克隆/下载
贡献代码
同步代码
取消
提示: 由于 Git 不支持空文件夾,创建文件夹后会生成空的 .keep 文件
Loading...
README
Apache-2.0

1. 简介

这是一个简单的OAuth2.0的服务器,实现了OAuth 2.0的四种通用授权方式,可以用于应用的统一单点登录、权限控制。

项目提供了相应的客户端、web filter、网关组件,实现应用的分布式和集中式权限控制,并给出各种场景下的使用样例,包括,

  • 纯前端项目(jquery)
  • 后端web服务
  • 前后端分离项目
  • 等等

方便应用开发快速对接。

2. 为什么有这个项目

OAuth 2.0作为一个业界的授权代理模式,已经有广泛的应用。其在业界有很多较好的实现,无论是spring security/shiro,还是keycloak/gravitee/mitreid connect等等,都是非常不错并值得借鉴的授权应用框架。但是,我们希望在如下方面能够有更好的功能支持,

  • 简单的技术框架,更好的扩展点(identity provider/token issue/security control),支持高可用、高并发场景
  • 可以应用于纯前端项目、纯后端项目、后端Web项目、前后端分离项目,提供最佳实践
  • 提供简单的java客户端、spring filter、网关组件,实现应用的分布式权限控制和集中式权限控制
  • 颁发Jwt Token,里面的信息内容可以自定义填充和解析,支持单向解密

这也是这个项目的源起。

更多授权应用框架的功能对比见下面。

3. 和其它授权应用框架的比较

keycloak gravitee spring security mitreid connect 本项目
授权方式 oidc + oauth2 + saml + exchange oidc + oauth2 oauth2 oidc + oauth2 oauth2
Token的颁发实现 自定义 Spring Authorization Server + 自定义oidc实现 Spring Authorization Server Spring Authorization Server + 自定义token颁发 自定义token颁发
Token类别 JWT JWT UUID JWT JWT
Token单向解密 支持 不支持 不支持 不支持 支持(待实现)
权限控制 java web filter java web filter spring filter chain spring filter chain spring filter chain
认证源 ldap + db + social(oauth2) ldap + db + social(oauth2) ldap + db + social(oauth2) ldap + db
扩展插件机制 java spi 自定义spi spring aop + filter configurer spring bean
客户端支持 前端+后端(丰富的adapter) spring security - resource server 自定义 自定义
是否有域控 有(realm) 有(domain) 有(domain)
主要应用场景 单点登录(adapter),用户访问控制 api访问控制 单纯的oauth2 单纯的oidc+oauth2 单点登录和api访问控制

表格中,

  • OIDC是OpenID Connect的简称,由OpenID Foundation发布的一个基于OAuth 2.0上的认证开放标准,其包含一个核心的规范和多个可选的规范实现。
  • oauth2是指OAuth 2.0的授权框架,其主要定义了四种授权方式的规范实现。
  • Spring Authorization Server是指Spring Security OAuth2.0提供的OAuth2.0服务器实现。

4. 环境准备

请使用JDK8 + Maven3 + Node 6.9.1 + Mysql。

5. 项目代码结构和构建

本项目采用前后端分离技术,

  • 前端使用vue + vue router + vuex + #lement UI
  • 后端使用spring boot web

5.1 项目代码结构

- README.md
- LICENSE
+ oauth-core (公共类库)
+ oauth-server OAuth2后端服务
+ oauth-front  OAuth2前端服务
+ oauth-client 客户端、提供Java Client和Spring Fitler等对接类库,方便应用接入
  + oauth-java-client java客户端,用于访问OAuth Api接口,实现获取和刷新授权令牌等操作
  + oauth-spring-web-filter 分布式权限控制(filter)
  + oauth-spring-boot-autoconfigure 实现相关组件的spring boot自动配置,主要包括java client和 web filter。
  + oauth-spring-boot-websupport 提供通用的后端controller接口,方便token的获取、刷新、吊销等操作
  + oauth-gateway 通过Spring Zuul实现简单的集中式权限控制网关(待实现)
+ sample 演示项目
  + demo-front-jquery 纯前端项目,使用OAuth2.0 implicit Grant方式,演示登录功能
  + demo-front-vue 前端使用vue框架,后端使用express服务器,使用OAuth2.0 Authorization Code Grant方式,演示用户登录功能
  + demo-spring-boot-web 使用spring web开发一个web服务,后端提供静态页面,使用OAuth2.0 Resource Owner Credential Grant方式,演示用户登录功能
  + demo-front-vue-spring-boot-web (authorization code + spring web) 前后端分离,前端使用vue框架,后端使用spring boot开发web服务,使用OAuth2.0 Authorization Code Grant授权方式,演示用户登录功能
  + demo-web-service (client credential + spring web) 纯后端项目,使用OAuth2.0 Client Credential Grant授权方式,演示后端服务之间的api接口调用
    + resource-server 资源服务器
    + resource-client 访问资源服务器的一个应用
+ docs 项目文档
  - arch design 项目架构等相关PPT演示文档

