@Configuration @Order(Integer.MIN_VALUE) @EnableAuthorizationServer public class AuthorizationConfig extends AuthorizationServerConfigurerAdapter { @Autowired private DataSource dataSource; @Autowired private AuthenticationManager authenticationManager; @Autowired private UserDetailsService userDetailsService; @Autowired private RedisConnectionFactory redisConnectionFactory; @Override public void configure(ClientDetailsServiceConfigurer clients) throws Exception { JdbcClientDetailsService clientDetailsService = new JdbcClientDetailsService(dataSource); clientDetailsService.setSelectClientDetailsSql(SecurityConstants.DEFAULT_SELECT_STATEMENT); clientDetailsService.setFindClientDetailsSql(SecurityConstants.DEFAULT_FIND_STATEMENT); clients.withClientDetails(clientDetailsService); } @Override public void configure(AuthorizationServerEndpointsConfigurer endpoints) { //token增强配置 TokenEnhancerChain tokenEnhancerChain = new TokenEnhancerChain(); tokenEnhancerChain.setTokenEnhancers( Arrays.asList(tokenEnhancer(), jwtAccessTokenConverter())); endpoints .tokenStore(redisTokenStore()) .tokenEnhancer(tokenEnhancerChain) .authenticationManager(authenticationManager) .reuseRefreshTokens(false) .userDetailsService(userDetailsService); } @Override public void configure(AuthorizationServerSecurityConfigurer security) throws Exception { security .allowFormAuthenticationForClients() .tokenKeyAccess("isAuthenticated()") .checkTokenAccess("permitAll()"); } @Bean public PasswordEncoder passwordEncoder() { return new BCryptPasswordEncoder(); } @Bean public org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter jwtAccessTokenConverter() { MSJwtAccessTokenConverter MSJwtAccessTokenConverter = new MSJwtAccessTokenConverter(); MSJwtAccessTokenConverter.setSigningKey(CommonConstant.SIGN_KEY); return MSJwtAccessTokenConverter; } /** * tokenstore 定制化处理 * * @return TokenStore * 1. 如果使用的 redis-cluster 模式请使用 MSRedisTokenStore * MSRedisTokenStore tokenStore = new MSRedisTokenStore(); * tokenStore.setRedisTemplate(redisTemplate); */ @Bean public TokenStore redisTokenStore() { RedisTokenStore tokenStore = new RedisTokenStore(redisConnectionFactory); tokenStore.setPrefix(SecurityConstants.MS_PREFIX); return tokenStore; } /** * jwt 生成token 定制化处理 * * @return TokenEnhancer */ @Bean public TokenEnhancer tokenEnhancer() { return (accessToken, authentication) -> { final Map<String, Object> additionalInfo = new HashMap<>(2); additionalInfo.put("license", SecurityConstants.MS_LICENSE); UserDetailsImpl user = (UserDetailsImpl) authentication.getUserAuthentication().getPrincipal(); if (user != null) { additionalInfo.put("userId", user.getUserId()); } ((DefaultOAuth2AccessToken) accessToken).setAdditionalInformation(additionalInfo); return accessToken; }; }} 1.继承AuthorizationServerConfigurerAdapter，此类包含授权的方法 对进行配置 2.AuthorizationServerEndpointsConfigurer 令牌端点的存储方式，本地使用InMemoryTokenStore 此处配置了redis的存储方式 生产环境可以进行使用 3.AuthorizationServerSecurityConfigurer 中的permitAll() 让本身的oauth的访问不需要授权 ，isAuthenticated()检查access_token需要进行授权 4.SecurityClientDetailsServiceImpl 实现客户端自定义配置