国产 无码 综合区,色欲AV无码国产永久播放,无码天堂亚洲国产AV,国产日韩欧美女同一区二区

  1. Toy模板網(wǎng)首頁
  2. >Toy博客

spring security + oauth2 使用RedisTokenStore 以json格式存儲

2年前作者:qq_31683775分類:Toy博客閱讀(23)違法舉報

這篇具有很好參考價值的文章主要介紹了spring security + oauth2 使用RedisTokenStore 以json格式存儲。希望對大家有所幫助。如果存在錯誤或未考慮完全的地方,請大家不吝賜教,您也可以點擊"舉報違法"按鈕提交疑問。

1.項目架構(gòu)

spring security + oauth2 使用RedisTokenStore 以json格式存儲,微服務(wù),架構(gòu),云原生

?2.自己對 TokenStore 的 redis實現(xiàn)

package com.enterprise.auth.config;

import org.springframework.data.redis.connection.RedisConnection;
import org.springframework.data.redis.connection.RedisConnectionFactory;
import org.springframework.data.redis.core.Cursor;
import org.springframework.data.redis.core.ScanOptions;
import org.springframework.security.oauth2.common.ExpiringOAuth2RefreshToken;
import org.springframework.security.oauth2.common.OAuth2AccessToken;
import org.springframework.security.oauth2.common.OAuth2RefreshToken;
import org.springframework.security.oauth2.provider.OAuth2Authentication;
import org.springframework.security.oauth2.provider.token.AuthenticationKeyGenerator;
import org.springframework.security.oauth2.provider.token.DefaultAuthenticationKeyGenerator;
import org.springframework.security.oauth2.provider.token.TokenStore;
import org.springframework.security.oauth2.provider.token.store.redis.JdkSerializationStrategy;
import org.springframework.security.oauth2.provider.token.store.redis.RedisTokenStore;
import org.springframework.security.oauth2.provider.token.store.redis.RedisTokenStoreSerializationStrategy;
import org.springframework.util.ClassUtils;
import org.springframework.util.ReflectionUtils;

import java.lang.reflect.Method;
import java.nio.charset.StandardCharsets;
import java.util.*;

public class MyRedisTokenStore implements TokenStore {

    private static final String ACCESS = "access:";
    private static final String AUTH_TO_ACCESS = "auth_to_access:";
    private static final String AUTH = "auth:";
    private static final String REFRESH_AUTH = "refresh_auth:";
    private static final String ACCESS_TO_REFRESH = "access_to_refresh:";
    private static final String REFRESH = "refresh:";
    private static final String REFRESH_TO_ACCESS = "refresh_to_access:";
    private static final String CLIENT_ID_TO_ACCESS = "client_id_to_access:";
    private static final String UNAME_TO_ACCESS = "uname_to_access:";
    private static final boolean springDataRedis_2_0 = ClassUtils.isPresent("org.springframework.data.redis.connection.RedisStandaloneConfiguration", RedisTokenStore.class.getClassLoader());
    private final RedisConnectionFactory connectionFactory;
    private AuthenticationKeyGenerator authenticationKeyGenerator = new DefaultAuthenticationKeyGenerator();
    private RedisTokenStoreSerializationStrategy serializationStrategy = new MyRedisTokenStoreSerializationStrategy();
    private String prefix = "";
    private Method redisConnectionSet_2_0;

    public MyRedisTokenStore(RedisConnectionFactory connectionFactory) {
        this.connectionFactory = connectionFactory;
        if (springDataRedis_2_0) {
            this.loadRedisConnectionMethods_2_0();
        }

