Build an OAuth2 authentication service using Spring Boot and Spring Security(2)

Posted on 2019-07-12 Edited on 2024-11-18 In Spring

第二篇也是很簡單先把帳號密碼放在記憶體吧

配置有兩種

yml

application-dev.yml

spring:
  security:
    user:
      name: 'sam'
      password: '1qaz2wsx'
      roles: 'ADMIN'

這樣就可以啟用 Basic Auth

測試

1
2
3

curl -X GET \
  http://localhost:8080 \
  -H 'Authorization: Basic c2FtOjFxYXoyd3N4'

這樣就可以拿到回應了.

JavaConfiguration

可以做更多細部調整

ServerSecurityConfiguration.java

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;

@Configuration
@EnableWebSecurity
public class MyWebSecurityConfigurer extends WebSecurityConfigurerAdapter {

    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.inMemoryAuthentication()
                .withUser("sam").password("{noop}1qaz2wsx").roles("USER")
                .and()
                .withUser("admin").password("{noop}password").roles("USER", "ADMIN");
        // 測試用 {noop} 表示明碼儲存
    }

    protected void configure(HttpSecurity http) throws Exception {
        http
                .authorizeRequests()
                .anyRequest()
                .authenticated()
                .and()
                .httpBasic();
    }
    
//    真的要用時需要用 Encoder 驗證密碼
//    @Bean
//    public PasswordEncoder passwordEncoder() {
//        return new BCryptPasswordEncoder();
//    }
}

測試

1
2
3

curl -X GET \
  http://localhost:8080 \
  -H 'Authorization: Basic c2FtOjFxYXoyd3N4'

一樣可以拿到資料

References

Spring REST + Spring Security Example

SAM的程式筆記由朱尚禮製作，以創用CC 姓名標示-非商業性-相同方式分享 4.0 國際授權條款釋出。