Implementation example of authentication and authorization based on oauth2 under spring cloud

Java

In spring cloud, oauth2 needs to be used to realize the unified authentication and authorization of multiple micro services. A grant type of a certain type is sent to the OAuth service for centralized authentication and authorization, so as to obtain access_ Token, which is trusted by other microservices. We can access it later_ Token, so as to realize the unified authentication and authorization of microservices.

This example provides four main parts:

Roles in oauth2:

Grant Type:

1. Basic environment

Use Postgres as account storage and redis as token storage. Use docker compose to start Postgres and redis on the server.

2.auth-server

2.1 oauth2 service configuration

Redis is used to store tokens. After the service is restarted, there is no need to retrieve tokens

2.2 resource service configuration

Auth server provides user information, so auth server is also a resource server

2.3 security configuration

2.4 authority design

The user (sysuser) role (sysrole) permission (sysauthority) setting is adopted, and the relationship between them is many to many. Load users and permissions through domainuserdetailsservice.

2.5 configuration

2.6 test data

data. Two users admin - > role are initialized in SQL_ ADMIN->query_ demo,wyf->ROLE_ USER

3.order-service

3.1 resource service configuration

3.2 user information configuration

Order service is a simple micro service, which uses auth server for authentication and authorization, and specifies the address of user information in auth server in its configuration file:

3.3 authority test controller

Only those with authority but not query demo can access, that is, they are admin users

4 api-gateway

API gateway has two functions in this example:

4.1 close CSRF and enable oauth2 client support

4.2 configuration

5 demonstration

5.1 client call

Using postman to http://localhost:8080/uaa/oauth/token Send a request to get access_ Token (for admin users, such as 7f9b54d4-fd25-4a2c-a848-ddf8f119230b)

Admin user

WYF user

5.2 webapp call in API gateway

I haven't done the test yet. I'll add it next time.

6 source address

https://github.com/wiselyman/uaa-zuul

The content of this article comes from the network collection of netizens. It is used as a learning reference. The copyright belongs to the original author.
THE END
分享
二维码
< <上一篇
下一篇>>