PS:此文章為系列文章肴敛,建議從第一篇開(kāi)始閱讀。
在之前的所有配置中医男,我們的客戶端信息和授權(quán)碼模式下的授權(quán)碼任然還是存儲(chǔ)在數(shù)據(jù)庫(kù)中的,這樣就不利于我們后期的擴(kuò)展刀森,所以在正式的生成環(huán)境中报账,我們一般將其存儲(chǔ)在數(shù)據(jù)庫(kù)中研底。
建表
首先透罢,根據(jù)OAuth官方給的數(shù)據(jù)庫(kù)建表實(shí)例創(chuàng)建相應(yīng)的表,這里我們只需要oauth_client_details和oauth_code
############################## oauth_client_details #############################
DROP TABLE IF EXISTS `oauth_client_details`;
CREATE TABLE `oauth_client_details`(
`client_id` varchar(255) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL COMMENT '客戶端標(biāo)
識(shí)',
`resource_ids` varchar(255) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL COMMENT '接入資源列表',
`client_secret` varchar(255) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL COMMENT '客戶端秘鑰',
`scope` varchar(255) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL,
`authorized_grant_types` varchar(255) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL,
`web_server_redirect_uri` varchar(255) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL,
`authorities` varchar(255) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL,
`access_token_validity` int(11) NULL DEFAULT NULL,
`refresh_token_validity` int(11) NULL DEFAULT NULL,
`additional_information` longtext CHARACTER SET utf8 COLLATE utf8_general_ci NULL,
`create_time` timestamp(0) NOT NULL DEFAULT CURRENT_TIMESTAMP(0) ON UPDATE CURRENT_TIMESTAMP(0),
`archived` tinyint(4) NULL DEFAULT NULL,
`trusted` tinyint(4) NULL DEFAULT NULL,
`autoapprove` varchar(255) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL,
PRIMARY KEY (`client_id`) USING BTREE
)ENGINE = InnoDB CHARACTER SET = utf8 COLLATE = utf8_general_ci COMMENT = '接入客戶端信息'
ROW_FORMAT = Dynamic;
INSERT INTO `oauth_client_details` VALUES ('dimples', 'res1',
'$2a$10$NlBC84MVb7F95EXYTXwLneXgCca6/GipyWR5NHm8K0203bSQMLpvm', 'all',
'client_credentials,password,authorization_code,implicit,refresh_token','http://www.baidu.com',
NULL,7200,259200,NULL,'2020-06-02 16:04:28',0,0,'false');
############################## oauth_code #################################
DROP TABLE IF EXISTS `oauth_code`;
CREATE TABLE `oauth_code`(
`create_time` timestamp(0) NOT NULL DEFAULT CURRENT_TIMESTAMP,
`code` varchar(255) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL,
`authentication` blob NULL,
INDEX `code_index`(`code`) USING BTREE
) ENGINE = InnoDB CHARACTER SET = utf8 COLLATE = utf8_general_ci ROW_FORMAT = Compact;
此處的client_secret是加密過(guò)后的秘鑰
image
注意:官方給的標(biāo)準(zhǔn)SQL建表語(yǔ)句的數(shù)據(jù)庫(kù)是HSQL朽寞,實(shí)際使用需要根據(jù)數(shù)據(jù)庫(kù)類型自己修改
修改認(rèn)證服務(wù)器
- 修改客戶端配置
@Resource
private DataSource dataSource;
// 新增
@Bean
public ClientDetailsService clientDetailsService(DataSource dataSource) {
ClientDetailsService clientDetailsService = new JdbcClientDetailsService(dataSource);
((JdbcClientDetailsService) clientDetailsService).setPasswordEncoder(passwordEncoder());
return clientDetailsService;
}
// 修改
@Override
public void configure(ClientDetailsServiceConfigurer clients)throws Exception{
clients.withClientDetails(clientDetailsService);
}
同時(shí)需要添加jdbc的依賴:
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-jdbc</artifactId>
</dependency>
- 修改授權(quán)碼存儲(chǔ)配置
// 修改
@Bean
public AuthorizationCodeServices authorizationCodeServices(DataSource dataSource) {
//設(shè)置授權(quán)碼模式的授權(quán)碼如何存取
return new JdbcAuthorizationCodeServices(dataSource);
}
擴(kuò)展
我們點(diǎn)開(kāi)JdbcClientDetailsService的源碼
public JdbcClientDetailsService(DataSource dataSource) {
this.updateClientDetailsSql = DEFAULT_UPDATE_STATEMENT;
this.updateClientSecretSql = "update oauth_client_details set client_secret = ? where client_id = ?";
this.insertClientDetailsSql = "insert into oauth_client_details (client_secret, resource_ids, scope, authorized_grant_types, web_server_redirect_uri, authorities, access_token_validity, refresh_token_validity, additional_information, autoapprove, client_id) values (?,?,?,?,?,?,?,?,?,?,?)";
this.selectClientDetailsSql = "select client_id, client_secret, resource_ids, scope, authorized_grant_types, web_server_redirect_uri, authorities, access_token_validity, refresh_token_validity, additional_information, autoapprove from oauth_client_details where client_id = ?";
this.passwordEncoder = NoOpPasswordEncoder.getInstance();
Assert.notNull(dataSource, "DataSource required");
this.jdbcTemplate = new JdbcTemplate(dataSource);
this.listFactory = new DefaultJdbcListFactory(new NamedParameterJdbcTemplate(this.jdbcTemplate));
}
通過(guò)上面的代碼喻频,我們可以發(fā)現(xiàn),實(shí)際上是源碼中已經(jīng)為我們寫好了對(duì)應(yīng)的增刪改查甥温,這也就意味著如果我們使用的數(shù)據(jù)庫(kù)的sql格式不支持膜宋,我們將無(wú)法獲取Token,那么我們?cè)趺唇鉀Q呢秋茫?官方也提供了方法:
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
JdbcClientDetailsService jdbcClientDetailsService = new JdbcClientDetailsService(dataSource);
jdbcClientDetailsService.setFindClientDetailsSql("");
clients.withClientDetails(jdbcClientDetailsService);
}
在配置客戶端信息的時(shí)候我們可以自定義SQL語(yǔ)句去替換默認(rèn)的。
