From b90b466d8f37f85214f77c1ec6fab167facfb87b Mon Sep 17 00:00:00 2001 From: kdyzm Date: Thu, 7 Jan 2021 01:02:18 +0800 Subject: [PATCH] =?UTF-8?q?=E6=95=B4=E5=90=88oauth2.0=EF=BC=8Ccode?= =?UTF-8?q?=E6=A8=A1=E5=BC=8F=E9=AA=8C=E8=AF=81=E6=88=90=E5=8A=9F?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- auth-center/pom.xml | 25 ++++++ .../center/config/AuthorizationServer.java | 86 +++++++++++++++++++ .../auth/center/config/MybatisPlusConfig.java | 13 +++ .../auth/center/config/TokenConfig.java | 18 ++++ .../auth/center/config/WebSecurityConfig.java | 44 ++++++++++ .../security/auth/center/entity/TUser.java | 22 +++++ .../auth/center/mapper/UserMapper.java | 20 +++++ .../service/MyUserDetailsServiceImpl.java | 49 +++++++++++ .../src/main/resources/application.yml | 7 +- .../security/auth/center/db/DBTest.java | 27 ++++++ 10 files changed, 310 insertions(+), 1 deletion(-) create mode 100644 auth-center/src/main/java/com/kdyzm/spring/security/auth/center/config/AuthorizationServer.java create mode 100644 auth-center/src/main/java/com/kdyzm/spring/security/auth/center/config/MybatisPlusConfig.java create mode 100644 auth-center/src/main/java/com/kdyzm/spring/security/auth/center/config/TokenConfig.java create mode 100644 auth-center/src/main/java/com/kdyzm/spring/security/auth/center/config/WebSecurityConfig.java create mode 100644 auth-center/src/main/java/com/kdyzm/spring/security/auth/center/entity/TUser.java create mode 100644 auth-center/src/main/java/com/kdyzm/spring/security/auth/center/mapper/UserMapper.java create mode 100644 auth-center/src/main/java/com/kdyzm/spring/security/auth/center/service/MyUserDetailsServiceImpl.java create mode 100644 auth-center/src/test/java/com/kdyzm/spring/security/auth/center/db/DBTest.java diff --git a/auth-center/pom.xml b/auth-center/pom.xml index 886b3e2..f1be96d 100644 --- a/auth-center/pom.xml +++ b/auth-center/pom.xml @@ -36,6 +36,31 @@ org.projectlombok lombok + + + + org.springframework.boot + spring-boot-starter + + + org.springframework.boot + spring-boot-starter-test + test + + + org.mybatis.spring.boot + mybatis-spring-boot-starter + 2.1.3 + + + com.baomidou + mybatis-plus-boot-starter + 3.4.1 + + + mysql + mysql-connector-java + \ No newline at end of file diff --git a/auth-center/src/main/java/com/kdyzm/spring/security/auth/center/config/AuthorizationServer.java b/auth-center/src/main/java/com/kdyzm/spring/security/auth/center/config/AuthorizationServer.java new file mode 100644 index 0000000..bd4c97f --- /dev/null +++ b/auth-center/src/main/java/com/kdyzm/spring/security/auth/center/config/AuthorizationServer.java @@ -0,0 +1,86 @@ +package com.kdyzm.spring.security.auth.center.config; + +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; +import org.springframework.http.HttpMethod; +import org.springframework.security.authentication.AuthenticationManager; +import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; +import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer; +import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter; +import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer; +import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer; +import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer; +import org.springframework.security.oauth2.provider.ClientDetailsService; +import org.springframework.security.oauth2.provider.code.AuthorizationCodeServices; +import org.springframework.security.oauth2.provider.code.InMemoryAuthorizationCodeServices; +import org.springframework.security.oauth2.provider.token.AuthorizationServerTokenServices; +import org.springframework.security.oauth2.provider.token.DefaultTokenServices; +import org.springframework.security.oauth2.provider.token.TokenStore; + +/** + * @author kdyzm + */ +@Configuration +@EnableAuthorizationServer +public class AuthorizationServer extends AuthorizationServerConfigurerAdapter { + + @Autowired + private TokenStore tokenStore; + + @Autowired + private ClientDetailsService clientDetailsService; + + @Autowired + private AuthorizationCodeServices authorizationCodeServices; + + @Autowired + private AuthenticationManager authenticationManager; + + @Bean + public AuthorizationServerTokenServices tokenServices(){ + DefaultTokenServices services = new DefaultTokenServices(); + services.setClientDetailsService(clientDetailsService); + services.setSupportRefreshToken(true); + services.setTokenStore(tokenStore); + services.setAccessTokenValiditySeconds(7200); + services.setRefreshTokenValiditySeconds(259200); + return services; + } + + @Bean + public AuthorizationCodeServices authorizationCodeServices(){ + return new InMemoryAuthorizationCodeServices(); + } + + @Override + public void configure(ClientDetailsServiceConfigurer clients) throws Exception { + clients.inMemory() + .withClient("c1") + .secret(new BCryptPasswordEncoder().encode("secret"))//$2a$10$0uhIO.ADUFv7OQ/kuwsC1.o3JYvnevt5y3qX/ji0AUXs4KYGio3q6 + .resourceIds("r1") + .authorizedGrantTypes("authorization_code", "password", "client_credentials", "implicit", "refresh_token") + .scopes("all") + .autoApprove(false) + .redirectUris("https://www.baidu.com"); + } + + @Override + public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception { + endpoints + .authenticationManager(authenticationManager) + .authorizationCodeServices(authorizationCodeServices) + .tokenServices(tokenServices()) + .allowedTokenEndpointRequestMethods(HttpMethod.POST); + } + + @Override + public void configure(AuthorizationServerSecurityConfigurer security) throws Exception { + security + .tokenKeyAccess("permitAll()") + .checkTokenAccess("permitAll()") + .allowFormAuthenticationForClients(); + } + + +} diff --git a/auth-center/src/main/java/com/kdyzm/spring/security/auth/center/config/MybatisPlusConfig.java b/auth-center/src/main/java/com/kdyzm/spring/security/auth/center/config/MybatisPlusConfig.java new file mode 100644 index 0000000..52b5c0c --- /dev/null +++ b/auth-center/src/main/java/com/kdyzm/spring/security/auth/center/config/MybatisPlusConfig.java @@ -0,0 +1,13 @@ +package com.kdyzm.spring.security.auth.center.config; + +import org.mybatis.spring.annotation.MapperScan; +import org.springframework.context.annotation.Configuration; + +/** + * @author kdyzm + */ +@Configuration +@MapperScan("com.kdyzm.spring.security.auth.center.mapper") +public class MybatisPlusConfig { + +} diff --git a/auth-center/src/main/java/com/kdyzm/spring/security/auth/center/config/TokenConfig.java b/auth-center/src/main/java/com/kdyzm/spring/security/auth/center/config/TokenConfig.java new file mode 100644 index 0000000..0f3b177 --- /dev/null +++ b/auth-center/src/main/java/com/kdyzm/spring/security/auth/center/config/TokenConfig.java @@ -0,0 +1,18 @@ +package com.kdyzm.spring.security.auth.center.config; + +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; +import org.springframework.security.oauth2.provider.token.TokenStore; +import org.springframework.security.oauth2.provider.token.store.InMemoryTokenStore; + +/** + * @author kdyzm + */ +@Configuration +public class TokenConfig { + + @Bean + public TokenStore tokenStore() { + return new InMemoryTokenStore(); + } +} diff --git a/auth-center/src/main/java/com/kdyzm/spring/security/auth/center/config/WebSecurityConfig.java b/auth-center/src/main/java/com/kdyzm/spring/security/auth/center/config/WebSecurityConfig.java new file mode 100644 index 0000000..cccd607 --- /dev/null +++ b/auth-center/src/main/java/com/kdyzm/spring/security/auth/center/config/WebSecurityConfig.java @@ -0,0 +1,44 @@ +package com.kdyzm.spring.security.auth.center.config; + +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; +import org.springframework.security.authentication.AuthenticationManager; +import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity; +import org.springframework.security.config.annotation.web.builders.HttpSecurity; +import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; +import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; +import org.springframework.security.crypto.password.PasswordEncoder; + +/** + * @author Administrator + * @version 1.0 + **/ +@Configuration +@EnableGlobalMethodSecurity(securedEnabled = true,prePostEnabled = true) +public class WebSecurityConfig extends WebSecurityConfigurerAdapter { + + //认证管理器 + @Bean + public AuthenticationManager authenticationManagerBean() throws Exception { + return super.authenticationManagerBean(); + } + //密码编码器 + @Bean + public PasswordEncoder passwordEncoder() { + return new BCryptPasswordEncoder(); + } + + //安全拦截机制(最重要) + @Override + protected void configure(HttpSecurity http) throws Exception { + http.csrf().disable() + .authorizeRequests() + .antMatchers("/r/r1").hasAnyAuthority("p1") + .antMatchers("/login*").permitAll() + .anyRequest().authenticated() + .and() + .formLogin() + ; + + } +} diff --git a/auth-center/src/main/java/com/kdyzm/spring/security/auth/center/entity/TUser.java b/auth-center/src/main/java/com/kdyzm/spring/security/auth/center/entity/TUser.java new file mode 100644 index 0000000..5a21f60 --- /dev/null +++ b/auth-center/src/main/java/com/kdyzm/spring/security/auth/center/entity/TUser.java @@ -0,0 +1,22 @@ +package com.kdyzm.spring.security.auth.center.entity; + +import com.baomidou.mybatisplus.annotation.TableName; +import lombok.Data; + +/** + * @author kdyzm + */ +@Data +@TableName("t_user") +public class TUser { + + private