Tenlion/wg-basic
5
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

处理OAuth2认证模块无法导致启动问题

Browse Source
This commit is contained in:
wanggeng 2021-09-17 12:14:41 +08:00
parent af576650c1
commit f47bae8f9f
19 changed files with 571 additions and 94 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
basic-properties/src/main/java/ink/wgink/properties/ServerProperties.java
View File

@ -7,8 +7,8 @@ import org.springframework.stereotype.Component;
* When you feel like quitting. Think about why you started * When you feel like quitting. Think about why you started
* 当你想要放弃的时候想想当初你为何开始 * 当你想要放弃的时候想想当初你为何开始
* *
* @ClassName: SystemProperties * @ClassName: ServerProperties
* @Description: 系统配置 * @Description: 服务配置
* @Author: WangGeng * @Author: WangGeng
* @Date: 2019/9/3 10:14 上午 * @Date: 2019/9/3 10:14 上午
* @Version: 1.0 * @Version: 1.0

96
basic-properties/src/main/java/ink/wgink/properties/oauth2/client/OAuth2ClientProperties.java Normal file
View File

@ -0,0 +1,96 @@
package ink.wgink.properties.oauth2.client;
import org.springframework.boot.context.properties.ConfigurationProperties;
import org.springframework.stereotype.Component;
/**
* @ClassName: OAuth2ClientProperties
* @Description: OAuth2客户端配置
* @Author: wanggeng
* @Date: 2021/9/16 2:38 下午
* @Version: 1.0
*/
@Component
@ConfigurationProperties(prefix = "security.oauth2")
public class OAuth2ClientProperties {
private String oauth2Server;
private String oauth2Logout;
private ClientProperties client;
public String getOauth2Server() {
return oauth2Server == null ? "" : oauth2Server.trim();
}
public void setOauth2Server(String oauth2Server) {
this.oauth2Server = oauth2Server;
}
public String getOauth2Logout() {
return oauth2Logout == null ? "" : oauth2Logout.trim();
}
public void setOauth2Logout(String oauth2Logout) {
this.oauth2Logout = oauth2Logout;
}
public ClientProperties getClient() {
return client;
}
public void setClient(ClientProperties client) {
this.client = client;
}
@Component
@ConfigurationProperties(prefix = "security.oauth2.client")
private static class ClientProperties {
private String clientId;
private String clientSecret;
private String userAuthorizationUri;
private String accessTokenUri;
private String grantType;
public String getClientId() {
return clientId == null ? "" : clientId.trim();
}
public void setClientId(String clientId) {
this.clientId = clientId;
}
public String getClientSecret() {
return clientSecret == null ? "" : clientSecret.trim();
}
public void setClientSecret(String clientSecret) {
this.clientSecret = clientSecret;
}
public String getUserAuthorizationUri() {
return userAuthorizationUri == null ? "" : userAuthorizationUri.trim();
}
public void setUserAuthorizationUri(String userAuthorizationUri) {
this.userAuthorizationUri = userAuthorizationUri;
}
public String getAccessTokenUri() {
return accessTokenUri == null ? "" : accessTokenUri.trim();
}
public void setAccessTokenUri(String accessTokenUri) {
this.accessTokenUri = accessTokenUri;
}
public String getGrantType() {
return grantType == null ? "" : grantType.trim();
}
public void setGrantType(String grantType) {
this.grantType = grantType;
}
}
}

8
basic-properties/src/main/java/ink/wgink/properties/ClientServerProperties.java → basic-properties/src/main/java/ink/wgink/properties/oauth2/client/OAuth2ClientServerProperties.java
View File

@ -1,4 +1,4 @@
package ink.wgink.properties; package ink.wgink.properties.oauth2.client;
import org.springframework.boot.context.properties.ConfigurationProperties; import org.springframework.boot.context.properties.ConfigurationProperties;
import org.springframework.stereotype.Component; import org.springframework.stereotype.Component;
@ -7,15 +7,15 @@ import org.springframework.stereotype.Component;
* When you feel like quitting. Think about why you started * When you feel like quitting. Think about why you started
* 当你想要放弃的时候想想当初你为何开始 * 当你想要放弃的时候想想当初你为何开始
* *
* @ClassName: SystemProperties * @ClassName: ClientServerProperties
* @Description: 服务配置 * @Description: OAuth2客户端服务配置
* @Author: WangGeng * @Author: WangGeng
* @Date: 2019/9/3 10:14 上午 * @Date: 2019/9/3 10:14 上午
* @Version: 1.0 * @Version: 1.0
**/ **/
@Component @Component
@ConfigurationProperties(prefix = "server") @ConfigurationProperties(prefix = "server")
public class ClientServerProperties { public class OAuth2ClientServerProperties {
private Integer port; private Integer port;
private String url; private String url;