    }

    public void setAuthenticationKeyGenerator(AuthenticationKeyGenerator authenticationKeyGenerator) {
        this.authenticationKeyGenerator = authenticationKeyGenerator;
    }

    public void setSerializationStrategy(RedisTokenStoreSerializationStrategy serializationStrategy) {
        this.serializationStrategy = serializationStrategy;
    }

    public void setPrefix(String prefix) {
        this.prefix = prefix;
    }

    private void loadRedisConnectionMethods_2_0() {
        this.redisConnectionSet_2_0 = ReflectionUtils.findMethod(RedisConnection.class, "set", new Class[]{byte[].class, byte[].class});
    }

    private RedisConnection getConnection() {
        return this.connectionFactory.getConnection();
    }

    private byte[] serialize(Object object) {
        return this.serializationStrategy.serialize(object);
    }

    private byte[] serializeKey(String object) {
        return this.serialize(this.prefix + object);
    }

    private OAuth2AccessToken deserializeAccessToken(byte[] bytes) {
        return (OAuth2AccessToken)this.serializationStrategy.deserialize(bytes, OAuth2AccessToken.class);
    }

    private OAuth2Authentication deserializeAuthentication(byte[] bytes) {
        return (OAuth2Authentication)this.serializationStrategy.deserialize(bytes, OAuth2Authentication.class);
    }

    private OAuth2RefreshToken deserializeRefreshToken(byte[] bytes) {
        return (OAuth2RefreshToken)this.serializationStrategy.deserialize(bytes, OAuth2RefreshToken.class);
    }

    private byte[] serialize(String string) {
        return this.serializationStrategy.serialize(string);
    }

    private String deserializeString(byte[] bytes) {
        return this.serializationStrategy.deserializeString(bytes);
    }

    public OAuth2AccessToken getAccessToken(OAuth2Authentication authentication) {
        String key = this.authenticationKeyGenerator.extractKey(authentication);
        byte[] serializedKey = this.serializeKey("auth_to_access:" + key);
        byte[] bytes = null;
        RedisConnection conn = this.getConnection();

        try {
            bytes = conn.get(serializedKey);
        } finally {
            conn.close();
        }

        OAuth2AccessToken accessToken = this.deserializeAccessToken(bytes);
        if (accessToken != null) {
            OAuth2Authentication storedAuthentication = this.readAuthentication(accessToken.getValue());
            if (storedAuthentication == null || !key.equals(this.authenticationKeyGenerator.extractKey(storedAuthentication))) {
                this.storeAccessToken(accessToken, authentication);
            }
        }

        return accessToken;
    }

    public OAuth2Authentication readAuthentication(OAuth2AccessToken token) {
        return this.readAuthentication(token.getValue());
    }

    public OAuth2Authentication readAuthentication(String token) {
        byte[] bytes = null;
        RedisConnection conn = this.getConnection();

        try {
            bytes = conn.get(this.serializeKey("auth:" + token));
        } finally {
            conn.close();
        }

        OAuth2Authentication var4 = this.deserializeAuthentication(bytes);
        return var4;
    }

    public OAuth2Authentication readAuthenticationForRefreshToken(OAuth2RefreshToken token) {
        return this.readAuthenticationForRefreshToken(token.getValue());
    }

    public OAuth2Authentication readAuthenticationForRefreshToken(String token) {
        RedisConnection conn = this.getConnection();

        OAuth2Authentication var5;
        try {
            byte[] bytes = conn.get(this.serializeKey("refresh_auth:" + token));
            OAuth2Authentication auth = this.deserializeAuthentication(bytes);
            var5 = auth;
        } finally {
            conn.close();
        }

        return var5;
    }

    public void storeAccessToken(OAuth2AccessToken token, OAuth2Authentication authentication) {
        byte[] serializedAccessToken = this.serialize((Object)token);
        byte[] serializedAuth = this.serialize((Object)authentication);
        byte[] accessKey = this.serializeKey("access:" + token.getValue());
        byte[] authKey = this.serializeKey("auth:" + token.getValue());
        byte[] authToAccessKey = this.serializeKey("auth_to_access:" + this.authenticationKeyGenerator.extractKey(authentication));
        byte[] approvalKey = this.serializeKey("uname_to_access:" + getApprovalKey(authentication));
        byte[] clientId = this.serializeKey("client_id_to_access:" + authentication.getOAuth2Request().getClientId());
        RedisConnection conn = this.getConnection();

