{"id":150,"date":"2025-08-25T10:47:36","date_gmt":"2025-08-25T02:47:36","guid":{"rendered":"https:\/\/www.ychit.top\/?p=150"},"modified":"2025-09-04T14:52:48","modified_gmt":"2025-09-04T06:52:48","slug":"%e5%a6%82%e4%bd%95%e5%9c%a8-spring-boot-%e9%a1%b9%e7%9b%ae%e4%b8%ad%e5%ae%9e%e7%8e%b0%e5%af%b9-oauth2-%e7%9a%84%e6%94%af%e6%8c%81%ef%bc%8c%e4%bb%a5%e5%ae%9e%e7%8e%b0%e7%ac%ac%e4%b8%89%e6%96%b9","status":"publish","type":"post","link":"https:\/\/www.ychit.top\/?p=150","title":{"rendered":"\u5982\u4f55\u5728 Spring Boot \u9879\u76ee\u4e2d\u5b9e\u73b0\u5bf9 OAuth2 \u7684\u652f\u6301\uff0c\u4ee5\u5b9e\u73b0\u7b2c\u4e09\u65b9\u8ba4\u8bc1\u548c\u6388\u6743\uff1f"},"content":{"rendered":"\n<p>\u5728 Spring Boot \u9879\u76ee\u4e2d\u5b9e\u73b0 OAuth2 \u652f\u6301\u53ef\u901a\u8fc7 Spring Security OAuth2 \u6216 Spring Authorization Server \u5b9e\u73b0\u3002\u4ee5\u4e0b\u662f\u57fa\u4e8e Spring Security OAuth2 \u7684\u5b8c\u6574\u5b9e\u73b0\u65b9\u6848\uff1a<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>1. \u6dfb\u52a0\u4f9d\u8d56<\/strong><\/h3>\n\n\n\n<pre class=\"wp-block-code\"><code>&lt;!-- Spring Security OAuth2 \u5ba2\u6237\u7aef --&gt;\n&lt;dependency&gt;\n    &lt;groupId&gt;org.springframework.boot&lt;\/groupId&gt;\n    &lt;artifactId&gt;spring-boot-starter-oauth2-client&lt;\/artifactId&gt;\n&lt;\/dependency&gt;\n\n&lt;!-- Spring Security OAuth2 \u8d44\u6e90\u670d\u52a1\u5668\uff08\u53ef\u9009\uff0c\u4fdd\u62a4 API\uff09 --&gt;\n&lt;dependency&gt;\n    &lt;groupId&gt;org.springframework.boot&lt;\/groupId&gt;\n    &lt;artifactId&gt;spring-boot-starter-oauth2-resource-server&lt;\/artifactId&gt;\n&lt;\/dependency&gt;\n<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>2. \u914d\u7f6e OAuth2 \u5ba2\u6237\u7aef<\/strong><\/h3>\n\n\n\n<p>\u5728&nbsp;<code>application.properties<\/code>&nbsp;\u4e2d\u914d\u7f6e\u7b2c\u4e09\u65b9\u670d\u52a1\u63d0\u4f9b\u5546\uff08\u5982 GitHub\u3001Google\uff09\uff1a<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># \u542f\u7528 OAuth2 \u5ba2\u6237\u7aef\nspring.security.oauth2.client.registration.github.client-id=your-client-id\nspring.security.oauth2.client.registration.github.client-secret=your-client-secret\nspring.security.oauth2.client.registration.github.scope=read:user,user:email\n\n# Google \u914d\u7f6e\u793a\u4f8b\nspring.security.oauth2.client.registration.google.client-id=your-google-client-id\nspring.security.oauth2.client.registration.google.client-secret=your-google-client-secret\nspring.security.oauth2.client.registration.google.scope=openid,profile,email\n<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>3. \u914d\u7f6e\u5b89\u5168\u7b56\u7565<\/strong><\/h3>\n\n\n\n<pre class=\"wp-block-code\"><code>import org.springframework.context.annotation.Bean;\nimport org.springframework.context.annotation.Configuration;\nimport org.springframework.security.config.annotation.web.builders.HttpSecurity;\nimport org.springframework.security.web.SecurityFilterChain;\n\n@Configuration\npublic class SecurityConfig {\n\n    @Bean\n    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {\n        http\n            .authorizeRequests(authorize -&gt; authorize\n                .antMatchers(\"\/\", \"\/login\").permitAll()  \/\/ \u516c\u5f00\u8def\u5f84\n                .anyRequest().authenticated()            \/\/ \u5176\u4ed6\u8def\u5f84\u9700\u8981\u8ba4\u8bc1\n            )\n            .oauth2Login(oauth2 -&gt; oauth2\n                .loginPage(\"\/login\")                   \/\/ \u81ea\u5b9a\u4e49\u767b\u5f55\u9875\n                .defaultSuccessUrl(\"\/dashboard\")       \/\/ \u767b\u5f55\u6210\u529f\u540e\u8df3\u8f6c\n                .failureUrl(\"\/login?error\")            \/\/ \u767b\u5f55\u5931\u8d25\u540e\u8df3\u8f6c\n            )\n            .logout(logout -&gt; logout\n                .logoutSuccessUrl(\"\/\")                 \/\/ \u767b\u51fa\u540e\u8df3\u8f6c\n                .invalidateHttpSession(true)\n                .deleteCookies(\"JSESSIONID\")\n            );\n        \n        return http.build();\n    }\n}\n<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>4. \u83b7\u53d6\u7528\u6237\u4fe1\u606f<\/strong><\/h3>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>\u65b9\u5f0f1\uff1a\u4f7f\u7528&nbsp;<code>OAuth2AuthenticationToken<\/code><\/strong><\/h4>\n\n\n\n<pre class=\"wp-block-code\"><code>import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken;\nimport org.springframework.web.bind.annotation.GetMapping;\nimport org.springframework.web.bind.annotation.RestController;\n\nimport java.util.Map;\n\n@RestController\npublic class UserController {\n\n    @GetMapping(\"\/user\")\n    public Map&lt;String, Object&gt; getUserInfo(OAuth2AuthenticationToken authentication) {\n        \/\/ \u83b7\u53d6\u7528\u6237\u5c5e\u6027\uff08\u4e0d\u540c\u63d0\u4f9b\u5546\u5b57\u6bb5\u53ef\u80fd\u4e0d\u540c\uff09\n        return authentication.getPrincipal().getAttributes();\n    }\n}\n<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>\u65b9\u5f0f2\uff1a\u4f7f\u7528&nbsp;<code>@AuthenticationPrincipal<\/code>&nbsp;\u6ce8\u89e3<\/strong><\/h4>\n\n\n\n<pre class=\"wp-block-code\"><code>import org.springframework.security.oauth2.core.user.OAuth2User;\nimport org.springframework.web.bind.annotation.GetMapping;\nimport org.springframework.web.bind.annotation.RestController;\n\n@RestController\npublic class UserController {\n\n    @GetMapping(\"\/user\")\n    public OAuth2User getUser(@AuthenticationPrincipal OAuth2User oauth2User) {\n        return oauth2User;\n    }\n}\n<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>5. \u81ea\u5b9a\u4e49\u7528\u6237\u4fe1\u606f\u6620\u5c04<\/strong><\/h3>\n\n\n\n<p>\u5904\u7406\u4e0d\u540c\u63d0\u4f9b\u5546\u7684\u7528\u6237\u4fe1\u606f\u7ed3\u6784\u5dee\u5f02\uff1a<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>import org.springframework.context.annotation.Bean;\nimport org.springframework.context.annotation.Configuration;\nimport org.springframework.security.oauth2.client.userinfo.DefaultOAuth2UserService;\nimport org.springframework.security.oauth2.client.userinfo.OAuth2UserRequest;\nimport org.springframework.security.oauth2.core.OAuth2AuthenticationException;\nimport org.springframework.security.oauth2.core.user.OAuth2User;\n\n@Configuration\npublic class OAuth2Config {\n\n    @Bean\n    public DefaultOAuth2UserService userService() {\n        DefaultOAuth2UserService service = new DefaultOAuth2UserService();\n        \n        \/\/ \u81ea\u5b9a\u4e49\u7528\u6237\u4fe1\u606f\u6620\u5c04\n        service.setUserInfoExtractors(extractors -&gt; {\n            extractors.put(\"github\", this::extractGithubUser);\n            extractors.put(\"google\", this::extractGoogleUser);\n            \/\/ \u53ef\u6dfb\u52a0\u66f4\u591a\u63d0\u4f9b\u5546\n        });\n        \n        return service;\n    }\n\n    private OAuth2User extractGithubUser(OAuth2UserRequest userRequest) {\n        \/\/ \u5904\u7406 GitHub \u7279\u5b9a\u7684\u7528\u6237\u4fe1\u606f\n        return service.loadUser(userRequest);\n    }\n\n    private OAuth2User extractGoogleUser(OAuth2UserRequest userRequest) {\n        \/\/ \u5904\u7406 Google \u7279\u5b9a\u7684\u7528\u6237\u4fe1\u606f\n        return service.loadUser(userRequest);\n    }\n}\n<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>6. \u4fdd\u62a4 API\uff08\u8d44\u6e90\u670d\u52a1\u5668\uff09<\/strong><\/h3>\n\n\n\n<p>\u914d\u7f6e\u9879\u76ee\u4f5c\u4e3a\u8d44\u6e90\u670d\u52a1\u5668\uff1a<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># \u914d\u7f6e JWT \u9a8c\u8bc1\nspring.security.oauth2.resourceserver.jwt.issuer-uri=https:\/\/your-auth-server.com\n<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>@Configuration\npublic class ResourceServerConfig {\n\n    @Bean\n    public SecurityFilterChain resourceServerFilterChain(HttpSecurity http) throws Exception {\n        http\n            .authorizeRequests(authorize -&gt; authorize\n                .antMatchers(\"\/public\").permitAll()\n                .anyRequest().authenticated()\n            )\n            .oauth2ResourceServer(oauth2 -&gt; oauth2\n                .jwt()  \/\/ \u4f7f\u7528 JWT \u9a8c\u8bc1\n            );\n        \n        return http.build();\n    }\n}\n<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>7. \u81ea\u5b9a\u4e49\u767b\u5f55\u9875\u9762<\/strong><\/h3>\n\n\n\n<p>\u521b\u5efa&nbsp;<code>login.html<\/code>\uff1a<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>&lt;!DOCTYPE html&gt;\n&lt;html&gt;\n&lt;head&gt;\n    &lt;title&gt;Login&lt;\/title&gt;\n&lt;\/head&gt;\n&lt;body&gt;\n    &lt;h2&gt;Login with OAuth2&lt;\/h2&gt;\n    &lt;a href=\"\/oauth2\/authorization\/github\"&gt;Login with GitHub&lt;\/a&gt;\n    &lt;a href=\"\/oauth2\/authorization\/google\"&gt;Login with Google&lt;\/a&gt;\n&lt;\/body&gt;\n&lt;\/html&gt;\n<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>8. \u591a\u63d0\u4f9b\u5546\u652f\u6301<\/strong><\/h3>\n\n\n\n<p>\u5728\u914d\u7f6e\u6587\u4ef6\u4e2d\u6dfb\u52a0\u591a\u4e2a\u63d0\u4f9b\u5546\uff1a<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># Facebook \u914d\u7f6e\nspring.security.oauth2.client.registration.facebook.client-id=your-facebook-id\nspring.security.oauth2.client.registration.facebook.client-secret=your-facebook-secret\nspring.security.oauth2.client.registration.facebook.scope=email,public_profile\n<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>9. \u6d4b\u8bd5 OAuth2 \u96c6\u6210<\/strong><\/h3>\n\n\n\n<pre class=\"wp-block-code\"><code>import org.junit.jupiter.api.Test;\nimport org.springframework.beans.factory.annotation.Autowired;\nimport org.springframework.boot.test.autoconfigure.web.servlet.WebMvcTest;\nimport org.springframework.security.test.context.support.WithMockUser;\nimport org.springframework.test.web.servlet.MockMvc;\n\nimport static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;\nimport static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;\n\n@WebMvcTest(UserController.class)\npublic class UserControllerTest {\n\n    @Autowired\n    private MockMvc mockMvc;\n\n    @Test\n    @WithMockUser\n    public void testAuthenticatedUser() throws Exception {\n        mockMvc.perform(get(\"\/user\"))\n            .andExpect(status().isOk());\n    }\n}\n<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>10. \u6ce8\u610f\u4e8b\u9879<\/strong><\/h3>\n\n\n\n<ol class=\"wp-block-list\">\n<li><strong>\u6ce8\u518c\u5e94\u7528<\/strong>\uff1a\u9700\u5728\u5404\u63d0\u4f9b\u5546\uff08GitHub\u3001Google \u7b49\uff09\u540e\u53f0\u6ce8\u518c\u5e94\u7528\uff0c\u83b7\u53d6 Client ID \u548c Secret\u3002<\/li>\n\n\n\n<li><strong>\u91cd\u5b9a\u5411 URI<\/strong>\uff1a\u786e\u4fdd\u56de\u8c03 URL \u4e0e\u63d0\u4f9b\u5546\u914d\u7f6e\u4e00\u81f4\uff08\u5982\u00a0<code>http:\/\/localhost:8080\/login\/oauth2\/code\/github<\/code>\uff09\u3002<\/li>\n\n\n\n<li><strong>\u72b6\u6001\u9a8c\u8bc1<\/strong>\uff1aSpring Security \u81ea\u52a8\u5904\u7406 CSRF \u548c\u72b6\u6001\u9a8c\u8bc1\uff0c\u9632\u6b62\u653b\u51fb\u3002<\/li>\n\n\n\n<li><strong>\u5237\u65b0\u4ee4\u724c<\/strong>\uff1a\u5bf9\u4e8e\u957f\u671f\u8bbf\u95ee\uff0c\u9700\u5904\u7406\u5237\u65b0\u4ee4\u724c\u903b\u8f91\uff08\u53ef\u901a\u8fc7\u00a0<code>OAuth2AuthorizedClientService<\/code>\uff09\u3002<\/li>\n<\/ol>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>\u603b\u7ed3<\/strong><\/h3>\n\n\n\n<p>\u901a\u8fc7 Spring Security OAuth2 \u5ba2\u6237\u7aef\uff0c\u53ef\u8f7b\u677e\u5b9e\u73b0\u7b2c\u4e09\u65b9\u8ba4\u8bc1\u548c\u6388\u6743\uff0c\u4e3b\u8981\u6b65\u9aa4\u5305\u62ec\uff1a\u914d\u7f6e\u63d0\u4f9b\u5546\u4fe1\u606f\u3001\u5b9a\u4e49\u5b89\u5168\u7b56\u7565\u3001\u83b7\u53d6\u548c\u5904\u7406\u7528\u6237\u4fe1\u606f\u3002\u5982\u9700\u4fdd\u62a4 API\uff0c\u53ef\u540c\u65f6\u914d\u7f6e\u8d44\u6e90\u670d\u52a1\u5668\u3002\u8fd9\u79cd\u65b9\u5f0f\u4f7f\u5e94\u7528\u80fd\u591f\u65e0\u7f1d\u96c6\u6210 GitHub\u3001Google \u7b49\u8eab\u4efd\u63d0\u4f9b\u5546\uff0c\u63d0\u4f9b\u66f4\u597d\u7684\u7528\u6237\u4f53\u9a8c\u3002<\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u5728 Spring Boot \u9879\u76ee\u4e2d\u5b9e\u73b0  [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[22],"tags":[23,24,25],"class_list":["post-150","post","type-post","status-publish","format-standard","hentry","category-itnews","tag-java","tag-spring","tag-springboot"],"_links":{"self":[{"href":"https:\/\/www.ychit.top\/index.php?rest_route=\/wp\/v2\/posts\/150","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ychit.top\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ychit.top\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ychit.top\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ychit.top\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=150"}],"version-history":[{"count":2,"href":"https:\/\/www.ychit.top\/index.php?rest_route=\/wp\/v2\/posts\/150\/revisions"}],"predecessor-version":[{"id":154,"href":"https:\/\/www.ychit.top\/index.php?rest_route=\/wp\/v2\/posts\/150\/revisions\/154"}],"wp:attachment":[{"href":"https:\/\/www.ychit.top\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=150"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ychit.top\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=150"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ychit.top\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=150"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}