diff --git a/auth-center/pom.xml b/auth-center/pom.xml
index 886b3e28124ab78931ae9ee59e0b28834459425b..f1be96df9a528ea9f5cc460bd2086d09e0019867 100644
--- a/auth-center/pom.xml
+++ b/auth-center/pom.xml
@@ -36,6 +36,31 @@
org.projectlombok
lombok
+
+
+
+ org.springframework.boot
+ spring-boot-starter
+
+
+ org.springframework.boot
+ spring-boot-starter-test
+ test
+
+
+ org.mybatis.spring.boot
+ mybatis-spring-boot-starter
+ 2.1.3
+
+
+ com.baomidou
+ mybatis-plus-boot-starter
+ 3.4.1
+
+
+ mysql
+ mysql-connector-java
+
\ No newline at end of file
diff --git a/auth-center/src/main/java/com/kdyzm/spring/security/auth/center/config/AuthorizationServer.java b/auth-center/src/main/java/com/kdyzm/spring/security/auth/center/config/AuthorizationServer.java
new file mode 100644
index 0000000000000000000000000000000000000000..bd4c97fbfe0493c54c7d823b9db8979722487ca1
--- /dev/null
+++ b/auth-center/src/main/java/com/kdyzm/spring/security/auth/center/config/AuthorizationServer.java
@@ -0,0 +1,86 @@
+package com.kdyzm.spring.security.auth.center.config;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.http.HttpMethod;
+import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
+import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
+import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
+import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
+import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;
+import org.springframework.security.oauth2.provider.ClientDetailsService;
+import org.springframework.security.oauth2.provider.code.AuthorizationCodeServices;
+import org.springframework.security.oauth2.provider.code.InMemoryAuthorizationCodeServices;
+import org.springframework.security.oauth2.provider.token.AuthorizationServerTokenServices;
+import org.springframework.security.oauth2.provider.token.DefaultTokenServices;
+import org.springframework.security.oauth2.provider.token.TokenStore;
+
+/**
+ * @author kdyzm
+ */
+@Configuration
+@EnableAuthorizationServer
+public class AuthorizationServer extends AuthorizationServerConfigurerAdapter {
+
+ @Autowired
+ private TokenStore tokenStore;
+
+ @Autowired
+ private ClientDetailsService clientDetailsService;
+
+ @Autowired
+ private AuthorizationCodeServices authorizationCodeServices;
+
+ @Autowired
+ private AuthenticationManager authenticationManager;
+
+ @Bean
+ public AuthorizationServerTokenServices tokenServices(){
+ DefaultTokenServices services = new DefaultTokenServices();
+ services.setClientDetailsService(clientDetailsService);
+ services.setSupportRefreshToken(true);
+ services.setTokenStore(tokenStore);
+ services.setAccessTokenValiditySeconds(7200);
+ services.setRefreshTokenValiditySeconds(259200);
+ return services;
+ }
+
+ @Bean
+ public AuthorizationCodeServices authorizationCodeServices(){
+ return new InMemoryAuthorizationCodeServices();
+ }
+
+ @Override
+ public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
+ clients.inMemory()
+ .withClient("c1")
+ .secret(new BCryptPasswordEncoder().encode("secret"))//$2a$10$0uhIO.ADUFv7OQ/kuwsC1.o3JYvnevt5y3qX/ji0AUXs4KYGio3q6
+ .resourceIds("r1")
+ .authorizedGrantTypes("authorization_code", "password", "client_credentials", "implicit", "refresh_token")
+ .scopes("all")
+ .autoApprove(false)
+ .redirectUris("https://www.baidu.com");
+ }
+
+ @Override
+ public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
+ endpoints
+ .authenticationManager(authenticationManager)
+ .authorizationCodeServices(authorizationCodeServices)
+ .tokenServices(tokenServices())
+ .allowedTokenEndpointRequestMethods(HttpMethod.POST);
+ }
+
+ @Override
+ public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
+ security
+ .tokenKeyAccess("permitAll()")
+ .checkTokenAccess("permitAll()")
+ .allowFormAuthenticationForClients();
+ }
+
+
+}
diff --git a/auth-center/src/main/java/com/kdyzm/spring/security/auth/center/config/MybatisPlusConfig.java b/auth-center/src/main/java/com/kdyzm/spring/security/auth/center/config/MybatisPlusConfig.java
new file mode 100644
index 0000000000000000000000000000000000000000..52b5c0cf2d5b9cd7dec39ab3e945578d2b3a3a5e
--- /dev/null
+++ b/auth-center/src/main/java/com/kdyzm/spring/security/auth/center/config/MybatisPlusConfig.java
@@ -0,0 +1,13 @@
+package com.kdyzm.spring.security.auth.center.config;
+
+import org.mybatis.spring.annotation.MapperScan;
+import org.springframework.context.annotation.Configuration;
+
+/**
+ * @author kdyzm
+ */
+@Configuration
+@MapperScan("com.kdyzm.spring.security.auth.center.mapper")
+public class MybatisPlusConfig {
+
+}
diff --git a/auth-center/src/main/java/com/kdyzm/spring/security/auth/center/config/TokenConfig.java b/auth-center/src/main/java/com/kdyzm/spring/security/auth/center/config/TokenConfig.java
new file mode 100644
index 0000000000000000000000000000000000000000..0f3b1775eab5927b38f6d06cf36a3d2e0c8b4628
--- /dev/null
+++ b/auth-center/src/main/java/com/kdyzm/spring/security/auth/center/config/TokenConfig.java
@@ -0,0 +1,18 @@
+package com.kdyzm.spring.security.auth.center.config;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.oauth2.provider.token.TokenStore;
+import org.springframework.security.oauth2.provider.token.store.InMemoryTokenStore;
+
+/**
+ * @author kdyzm
+ */
+@Configuration
+public class TokenConfig {
+
+ @Bean
+ public TokenStore tokenStore() {
+ return new InMemoryTokenStore();
+ }
+}
diff --git a/auth-center/src/main/java/com/kdyzm/spring/security/auth/center/config/WebSecurityConfig.java b/auth-center/src/main/java/com/kdyzm/spring/security/auth/center/config/WebSecurityConfig.java
new file mode 100644
index 0000000000000000000000000000000000000000..cccd607bad4cc0b33c524d5e13de5396b58429b3
--- /dev/null
+++ b/auth-center/src/main/java/com/kdyzm/spring/security/auth/center/config/WebSecurityConfig.java
@@ -0,0 +1,44 @@
+package com.kdyzm.spring.security.auth.center.config;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.crypto.password.PasswordEncoder;
+
+/**
+ * @author Administrator
+ * @version 1.0
+ **/
+@Configuration
+@EnableGlobalMethodSecurity(securedEnabled = true,prePostEnabled = true)
+public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
+
+ //认证管理器
+ @Bean
+ public AuthenticationManager authenticationManagerBean() throws Exception {
+ return super.authenticationManagerBean();
+ }
+ //密码编码器
+ @Bean
+ public PasswordEncoder passwordEncoder() {
+ return new BCryptPasswordEncoder();
+ }
+
+ //安全拦截机制(最重要)
+ @Override
+ protected void configure(HttpSecurity http) throws Exception {
+ http.csrf().disable()
+ .authorizeRequests()
+ .antMatchers("/r/r1").hasAnyAuthority("p1")
+ .antMatchers("/login*").permitAll()
+ .anyRequest().authenticated()
+ .and()
+ .formLogin()
+ ;
+
+ }
+}
diff --git a/auth-center/src/main/java/com/kdyzm/spring/security/auth/center/entity/TUser.java b/auth-center/src/main/java/com/kdyzm/spring/security/auth/center/entity/TUser.java
new file mode 100644
index 0000000000000000000000000000000000000000..5a21f60e8e4d3e403923176ec312daa31550f55e
--- /dev/null
+++ b/auth-center/src/main/java/com/kdyzm/spring/security/auth/center/entity/TUser.java
@@ -0,0 +1,22 @@
+package com.kdyzm.spring.security.auth.center.entity;
+
+import com.baomidou.mybatisplus.annotation.TableName;
+import lombok.Data;
+
+/**
+ * @author kdyzm
+ */
+@Data
+@TableName("t_user")
+public class TUser {
+
+ private Integer id;
+
+ private String username;
+
+ private String password;
+
+ private String fullname;
+
+ private String mobile;
+}
diff --git a/auth-center/src/main/java/com/kdyzm/spring/security/auth/center/mapper/UserMapper.java b/auth-center/src/main/java/com/kdyzm/spring/security/auth/center/mapper/UserMapper.java
new file mode 100644
index 0000000000000000000000000000000000000000..14309bbb2c1c623c5959dec26408528bead8054f
--- /dev/null
+++ b/auth-center/src/main/java/com/kdyzm/spring/security/auth/center/mapper/UserMapper.java
@@ -0,0 +1,20 @@
+package com.kdyzm.spring.security.auth.center.mapper;
+
+import com.baomidou.mybatisplus.core.mapper.BaseMapper;