        try {
            conn.openPipeline();
            if (springDataRedis_2_0) {
                try {
                    this.redisConnectionSet_2_0.invoke(conn, accessKey, serializedAccessToken);
                    this.redisConnectionSet_2_0.invoke(conn, authKey, serializedAuth);
                    this.redisConnectionSet_2_0.invoke(conn, authToAccessKey, serializedAccessToken);
                } catch (Exception var24) {
                    throw new RuntimeException(var24);
                }
            } else {
                conn.set(accessKey, serializedAccessToken);
                conn.set(authKey, serializedAuth);
                conn.set(authToAccessKey, serializedAccessToken);
            }

            if (!authentication.isClientOnly()) {
                conn.sAdd(approvalKey, new byte[][]{serializedAccessToken});
            }

            conn.sAdd(clientId, new byte[][]{serializedAccessToken});
            if (token.getExpiration() != null) {
                int seconds = token.getExpiresIn();
                conn.expire(accessKey, (long)seconds);
                conn.expire(authKey, (long)seconds);
                conn.expire(authToAccessKey, (long)seconds);
                conn.expire(clientId, (long)seconds);
                conn.expire(approvalKey, (long)seconds);
            }

            OAuth2RefreshToken refreshToken = token.getRefreshToken();
            if (refreshToken != null && refreshToken.getValue() != null) {
                byte[] refresh = this.serialize(token.getRefreshToken().getValue());
                byte[] auth = this.serialize(token.getValue());
                byte[] refreshToAccessKey = this.serializeKey("refresh_to_access:" + token.getRefreshToken().getValue());
                byte[] accessToRefreshKey = this.serializeKey("access_to_refresh:" + token.getValue());
                if (springDataRedis_2_0) {
                    try {
                        this.redisConnectionSet_2_0.invoke(conn, refreshToAccessKey, auth);
                        this.redisConnectionSet_2_0.invoke(conn, accessToRefreshKey, refresh);
                    } catch (Exception var23) {
                        throw new RuntimeException(var23);
                    }
                } else {
                    conn.set(refreshToAccessKey, auth);
                    conn.set(accessToRefreshKey, refresh);
                }

                if (refreshToken instanceof ExpiringOAuth2RefreshToken) {
                    ExpiringOAuth2RefreshToken expiringRefreshToken = (ExpiringOAuth2RefreshToken)refreshToken;
                    Date expiration = expiringRefreshToken.getExpiration();
                    if (expiration != null) {
                        int seconds = Long.valueOf((expiration.getTime() - System.currentTimeMillis()) / 1000L).intValue();
                        conn.expire(refreshToAccessKey, (long)seconds);
                        conn.expire(accessToRefreshKey, (long)seconds);
                    }
                }
            }

            conn.closePipeline();
        } finally {
            conn.close();
        }

    }

    private static String getApprovalKey(OAuth2Authentication authentication) {
        String userName = authentication.getUserAuthentication() == null ? "" : authentication.getUserAuthentication().getName();
        return getApprovalKey(authentication.getOAuth2Request().getClientId(), userName);
    }

    private static String getApprovalKey(String clientId, String userName) {
        return clientId + (userName == null ? "" : ":" + userName);
    }

    public void removeAccessToken(OAuth2AccessToken accessToken) {
        this.removeAccessToken(accessToken.getValue());
    }

    public OAuth2AccessToken readAccessToken(String tokenValue) {
        byte[] key = this.serializeKey("access:" + tokenValue);
        byte[] bytes = null;
        RedisConnection conn = this.getConnection();

        try {
            bytes = conn.get(key);
        } finally {
            conn.close();
        }