32
common/src/main/java/ink/wgink/common/service/rbac/impl/RbacServiceImpl.java
View File

@ -1,7 +1,5 @@
package ink.wgink.common.service.rbac.impl; package ink.wgink.common.service.rbac.impl;
import com.alibaba.fastjson.JSON;
import com.alibaba.fastjson.JSONObject;
import ink.wgink.common.service.rbac.IRbacService; import ink.wgink.common.service.rbac.IRbacService;
import ink.wgink.interfaces.consts.ISystemConstant; import ink.wgink.interfaces.consts.ISystemConstant;
import ink.wgink.pojo.bos.RoleGrantedAuthorityBO; import ink.wgink.pojo.bos.RoleGrantedAuthorityBO;
@ -52,29 +50,12 @@ public class RbacServiceImpl implements IRbacService {
// 校验权限 // 校验权限
for (GrantedAuthority grantedAuthority : grantedAuthorities) { for (GrantedAuthority grantedAuthority : grantedAuthorities) {
RoleGrantedAuthorityBO roleGrantedAuthority; if (!(grantedAuthority instanceof RoleGrantedAuthorityBO)) {
if (grantedAuthority instanceof RoleGrantedAuthorityBO) { LOG.debug("角色授权格式错误:{}", grantedAuthority);
LOG.debug("统一用户登录"); continue;
roleGrantedAuthority = (RoleGrantedAuthorityBO) grantedAuthority;
} else {
LOG.debug("客户端登录");
JSONObject authorityObject = JSONObject.parseObject(grantedAuthority.toString().replace("_wg_", ","));
if (StringUtils.contains(authorityObject.getString("authority"), ISystemConstant.ADMIN)) {
LOG.debug("管理员登录客户端");
roleGrantedAuthority = new RoleGrantedAuthorityBO(authorityObject.getString("authority"));
} else {
LOG.debug("普通用户登录客户端");
String roleId = authorityObject.getString("roleId");
String roleName = authorityObject.getString("roleName");
List<String> menus = JSON.parseArray(authorityObject.getString("menus"), String.class);
List<String> inserts = JSON.parseArray(authorityObject.getString("inserts"), String.class);
List<String> deletes = JSON.parseArray(authorityObject.getString("deletes"), String.class);
List<String> updates = JSON.parseArray(authorityObject.getString("updates"), String.class);
List<String> queries = JSON.parseArray(authorityObject.getString("queries"), String.class);
roleGrantedAuthority = new RoleGrantedAuthorityBO(roleId, roleName, menus, inserts, deletes, updates, queries);
}
} }
if (StringUtils.contains(roleGrantedAuthority.getAuthority(), ISystemConstant.ADMIN)) { RoleGrantedAuthorityBO roleGrantedAuthority = (RoleGrantedAuthorityBO) grantedAuthority;
if (StringUtils.contains(roleGrantedAuthority.getRoleId(), ISystemConstant.ADMIN)) {
LOG.debug("权限校验URI{},当前用户为最高管理员,有所有权限", requestURI); LOG.debug("权限校验URI{},当前用户为最高管理员,有所有权限", requestURI);
hasPermission = true; hasPermission = true;
break; break;
@ -90,6 +71,7 @@ public class RbacServiceImpl implements IRbacService {
hasPermission = true; hasPermission = true;
break; break;
} }
// 是否校验增删改查权限
if (!accessControlProperties.getRolePermission()) { if (!accessControlProperties.getRolePermission()) {
LOG.debug("不校验URI的增、删、改、查权限"); LOG.debug("不校验URI的增、删、改、查权限");
hasPermission = true; hasPermission = true;
@ -113,7 +95,7 @@ public class RbacServiceImpl implements IRbacService {
hasPermission = true; hasPermission = true;
break; break;
} }
// 查询权限 // 查询权限查权限最多最后校验
if (hasQueryPermission(contextPath, requestURI, roleGrantedAuthority, antPathMatcher)) { if (hasQueryPermission(contextPath, requestURI, roleGrantedAuthority, antPathMatcher)) {
LOG.debug("权限校验URI{},有查询权限", requestURI); LOG.debug("权限校验URI{},有查询权限", requestURI);
hasPermission = true; hasPermission = true;