+import com.kdyzm.spring.security.auth.center.entity.TUser;
+import org.apache.ibatis.annotations.Param;
+import org.apache.ibatis.annotations.Select;
+
+import java.util.List;
+
+/**
+ * @author kdyzm
+ */
+public interface UserMapper extends BaseMapper {
+
+ @Select("SELECT DISTINCT tp.`code` FROM `t_user_role` tur \n" +
+ "INNER JOIN `t_role_permission` trp ON tur.`role_id` = trp.`role_id`\n" +
+ "INNER JOIN `t_permission` tp ON trp.`permission_id` = tp.`id`\n" +
+ "WHERE tur.`user_id` = #{userId};")
+ List findAllPermissions(@Param("userId") Integer userId);
+}
diff --git a/auth-center/src/main/java/com/kdyzm/spring/security/auth/center/service/MyUserDetailsServiceImpl.java b/auth-center/src/main/java/com/kdyzm/spring/security/auth/center/service/MyUserDetailsServiceImpl.java
new file mode 100644
index 0000000000000000000000000000000000000000..2560c072a6399ca350a6d2939b7eca6da344aae3
--- /dev/null
+++ b/auth-center/src/main/java/com/kdyzm/spring/security/auth/center/service/MyUserDetailsServiceImpl.java
@@ -0,0 +1,49 @@
+package com.kdyzm.spring.security.auth.center.service;
+
+import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
+import com.kdyzm.spring.security.auth.center.entity.TUser;
+import com.kdyzm.spring.security.auth.center.mapper.UserMapper;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.core.userdetails.User;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.core.userdetails.UsernameNotFoundException;
+import org.springframework.stereotype.Service;
+import org.springframework.util.CollectionUtils;
+
+import java.util.List;
+import java.util.Objects;
+
+/**
+ * @author kdyzm
+ */
+@Service
+@Slf4j
+public class MyUserDetailsServiceImpl implements UserDetailsService {
+
+ @Autowired
+ private UserMapper userMapper;
+
+ @Override
+ public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
+
+ TUser tUser = userMapper.selectOne(new LambdaQueryWrapper().eq(TUser::getUsername, username));
+ if (Objects.isNull(tUser)) {
+ throw new UsernameNotFoundException(username + "账号不存在");
+ }
+ List allPermissions = userMapper.findAllPermissions(tUser.getId());
+ String[] array = null;
+ if (CollectionUtils.isEmpty(allPermissions)) {
+ log.warn("{} 无任何权限", tUser.getUsername());
+ array = new String[]{};
+ } else {
+ array = new String[allPermissions.size()];
+ allPermissions.toArray(array);
+ }
+ return User
+ .withUsername(tUser.getUsername())
+ .password(tUser.getPassword())
+ .authorities(array).build();
+ }
+}
diff --git a/auth-center/src/main/resources/application.yml b/auth-center/src/main/resources/application.yml
index c8cb5696f0d2063e12c5dbbb25c3b275a8065203..d2112a6de23611d2383aa0890766eb085af498ef 100644
--- a/auth-center/src/main/resources/application.yml
+++ b/auth-center/src/main/resources/application.yml
@@ -2,4 +2,9 @@ server:
port: 30000
spring:
application:
- name: auth-center
\ No newline at end of file
+ name: auth-center
+ datasource:
+ url: jdbc:mysql://${db}/security?useSSL=false&userUnicode=true&characterEncoding=utf-8&serverTimezone=UTC
+ username: root
+ password: ${db_password}
+ driver-class-name: com.mysql.jdbc.Driver
diff --git a/auth-center/src/test/java/com/kdyzm/spring/security/auth/center/db/DBTest.java b/auth-center/src/test/java/com/kdyzm/spring/security/auth/center/db/DBTest.java
new file mode 100644
index 0000000000000000000000000000000000000000..b60a455928db3cf9f0073a2b64018679d880bfb9
--- /dev/null
+++ b/auth-center/src/test/java/com/kdyzm/spring/security/auth/center/db/DBTest.java
@@ -0,0 +1,27 @@
+package com.kdyzm.spring.security.auth.center.db;
+
+import com.kdyzm.spring.security.auth.center.mapper.UserMapper;
+import lombok.extern.slf4j.Slf4j;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.test.context.junit4.SpringRunner;
+
+/**
+ * @author kdyzm
+ */
+@RunWith(SpringRunner.class)
+@SpringBootTest
+@Slf4j
+public class DBTest {
+
+ @Autowired
+ private UserMapper userMapper;
+
+ @Test
+ public void testSelect() {
+ log.info(("----- selectAll method test ------"));
+ userMapper.selectList(null);
+ }
+}