-
-
Save findli/1aef44ee814608a3e143fa365b14be61 to your computer and use it in GitHub Desktop.
Spring security OAuth2 configuration.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
package org.lokra.platform.user.configuration; | |
import org.apache.commons.logging.Log; | |
import org.apache.commons.logging.LogFactory; | |
import org.lokra.platform.user.base.service.UserService; | |
import org.lokra.platform.user.oauth2.service.ClientService; | |
import org.lokra.platform.user.oauth2.service.TokenService; | |
import org.springframework.beans.factory.annotation.Autowired; | |
import org.springframework.beans.factory.annotation.Qualifier; | |
import org.springframework.boot.autoconfigure.AutoConfigureAfter; | |
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty; | |
import org.springframework.boot.autoconfigure.data.redis.RedisAutoConfiguration; | |
import org.springframework.boot.context.properties.EnableConfigurationProperties; | |
import org.springframework.context.annotation.Bean; | |
import org.springframework.context.annotation.Configuration; | |
import org.springframework.context.annotation.Primary; | |
import org.springframework.core.io.ClassPathResource; | |
import org.springframework.data.redis.connection.RedisConnectionFactory; | |
import org.springframework.security.authentication.AuthenticationManager; | |
import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer; | |
import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter; | |
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer; | |
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer; | |
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer; | |
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer; | |
import org.springframework.security.oauth2.provider.token.TokenStore; | |
import org.springframework.security.oauth2.provider.token.store.InMemoryTokenStore; | |
import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter; | |
import org.springframework.security.oauth2.provider.token.store.JwtTokenStore; | |
import org.springframework.security.oauth2.provider.token.store.KeyStoreKeyFactory; | |
import org.springframework.security.oauth2.provider.token.store.redis.RedisTokenStore; | |
import java.security.KeyPair; | |
/** | |
* 授权配置 | |
* | |
* @author Chiho Sin | |
*/ | |
@Configuration | |
@EnableConfigurationProperties({OAuth2Properties.class}) | |
@AutoConfigureAfter({RedisAutoConfiguration.class}) | |
@EnableResourceServer | |
public class OAuth2AutoConfiguration { | |
private static final Log logger = LogFactory | |
.getLog(OAuth2AutoConfiguration.class); | |
@Configuration | |
@ConditionalOnProperty(prefix = "lokra.user.oauth2", | |
name = "token-store", havingValue = "in_memory", matchIfMissing = true) | |
@EnableConfigurationProperties({OAuth2Properties.class}) | |
static class InMemoryTokenStoreConfiguration { | |
@Bean | |
@Primary | |
TokenStore tokenStore() { | |
logger.info("Initializing authorization server memory token store"); | |
return new InMemoryTokenStore(); | |
} | |
} | |
@Configuration | |
@ConditionalOnProperty(prefix = "lokra.user.oauth2", | |
name = "token-store", havingValue = "redis") | |
@EnableConfigurationProperties({OAuth2Properties.class}) | |
static class RedisTokenStoreConfiguration { | |
private final RedisConnectionFactory connectionFactory; | |
@Autowired | |
RedisTokenStoreConfiguration(RedisConnectionFactory connectionFactory) { | |
this.connectionFactory = connectionFactory; | |
} | |
@Bean | |
@Primary | |
TokenStore tokenStore() { | |
logger.info("Initializing authorization server redis token store"); | |
return new RedisTokenStore(connectionFactory); | |
} | |
} | |
@Configuration | |
@ConditionalOnProperty(prefix = "lokra.user.oauth2", | |
name = "token-store", havingValue = "database") | |
@EnableConfigurationProperties({OAuth2Properties.class}) | |
static class RestTokenStoreConfiguration { | |
private final TokenService tokenService; | |
@Autowired | |
public RestTokenStoreConfiguration(@Qualifier("tokenServiceImpl") TokenService tokenService) { | |
this.tokenService = tokenService; | |
} | |
@Bean | |
@Primary | |
public TokenStore tokenStore() { | |
logger.info("Initializing authorization server restful token store"); | |
return this.tokenService; | |
} | |
} | |
@Configuration | |
@ConditionalOnProperty(prefix = "lokra.user.oauth2", | |
name = "token-store", havingValue = "jwt") | |
@EnableConfigurationProperties({OAuth2Properties.class}) | |
static class JwtTokenStoreConfiguration { | |