19
login-base/src/main/java/ink/wgink/login/base/security/WebSecurityConfig.java
View File

@ -15,6 +15,7 @@ import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder; import org.springframework.security.crypto.password.PasswordEncoder;
/** /**
@ -95,12 +96,6 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
addUserAuthenticationFilter(http, loginFailureHandler); addUserAuthenticationFilter(http, loginFailureHandler);
} }
@Bean
@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
/** /**
* 创建用户认证过滤器链替换原有UsernamePasswordAuthenticationFilter * 创建用户认证过滤器链替换原有UsernamePasswordAuthenticationFilter
* *
@ -116,4 +111,16 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
userSecurityConfig.setUserLoginService(userLoginService); userSecurityConfig.setUserLoginService(userLoginService);
http.apply(userSecurityConfig); http.apply(userSecurityConfig);
} }
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
@Bean
@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
} }

113
login-base/src/main/java/ink/wgink/login/base/security/WebSecurityConfig1.java Normal file
View File

@ -0,0 +1,113 @@
package ink.wgink.login.base.security;
import ink.wgink.common.handler.AccessDenyHandler;
import ink.wgink.login.base.handler.LoginFailureHandler;
import ink.wgink.login.base.handler.LogoutHandler;
import ink.wgink.login.base.security.user.UserSecurityConfig;
import ink.wgink.login.base.service.user.UserDetailServiceImpl;
import ink.wgink.login.base.service.user.UserLoginService;
import ink.wgink.properties.BaseProperties;
import org.apache.commons.lang3.ArrayUtils;
import org.apache.commons.lang3.StringUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.SecurityFilterChain;
/**
* @ClassName: WebSecurityConfig
* @Description: security配置
* @Author: WangGeng
* @Date: 2019/2/15 10:05 AM
* @Version: 1.0
**/
//@EnableWebSecurity
public class WebSecurityConfig1 {
@Autowired
private BaseProperties baseProperties;
@Autowired
private UserDetailServiceImpl userDetailService;
@Autowired
private UserLoginService userLoginService;
@Autowired
private PasswordEncoder passwordEncoder;
@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
/**
* 默认放行配置
*/
String[] defaultAntMatchers = {
baseProperties.getLoginUrl(),
baseProperties.getLoginProcess(),
baseProperties.getLoginFailure(),
"/oauth/**",
"/oauth_client/**",
"/app/**",
"/approute/**",
"/wechat/**",
"/wechat-miniapp/**",
"/route/file/**",
"/api/sms/getverificationcode/*",
"/api/user/getsignintype/**"
};
String assetsMatchers = baseProperties.getAssetsMatchers();
String[] fullAntMatchers;
if (!StringUtils.isBlank(assetsMatchers)) {
String[] assetsMatchersArray = baseProperties.getAssetsMatchers().split(",");
fullAntMatchers = ArrayUtils.addAll(defaultAntMatchers, assetsMatchersArray);
} else {
fullAntMatchers = defaultAntMatchers;
}
LoginFailureHandler loginFailureHandler = new LoginFailureHandler(baseProperties.getLoginFailure());
http
.formLogin()
.loginPage(baseProperties.getLoginUrl())
.loginProcessingUrl(baseProperties.getLoginProcess())
.failureForwardUrl(baseProperties.getLoginUrl())
.failureHandler(loginFailureHandler)
.and()
.logout()
.addLogoutHandler(new LogoutHandler())
.and()
.headers()
.frameOptions()
.disable()
.and()
.authorizeRequests()
.antMatchers(fullAntMatchers)
.permitAll()
.and()
.authorizeRequests()
.anyRequest().access("@rbacService.hasPermission(request, authentication)")
.and()
.exceptionHandling().accessDeniedHandler(new AccessDenyHandler())
.and()
.cors()
.and()
.csrf()
.disable();
addUserAuthenticationFilter(http, loginFailureHandler);
return http.build();
}
/**
* 创建用户认证过滤器链替换原有UsernamePasswordAuthenticationFilter
*
* @param http
* @param loginFailureHandler
*/
private void addUserAuthenticationFilter(HttpSecurity http, LoginFailureHandler loginFailureHandler) throws Exception {
UserSecurityConfig userSecurityConfig = new UserSecurityConfig();
userSecurityConfig.setUserDetailService(userDetailService);
userSecurityConfig.setPasswordEncoder(passwordEncoder);
userSecurityConfig.setLoginProcessUrl(baseProperties.getLoginProcess());
userSecurityConfig.setLoginFailureHandler(loginFailureHandler);
userSecurityConfig.setUserLoginService(userLoginService);
http.apply(userSecurityConfig);
}
}

45
login-oauth2-client/pom.xml Normal file
View File

@ -0,0 +1,45 @@
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<parent>
<artifactId>wg-basic</artifactId>
<groupId>ink.wgink</groupId>
<version>1.0-SNAPSHOT</version>
</parent>
<modelVersion>4.0.0</modelVersion>
<artifactId>login-oauth2-client</artifactId>
<description>oauth2客户端</description>
<dependencies>
<dependency>
<groupId>ink.wgink</groupId>
<artifactId>common</artifactId>
<version>1.0-SNAPSHOT</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.security.oauth.boot</groupId>
<artifactId>spring-security-oauth2-autoconfigure</artifactId>
<version>2.0.0.RELEASE</version>
<exclusions>
<exclusion>
<groupId>org.springframework</groupId>
<artifactId>spring-core</artifactId>
</exclusion>
<exclusion>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot</artifactId>
</exclusion>
<exclusion>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
</exclusion>
</exclusions>
</dependency>
</dependencies>
</project>

79
login-oauth2-client/src/main/java/ink/wgink/login/oauth2/client/config/OAuth2ClientConfig.java Executable file
View File

@ -0,0 +1,79 @@
package ink.wgink.login.oauth2.client.config;
import ink.wgink.login.oauth2.client.converter.OAuth2ClientUserAccessTokenConverter;
import ink.wgink.properties.oauth2.client.OAuth2ClientProperties;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.security.oauth2.client.EnableOAuth2Sso;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Primary;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.oauth2.provider.token.DefaultTokenServices;
import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter;
import org.springframework.security.oauth2.provider.token.store.JwtTokenStore;
/**
* @ClassName: AuthClientSecurityConfig
* @Description:
* @Author: admin
* @Date: 2019-07-28 13:30:01
**/
@EnableWebSecurity
@EnableOAuth2Sso
public class OAuth2ClientConfig extends WebSecurityConfigurerAdapter {
@Autowired
private OAuth2ClientProperties oAuth2ClientProperties;
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.formLogin()
.defaultSuccessUrl("/authorize", true)
.and()
.logout().logoutSuccessUrl(oAuth2ClientProperties.getOauth2Logout())
.and()
.authorizeRequests().antMatchers("/app/**","/resource/**", "/route/file/**").permitAll()
.and()
.authorizeRequests()
.anyRequest()
.access("@rbacService.hasPermission(request, authentication)")
.and()
.headers().frameOptions().sameOrigin()
.and()
.cors()
.and()
.csrf().disable();
}
@Bean
@Primary
public DefaultTokenServices defaultTokenServices() {
DefaultTokenServices defaultTokenServices = new DefaultTokenServices();
defaultTokenServices.setTokenStore(jwtTokenStore());
return defaultTokenServices;
}
@Bean
public JwtTokenStore jwtTokenStore() {
return new JwtTokenStore(jwtAccessTokenConverter());
}
@Bean
public JwtAccessTokenConverter jwtAccessTokenConverter() {
JwtAccessTokenConverter jwtAccessTokenConverter = new JwtAccessTokenConverter();
jwtAccessTokenConverter.setAccessTokenConverter(new OAuth2ClientUserAccessTokenConverter());
jwtAccessTokenConverter.setSigningKey("WGINK");
return jwtAccessTokenConverter;
}
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
}

19
login-oauth2-client/src/main/java/ink/wgink/login/oauth2/client/converter/OAuth2ClientUserAccessTokenConverter.java Normal file
View File

@ -0,0 +1,19 @@
package ink.wgink.login.oauth2.client.converter;
import org.springframework.security.oauth2.provider.token.DefaultAccessTokenConverter;
/**
* @ClassName: UserAccessTokenConverter
* @Description: 用户jwt token
* @Author: WangGeng
* @Date: 2019/2/28 3:26 PM
* @Version: 1.0
**/
public class OAuth2ClientUserAccessTokenConverter extends DefaultAccessTokenConverter {
public OAuth2ClientUserAccessTokenConverter() {
super();
OAuth2ClientUserAuthConverter OAuth2ClientUserAuthConverter = new OAuth2ClientUserAuthConverter();
super.setUserTokenConverter(OAuth2ClientUserAuthConverter);
}
}

47
login-oauth2-client/src/main/java/ink/wgink/login/oauth2/client/converter/OAuth2ClientUserAuthConverter.java Normal file
View File

@ -0,0 +1,47 @@
package ink.wgink.login.oauth2.client.converter;
import ink.wgink.pojo.bos.UserInfoBO;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.oauth2.provider.token.UserAuthenticationConverter;
import java.util.*;
/**
* @ClassName: UserAuthConverter
* @Description: 重写用户认证
* @Author: WangGeng
* @Date: 2019/2/27 4:57 PM
* @Version: 1.0
**/
public class OAuth2ClientUserAuthConverter implements UserAuthenticationConverter {
private static final Logger LOG = LoggerFactory.getLogger(OAuth2ClientUserAuthConverter.class);
public OAuth2ClientUserAuthConverter() {
}
@Override
public Map<String, ?> convertUserAuthentication(Authentication authentication) {
return new LinkedHashMap();
}
@Override
public Authentication extractAuthentication(Map<String, ?> map) {
// 解析客户端的权限请求
Object principal = map.get("user_name");
if (!Objects.isNull(principal)) {
Collection<GrantedAuthority> authorities = new ArrayList<>();
// 包含用户信息则直接抽取其中的用户信息
UserInfoBO userInfoBO = (UserInfoBO) map.get("user_info");
principal = userInfoBO;
LOG.debug("获取用户权限");
return new UsernamePasswordAuthenticationToken(principal, "N/A", authorities);
}
return null;
}
}

28
login-oauth2-client/src/main/java/ink/wgink/login/oauth2/client/service/rbac/IOAuth2ClientRbacService.java Normal file
View File

@ -0,0 +1,28 @@
package ink.wgink.login.oauth2.client.service.rbac;
import org.springframework.security.core.Authentication;
import javax.servlet.http.HttpServletRequest;
/**
* When you feel like quitting. Think about why you started
* 当你想要放弃的时候想想当初你为何开始
*
* @ClassName: IClientRbacService
* @Description: 客户端RBAC权限校验
* @Author: WangGeng
* @Date: 2019/11/11 3:27 下午
* @Version: 1.0
**/
public interface IOAuth2ClientRbacService {
/**
* 权限校验
*
* @param request
* @param authentication
* @return
*/
boolean hasPermission(HttpServletRequest request, Authentication authentication);
}

34
login-oauth2-client/src/main/java/ink/wgink/login/oauth2/client/service/rbac/impl/OAuth2ClientRbacServiceImpl.java Normal file
View File

@ -0,0 +1,34 @@
package ink.wgink.login.oauth2.client.service.rbac.impl;
import ink.wgink.login.oauth2.client.service.rbac.IOAuth2ClientRbacService;
import org.apache.commons.lang3.StringUtils;
import org.springframework.security.core.Authentication;
import org.springframework.stereotype.Component;
import javax.servlet.http.HttpServletRequest;
import java.util.Objects;
/**
* When you feel like quitting. Think about why you started
* 当你想要放弃的时候想想当初你为何开始
*
* @ClassName: ClientRbacServiceImpl
* @Description: 客户端RBAC权限校验
* @Author: WangGeng
* @Date: 2019/11/11 3:27 下午
* @Version: 1.0
**/
@Component("clientRbacService")
public class OAuth2ClientRbacServiceImpl implements IOAuth2ClientRbacService {
@Override
public boolean hasPermission(HttpServletRequest request, Authentication authentication) {
boolean hasPermission = false;
Object principal = authentication.getPrincipal();
if (Objects.isNull(principal) || StringUtils.equals("anonymousUser", principal.toString())) {
return false;
}
return true;
}
}

18
login-oauth2-server/pom.xml
View File

@ -23,6 +23,10 @@
<artifactId>service-menu</artifactId> <artifactId>service-menu</artifactId>
<version>1.0-SNAPSHOT</version> <version>1.0-SNAPSHOT</version>
</dependency> </dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
</dependency>
<dependency> <dependency>
<groupId>org.springframework.security</groupId> <groupId>org.springframework.security</groupId>
<artifactId>spring-security-jwt</artifactId> <artifactId>spring-security-jwt</artifactId>
@ -32,6 +36,20 @@
<groupId>org.springframework.security.oauth.boot</groupId> <groupId>org.springframework.security.oauth.boot</groupId>
<artifactId>spring-security-oauth2-autoconfigure</artifactId> <artifactId>spring-security-oauth2-autoconfigure</artifactId>
<version>2.0.0.RELEASE</version> <version>2.0.0.RELEASE</version>
<exclusions>
<exclusion>
<groupId>org.springframework</groupId>
<artifactId>spring-core</artifactId>
</exclusion>
<exclusion>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot</artifactId>
</exclusion>
<exclusion>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
</exclusion>
</exclusions>
</dependency> </dependency>
</dependencies> </dependencies>

14
login-oauth2-server/src/main/java/ink/wgink/login/oauth2/server/config/OAuth2AuthorizationServerConfig.java
View File

@ -2,8 +2,8 @@ package ink.wgink.login.oauth2.server.config;
import ink.wgink.login.base.service.user.UserDetailServiceImpl; import ink.wgink.login.base.service.user.UserDetailServiceImpl;
import ink.wgink.login.oauth2.server.converter.UserAccessTokenConverter; import ink.wgink.login.oauth2.server.converter.UserAccessTokenConverter;
import ink.wgink.login.oauth2.server.service.impl.OauthClientDetailsServiceImpl; import ink.wgink.login.oauth2.server.service.impl.Oauth2ClientDetailsServiceImpl;
import ink.wgink.login.oauth2.server.service.impl.OauthClientTokenServiceImpl; import ink.wgink.login.oauth2.server.service.impl.Oauth2ClientTokenServiceImpl;
import ink.wgink.service.user.service.IUserService; import ink.wgink.service.user.service.IUserService;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Bean;
@ -47,16 +47,15 @@ import java.util.List;
@EnableAuthorizationServer @EnableAuthorizationServer
public class OAuth2AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter { public class OAuth2AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {
@Autowired
private AuthenticationManager authenticationManager;
@Autowired @Autowired
private UserDetailServiceImpl userDetailService; private UserDetailServiceImpl userDetailService;
@Autowired @Autowired
private IUserService userService; private IUserService userService;
@Autowired @Autowired
private OauthClientDetailsServiceImpl oAuth2ClientDetailsService; private Oauth2ClientDetailsServiceImpl oAuth2ClientDetailsService;
@Autowired @Autowired
private OauthClientTokenServiceImpl oAuth2ClientTokenService; private Oauth2ClientTokenServiceImpl oAuth2ClientTokenService;
private AuthenticationManager authenticationManager;
@Override @Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception { public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
@ -99,7 +98,7 @@ public class OAuth2AuthorizationServerConfig extends AuthorizationServerConfigur
// 添加自定义的认证机制用来将自定义登陆后客户端拿到的信息 // 添加自定义的认证机制用来将自定义登陆后客户端拿到的信息
JwtAccessTokenConverter jwtAccessTokenConverter = new JwtAccessTokenConverter(); JwtAccessTokenConverter jwtAccessTokenConverter = new JwtAccessTokenConverter();
jwtAccessTokenConverter.setAccessTokenConverter(new UserAccessTokenConverter(userService)); jwtAccessTokenConverter.setAccessTokenConverter(new UserAccessTokenConverter(userService));
jwtAccessTokenConverter.setSigningKey("wgink"); jwtAccessTokenConverter.setSigningKey("WGINK");
return jwtAccessTokenConverter; return jwtAccessTokenConverter;
} }
@ -153,4 +152,5 @@ public class OAuth2AuthorizationServerConfig extends AuthorizationServerConfigur
return tokenStoreUserApprovalHandler; return tokenStoreUserApprovalHandler;
} }
} }

33
login-oauth2-server/src/main/java/ink/wgink/login/oauth2/server/config/OAuth2ResourceServerConfig.java Normal file
View File

@ -0,0 +1,33 @@
package ink.wgink.login.oauth2.server.config;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
/**
* @ClassName: ResourceConfig
* @Description: 资源服务器
* @Author: WangGeng
* @Date: 2019/2/27 11:33 AM
* @Version: 1.0
**/
@Configuration
@EnableResourceServer
public class OAuth2ResourceServerConfig extends ResourceServerConfigurerAdapter {
@Override
public void configure(HttpSecurity http) throws Exception {
http
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
.and()
.requestMatchers()
.antMatchers("/resource/**")
.and()
.authorizeRequests()
.antMatchers("/resource/**")
.authenticated();
}
}

61
login-oauth2-server/src/main/java/ink/wgink/login/oauth2/server/converter/UserAuthConverter.java
View File

@ -1,10 +1,7 @@
package ink.wgink.login.oauth2.server.converter; package ink.wgink.login.oauth2.server.converter;
import ink.wgink.interfaces.consts.ISystemConstant;
import ink.wgink.interfaces.role.IRoleBaseService;
import ink.wgink.pojo.bos.LoginUser; import ink.wgink.pojo.bos.LoginUser;
import ink.wgink.pojo.bos.UserInfoBO; import ink.wgink.pojo.bos.UserInfoBO;
import ink.wgink.pojo.dtos.user.UserAttrInfoDTO;
import ink.wgink.service.user.service.IUserService; import ink.wgink.service.user.service.IUserService;
import org.slf4j.Logger; import org.slf4j.Logger;
import org.slf4j.LoggerFactory; import org.slf4j.LoggerFactory;
@ -37,19 +34,19 @@ public class UserAuthConverter implements UserAuthenticationConverter {
// 删除token中的权限信息通过客户端请求获取减少accessToken长度 // 删除token中的权限信息通过客户端请求获取减少accessToken长度
LoginUser loginUser = (LoginUser) authentication.getPrincipal(); LoginUser loginUser = (LoginUser) authentication.getPrincipal();
// 传递登录用户 // 传递登录用户
Map<String, Object> userInfo = new HashMap<>(4); UserInfoBO userInfoBO = new UserInfoBO();
userInfo.put("userId", loginUser.getUserId()); userInfoBO.setUserId(loginUser.getUserId());
userInfo.put("username", loginUser.getUsername()); userInfoBO.setUserUsername(loginUser.getUsername());
userInfo.put("userName", loginUser.getUserName()); userInfoBO.setUserName(loginUser.getUserName());
userInfo.put("userPhone", loginUser.getUserPhone()); userInfoBO.setUserPhone(loginUser.getUserPhone());
userInfo.put("userAvatar", loginUser.getUserAvatar()); userInfoBO.setUserAvatar(loginUser.getUserAvatar());
userInfo.put("userEmail", loginUser.getUserEmail()); userInfoBO.setUserEmail(loginUser.getUserEmail());
userInfo.put("roles", loginUser.getRoles()); userInfoBO.setRoles(loginUser.getRoles());
userInfo.put("departments", loginUser.getDepartments()); userInfoBO.setDepartments(loginUser.getDepartments());
userInfo.put("groups", loginUser.getGroups()); userInfoBO.setGroups(loginUser.getGroups());
userInfo.put("getPositions", loginUser.getPositions()); userInfoBO.setPositions(loginUser.getPositions());
userInfo.put("expandData", loginUser.getExpandData()); userInfoBO.setExpandData(loginUser.getExpandData());
response.put("user_info", userInfo); response.put("user_info", userInfoBO);
return response; return response;
} }
@ -58,40 +55,14 @@ public class UserAuthConverter implements UserAuthenticationConverter {
// 解析客户端的权限请求 // 解析客户端的权限请求
Object principal = map.get("user_name"); Object principal = map.get("user_name");
if (!Objects.isNull(principal)) { if (!Objects.isNull(principal)) {
Collection<GrantedAuthority> authorities; Collection<GrantedAuthority> authorities = new ArrayList<>();
String userName = principal.toString();
// 包含用户信息则直接抽取其中的用户信息 // 包含用户信息则直接抽取其中的用户信息
Map<?, ?> userInfo = (Map<String, Object>) map.get("user_info"); UserInfoBO userInfoBO = (UserInfoBO) map.get("user_info");
UserInfoBO userInfoBO = new UserInfoBO();
userInfoBO.setUserId(userInfo.get("userId").toString());
userInfoBO.setUserUsername(userInfo.get("username").toString());
userInfoBO.setUserName(userInfo.get("userName").toString());
userInfoBO.setUserPhone(userInfo.get("userPhone") == null ? "" : userInfo.get("userPhone").toString());
userInfoBO.setUserAvatar(userInfo.get("userAvatar") == null ? "" : userInfo.get("userAvatar").toString());
userInfoBO.setUserEmail(userInfo.get("userEmail") == null ? "" : userInfo.get("userEmail").toString());
userInfoBO.
if (ISystemConstant.ADMIN.equals(userName)) {
} else {
UserAttrInfoDTO userAttrInfoDTO = userService.getUserAttrInfoByUserId(userInfoBO.getUserId());
userInfoBO.setDepartments(userAttrInfoDTO.getDepartments());
userInfoBO.setRoles(userAttrInfoDTO.getRoles());
userInfoBO.setGroups(userAttrInfoDTO.getGroups());
userInfoBO.setPositions(userAttrInfoDTO.getPositions());
userInfoBO.setDataAuthority(userAttrInfoDTO.getDataAuthority());
userInfoBO.setDataAuthorityUserIds(userAttrInfoDTO.getDataAuthorityUserIds());
userInfoBO.setBaseDepartmentIds(userAttrInfoDTO.getBaseDepartmentIds());
// 设置权限
authorities = getAuthorities(userAttrInfoDTO.getRoles());
}
principal = userInfoBO; principal = userInfoBO;
LOG.debug("获取用户权限"); LOG.debug("获取用户权限");
return new UsernamePasswordAuthenticationToken(principal, "N/A", authorities); return new UsernamePasswordAuthenticationToken(principal, "N/A", authorities);
} else {
return null;
} }
return null;
} }
public IUserService getUserService() { public IUserService getUserService() {