        OAuth2AccessToken var5 = this.deserializeAccessToken(bytes);
        return var5;
    }

    public void removeAccessToken(String tokenValue) {
        byte[] accessKey = this.serializeKey("access:" + tokenValue);
        byte[] authKey = this.serializeKey("auth:" + tokenValue);
        byte[] accessToRefreshKey = this.serializeKey("access_to_refresh:" + tokenValue);
        RedisConnection conn = this.getConnection();

        try {
            conn.openPipeline();
            conn.get(accessKey);
            conn.get(authKey);
            conn.del(new byte[][]{accessKey});
            conn.del(new byte[][]{accessToRefreshKey});
            conn.del(new byte[][]{authKey});
            List<Object> results = conn.closePipeline();
            byte[] access = (byte[])((byte[])results.get(0));
            byte[] auth = (byte[])((byte[])results.get(1));
            OAuth2Authentication authentication = this.deserializeAuthentication(auth);
            if (authentication != null) {
                String key = this.authenticationKeyGenerator.extractKey(authentication);
                byte[] authToAccessKey = this.serializeKey("auth_to_access:" + key);
                byte[] unameKey = this.serializeKey("uname_to_access:" + getApprovalKey(authentication));
                byte[] clientId = this.serializeKey("client_id_to_access:" + authentication.getOAuth2Request().getClientId());
                conn.openPipeline();
                conn.del(new byte[][]{authToAccessKey});
                conn.sRem(unameKey, new byte[][]{access});
                conn.sRem(clientId, new byte[][]{access});
                conn.del(new byte[][]{this.serialize("access:" + key)});
                conn.closePipeline();
            }
        } finally {
            conn.close();
        }

    }

    public void storeRefreshToken(OAuth2RefreshToken refreshToken, OAuth2Authentication authentication) {
        byte[] refreshKey = this.serializeKey("refresh:" + refreshToken.getValue());
        byte[] refreshAuthKey = this.serializeKey("refresh_auth:" + refreshToken.getValue());
        byte[] serializedRefreshToken = this.serialize((Object)refreshToken);
        RedisConnection conn = this.getConnection();

        try {
            conn.openPipeline();
            if (springDataRedis_2_0) {
                try {
                    this.redisConnectionSet_2_0.invoke(conn, refreshKey, serializedRefreshToken);
                    this.redisConnectionSet_2_0.invoke(conn, refreshAuthKey, this.serialize((Object)authentication));
                } catch (Exception var13) {
                    throw new RuntimeException(var13);
                }
            } else {
                conn.set(refreshKey, serializedRefreshToken);
                conn.set(refreshAuthKey, this.serialize((Object)authentication));
            }

            if (refreshToken instanceof ExpiringOAuth2RefreshToken) {
                ExpiringOAuth2RefreshToken expiringRefreshToken = (ExpiringOAuth2RefreshToken)refreshToken;
                Date expiration = expiringRefreshToken.getExpiration();
                if (expiration != null) {
                    int seconds = Long.valueOf((expiration.getTime() - System.currentTimeMillis()) / 1000L).intValue();
                    conn.expire(refreshKey, (long)seconds);
                    conn.expire(refreshAuthKey, (long)seconds);
                }
            }

            conn.closePipeline();
        } finally {
            conn.close();
        }

    }

    public OAuth2RefreshToken readRefreshToken(String tokenValue) {
        byte[] key = this.serializeKey("refresh:" + tokenValue);
        byte[] bytes = null;
        RedisConnection conn = this.getConnection();

        try {
            bytes = conn.get(key);
        } finally {
            conn.close();
        }

        OAuth2RefreshToken var5 = this.deserializeRefreshToken(bytes);
        return var5;
    }

    public void removeRefreshToken(OAuth2RefreshToken refreshToken) {
        this.removeRefreshToken(refreshToken.getValue());
    }

    public void removeRefreshToken(String tokenValue) {
        byte[] refreshKey = this.serializeKey("refresh:" + tokenValue);
        byte[] refreshAuthKey = this.serializeKey("refresh_auth:" + tokenValue);
        byte[] refresh2AccessKey = this.serializeKey("refresh_to_access:" + tokenValue);
        byte[] access2RefreshKey = this.serializeKey("access_to_refresh:" + tokenValue);
        RedisConnection conn = this.getConnection();

        try {
            conn.openPipeline();
            conn.del(new byte[][]{refreshKey});
            conn.del(new byte[][]{refreshAuthKey});
            conn.del(new byte[][]{refresh2AccessKey});
            conn.del(new byte[][]{access2RefreshKey});
            conn.closePipeline();
        } finally {
            conn.close();
        }

    }

    public void removeAccessTokenUsingRefreshToken(OAuth2RefreshToken refreshToken) {
        this.removeAccessTokenUsingRefreshToken(refreshToken.getValue());
    }

    private void removeAccessTokenUsingRefreshToken(String refreshToken) {
        byte[] key = this.serializeKey("refresh_to_access:" + refreshToken);
        List<Object> results = null;
        RedisConnection conn = this.getConnection();

        try {
            conn.openPipeline();
            conn.get(key);
            conn.del(new byte[][]{key});
            results = conn.closePipeline();
        } finally {
            conn.close();
        }

        if (results != null) {
            byte[] bytes = (byte[])((byte[])results.get(0));
            String accessToken = this.deserializeString(bytes);
            if (accessToken != null) {
                this.removeAccessToken(accessToken);
            }

        }
    }

    private List<byte[]> getByteLists(byte[] approvalKey, RedisConnection conn) {
        Long size = conn.sCard(approvalKey);
        List<byte[]> byteList = new ArrayList(size.intValue());
        Cursor cursor = conn.sScan(approvalKey, ScanOptions.NONE);

        while(cursor.hasNext()) {
            Object next = cursor.next();
            byteList.add(next.toString().getBytes(StandardCharsets.UTF_8));
        }

        return byteList;
    }

    public Collection<OAuth2AccessToken> findTokensByClientIdAndUserName(String clientId, String userName) {
        byte[] approvalKey = this.serializeKey("uname_to_access:" + getApprovalKey(clientId, userName));
        List<byte[]> byteList = null;
        RedisConnection conn = this.getConnection();

        try {
            byteList = this.getByteLists(approvalKey, conn);
        } finally {
            conn.close();
        }

        if (byteList != null && byteList.size() != 0) {
            List<OAuth2AccessToken> accessTokens = new ArrayList(byteList.size());
            Iterator var7 = byteList.iterator();

            while(var7.hasNext()) {
                byte[] bytes = (byte[])var7.next();
                OAuth2AccessToken accessToken = this.deserializeAccessToken(bytes);
                accessTokens.add(accessToken);
            }

            return Collections.unmodifiableCollection(accessTokens);
        } else {
            return Collections.emptySet();
        }
    }

    public Collection<OAuth2AccessToken> findTokensByClientId(String clientId) {
        byte[] key = this.serializeKey("client_id_to_access:" + clientId);
        List<byte[]> byteList = null;
        RedisConnection conn = this.getConnection();

        try {
            byteList = this.getByteLists(key, conn);
        } finally {
            conn.close();
        }

        if (byteList != null && byteList.size() != 0) {
            List<OAuth2AccessToken> accessTokens = new ArrayList(byteList.size());
            Iterator var6 = byteList.iterator();

            while(var6.hasNext()) {
                byte[] bytes = (byte[])var6.next();
                OAuth2AccessToken accessToken = this.deserializeAccessToken(bytes);
                accessTokens.add(accessToken);
            }

            return Collections.unmodifiableCollection(accessTokens);
        } else {
            return Collections.emptySet();
        }
    }
}

