# daily-smile-auth **Repository Path**: DailySmileStart/daily-smile-auth ## Basic Information - **Project Name**: daily-smile-auth - **Description**: 基于spring 认证服务器的 用户管理平台 - **Primary Language**: Java - **License**: Apache-2.0 - **Default Branch**: dev-rbac - **Homepage**: None - **GVP Project**: No ## Statistics - **Stars**: 0 - **Forks**: 0 - **Created**: 2024-03-18 - **Last Updated**: 2024-05-13 ## Categories & Tags **Categories**: Uncategorized **Tags**: None ## README # daily-smile-auth 认证 keytool.exe -genkeypair -alias daily-smile-jwt -keyalg RSA -keypass oauth-key -keystore oauth.jks -storepass oauth-key -storetype PKCS12 注: 认证服务器需要秘钥对使用,可以使用keytool以下命令生成秘钥对(keytool 在java安装bin目录下): ```shell keytool.exe -genkeypair -alias battery-jwt -keyalg RSA -keypass oauth-key -keystore oauth.jks -storepass oauth-key -storetype pkcs12 ``` 将生成的秘钥放置在`src/main/resources/oauth.jks`文件中,密码为`secret`。 = Samples [[messages-sample]] == Messages Sample 消息示例集成了 `spring-security-oauth2-client`、 `spring-security-oauth2-resource-server` 和 *Spring Authorization Server*. 用户名: `user1`密码: `password`. [[run-messages-sample]] === 运行示例 * 运行认证服务器 -> `./gradlew -b samples/default-authorizationserver/samples-default-authorizationserver.gradle bootRun` * 运行资源服务器 -> `./gradlew -b samples/messages-resource/samples-messages-resource.gradle bootRun` * 运行客户端 -> `./gradlew -b samples/messages-client/samples-messages-client.gradle bootRun` * Go to `http://127.0.0.1:8080` [[federated-identity-sample]] == Federated Identity Sample 联邦身份示例建立在上面的消息示例的基础上,使用自定义配置向*Spring Authorization Server*添加社会登录和联邦身份特性。 [[google-login]] === Login with Google 本节展示如何使用Google作为身份验证提供者来配置Spring Security。 [[google-initial-setup]] ==== 初始化设置 要使用Google的OAuth 2.0认证系统进行登录,必须在Google API控制台中设置一个项目来获取OAuth 2.0凭据。 NOTE: https://developers.google.com/identity/protocols/OpenIDConnect[Google's OAuth 2.0 implementation] for authentication conforms to the https://openid.net/connect/[OpenID Connect 1.0] 具体见 https://openid.net/certification/[OpenID Certified]. 根据 https://developers.google.com/identity/protocols/OpenIDConnect[OpenID Connect] 页面的介绍, 从“设置OAuth 2.0”小节开始。 完成“获取OAuth 2.0凭据”说明后,您应该拥有一个新的OAuth客户端,其凭据由客户端ID和客户端密钥组成。 [[google-redirect-uri]] ==== 设置重定向 URI 重定向URI是应用程序中的路径,最终用户的用户代理在通过Google身份验证后被重定向回该路径 并在“同意”页面上授予对OAuth客户端_(在上一步中创建)_的访问权限。 在“设置重定向URI”小节中,确保 *_授权重定向URI_* 字段设置为 `http://localhost:9000/login/oauth2/code/google-idp`. TIP: 默认的重定向URI模板是 `{baseUrl}/login/oauth2/code/{registrationId}`. *_registrationId_* 是惟一标识符 `ClientRegistration`. [[google-application-config]] ==== 配置 application.yml 现在您已经有了一个带有Google的新的OAuth Client,您需要配置应用程序以将OAuth Client用于身份验证流程。这样做: . 在 `application.yml` 下编写以下配置 + [source,yaml] ---- spring: security: oauth2: client: registration: <1> google-idp: <2> provider: google client-id: google-client-id client-secret: google-client-secret ---- + .OAuth Client properties ==== <1> `spring.security.oauth2.client.registration` 是OAuth Client属性的基本属性前缀。 <2> 属性前缀后面是属性的ID `ClientRegistration`, 例如 google-idp. ==== . 将' client-id '和' client-secret '属性中的值替换为前面创建的OAuth 2.0凭据。 或者,您可以在Spring Boot应用程序中设置以下环境变量: * `GOOGLE_CLIENT_ID` * `GOOGLE_CLIENT_SECRET` [[github-login]] === Login with GitHub This section shows how to configure Spring Security using Github as an Authentication Provider. [[github-register-application]] ==== Register OAuth application To use GitHub's OAuth 2.0 authentication system for login, you must https://github.com/settings/applications/new[Register a new OAuth application]. When registering the OAuth application, ensure the *Authorization callback URL* is set to `http://localhost:9000/login/oauth2/code/github-idp`. The Authorization callback URL (redirect URI) is the path in the application that the end-user's user-agent is redirected back to after they have authenticated with GitHub and have granted access to the OAuth application on the _Authorize application_ page. TIP: The default redirect URI template is `{baseUrl}/login/oauth2/code/{registrationId}`. The *_registrationId_* is a unique identifier for the `ClientRegistration`. [[github-application-config]] ==== Configure application.yml Now that you have a new OAuth application with GitHub, you need to configure the application to use the OAuth application for the _authentication flow_. To do so: . Go to `application.yml` and set the following configuration: + [source,yaml] ---- spring: security: oauth2: client: registration: <1> github-idp: <2> provider: github client-id: github-client-id client-secret: github-client-secret ---- + .OAuth Client properties ==== <1> `spring.security.oauth2.client.registration` is the base property prefix for OAuth Client properties. <2> Following the base property prefix is the ID for the `ClientRegistration`, such as github-idp. ==== . Replace the values in the `client-id` and `client-secret` property with the OAuth 2.0 credentials you created earlier. Alternatively, you can set the following environment variables in the Spring Boot application: * `GITHUB_CLIENT_ID` * `GITHUB_CLIENT_SECRET` [[run-federated-identity-sample]] === Run the Sample * 运行认证服务器 -> `./gradlew -b samples/federated-identity-authorizationserver/samples-federated-identity-authorizationserver.gradle bootRun` * 运行资源服务器 -> `./gradlew -b samples/messages-resource/samples-messages-resource.gradle bootRun` * 运行客户端 -> `./gradlew -b samples/messages-client/samples-messages-client.gradle bootRun` * Go to `http://127.0.0.1:8080`