Spring Authorization Server入门 Spring Boot整合Spring Authorization Server

import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.context.annotation.Bean;
import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity;
import org.springframework.security.config.web.server.ServerHttpSecurity;
import org.springframework.security.web.server.SecurityWebFilterChain;
 
@SpringBootApplication
@EnableWebFluxSecurity
public class AuthorizationServerApplication {
 
    public static void main(String[] args) {
        SpringApplication.run(AuthorizationServerApplication.class, args);
    }
 
    @Bean
    public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
        http
            // @formatter:off
            .authorizeExchange(exchanges ->
                exchanges
                    .pathMatchers("/actuator/**").permitAll()
                    .pathMatchers("/oauth2/register").permitAll()
                    .pathMatchers("/oauth2/token").permitAll()
                    .pathMatchers("/oauth2/introspect").permitAll()
                    .pathMatchers("/oauth2/revoke").permitAll()
                    .pathMatchers("/login").permitAll()
                    .pathMatchers("/logout").permitAll()
                    .anyExchange().authenticated()
            )
            // @formatter:on
            .httpBasic(withDefaults())
            .formLogin(formLogin -> formLogin.loginPage("/login"));
        // @formatter:off
 
        return http.build();
    }
}

这段代码演示了如何在Spring Boot应用中使用Spring Security配置一个简单的认证服务器。代码中定义了路由匹配规则，允许某些端点公开访问，同时要求其余端点需要认证。还配置了基本认证和表单登录。注释被用于保持配置的可读性。