3.自定義序列化類

package com.enterprise.auth.config;

import com.google.gson.Gson;
import org.springframework.security.oauth2.provider.token.store.redis.BaseRedisTokenStoreSerializationStrategy;

import java.nio.charset.StandardCharsets;
import java.util.Map;

public class MyRedisTokenStoreSerializationStrategy extends BaseRedisTokenStoreSerializationStrategy {
    @Override
    //反序列化內(nèi)部
    protected <T> T deserializeInternal(byte[] bytes, Class<T> aClass) {
        String s = new String(bytes);
        Gson gson = new Gson();
        return gson.fromJson(s,aClass);
    }

    @Override
    //反序列化字符串內(nèi)部
    protected String deserializeStringInternal(byte[] bytes) {
        return new String(bytes);
    }

    @Override
    //序列化內(nèi)部
    protected byte[] serializeInternal(Object o) {
        Gson gson = new Gson();
        String json = gson.toJson(o);
        return json.getBytes(StandardCharsets.UTF_8);
    }

    @Override
    //序列化內(nèi)部
    protected byte[] serializeInternal(String s) {
        return  s.getBytes(StandardCharsets.UTF_8);
    }
}

4.配置使用redis類型的?TokenStore

package com.enterprise.auth.config;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.data.redis.connection.RedisConnectionFactory;
import org.springframework.security.oauth2.provider.token.TokenStore;

@Configuration
public class MyRedisTokenStoreConfig {
    @Autowired
    private RedisConnectionFactory redisConnectionFactory;
    @Bean
    public TokenStore tokenStore() {
        MyRedisTokenStore redisTokenStore = new MyRedisTokenStore(redisConnectionFactory);
        return redisTokenStore;
    }
}

5.完成認(rèn)證模塊的編寫后,測試登錄

spring security + oauth2 使用RedisTokenStore 以json格式存儲,微服務(wù),架構(gòu),云原生

?spring security + oauth2 使用RedisTokenStore 以json格式存儲,微服務(wù),架構(gòu),云原生

?json已經(jīng)保存在數(shù)據(jù)庫了

但是!!!!!,保存沒問題,取出來的時候就有問題了,把這三個文件復(fù)制到資源服務(wù)器,讓資源服務(wù)器也用MyRedisTokenStore 的方式讀取權(quán)限信息.

spring security + oauth2 使用RedisTokenStore 以json格式存儲,微服務(wù),架構(gòu),云原生

?然后訪問,到j(luò)son權(quán)限信息轉(zhuǎn)成實體類的時候,就有問題了,各種各樣oauth2 中的數(shù)據(jù)實體類,沒有構(gòu)造方法,無法創(chuàng)建對象,先轉(zhuǎn)成map在手動新建對象同樣不行,

spring security + oauth2 使用RedisTokenStore 以json格式存儲,微服務(wù),架構(gòu),云原生

?redis中的配置已經(jīng)讀到了

spring security + oauth2 使用RedisTokenStore 以json格式存儲,微服務(wù),架構(gòu),云原生

?但是需要實例化的對象類路徑,這么長一串,沒有構(gòu)造方法,無法新建對象.

報錯>>>

spring security + oauth2 使用RedisTokenStore 以json格式存儲,微服務(wù),架構(gòu),云原生

結(jié)束<<<<<<<<

補充:所以用redis并且json格式存儲權(quán)限信息,是走不通的,所以只能用jdk的序列化方式,但這需要所用到的類,在認(rèn)證模塊和資源模塊都可以訪問

spring security + oauth2 使用RedisTokenStore 以json格式存儲,微服務(wù),架構(gòu),云原生

?文章來源地址http://www.zghlxwxcb.cn/news/detail-629170.html

到了這里,關(guān)于spring security + oauth2 使用RedisTokenStore 以json格式存儲的文章就介紹完了。如果您還想了解更多內(nèi)容,請在右上角搜索TOY模板網(wǎng)以前的文章或繼續(xù)瀏覽下面的相關(guān)文章,希望大家以后多多支持TOY模板網(wǎng)!