static JwtAccessTokenConverter accessTokenConverter; | |
private final OAuth2Properties properties; | |
@Autowired | |
public JwtTokenStoreConfiguration(OAuth2Properties properties) { | |
this.properties = properties; | |
} | |
@Bean | |
public JwtAccessTokenConverter jwtAccessTokenConverter() { | |
JwtAccessTokenConverter converter = new JwtAccessTokenConverter(); | |
KeyPair keyPair = new KeyStoreKeyFactory( | |
new ClassPathResource(properties.getJwt().getResource()), | |
properties.getJwt().getPassword().toCharArray()) | |
.getKeyPair(properties.getJwt().getKeyPair()); | |
converter.setKeyPair(keyPair); | |
accessTokenConverter = converter; | |
return converter; | |
} | |
@Bean | |
@Primary | |
public TokenStore tokenStore() { | |
logger.info("Initializing authorization server jwt token store"); | |
return new JwtTokenStore(jwtAccessTokenConverter()); | |
} | |
} | |
@Configuration | |
@EnableAuthorizationServer | |
@EnableConfigurationProperties({OAuth2Properties.class}) | |
static class AuthorizationServerConfiguration extends AuthorizationServerConfigurerAdapter { | |
private final AuthenticationManager authenticationManager; | |
private final TokenStore tokenStore; | |
private final OAuth2Properties properties; | |
private final UserService userService; | |
private final ClientService clientService; | |
@Autowired | |
public AuthorizationServerConfiguration( | |
OAuth2Properties properties, | |
AuthenticationManager authenticationManager, | |
TokenStore tokenStore, | |
@Qualifier("userServiceImpl") UserService userService, | |
@Qualifier("clientServiceImpl") ClientService clientService) { | |
this.properties = properties; | |
this.authenticationManager = authenticationManager; | |
this.tokenStore = tokenStore; | |
this.userService = userService; | |
this.clientService = clientService; | |
} | |
@Override | |
public void configure(AuthorizationServerEndpointsConfigurer endpoints) | |
throws Exception { | |
if (properties.getTokenStore() == OAuth2Properties.TokenStore.JWT) { | |
endpoints | |
.accessTokenConverter(JwtTokenStoreConfiguration.accessTokenConverter) | |
.tokenStore(tokenStore) | |
.userDetailsService(userService) | |
.authenticationManager(authenticationManager); | |
} else { | |
endpoints | |
.tokenStore(tokenStore) | |
.userDetailsService(userService) | |
.authenticationManager(authenticationManager); | |
} | |
} | |
@Override | |
public void configure(AuthorizationServerSecurityConfigurer oauthServer) | |
throws Exception { | |
oauthServer | |
.tokenKeyAccess(properties.getTokenKeyAccess()) | |
.checkTokenAccess(properties.getCheckTokenAccess()); | |
} | |
@Override | |
public void configure(ClientDetailsServiceConfigurer clients) throws Exception { | |
clients | |
.withClientDetails(this.clientService); | |
} | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
package org.lokra.platform.user.configuration; | |
import org.springframework.boot.context.properties.ConfigurationProperties; | |
/** | |
* @author Chiho Sin | |
*/ | |
@ConfigurationProperties(prefix = "lokra.user.oauth2") | |
public class OAuth2Properties { | |
private Jwt jwt; | |
private TokenStore tokenStore; | |
private String tokenKeyAccess; | |
private String checkTokenAccess; | |
public TokenStore getTokenStore() { | |
return tokenStore; | |
} | |
public void setTokenStore(TokenStore tokenStore) { | |
this.tokenStore = tokenStore; | |
} | |
public Jwt getJwt() { | |
return jwt; | |
} | |
public void setJwt(Jwt jwt) { | |
this.jwt = jwt; | |
} | |
public String getTokenKeyAccess() { | |
return tokenKeyAccess; | |
} | |
public void setTokenKeyAccess(String tokenKeyAccess) { | |
this.tokenKeyAccess = tokenKeyAccess; | |
} | |
public String getCheckTokenAccess() { | |
return checkTokenAccess; | |
} | |
public void setCheckTokenAccess(String checkTokenAccess) { | |
this.checkTokenAccess = checkTokenAccess; | |
} | |
public static enum TokenStore { | |
DATABASE, | |
REDIS, | |
IN_MEMORY, | |
JWT | |
} | |
public static class Jwt { | |
private String password; | |
private String resource; | |
private String keyPair; | |
public String getPassword() { | |
return password; | |
} | |
public void setPassword(String password) { | |
this.password = password; | |
} | |
public String getResource() { | |
return resource; | |
} | |
public void setResource(String resource) { | |
this.resource = resource; | |
} | |
public String getKeyPair() { | |
return keyPair; | |
} | |
public void setKeyPair(String keyPair) { | |
this.keyPair = keyPair; | |
} | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment