diff --git a/basic-properties/src/main/java/ink/wgink/properties/ServerProperties.java b/basic-properties/src/main/java/ink/wgink/properties/ServerProperties.java index 6306cb96..2445e530 100644 --- a/basic-properties/src/main/java/ink/wgink/properties/ServerProperties.java +++ b/basic-properties/src/main/java/ink/wgink/properties/ServerProperties.java @@ -7,8 +7,8 @@ import org.springframework.stereotype.Component; * When you feel like quitting. Think about why you started * 当你想要放弃的时候,想想当初你为何开始 * - * @ClassName: SystemProperties - * @Description: 系统配置 + * @ClassName: ServerProperties + * @Description: 服务配置 * @Author: WangGeng * @Date: 2019/9/3 10:14 上午 * @Version: 1.0 diff --git a/basic-properties/src/main/java/ink/wgink/properties/oauth2/client/OAuth2ClientProperties.java b/basic-properties/src/main/java/ink/wgink/properties/oauth2/client/OAuth2ClientProperties.java new file mode 100644 index 00000000..5369c3e1 --- /dev/null +++ b/basic-properties/src/main/java/ink/wgink/properties/oauth2/client/OAuth2ClientProperties.java @@ -0,0 +1,96 @@ +package ink.wgink.properties.oauth2.client; + +import org.springframework.boot.context.properties.ConfigurationProperties; +import org.springframework.stereotype.Component; + +/** + * @ClassName: OAuth2ClientProperties + * @Description: OAuth2客户端配置 + * @Author: wanggeng + * @Date: 2021/9/16 2:38 下午 + * @Version: 1.0 + */ +@Component +@ConfigurationProperties(prefix = "security.oauth2") +public class OAuth2ClientProperties { + + private String oauth2Server; + private String oauth2Logout; + private ClientProperties client; + + public String getOauth2Server() { + return oauth2Server == null ? "" : oauth2Server.trim(); + } + + public void setOauth2Server(String oauth2Server) { + this.oauth2Server = oauth2Server; + } + + public String getOauth2Logout() { + return oauth2Logout == null ? "" : oauth2Logout.trim(); + } + + public void setOauth2Logout(String oauth2Logout) { + this.oauth2Logout = oauth2Logout; + } + + public ClientProperties getClient() { + return client; + } + + public void setClient(ClientProperties client) { + this.client = client; + } + + @Component + @ConfigurationProperties(prefix = "security.oauth2.client") + private static class ClientProperties { + private String clientId; + private String clientSecret; + private String userAuthorizationUri; + private String accessTokenUri; + private String grantType; + + public String getClientId() { + return clientId == null ? "" : clientId.trim(); + } + + public void setClientId(String clientId) { + this.clientId = clientId; + } + + public String getClientSecret() { + return clientSecret == null ? "" : clientSecret.trim(); + } + + public void setClientSecret(String clientSecret) { + this.clientSecret = clientSecret; + } + + public String getUserAuthorizationUri() { + return userAuthorizationUri == null ? "" : userAuthorizationUri.trim(); + } + + public void setUserAuthorizationUri(String userAuthorizationUri) { + this.userAuthorizationUri = userAuthorizationUri; + } + + public String getAccessTokenUri() { + return accessTokenUri == null ? "" : accessTokenUri.trim(); + } + + public void setAccessTokenUri(String accessTokenUri) { + this.accessTokenUri = accessTokenUri; + } + + public String getGrantType() { + return grantType == null ? "" : grantType.trim(); + } + + public void setGrantType(String grantType) { + this.grantType = grantType; + } + } + + +} diff --git a/basic-properties/src/main/java/ink/wgink/properties/ClientServerProperties.java b/basic-properties/src/main/java/ink/wgink/properties/oauth2/client/OAuth2ClientServerProperties.java similarity index 89% rename from basic-properties/src/main/java/ink/wgink/properties/ClientServerProperties.java rename to basic-properties/src/main/java/ink/wgink/properties/oauth2/client/OAuth2ClientServerProperties.java index 2eda6013..66252b8f 100644 --- a/basic-properties/src/main/java/ink/wgink/properties/ClientServerProperties.java +++ b/basic-properties/src/main/java/ink/wgink/properties/oauth2/client/OAuth2ClientServerProperties.java @@ -1,4 +1,4 @@ -package ink.wgink.properties; +package ink.wgink.properties.oauth2.client; import org.springframework.boot.context.properties.ConfigurationProperties; import org.springframework.stereotype.Component; @@ -7,15 +7,15 @@ import org.springframework.stereotype.Component; * When you feel like quitting. Think about why you started * 当你想要放弃的时候,想想当初你为何开始 * - * @ClassName: SystemProperties - * @Description: 服务配置 + * @ClassName: ClientServerProperties + * @Description: OAuth2客户端服务配置 * @Author: WangGeng * @Date: 2019/9/3 10:14 上午 * @Version: 1.0 **/ @Component @ConfigurationProperties(prefix = "server") -public class ClientServerProperties { +public class OAuth2ClientServerProperties { private Integer port; private String url; diff --git a/common/src/main/java/ink/wgink/common/service/rbac/impl/RbacServiceImpl.java b/common/src/main/java/ink/wgink/common/service/rbac/impl/RbacServiceImpl.java index e33a3847..3d85d8b1 100644 --- a/common/src/main/java/ink/wgink/common/service/rbac/impl/RbacServiceImpl.java +++ b/common/src/main/java/ink/wgink/common/service/rbac/impl/RbacServiceImpl.java @@ -1,7 +1,5 @@ package ink.wgink.common.service.rbac.impl; -import com.alibaba.fastjson.JSON; -import com.alibaba.fastjson.JSONObject; import ink.wgink.common.service.rbac.IRbacService; import ink.wgink.interfaces.consts.ISystemConstant; import ink.wgink.pojo.bos.RoleGrantedAuthorityBO; @@ -52,29 +50,12 @@ public class RbacServiceImpl implements IRbacService { // 校验权限 for (GrantedAuthority grantedAuthority : grantedAuthorities) { - RoleGrantedAuthorityBO roleGrantedAuthority; - if (grantedAuthority instanceof RoleGrantedAuthorityBO) { - LOG.debug("统一用户登录"); - roleGrantedAuthority = (RoleGrantedAuthorityBO) grantedAuthority; - } else { - LOG.debug("客户端登录"); - JSONObject authorityObject = JSONObject.parseObject(grantedAuthority.toString().replace("_wg_", ",")); - if (StringUtils.contains(authorityObject.getString("authority"), ISystemConstant.ADMIN)) { - LOG.debug("管理员登录客户端"); - roleGrantedAuthority = new RoleGrantedAuthorityBO(authorityObject.getString("authority")); - } else { - LOG.debug("普通用户登录客户端"); - String roleId = authorityObject.getString("roleId"); - String roleName = authorityObject.getString("roleName"); - List menus = JSON.parseArray(authorityObject.getString("menus"), String.class); - List inserts = JSON.parseArray(authorityObject.getString("inserts"), String.class); - List deletes = JSON.parseArray(authorityObject.getString("deletes"), String.class); - List updates = JSON.parseArray(authorityObject.getString("updates"), String.class); - List queries = JSON.parseArray(authorityObject.getString("queries"), String.class); - roleGrantedAuthority = new RoleGrantedAuthorityBO(roleId, roleName, menus, inserts, deletes, updates, queries); - } + if (!(grantedAuthority instanceof RoleGrantedAuthorityBO)) { + LOG.debug("角色授权格式错误:{}", grantedAuthority); + continue; } - if (StringUtils.contains(roleGrantedAuthority.getAuthority(), ISystemConstant.ADMIN)) { + RoleGrantedAuthorityBO roleGrantedAuthority = (RoleGrantedAuthorityBO) grantedAuthority; + if (StringUtils.contains(roleGrantedAuthority.getRoleId(), ISystemConstant.ADMIN)) { LOG.debug("权限校验URI:{},当前用户为最高管理员,有所有权限", requestURI); hasPermission = true; break; @@ -90,6 +71,7 @@ public class RbacServiceImpl implements IRbacService { hasPermission = true; break; } + // 是否校验增删改查权限 if (!accessControlProperties.getRolePermission()) { LOG.debug("不校验URI的增、删、改、查权限"); hasPermission = true; @@ -113,7 +95,7 @@ public class RbacServiceImpl implements IRbacService { hasPermission = true; break; } - // 查询权限 + // 查询权限,查权限最多,最后校验 if (hasQueryPermission(contextPath, requestURI, roleGrantedAuthority, antPathMatcher)) { LOG.debug("权限校验URI:{},有查询权限", requestURI); hasPermission = true; diff --git a/login-base/src/main/java/ink/wgink/login/base/security/WebSecurityConfig.java b/login-base/src/main/java/ink/wgink/login/base/security/WebSecurityConfig.java index f337fb13..26a0cf12 100644 --- a/login-base/src/main/java/ink/wgink/login/base/security/WebSecurityConfig.java +++ b/login-base/src/main/java/ink/wgink/login/base/security/WebSecurityConfig.java @@ -15,6 +15,7 @@ import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; +import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import org.springframework.security.crypto.password.PasswordEncoder; /** @@ -95,12 +96,6 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter { addUserAuthenticationFilter(http, loginFailureHandler); } - @Bean - @Override - public AuthenticationManager authenticationManagerBean() throws Exception { - return super.authenticationManagerBean(); - } - /** * 创建用户认证过滤器链,替换原有UsernamePasswordAuthenticationFilter * @@ -116,4 +111,16 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter { userSecurityConfig.setUserLoginService(userLoginService); http.apply(userSecurityConfig); } + + @Bean + public PasswordEncoder passwordEncoder() { + return new BCryptPasswordEncoder(); + } + + @Bean + @Override + public AuthenticationManager authenticationManagerBean() throws Exception { + return super.authenticationManagerBean(); + } + } diff --git a/login-base/src/main/java/ink/wgink/login/base/security/WebSecurityConfig1.java b/login-base/src/main/java/ink/wgink/login/base/security/WebSecurityConfig1.java new file mode 100644 index 00000000..bdffb545 --- /dev/null +++ b/login-base/src/main/java/ink/wgink/login/base/security/WebSecurityConfig1.java @@ -0,0 +1,113 @@ +package ink.wgink.login.base.security; + +import ink.wgink.common.handler.AccessDenyHandler; +import ink.wgink.login.base.handler.LoginFailureHandler; +import ink.wgink.login.base.handler.LogoutHandler; +import ink.wgink.login.base.security.user.UserSecurityConfig; +import ink.wgink.login.base.service.user.UserDetailServiceImpl; +import ink.wgink.login.base.service.user.UserLoginService; +import ink.wgink.properties.BaseProperties; +import org.apache.commons.lang3.ArrayUtils; +import org.apache.commons.lang3.StringUtils; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.annotation.Bean; +import org.springframework.security.config.annotation.web.builders.HttpSecurity; +import org.springframework.security.crypto.password.PasswordEncoder; +import org.springframework.security.web.SecurityFilterChain; + +/** + * @ClassName: WebSecurityConfig + * @Description: security配置 + * @Author: WangGeng + * @Date: 2019/2/15 10:05 AM + * @Version: 1.0 + **/ +//@EnableWebSecurity +public class WebSecurityConfig1 { + + @Autowired + private BaseProperties baseProperties; + @Autowired + private UserDetailServiceImpl userDetailService; + @Autowired + private UserLoginService userLoginService; + @Autowired + private PasswordEncoder passwordEncoder; + + @Bean + public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { + /** + * 默认放行配置 + */ + String[] defaultAntMatchers = { + baseProperties.getLoginUrl(), + baseProperties.getLoginProcess(), + baseProperties.getLoginFailure(), + "/oauth/**", + "/oauth_client/**", + "/app/**", + "/approute/**", + "/wechat/**", + "/wechat-miniapp/**", + "/route/file/**", + "/api/sms/getverificationcode/*", + "/api/user/getsignintype/**" + }; + String assetsMatchers = baseProperties.getAssetsMatchers(); + String[] fullAntMatchers; + if (!StringUtils.isBlank(assetsMatchers)) { + String[] assetsMatchersArray = baseProperties.getAssetsMatchers().split(","); + fullAntMatchers = ArrayUtils.addAll(defaultAntMatchers, assetsMatchersArray); + } else { + fullAntMatchers = defaultAntMatchers; + } + + LoginFailureHandler loginFailureHandler = new LoginFailureHandler(baseProperties.getLoginFailure()); + http + .formLogin() + .loginPage(baseProperties.getLoginUrl()) + .loginProcessingUrl(baseProperties.getLoginProcess()) + .failureForwardUrl(baseProperties.getLoginUrl()) + .failureHandler(loginFailureHandler) + .and() + .logout() + .addLogoutHandler(new LogoutHandler()) + .and() + .headers() + .frameOptions() + .disable() + .and() + .authorizeRequests() + .antMatchers(fullAntMatchers) + .permitAll() + .and() + .authorizeRequests() + .anyRequest().access("@rbacService.hasPermission(request, authentication)") + .and() + .exceptionHandling().accessDeniedHandler(new AccessDenyHandler()) + .and() + .cors() + .and() + .csrf() + .disable(); + addUserAuthenticationFilter(http, loginFailureHandler); + return http.build(); + } + + /** + * 创建用户认证过滤器链,替换原有UsernamePasswordAuthenticationFilter + * + * @param http + * @param loginFailureHandler + */ + private void addUserAuthenticationFilter(HttpSecurity http, LoginFailureHandler loginFailureHandler) throws Exception { + UserSecurityConfig userSecurityConfig = new