5.2 项目构建

整个项目主要分前后端的构建,下面给出简单的步骤,更详细的构建步骤请参考各个项目的README文件。

5.2.1 前端构建

  1. 使用nodejs 6.9.1进行构建
  2. 构建命令
npm run build
  1. 开发运行命令
npm run build

5.2.2 后端构建

  1. 使用JDk 8 + Maven 3.3.9 + MySQL
  2. 构建命令
mvn clean package
  1. 运行命令
java -jar oauth-0.0.1-SNAPSHOT.jar
  1. 设置项目版本
mvn versions:set -DnewVersion=1.0.1-SNAPSHOT

6. 一分钟快速入门 Getting Started

TBD

7. 演示使用

在演示之前,请启动OAuth应用前后端web服务。

演示项目结构如下,

样例项目 前端框架 后端框架 OAuth2.0授权方式 前端服务端口 后端服务端口
demo-front-jquery 纯前端 Implicit Grant 9001
demo-front-vue 前端vue框架 + express服务器 Authorization Code Grant 9002
demo-web-service 后端spring框架 + 后端静态页面 Client Credential Grant 9003/9004
demo-spring-boot-web 后端spring框架 + 后端静态登录页面 Resource Owner Credential Grant 9005
demo-front-vue-spring-boot-web 前端vue框架 + express服务器 后端spring框架 Authorization Code Grant 9006 9007

更详细的演示说明,请进入各个演示项目,阅读各项目里的README文件进行下一步的演示。

8. 注意事项

在使用Java 9来运行OAuth2后端服务,发现会出现如下报错信息,

Caused by: java.lang.ClassNotFoundException: javax.xml.bind.JAXBException
        at java.base/java.net.URLClassLoader.findClass(Unknown Source) ~[na:na]
        at java.base/java.lang.ClassLoader.loadClass(Unknown Source) ~[na:na]
        at org.springframework.boot.loader.LaunchedURLClassLoader.loadClass(LaunchedURLClassLoader.java:94) ~[oauth-server-1.0-SNAPSHOT.jar:1.0-SNAPSHOT]
        at java.base/java.lang.ClassLoader.loadClass(Unknown Source) ~[na:na]
        ... 34 common frames omitted

为了这是由于Java 9中引入了模块化功能,javax.xml.bind不再是java核心运行类库,详细请查看这个文章

为了解决这个问题,可以在pom.xml文件中添加如下依赖,

<dependency>
   <groupId>javax.xml.bind</groupId>
   <artifactId>jaxb-api</artifactId>
   <version>2.3.0</version>
</dependency>