Integer id; + + private String username; + + private String password; + + private String fullname; + + private String mobile; +} diff --git a/auth-center/src/main/java/com/kdyzm/spring/security/auth/center/mapper/UserMapper.java b/auth-center/src/main/java/com/kdyzm/spring/security/auth/center/mapper/UserMapper.java new file mode 100644 index 0000000..14309bb --- /dev/null +++ b/auth-center/src/main/java/com/kdyzm/spring/security/auth/center/mapper/UserMapper.java @@ -0,0 +1,20 @@ +package com.kdyzm.spring.security.auth.center.mapper; + +import com.baomidou.mybatisplus.core.mapper.BaseMapper; +import com.kdyzm.spring.security.auth.center.entity.TUser; +import org.apache.ibatis.annotations.Param; +import org.apache.ibatis.annotations.Select; + +import java.util.List; + +/** + * @author kdyzm + */ +public interface UserMapper extends BaseMapper { + + @Select("SELECT DISTINCT tp.`code` FROM `t_user_role` tur \n" + + "INNER JOIN `t_role_permission` trp ON tur.`role_id` = trp.`role_id`\n" + + "INNER JOIN `t_permission` tp ON trp.`permission_id` = tp.`id`\n" + + "WHERE tur.`user_id` = #{userId};") + List findAllPermissions(@Param("userId") Integer userId); +} diff --git a/auth-center/src/main/java/com/kdyzm/spring/security/auth/center/service/MyUserDetailsServiceImpl.java b/auth-center/src/main/java/com/kdyzm/spring/security/auth/center/service/MyUserDetailsServiceImpl.java new file mode 100644 index 0000000..2560c07 --- /dev/null +++ b/auth-center/src/main/java/com/kdyzm/spring/security/auth/center/service/MyUserDetailsServiceImpl.java @@ -0,0 +1,49 @@ +package com.kdyzm.spring.security.auth.center.service; + +import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper; +import com.kdyzm.spring.security.auth.center.entity.TUser; +import com.kdyzm.spring.security.auth.center.mapper.UserMapper; +import lombok.extern.slf4j.Slf4j; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.security.core.userdetails.User; +import org.springframework.security.core.userdetails.UserDetails; +import org.springframework.security.core.userdetails.UserDetailsService; +import org.springframework.security.core.userdetails.UsernameNotFoundException; +import org.springframework.stereotype.Service; +import org.springframework.util.CollectionUtils; + +import java.util.List; +import java.util.Objects; + +/** + * @author kdyzm + */ +@Service +@Slf4j +public class MyUserDetailsServiceImpl implements UserDetailsService { + + @Autowired + private UserMapper userMapper; + + @Override + public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException { + + TUser tUser = userMapper.selectOne(new LambdaQueryWrapper().eq(TUser::getUsername, username)); + if (Objects.isNull(tUser)) { + throw new UsernameNotFoundException(username + "账号不存在"); + } + List allPermissions = userMapper.findAllPermissions(tUser.getId()); + String[] array = null; + if (CollectionUtils.isEmpty(allPermissions)) { + log.warn("{} 无任何权限", tUser.getUsername()); + array = new String[]{}; + } else { + array = new String[allPermissions.size()]; + allPermissions.toArray(array); + } + return User + .withUsername(tUser.getUsername()) + .password(tUser.getPassword()) + .authorities(array).build(); + } +} diff --git a/auth-center/src/main/resources/application.yml b/auth-center/src/main/resources/application.yml index c8cb569..d2112a6 100644 --- a/auth-center/src/main/resources/application.yml +++ b/auth-center/src/main/resources/application.yml @@ -2,4 +2,9 @@ server: port: 30000 spring: application: - name: auth-center \ No newline at end of file + name: auth-center + datasource: + url: jdbc:mysql://${db}/security?useSSL=false&userUnicode=true&characterEncoding=utf-8&serverTimezone=UTC + username: root + password: ${db_password} + driver-class-name: com.mysql.jdbc.Driver diff --git a/auth-center/src/test/java/com/kdyzm/spring/security/auth/center/db/DBTest.java b/auth-center/src/test/java/com/kdyzm/spring/security/auth/center/db/DBTest.java new file mode 100644 index 0000000..b60a455 --- /dev/null +++ b/auth-center/src/test/java/com/kdyzm/spring/security/auth/center/db/DBTest.java @@ -0,0 +1,27 @@ +package com.kdyzm.spring.security.auth.center.db; + +import com.kdyzm.spring.security.auth.center.mapper.UserMapper; +import lombok.extern.slf4j.Slf4j; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.boot.test.context.SpringBootTest; +import org.springframework.test.context.junit4.SpringRunner; + +/** + * @author kdyzm + */ +@RunWith(SpringRunner.class) +@SpringBootTest +@Slf4j +public class DBTest { + + @Autowired + private UserMapper userMapper; + + @Test + public void testSelect() { + log.info(("----- selectAll method test ------")); + userMapper.selectList(null); + } +} -- Gitee