UserSecurityConfig(); + userSecurityConfig.setUserDetailService(userDetailService); + userSecurityConfig.setPasswordEncoder(passwordEncoder); + userSecurityConfig.setLoginProcessUrl(baseProperties.getLoginProcess()); + userSecurityConfig.setLoginFailureHandler(loginFailureHandler); + userSecurityConfig.setUserLoginService(userLoginService); + http.apply(userSecurityConfig); + } + +} diff --git a/login-oauth2-client/pom.xml b/login-oauth2-client/pom.xml new file mode 100644 index 00000000..672557a4 --- /dev/null +++ b/login-oauth2-client/pom.xml @@ -0,0 +1,45 @@ + + + + wg-basic + ink.wgink + 1.0-SNAPSHOT + + 4.0.0 + + login-oauth2-client + oauth2客户端 + + + + ink.wgink + common + 1.0-SNAPSHOT + + + org.springframework.security + spring-security-core + + + org.springframework.security.oauth.boot + spring-security-oauth2-autoconfigure + 2.0.0.RELEASE + + + org.springframework + spring-core + + + org.springframework.boot + spring-boot + + + org.springframework.security + spring-security-core + + + + + \ No newline at end of file diff --git a/login-oauth2-client/src/main/java/ink/wgink/login/oauth2/client/config/OAuth2ClientConfig.java b/login-oauth2-client/src/main/java/ink/wgink/login/oauth2/client/config/OAuth2ClientConfig.java new file mode 100755 index 00000000..f67ac33d --- /dev/null +++ b/login-oauth2-client/src/main/java/ink/wgink/login/oauth2/client/config/OAuth2ClientConfig.java @@ -0,0 +1,79 @@ +package ink.wgink.login.oauth2.client.config; + + +import ink.wgink.login.oauth2.client.converter.OAuth2ClientUserAccessTokenConverter; +import ink.wgink.properties.oauth2.client.OAuth2ClientProperties; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.boot.autoconfigure.security.oauth2.client.EnableOAuth2Sso; +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Primary; +import org.springframework.security.config.annotation.web.builders.HttpSecurity; +import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; +import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; +import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; +import org.springframework.security.crypto.password.PasswordEncoder; +import org.springframework.security.oauth2.provider.token.DefaultTokenServices; +import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter; +import org.springframework.security.oauth2.provider.token.store.JwtTokenStore; + +/** + * @ClassName: AuthClientSecurityConfig + * @Description: + * @Author: admin + * @Date: 2019-07-28 13:30:01 + **/ +@EnableWebSecurity +@EnableOAuth2Sso +public class OAuth2ClientConfig extends WebSecurityConfigurerAdapter { + + @Autowired + private OAuth2ClientProperties oAuth2ClientProperties; + + @Override + protected void configure(HttpSecurity http) throws Exception { + http + .formLogin() + .defaultSuccessUrl("/authorize", true) + .and() + .logout().logoutSuccessUrl(oAuth2ClientProperties.getOauth2Logout()) + .and() + .authorizeRequests().antMatchers("/app/**","/resource/**", "/route/file/**").permitAll() + .and() + .authorizeRequests() + .anyRequest() + .access("@rbacService.hasPermission(request, authentication)") + .and() + .headers().frameOptions().sameOrigin() + .and() + .cors() + .and() + .csrf().disable(); + } + + @Bean + @Primary + public DefaultTokenServices defaultTokenServices() { + DefaultTokenServices defaultTokenServices = new DefaultTokenServices(); + defaultTokenServices.setTokenStore(jwtTokenStore()); + return defaultTokenServices; + } + + @Bean + public JwtTokenStore jwtTokenStore() { + return new JwtTokenStore(jwtAccessTokenConverter()); + } + + @Bean + public JwtAccessTokenConverter jwtAccessTokenConverter() { + JwtAccessTokenConverter jwtAccessTokenConverter = new JwtAccessTokenConverter(); + jwtAccessTokenConverter.setAccessTokenConverter(new OAuth2ClientUserAccessTokenConverter()); + jwtAccessTokenConverter.setSigningKey("WGINK"); + return jwtAccessTokenConverter; + } + + @Bean + public PasswordEncoder passwordEncoder() { + return new BCryptPasswordEncoder(); + } + +} diff --git a/login-oauth2-client/src/main/java/ink/wgink/login/oauth2/client/converter/OAuth2ClientUserAccessTokenConverter.java b/login-oauth2-client/src/main/java/ink/wgink/login/oauth2/client/converter/OAuth2ClientUserAccessTokenConverter.java new file mode 100644 index 00000000..9fb6558e --- /dev/null +++ b/login-oauth2-client/src/main/java/ink/wgink/login/oauth2/client/converter/OAuth2ClientUserAccessTokenConverter.java @@ -0,0 +1,19 @@ +package ink.wgink.login.oauth2.client.converter; + +import org.springframework.security.oauth2.provider.token.DefaultAccessTokenConverter; + +/** + * @ClassName: UserAccessTokenConverter + * @Description: 用户jwt token + * @Author: WangGeng + * @Date: 2019/2/28 3:26 PM + * @Version: 1.0 + **/ +public class OAuth2ClientUserAccessTokenConverter extends DefaultAccessTokenConverter { + + public OAuth2ClientUserAccessTokenConverter() { + super(); + OAuth2ClientUserAuthConverter OAuth2ClientUserAuthConverter = new OAuth2ClientUserAuthConverter(); + super.setUserTokenConverter(OAuth2ClientUserAuthConverter); + } +} diff --git a/login-oauth2-client/src/main/java/ink/wgink/login/oauth2/client/converter/OAuth2ClientUserAuthConverter.java b/login-oauth2-client/src/main/java/ink/wgink/login/oauth2/client/converter/OAuth2ClientUserAuthConverter.java new file mode 100644 index 00000000..99e909fa --- /dev/null +++ b/login-oauth2-client/src/main/java/ink/wgink/login/oauth2/client/converter/OAuth2ClientUserAuthConverter.java @@ -0,0 +1,47 @@ +package ink.wgink.login.oauth2.client.converter; + +import ink.wgink.pojo.bos.UserInfoBO; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; +import org.springframework.security.core.Authentication; +import org.springframework.security.core.GrantedAuthority; +import org.springframework.security.oauth2.provider.token.UserAuthenticationConverter; + +import java.util.*; + +/** + * @ClassName: UserAuthConverter + * @Description: 重写用户认证 + * @Author: WangGeng + * @Date: 2019/2/27 4:57 PM + * @Version: 1.0 + **/ +public class OAuth2ClientUserAuthConverter implements UserAuthenticationConverter { + + private static final Logger LOG = LoggerFactory.getLogger(OAuth2ClientUserAuthConverter.class); + + public OAuth2ClientUserAuthConverter() { + } + + @Override + public Map convertUserAuthentication(Authentication authentication) { + return new LinkedHashMap(); + } + + @Override + public Authentication extractAuthentication(Map map) { + // 解析客户端的权限请求 + Object principal = map.get("user_name"); + if (!Objects.isNull(principal)) { + Collection authorities = new ArrayList<>(); + // 包含用户信息,则直接抽取其中的用户信息 + UserInfoBO userInfoBO = (UserInfoBO) map.get("user_info"); + principal = userInfoBO; + LOG.debug("获取用户权限"); + return new UsernamePasswordAuthenticationToken(principal, "N/A", authorities); + } + return null; + } + +} diff --git a/login-oauth2-client/src/main/java/ink/wgink/login/oauth2/client/service/rbac/IOAuth2ClientRbacService.java b/login-oauth2-client/src/main/java/ink/wgink/login/oauth2/client/service/rbac/IOAuth2ClientRbacService.java new file mode 100644 index 00000000..095ee757 --- /dev/null +++ b/login-oauth2-client/src/main/java/ink/wgink/login/oauth2/client/service/rbac/IOAuth2ClientRbacService.java @@ -0,0 +1,28 @@ +package ink.wgink.login.oauth2.client.service.rbac; + +import org.springframework.security.core.Authentication; + +import javax.servlet.http.HttpServletRequest; + +/** + * When you feel like quitting. Think about why you started + * 当你想要放弃的时候,想想当初你为何开始 + * + * @ClassName: IClientRbacService + * @Description: 客户端RBAC权限校验 + * @Author: WangGeng + * @Date: 2019/11/11 3:27 下午 + * @Version: 1.0 + **/ +public interface IOAuth2ClientRbacService { + + /** + * 权限校验 + * + * @param request + * @param authentication + * @return + */ + boolean hasPermission(HttpServletRequest request, Authentication authentication); + +} diff --git a/login-oauth2-client/src/main/java/ink/wgink/login/oauth2/client/service/rbac/impl/OAuth2ClientRbacServiceImpl.java b/login-oauth2-client/src/main/java/ink/wgink/login/oauth2/client/service/rbac/impl/OAuth2ClientRbacServiceImpl.java new file mode 100644 index 00000000..58e7cdfc --- /dev/null +++ b/login-oauth2-client/src/main/java/ink/wgink/login/oauth2/client/service/rbac/impl/OAuth2ClientRbacServiceImpl.java @@ -0,0 +1,34 @@ +package ink.wgink.login.oauth2.client.service.rbac.impl; + +import ink.wgink.login.oauth2.client.service.rbac.IOAuth2ClientRbacService; +import org.apache.commons.lang3.StringUtils; +import org.springframework.security.core.Authentication; +import org.springframework.stereotype.Component; + +import javax.servlet.http.HttpServletRequest; +import java.util.Objects; + +/** + * When you feel like quitting. Think about why you started + * 当你想要放弃的时候,想想当初你为何开始 + * + * @ClassName: ClientRbacServiceImpl + * @Description: 客户端RBAC权限校验 + * @Author: WangGeng + * @Date: 2019/11/11 3:27 下午 + * @Version: 1.0 + **/ +@Component("clientRbacService") +public class OAuth2ClientRbacServiceImpl implements IOAuth2ClientRbacService { + + @Override + public boolean hasPermission(HttpServletRequest request, Authentication authentication) { + boolean hasPermission = false; + Object principal = authentication.getPrincipal(); + if (Objects.isNull(principal) || StringUtils.equals("anonymousUser", principal.toString())) { + return false; + } + return true; + } + +} diff --git a/login-oauth2-server/pom.xml b/login-oauth2-server/pom.xml index b317be53..2dfd4c98 100644 --- a/login-oauth2-server/pom.xml +++ b/login-oauth2-server/pom.xml @@ -23,6 +23,10 @@ service-menu 1.0-SNAPSHOT + + org.springframework.security + spring-security-core + org.springframework.security spring-security-jwt @@ -32,6 +36,20 @@ org.springframework.security.oauth.boot spring-security-oauth2-autoconfigure 2.0.0.RELEASE + + + org.springframework + spring-core + + + org.springframework.boot + spring-boot + + + org.springframework.security + spring-security-core + + diff --git a/login-oauth2-server/src/main/java/ink/wgink/login/oauth2/server/config/OAuth2AuthorizationServerConfig.java b/login-oauth2-server/src/main/java/ink/wgink/login/oauth2/server/config/OAuth2AuthorizationServerConfig.java index aca933c9..28a859a6 100644 --- a/login-oauth2-server/src/main/java/ink/wgink/login/oauth2/server/config/OAuth2AuthorizationServerConfig.java +++ b/login-oauth2-server/src/main/java/ink/wgink/login/oauth2/server/config/OAuth2AuthorizationServerConfig.java @@ -2,8 +2,8 @@ package ink.wgink.login.oauth2.server.config; import ink.wgink.login.base.service.user.UserDetailServiceImpl; import ink.wgink.login.oauth2.server.converter.UserAccessTokenConverter; -import ink.wgink.login.oauth2.server.service.impl.OauthClientDetailsServiceImpl; -import ink.wgink.login.oauth2.server.service.impl.OauthClientTokenServiceImpl; +import ink.wgink.login.oauth2.server.service.impl.Oauth2ClientDetailsServiceImpl; +import ink.wgink.login.oauth2.server.service.impl.Oauth2ClientTokenServiceImpl; import ink.wgink.service.user.service.IUserService; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Bean; @@ -47,16 +47,15 @@ import java.util.List; @EnableAuthorizationServer public class OAuth2AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter { - @Autowired - private AuthenticationManager authenticationManager; @Autowired private UserDetailServiceImpl userDetailService; @Autowired private IUserService userService; @Autowired - private OauthClientDetailsServiceImpl oAuth2ClientDetailsService; + private Oauth2ClientDetailsServiceImpl oAuth2ClientDetailsService; @Autowired - private OauthClientTokenServiceImpl oAuth2ClientTokenService; + private Oauth2ClientTokenServiceImpl oAuth2ClientTokenService; + private AuthenticationManager authenticationManager; @Override public void configure(ClientDetailsServiceConfigurer clients) throws Exception { @@ -99,7 +98,7 @@ public class OAuth2AuthorizationServerConfig extends AuthorizationServerConfigur // 添加自定义的认证机制,用来将自定义登陆后客户端拿到的信息 JwtAccessTokenConverter jwtAccessTokenConverter = new JwtAccessTokenConverter(); jwtAccessTokenConverter.setAccessTokenConverter(new UserAccessTokenConverter(userService)); - jwtAccessTokenConverter.setSigningKey("wgink"); + jwtAccessTokenConverter.setSigningKey("WGINK"); return jwtAccessTokenConverter; } @@ -153,4 +152,5 @@ public class OAuth2AuthorizationServerConfig extends AuthorizationServerConfigur return tokenStoreUserApprovalHandler; } + } diff --git a/login-oauth2-server/src/main/java/ink/wgink/login/oauth2/server/config/OAuth2ResourceServerConfig.java b/login-oauth2-server/src/main/java/ink/wgink/login/oauth2/server/config/OAuth2ResourceServerConfig.java new file mode 100644 index 00000000..84b9e917 --- /dev/null +++ b/login-oauth2-server/src/main/java/ink/wgink/login/oauth2/server/config/OAuth2ResourceServerConfig.java @@ -0,0 +1,33 @@ +package