SpringBoot+SpringSecurity OAuth2 认证服务搭建实战
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
@Configuration
@EnableResourceServer
public class OAuth2ResourceServerConfig extends WebSecurityConfigurerAdapter {
@Override
public void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/api/public/**").permitAll()
.anyRequest().authenticated();
}
}
这段代码定义了一个OAuth2ResourceServerConfig
配置类,它扩展了WebSecurityConfigurerAdapter
并使用@EnableResourceServer
注解启用了资源服务器功能。在configure(HttpSecurity http)
方法中,我们配置了HTTP安全策略,允许对/api/public/
路径下的接口无需认证访问,对所有其他请求进行认证。这是构建OAuth2资源服务器的一个基本示例。
评论已关闭