9. 联系 Contact

邮箱地址:peipeihh@qq.com。

更多关于OAuth2.0的介绍,可以参考我的博文《OAuth2授权协议简介》

10. 开源许可协议 License

Apache License 2.0

Apache License Version 2.0, January 2004 http://www.apache.org/licenses/ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 1. Definitions. "License" shall mean the terms and conditions for use, reproduction, and distribution as defined by Sections 1 through 9 of this document. "Licensor" shall mean the copyright owner or entity authorized by the copyright owner that is granting the License. "Legal Entity" shall mean the union of the acting entity and all other entities that control, are controlled by, or are under common control with that entity. For the purposes of this definition, "control" means (i) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the outstanding shares, or (iii) beneficial ownership of such entity. "You" (or "Your") shall mean an individual or Legal Entity exercising permissions granted by this License. "Source" form shall mean the preferred form for making modifications, including but not limited to software source code, documentation source, and configuration files. "Object" form shall mean any form resulting from mechanical transformation or translation of a Source form, including but not limited to compiled object code, generated documentation, and conversions to other media types. "Work" shall mean the work of authorship, whether in Source or Object form, made available under the License, as indicated by a copyright notice that is included in or attached to the work (an example is provided in the Appendix below). "Derivative Works" shall mean any work, whether in Source or Object form, that is based on (or derived from) the Work and for which the editorial revisions, annotations, elaborations, or other modifications represent, as a whole, an original work of authorship. For the purposes of this License, Derivative Works shall not include works that remain separable from, or merely link (or bind by name) to the interfaces of, the Work and Derivative Works thereof. "Contribution" shall mean any work of authorship, including the original version of the Work and any modifications or additions to that Work or Derivative Works thereof, that is intentionally submitted to Licensor for inclusion in the Work by the copyright owner or by an individual or Legal Entity authorized to submit on behalf of the copyright owner. For the purposes of this definition, "submitted" means any form of electronic, verbal, or written communication sent to the Licensor or its representatives, including but not limited to communication on electronic mailing lists, source code control systems, and issue tracking systems that are managed by, or on behalf of, the Licensor for the purpose of discussing and improving the Work, but excluding communication that is conspicuously marked or otherwise designated in writing by the copyright owner as "Not a Contribution." "Contributor" shall mean Licensor and any individual or Legal Entity on behalf of whom a Contribution has been received by Licensor and subsequently incorporated within the Work. 2. Grant of Copyright License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare Derivative Works of, publicly display, publicly perform, sublicense, and distribute the Work and such Derivative Works in Source or Object form. 3. Grant of Patent License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable (except as stated in this section) patent license to make, have made, use, offer to sell, sell, import, and otherwise transfer the Work, where such license applies only to those patent claims licensable by such Contributor that are necessarily infringed by their Contribution(s) alone or by combination of their Contribution(s) with the Work to which such Contribution(s) was submitted. If You institute patent litigation against any entity (including a cross-claim or counterclaim in a lawsuit) alleging that the Work or a Contribution incorporated within the Work constitutes direct or contributory patent infringement, then any patent licenses granted to You under this License for that Work shall terminate as of the date such litigation is filed. 4. Redistribution. You may reproduce and distribute copies of the Work or Derivative Works thereof in any medium, with or without modifications, and in Source or Object form, provided that You meet the following conditions: You must give any other recipients of the Work or Derivative Works a copy of this License; and You must cause any modified files to carry prominent notices stating that You changed the files; and You must retain, in the Source form of any Derivative Works that You distribute, all copyright, patent, trademark, and attribution notices from the Source form of the Work, excluding those notices that do not pertain to any part of the Derivative Works; and If the Work includes a "NOTICE" text file as part of its distribution, then any Derivative Works that You distribute must include a readable copy of the attribution notices contained within such NOTICE file, excluding those notices that do not pertain to any part of the Derivative Works, in at least one of the following places: within a NOTICE text file distributed as part of the Derivative Works; within the Source form or documentation, if provided along with the Derivative Works; or, within a display generated by the Derivative Works, if and wherever such third-party notices normally appear. The contents of the NOTICE file are for informational purposes only and do not modify the License. You may add Your own attribution notices within Derivative Works that You distribute, alongside or as an addendum to the NOTICE text from the Work, provided that such additional attribution notices cannot be construed as modifying the License. You may add Your own copyright statement to Your modifications and may provide additional or different license terms and conditions for use, reproduction, or distribution of Your modifications, or for any such Derivative Works as a whole, provided Your use, reproduction, and distribution of the Work otherwise complies with the conditions stated in this License. 5. Submission of Contributions. Unless You explicitly state otherwise, any Contribution intentionally submitted for inclusion in the Work by You to the Licensor shall be under the terms and conditions of this License, without any additional terms or conditions. Notwithstanding the above, nothing herein shall supersede or modify the terms of any separate license agreement you may have executed with Licensor regarding such Contributions. 6. Trademarks. This License does not grant permission to use the trade names, trademarks, service marks, or product names of the Licensor, except as required for reasonable and customary use in describing the origin of the Work and reproducing the content of the NOTICE file. 7. Disclaimer of Warranty. Unless required by applicable law or agreed to in writing, Licensor provides the Work (and each Contributor provides its Contributions) on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are solely responsible for determining the appropriateness of using or redistributing the Work and assume any risks associated with Your exercise of permissions under this License. 8. Limitation of Liability. In no event and under no legal theory, whether in tort (including negligence), contract, or otherwise, unless required by applicable law (such as deliberate and grossly negligent acts) or agreed to in writing, shall any Contributor be liable to You for damages, including any direct, indirect, special, incidental, or consequential damages of any character arising as a result of this License or out of the use or inability to use the Work (including but not limited to damages for loss of goodwill, work stoppage, computer failure or malfunction, or any and all other commercial damages or losses), even if such Contributor has been advised of the possibility of such damages. 9. Accepting Warranty or Additional Liability. While redistributing the Work or Derivative Works thereof, You may choose to offer, and charge a fee for, acceptance of support, warranty, indemnity, or other liability obligations and/or rights consistent with this License. However, in accepting such obligations, You may act only on Your own behalf and on Your sole responsibility, not on behalf of any other Contributor, and only if You agree to indemnify, defend, and hold each Contributor harmless for any liability incurred by, or claims asserted against, such Contributor by reason of your accepting any such warranty or additional liability. END OF TERMS AND CONDITIONS APPENDIX: How to apply the Apache License to your work To apply the Apache License to your work, attach the following boilerplate notice, with the fields enclosed by brackets "{}" replaced with your own identifying information. (Don't include the brackets!) The text should be enclosed in the appropriate comment syntax for the file format. We also recommend that a file or class name and description of purpose be included on the same "printed page" as the copyright notice for easier identification within third-party archives. Copyright 2018 peipeihh Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

简介

一个简单oauth2应用服务,为第三方应用提供用户登录和授权。 展开 收起
Java
Apache-2.0
取消

发行版

暂无发行版

贡献者

全部

近期动态

不能加载更多了
马建仓 AI 助手
尝试更多
代码解读
代码找茬
代码优化