ink.wgink.login.oauth2.server.config; + +import org.springframework.context.annotation.Configuration; +import org.springframework.security.config.annotation.web.builders.HttpSecurity; +import org.springframework.security.config.http.SessionCreationPolicy; +import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer; +import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter; + +/** + * @ClassName: ResourceConfig + * @Description: 资源服务器 + * @Author: WangGeng + * @Date: 2019/2/27 11:33 AM + * @Version: 1.0 + **/ +@Configuration +@EnableResourceServer +public class OAuth2ResourceServerConfig extends ResourceServerConfigurerAdapter { + + @Override + public void configure(HttpSecurity http) throws Exception { + http + .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED) + .and() + .requestMatchers() + .antMatchers("/resource/**") + .and() + .authorizeRequests() + .antMatchers("/resource/**") + .authenticated(); + } + +} diff --git a/login-oauth2-server/src/main/java/ink/wgink/login/oauth2/server/converter/UserAuthConverter.java b/login-oauth2-server/src/main/java/ink/wgink/login/oauth2/server/converter/UserAuthConverter.java index e6e5d14f..7aa3b038 100644 --- a/login-oauth2-server/src/main/java/ink/wgink/login/oauth2/server/converter/UserAuthConverter.java +++ b/login-oauth2-server/src/main/java/ink/wgink/login/oauth2/server/converter/UserAuthConverter.java @@ -1,10 +1,7 @@ package ink.wgink.login.oauth2.server.converter; -import ink.wgink.interfaces.consts.ISystemConstant; -import ink.wgink.interfaces.role.IRoleBaseService; import ink.wgink.pojo.bos.LoginUser; import ink.wgink.pojo.bos.UserInfoBO; -import ink.wgink.pojo.dtos.user.UserAttrInfoDTO; import ink.wgink.service.user.service.IUserService; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -37,19 +34,19 @@ public class UserAuthConverter implements UserAuthenticationConverter { // 删除token中的权限信息,通过客户端请求获取,减少accessToken长度 LoginUser loginUser = (LoginUser) authentication.getPrincipal(); // 传递登录用户 - Map userInfo = new HashMap<>(4); - userInfo.put("userId", loginUser.getUserId()); - userInfo.put("username", loginUser.getUsername()); - userInfo.put("userName", loginUser.getUserName()); - userInfo.put("userPhone", loginUser.getUserPhone()); - userInfo.put("userAvatar", loginUser.getUserAvatar()); - userInfo.put("userEmail", loginUser.getUserEmail()); - userInfo.put("roles", loginUser.getRoles()); - userInfo.put("departments", loginUser.getDepartments()); - userInfo.put("groups", loginUser.getGroups()); - userInfo.put("getPositions", loginUser.getPositions()); - userInfo.put("expandData", loginUser.getExpandData()); - response.put("user_info", userInfo); + UserInfoBO userInfoBO = new UserInfoBO(); + userInfoBO.setUserId(loginUser.getUserId()); + userInfoBO.setUserUsername(loginUser.getUsername()); + userInfoBO.setUserName(loginUser.getUserName()); + userInfoBO.setUserPhone(loginUser.getUserPhone()); + userInfoBO.setUserAvatar(loginUser.getUserAvatar()); + userInfoBO.setUserEmail(loginUser.getUserEmail()); + userInfoBO.setRoles(loginUser.getRoles()); + userInfoBO.setDepartments(loginUser.getDepartments()); + userInfoBO.setGroups(loginUser.getGroups()); + userInfoBO.setPositions(loginUser.getPositions()); + userInfoBO.setExpandData(loginUser.getExpandData()); + response.put("user_info", userInfoBO); return response; } @@ -58,40 +55,14 @@ public class UserAuthConverter implements UserAuthenticationConverter { // 解析客户端的权限请求 Object principal = map.get("user_name"); if (!Objects.isNull(principal)) { - Collection authorities; - String userName = principal.toString(); + Collection authorities = new ArrayList<>(); // 包含用户信息,则直接抽取其中的用户信息 - Map userInfo = (Map) map.get("user_info"); - - UserInfoBO userInfoBO = new UserInfoBO(); - userInfoBO.setUserId(userInfo.get("userId").toString()); - userInfoBO.setUserUsername(userInfo.get("username").toString()); - userInfoBO.setUserName(userInfo.get("userName").toString()); - userInfoBO.setUserPhone(userInfo.get("userPhone") == null ? "" : userInfo.get("userPhone").toString()); - userInfoBO.setUserAvatar(userInfo.get("userAvatar") == null ? "" : userInfo.get("userAvatar").toString()); - userInfoBO.setUserEmail(userInfo.get("userEmail") == null ? "" : userInfo.get("userEmail").toString()); - userInfoBO. - if (ISystemConstant.ADMIN.equals(userName)) { - } else { - UserAttrInfoDTO userAttrInfoDTO = userService.getUserAttrInfoByUserId(userInfoBO.getUserId()); - userInfoBO.setDepartments(userAttrInfoDTO.getDepartments()); - userInfoBO.setRoles(userAttrInfoDTO.getRoles()); - userInfoBO.setGroups(userAttrInfoDTO.getGroups()); - userInfoBO.setPositions(userAttrInfoDTO.getPositions()); - userInfoBO.setDataAuthority(userAttrInfoDTO.getDataAuthority()); - userInfoBO.setDataAuthorityUserIds(userAttrInfoDTO.getDataAuthorityUserIds()); - userInfoBO.setBaseDepartmentIds(userAttrInfoDTO.getBaseDepartmentIds()); - - - // 设置权限 - authorities = getAuthorities(userAttrInfoDTO.getRoles()); - } + UserInfoBO userInfoBO = (UserInfoBO) map.get("user_info"); principal = userInfoBO; LOG.debug("获取用户权限"); return new UsernamePasswordAuthenticationToken(principal, "N/A", authorities); - } else { - return null; } + return null; } public IUserService getUserService() { diff --git a/login-oauth2-server/src/main/java/ink/wgink/login/oauth2/server/service/impl/OauthClientDetailsServiceImpl.java b/login-oauth2-server/src/main/java/ink/wgink/login/oauth2/server/service/impl/Oauth2ClientDetailsServiceImpl.java similarity index 97% rename from login-oauth2-server/src/main/java/ink/wgink/login/oauth2/server/service/impl/OauthClientDetailsServiceImpl.java rename to login-oauth2-server/src/main/java/ink/wgink/login/oauth2/server/service/impl/Oauth2ClientDetailsServiceImpl.java index 277ddc1e..971ea237 100644 --- a/login-oauth2-server/src/main/java/ink/wgink/login/oauth2/server/service/impl/OauthClientDetailsServiceImpl.java +++ b/login-oauth2-server/src/main/java/ink/wgink/login/oauth2/server/service/impl/Oauth2ClientDetailsServiceImpl.java @@ -35,8 +35,8 @@ import java.util.Set; **/ @Primary @Component -public class OauthClientDetailsServiceImpl implements ClientDetailsService { - private static final Logger LOG = LoggerFactory.getLogger(OauthClientDetailsServiceImpl.class); +public class Oauth2ClientDetailsServiceImpl implements ClientDetailsService { + private static final Logger LOG = LoggerFactory.getLogger(Oauth2ClientDetailsServiceImpl.class); @Autowired private IOAuth2ClientService oAuth2ClientService; diff --git a/login-oauth2-server/src/main/java/ink/wgink/login/oauth2/server/service/impl/OauthClientTokenServiceImpl.java b/login-oauth2-server/src/main/java/ink/wgink/login/oauth2/server/service/impl/Oauth2ClientTokenServiceImpl.java similarity index 98% rename from login-oauth2-server/src/main/java/ink/wgink/login/oauth2/server/service/impl/OauthClientTokenServiceImpl.java rename to login-oauth2-server/src/main/java/ink/wgink/login/oauth2/server/service/impl/Oauth2ClientTokenServiceImpl.java index 86e6ad4b..cf2c4479 100644 --- a/login-oauth2-server/src/main/java/ink/wgink/login/oauth2/server/service/impl/OauthClientTokenServiceImpl.java +++ b/login-oauth2-server/src/main/java/ink/wgink/login/oauth2/server/service/impl/Oauth2ClientTokenServiceImpl.java @@ -32,7 +32,7 @@ import java.util.UUID; * @Version: 1.0 **/ @Component -public class OauthClientTokenServiceImpl implements AuthorizationServerTokenServices, ResourceServerTokenServices, ConsumerTokenServices, InitializingBean { +public class Oauth2ClientTokenServiceImpl implements AuthorizationServerTokenServices, ResourceServerTokenServices, ConsumerTokenServices, InitializingBean { private int refreshTokenValiditySeconds = 7200; private int accessTokenValiditySeconds = 7200; @@ -44,10 +44,9 @@ public class OauthClientTokenServiceImpl implements AuthorizationServerTokenServ private ClientDetailsService clientDetailsService; @Resource(name = "jwtAccessTokenConverter") private TokenEnhancer accessTokenEnhancer; - @Autowired private AuthenticationManager authenticationManager; - public OauthClientTokenServiceImpl() { + public Oauth2ClientTokenServiceImpl() { } @Override diff --git a/pom.xml b/pom.xml index f80317a8..6fb8fd95 100644 --- a/pom.xml +++ b/pom.xml @@ -38,6 +38,7 @@ module-map module-activiti module-instant-message + login-oauth2-client pom @@ -142,6 +143,11 @@ spring-security-config ${spring-security.version} + + org.springframework.security + spring-security-core + ${spring-security.version} + org.springframework.security spring-security-web