spring Security4 和 oauth2整合 注解+xml混合使用（替换6位的授权码）

spring Security4 和 oauth2整合替换6位的授权码

git地址：https://gitee.com/xiaoyaofeiyang/OauthUmp

spring Security4 和 oauth2整合 注解+xml混合使用（基础运行篇）
spring Security4 和 oauth2整合 注解+xml混合使用（进阶篇）
spring Security4 和 oauth2整合 注解+xml混合使用（授权码篇）
spring Security4 和 oauth2整合 注解+xml混合使用（注意事项篇）
spring Security4 和 oauth2整合 注解+xml混合使用（替换6位的授权码）
spring Security4 和 oauth2整合 注解+xml混合使用（替换用户名密码认证）
spring Security4 和 oauth2整合 注解+xml混合使用（验证码等额外数据验证）

InMemoryAuthorizationCodeServices

InMemoryAuthorizationCodeServices是spring oauth2生成授权码code的bean，这个是new出来的，所以我们不能通过自定义bean去替换，默认是生成6位的code。但是还是可以替换的。

自定义InMemoryAuthorizationCodeServices

生成16位code，这里我是通过xml配置了bean，方便替换，也可以用@Component，我这里没去试。

<bean id="authorizationCodeServices"        class="com.ump.oauth.part.InMemoryAuthorizationCodeServices">    </bean>

package com.ump.oauth.part;import java.util.concurrent.ConcurrentHashMap;import org.springframework.security.oauth2.common.util.RandomValueStringGenerator;import org.springframework.security.oauth2.provider.OAuth2Authentication;import org.springframework.security.oauth2.provider.code.RandomValueAuthorizationCodeServices;public class InMemoryAuthorizationCodeServices extends RandomValueAuthorizationCodeServices{    protected final ConcurrentHashMap<String, OAuth2Authentication> authorizationCodeStore = new ConcurrentHashMap<String, OAuth2Authentication>();    private RandomValueStringGenerator generator = new RandomValueStringGenerator(16);    @Override    protected void store(String code, OAuth2Authentication authentication) {        this.authorizationCodeStore.put(code, authentication);    }    @Override    public OAuth2Authentication remove(String code) {        OAuth2Authentication auth = this.authorizationCodeStore.remove(code);        return auth;    }    @Override    public String createAuthorizationCode(OAuth2Authentication authentication) {        String code = generator.generate();        store(code, authentication);        return code;    }}

认证配置

AuthorizationServerConfiguration中配置AuthorizationServerEndpointsConfigurer有设置authorizationCodeServices的方法。就是一个autowired和endpoints.authorizationCodeServices(authorizationCodeServices);即可。

package com.ump.oauth.config;import org.springframework.beans.factory.annotation.Autowired;import org.springframework.beans.factory.annotation.Qualifier;import org.springframework.context.annotation.Bean;import org.springframework.context.annotation.Configuration;import org.springframework.security.authentication.AuthenticationManager;import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;import org.springframework.security.oauth2.provider.ClientDetailsService;import org.springframework.security.oauth2.provider.approval.UserApprovalHandler;import org.springframework.security.oauth2.provider.code.AuthorizationCodeServices;import org.springframework.security.oauth2.provider.token.TokenStore;@Configuration@EnableAuthorizationServerpublic class AuthorizationServerConfiguration extends AuthorizationServerConfigurerAdapter {    private static String REALM = "MY_OAUTH_REALM";    @Autowired    private TokenStore tokenStore;    @Autowired    @Qualifier("myClientDetailsService")     private ClientDetailsService clientDetailsService;    @Autowired    private UserApprovalHandler userApprovalHandler;    @Autowired    @Qualifier("authenticationManagerBean")    private AuthenticationManager authenticationManager;    @Autowired    @Qualifier("authorizationCodeServices")    private AuthorizationCodeServices authorizationCodeServices;    @Override    public void configure(ClientDetailsServiceConfigurer clients) throws Exception {        clients.withClientDetails(clientDetailsService);    }    @Override    public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {        endpoints.tokenStore(tokenStore).userApprovalHandler(userApprovalHandler)                .authenticationManager(authenticationManager);        endpoints.authorizationCodeServices(authorizationCodeServices);    }    @Override    public void configure(AuthorizationServerSecurityConfigurer oauthServer) throws Exception {        oauthServer.allowFormAuthenticationForClients();        oauthServer.realm(REALM + "/client");    }}