starter-security</artifactId>
 		</dependency>
 		<dependency>
 			<groupId>org.springframework.boot</groupId>
@@ -58,6 +58,15 @@
 			<groupId>com.alibaba</groupId>
 			<artifactId>druid-spring-boot-starter</artifactId>
 		</dependency>
+		<dependency>
+			<groupId>org.springframework.boot</groupId>
+			<artifactId>spring-boot-starter-data-redis</artifactId>
+		</dependency>
+
+		<dependency>
+			<groupId>org.projectlombok</groupId>
+			<artifactId>lombok</artifactId>
+		</dependency>
 	</dependencies>
 
 	<build>

auth-center/src/main/java/com/microservice/skeleton/auth/AuthCenterApplication.java

@@ -3,9 +3,10 @@ package com.microservice.skeleton.auth;
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
 import org.springframework.cloud.client.discovery.EnableDiscoveryClient;
+import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
 
 @SpringBootApplication
-@EnableDiscoveryClient
+//@EnableDiscoveryClient
 public class AuthCenterApplication {
 
 	public static void main(String[] args) {

auth-center/src/main/java/com/microservice/skeleton/auth/config/AuthorizationServerConfig.java

+package com.microservice.skeleton.auth.config;
+
+import com.microservice.skeleton.auth.service.impl.UserDetailsServiceImpl;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
+import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
+import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
+import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
+import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;
+import org.springframework.security.oauth2.provider.ClientDetailsService;
+import org.springframework.security.oauth2.provider.client.JdbcClientDetailsService;
+import org.springframework.security.oauth2.provider.token.DefaultTokenServices;
+import org.springframework.security.oauth2.provider.token.store.InMemoryTokenStore;
+import org.springframework.security.oauth2.provider.token.store.JdbcTokenStore;
+
+import javax.sql.DataSource;
+import java.util.concurrent.TimeUnit;
+
+/**
+ * Created by Mr.Yangxiufeng on 2017/12/28.
+ * Time:11:02
+ * ProjectName:Mirco-Service-Skeleton
+ */
+@Configuration
+@EnableAuthorizationServer
+public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {
+
+    @Autowired
+    private AuthenticationManager authenticationManager;
+
+    @Autowired
+    private DataSource dataSource;
+    @Autowired
+    private UserDetailsServiceImpl userDetailsService;
+
+    @Bean
+    public JdbcTokenStore jdbcTokenStore(){
+        return new JdbcTokenStore(dataSource);
+    }
+
+    @Override
+    public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
+        clients.withClientDetails(clientDetails());
+    }
+    @Bean
+    public ClientDetailsService clientDetails() {
+        return new JdbcClientDetailsService(dataSource);
+    }
+    @Override
+    public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
+        endpoints.tokenStore(jdbcTokenStore())
+                .userDetailsService(userDetailsService)
+                .authenticationManager(authenticationManager);
+        DefaultTokenServices tokenServices = new DefaultTokenServices();
+        tokenServices.setTokenStore(endpoints.getTokenStore());
+        tokenServices.setSupportRefreshToken(true);
+        tokenServices.setClientDetailsService(endpoints.getClientDetailsService());
+        tokenServices.setTokenEnhancer(endpoints.getTokenEnhancer());
+//        tokenServices.setAccessTokenValiditySeconds( (int) TimeUnit.DAYS.toSeconds(30)); // token有效期自定义设置，默认12小时
+        endpoints.tokenServices(tokenServices);
+    }
+
+    @Override
+    public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
+        security.tokenKeyAccess("permitAll()");
+        security .checkTokenAccess("isAuthenticated()");
+        security.allowFormAuthenticationForClients();
+    }
+}

auth-center/src/main/java/com/microservice/skeleton/auth/config/WebSecurityConfig.java

@@ -4,9 +4,10 @@ import com.microservice.skeleton.auth.service.impl.UserDetailsServiceImpl;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.builders.WebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.security.crypto.password.PasswordEncoder;
@@ -17,7 +18,6 @@ import org.springframework.security.crypto.password.PasswordEncoder;
  * ProjectName:Mirco-Service-Skeleton
  */
 @Configuration
-@EnableWebSecurity
 public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
     @Autowired
     private UserDetailsServiceImpl userDetailsService;
@@ -27,6 +27,11 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
         return new BCryptPasswordEncoder();
     }
 
+    @Override
+    @Bean
+    public AuthenticationManager authenticationManagerBean() throws Exception {
+        return super.authenticationManagerBean();
+    }
     @Override
     protected void configure(AuthenticationManagerBuilder auth) throws Exception {
         auth.userDetailsService(userDetailsService)
@@ -35,16 +40,17 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
 
     @Override
     protected void configure(HttpSecurity http) throws Exception {
-        http.authorizeRequests()
+        http
+                .authorizeRequests()
                 .anyRequest().authenticated()
                 .and()
-                    .formLogin()
-                        .loginPage("/login")
-                        .failureUrl("/login?error")
-                        .permitAll()
-                .and()
-                    .logout()
-                        .permitAll();
-        http.csrf().disable().httpBasic();
+                .formLogin().and()
+                .csrf().disable()
+                .httpBasic();
+    }
+
+    @Override
+    public void configure(WebSecurity web) throws Exception {
+        web.ignoring().antMatchers("/favor.ioc");
     }
 }

auth-center/src/main/java/com/microservice/skeleton/auth/service/impl/UserDetailsServiceImpl.java

@@ -19,17 +19,23 @@ import java.util.Set;
  * ProjectName:Mirco-Service-Skeleton
  */
 @Service
-public class UserDetailsServiceImpl implements UserDetailsService{
+public class UserDetailsServiceImpl implements UserDetailsService {
     @Autowired
     private UserService userService;
+
     @Override
     public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
         RcUserEntity userEntity = userService.findByUsername(username);
-        if (userEntity == null){
+        if (userEntity == null) {
             throw new UsernameNotFoundException("用户:" + username + ",不存在!");
         }
         Set<GrantedAuthority> grantedAuthorities = new HashSet<>();
-        User user = new User(userEntity.getUsername(),userEntity.getPassword(),grantedAuthorities);
+        boolean enabled = true; // 可用性 :true:可用 false:不可用
+        boolean accountNonExpired = true; // 过期性 :true:没过期 false:过期
+        boolean credentialsNonExpired = true; // 有效性 :true:凭证有效 false:凭证无效
+        boolean accountNonLocked = true; // 锁定性 :true:未锁定 false:已锁定
+        User user = new User(userEntity.getUsername(), userEntity.getPassword(),
+                enabled, accountNonExpired, credentialsNonExpired, accountNonLocked, grantedAuthorities);
         return user;
     }
 }

auth-center/src/main/resources/application.yml

+server:
+  port: 9060
 spring:
   application:
     name: auth2.0-center
@@ -11,9 +13,10 @@ spring:
     password: 123456
     druid:
       driver-class-name: com.mysql.jdbc.Driver
-server:
-  port: 9060
-
+  redis:
+    host: 127.0.0.1
+    port: 6379
+    password: 123456
 eureka:
   instance:
     prefer-ip-address: true #使用IP注册
@@ -32,4 +35,8 @@ endpoints:
 management:
   security:
     enabled: false
-###actuator监控点 end####
\ No newline at end of file
+###actuator监控点 end####
+security:
+  oauth2:
+    resource:
+      filter-order: 3
\ No newline at end of file