本文來自互聯(lián)網(wǎng)用戶投稿,該文觀點僅代表作者本人,不代表本站立場。本站僅提供信息存儲空間服務(wù),不擁有所有權(quán),不承擔(dān)相關(guān)法律責(zé)任。如若轉(zhuǎn)載,請注明出處: 如若內(nèi)容造成侵權(quán)/違法違規(guī)/事實不符,請點擊違法舉報進(jìn)行投訴反饋,一經(jīng)查實,立即刪除!

領(lǐng)支付寶紅包贊助服務(wù)器費用

相關(guān)文章

  • Spring Security OAuth2.0 - 學(xué)習(xí)筆記

    Spring Security OAuth2.0 - 學(xué)習(xí)筆記

    OAuth2.0是一個開放標(biāo)準(zhǔn),允許用戶授權(quán)第三方應(yīng)用程序訪問他們存儲在另外的服務(wù)提供者上的信息,而不需要將用戶和密碼提供給第三方應(yīng)用或分享數(shù)據(jù)的所有內(nèi)容。 1)授權(quán)碼模式 2)簡化模式 3)密碼模式 4)客戶端模式 普通令牌只是一個隨機的字符串,沒有特殊的意義,

    2024年02月16日
    瀏覽(59)
  • Spring Security實現(xiàn)OAuth2協(xié)議及實戰(zhàn)

    Spring Security實現(xiàn)OAuth2協(xié)議及實戰(zhàn)

    文章篇幅較長,愿讀者耐心看完。如有不足之處,請指正。 一.OAuth2介紹 1.1 OAuth2是什么 怎么用 OAuth2是目前最流行的授權(quán)協(xié)議,用來授權(quán)第三方應(yīng)用,獲取用戶數(shù)據(jù)。 舉個例子:快遞員想要進(jìn)入小區(qū),有3種方式。1是業(yè)主遠(yuǎn)程開門,2是業(yè)主告訴門禁密碼,3是使用令牌(Oaut

    2024年02月08日
    瀏覽(21)
  • Spring Security OAuth2 遠(yuǎn)程命令執(zhí)行漏洞

    Spring Security OAuth2 遠(yuǎn)程命令執(zhí)行漏洞

    cd vulhub/spring/CVE-2016-4977/ docker-compose up -d 訪問 http://192.168.10.171:8080/oauth/authorize?response_type=${233*233}client_id=acmescope=openidredirect_uri=http://test 用admin:admin登陸 出現(xiàn)以下報錯,表示漏洞存在(response_type里面的命令執(zhí)行了) poc.py #!/usr/bin/env python message = input(‘Enter message to encode:’) p

    2024年02月09日
    瀏覽(22)
  • 微服務(wù)安全Spring Security Oauth2實戰(zhàn)

    微服務(wù)安全Spring Security Oauth2實戰(zhàn)

    Spring Authorization Server 是一個框架,它提供了 OAuth 2.1 和 OpenID Connect 1.0 規(guī)范以及其他相關(guān)規(guī)范的實現(xiàn)。它建立在 Spring Security 之上,為構(gòu)建 OpenID Connect 1.0 身份提供者和 OAuth2 授權(quán)服務(wù)器產(chǎn)品提供了一個安全、輕量級和可定制的基礎(chǔ)。說白了,Spring Authorization Server 就是一個**認(rèn)

    2024年02月03日
    瀏覽(28)

  • Spring Security與OAuth2的完美結(jié)合

    OAuth2是一種流行的授權(quán)框架,它允許用戶授權(quán)第三方應(yīng)用程序訪問他們的資源。Spring Security是一個強大的安全框架,它提供了一系列的安全功能。本文將介紹如何將Spring Security與OAuth2整合,以實現(xiàn)更加安全和可靠的應(yīng)用程序。 OAuth2的基本概念 OAuth2是一個授權(quán)框架,它允許用

