工业级后台API v2
blame | history | raw
沈斌
2017-11-05 b59ca89001a572f450a84926bb603acc9aee996b 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53

package com.moral.security;


 


import org.springframework.beans.factory.annotation.Autowired;


import org.springframework.beans.factory.annotation.Qualifier;


import org.springframework.context.annotation.Configuration;


import org.springframework.security.authentication.AuthenticationManager;


import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;


import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;


import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;


import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;


import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;


import org.springframework.security.oauth2.provider.approval.UserApprovalHandler;


import org.springframework.security.oauth2.provider.token.TokenStore;


 


@Configuration


@EnableAuthorizationServer


public class AuthorizationServerConfiguration extends AuthorizationServerConfigurerAdapter {


 


    private static String REALM = "MY_OAUTH_REALM";


    


    @Autowired


    private TokenStore tokenStore;


 


    @Autowired


    private UserApprovalHandler userApprovalHandler;


 


    @Autowired


    @Qualifier("authenticationManagerBean")


    private AuthenticationManager authenticationManager;


 


    @Override


    public void configure(ClientDetailsServiceConfigurer clients) throws Exception {


 


        clients.inMemory()


            .withClient("my-trusted-client")//客户端ID


            .authorizedGrantTypes("password", "authorization_code", "refresh_token", "implicit")


            .authorities("ROLE_CLIENT", "ROLE_TRUSTED_CLIENT")


            .scopes("read", "write", "trust")//授权用户的操作权限


            .secret("secret")//密码


            .accessTokenValiditySeconds(1200).//token有效期为1200秒


            refreshTokenValiditySeconds(6000);//刷新token有效期为6000秒


    }


 


    @Override


    public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {


        endpoints.tokenStore(tokenStore).userApprovalHandler(userApprovalHandler).authenticationManager(authenticationManager);


    }


 


    @Override


    public void configure(AuthorizationServerSecurityConfigurer oauthServer) throws Exception {


        oauthServer.realm(REALM + "/client");


    }


}