4
login-oauth2-server/src/main/java/ink/wgink/login/oauth2/server/service/impl/OauthClientDetailsServiceImpl.java → login-oauth2-server/src/main/java/ink/wgink/login/oauth2/server/service/impl/Oauth2ClientDetailsServiceImpl.java
View File

@ -35,8 +35,8 @@ import java.util.Set;
**/ **/
@Primary @Primary
@Component @Component
public class OauthClientDetailsServiceImpl implements ClientDetailsService { public class Oauth2ClientDetailsServiceImpl implements ClientDetailsService {
private static final Logger LOG = LoggerFactory.getLogger(OauthClientDetailsServiceImpl.class); private static final Logger LOG = LoggerFactory.getLogger(Oauth2ClientDetailsServiceImpl.class);
@Autowired @Autowired
private IOAuth2ClientService oAuth2ClientService; private IOAuth2ClientService oAuth2ClientService;

5
login-oauth2-server/src/main/java/ink/wgink/login/oauth2/server/service/impl/OauthClientTokenServiceImpl.java → login-oauth2-server/src/main/java/ink/wgink/login/oauth2/server/service/impl/Oauth2ClientTokenServiceImpl.java
View File

@ -32,7 +32,7 @@ import java.util.UUID;
* @Version: 1.0 * @Version: 1.0
**/ **/
@Component @Component
public class OauthClientTokenServiceImpl implements AuthorizationServerTokenServices, ResourceServerTokenServices, ConsumerTokenServices, InitializingBean { public class Oauth2ClientTokenServiceImpl implements AuthorizationServerTokenServices, ResourceServerTokenServices, ConsumerTokenServices, InitializingBean {
private int refreshTokenValiditySeconds = 7200; private int refreshTokenValiditySeconds = 7200;
private int accessTokenValiditySeconds = 7200; private int accessTokenValiditySeconds = 7200;
@ -44,10 +44,9 @@ public class OauthClientTokenServiceImpl implements AuthorizationServerTokenServ
private ClientDetailsService clientDetailsService; private ClientDetailsService clientDetailsService;
@Resource(name = "jwtAccessTokenConverter") @Resource(name = "jwtAccessTokenConverter")
private TokenEnhancer accessTokenEnhancer; private TokenEnhancer accessTokenEnhancer;
@Autowired
private AuthenticationManager authenticationManager; private AuthenticationManager authenticationManager;
public OauthClientTokenServiceImpl() { public Oauth2ClientTokenServiceImpl() {
} }
@Override @Override

6
pom.xml
View File

@ -38,6 +38,7 @@
<module>module-map</module> <module>module-map</module>
<module>module-activiti</module> <module>module-activiti</module>
<module>module-instant-message</module> <module>module-instant-message</module>
<module>login-oauth2-client</module>
</modules> </modules>
<packaging>pom</packaging> <packaging>pom</packaging>
@ -142,6 +143,11 @@
<artifactId>spring-security-config</artifactId> <artifactId>spring-security-config</artifactId>
<version>${spring-security.version}</version> <version>${spring-security.version}</version>
</dependency> </dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>${spring-security.version}</version>
</dependency>
<dependency> <dependency>
<groupId>org.springframework.security</groupId> <groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId> <artifactId>spring-security-web</artifactId>