    2024年02月05日
    瀏覽(21)
  • SpringCloud微服務(wù)整合Spring Security OAuth2

    SpringCloud微服務(wù)整合Spring Security OAuth2

    首先得了解什么是OAuth2,這個的話可以參見博客: https://blog.csdn.net/weixin_42272869/article/details/112260123 https://www.bilibili.com/video/BV1D94y1Z7t1?p=33vd_source=bf9d70f3d2a451db07f40b6407c95a77 本文采用的是使用最廣泛的、安全性最高的 授權(quán)碼模式 進(jìn)行講解。 單獨創(chuàng)建一個鑒權(quán)微服務(wù)auth,負(fù)責(zé)整個

    2024年02月09日
    瀏覽(41)

  • Spring Security對接OIDC(OAuth2)外部認(rèn)證

    前后端分離項目對接OIDC(OAuth2)外部認(rèn)證,認(rèn)證服務(wù)器可以使用Keycloak。 后端已有用戶管理和權(quán)限管理,需要外部認(rèn)證服務(wù)器的用戶名和業(yè)務(wù)系統(tǒng)的用戶名一致才可以登錄。 后臺基于Spring Boot 2.7 +?Spring Security 流程: 前臺瀏覽器跳轉(zhuǎn)到? 后臺地址 +?/login/oauth2/authorization/my-oid

    2024年02月21日
    瀏覽(25)
  • spring-security -oauth2 整合 JWT

    spring-security -oauth2 整合 JWT

    在這個基礎(chǔ)上,進(jìn)行整合。 spring security oauth2學(xué)習(xí) -- 快速入門_本郡主是喵的博客-CSDN博客 先把? reids,common-pools? 等依賴刪掉。 刪掉redis的下相關(guān)配置 1.1?導(dǎo)入依賴 1.2 核心代碼 創(chuàng)建 jwtTokenConfig.java 在 AuthenticationServer.java 里面新增這些。 ?運行,啟動! ?復(fù)制這個token去官網(wǎng)解析

    2024年02月09日
    瀏覽(23)
  • 搭建spring security oauth2認(rèn)證授權(quán)服務(wù)器

    搭建spring security oauth2認(rèn)證授權(quán)服務(wù)器

    下面是在spring security項目的基礎(chǔ)上搭建spring security oauth2認(rèn)證授權(quán)服務(wù)器 spring security oauth2認(rèn)證授權(quán)服務(wù)器主要需要以下依賴 Spring Security對OAuth2默認(rèn)可訪問端點 ?/oauth/authorize? ??:申請授權(quán)碼code,涉及類? ?AuthorizationEndpoint? ? ?/oauth/token? ??:獲取令牌token,涉及類?

    2024年01月21日
    瀏覽(20)
  • Spring Security 源碼解讀:OAuth2 Authorization Server

    Spring Security 源碼解讀:OAuth2 Authorization Server

    樣例代碼請參考:spring-security-oauth2.0-sample Spring Authorization Server剛發(fā)展不久,還沒有springboot版本,而Resource Server有,但是兩個底層很多不兼容,會重復(fù)引入不同版本的jar包。 另外,該 spring-security-oauth2-authorization-server 依賴支持OAuth2.1草案規(guī)范。 關(guān)于 OAuth2.1 草案介紹請參考

    2023年04月22日
    瀏覽(24)

覺得文章有用就打賞一下文章作者

支付寶掃一掃打賞

博客贊助

微信掃一掃打賞

請作者喝杯咖啡吧~博客贊助

支付寶掃一掃領(lǐng)取紅包,優(yōu)惠每天領(lǐng)

二維碼1

領(lǐng)取紅包

二維碼2

領(lǐng)紅包