配置文件 放置 Nacos 配置中心

权限管理完善！

.gitignore

@@ -39,4 +39,5 @@ target
 
 ### resource ###
 data/
-logs/
\ No newline at end of file
+logs/
+*.log
\ No newline at end of file

common/service_base/pom.xml

@@ -17,6 +17,11 @@
             <artifactId>tool_utils</artifactId>
             <version>1.0.0</version>
         </dependency>
+        <!-- JWT-->
+        <dependency>
+            <groupId>io.jsonwebtoken</groupId>
+            <artifactId>jjwt</artifactId>
+        </dependency>
 
         <dependency>
             <groupId>org.springframework.boot</groupId>

common/service_base/src/main/java/com/zy/servicebase/config/SwaggerConfig.java

@@ -25,7 +25,7 @@ public class SwaggerConfig {
                 .apiInfo(webApiInfo())
                 .select()
 //                .paths(Predicates.not(PathSelectors.regex("/admin/.*")))
-                .paths(Predicates.not(PathSelectors.regex("/error.*")))
+//                .paths(Predicates.not(PathSelectors.regex("/error.*")))
                 .build();
     }
 

common/spring_security/src/main/java/com/zy/serurity/config/JWTConfig.java

+package com.zy.serurity.config;
+
+import org.springframework.boot.context.properties.ConfigurationProperties;
+import org.springframework.stereotype.Component;
+
+/**
+ * @author zhangyu
+ * @description jwt配置类，读取配置文件
+ */
+//@Component
+//@ConfigurationProperties(prefix = "jwt")
+@SuppressWarnings("static-access")
+public class JWTConfig {
+
+	/**
+	 * 密匙Key
+	 */
+	public static String secret;
+
+	/**
+	 * HeaderKey
+	 */
+	public static String tokenHeader;
+
+	/**
+	 * Token前缀
+	 */
+	public static String tokenPrefix;
+
+	/**
+	 * 过期时间
+	 */
+	public static Integer expiration;
+
+	/**
+	 * 有效时间
+	 */
+	public static Integer refreshTime;
+
+	/**
+	 * 配置白名单
+	 */
+	public static String antMatchers;
+
+	/**
+	 * 将过期时间单位换算成毫秒
+	 * 
+	 * @param expiration 过期时间，单位·秒
+	 */
+	public void setExpiration(Integer expiration) {
+		this.expiration = expiration * 1000;
+	}
+
+	/**
+	 * 将有效时间单位换算成毫秒
+	 * 
+	 */
+	public void setRefreshTime(Integer refreshTime) {
+		this.refreshTime = refreshTime * 24 * 60 * 60 * 1000;
+	}
+
+	public void setSecret(String secret) {
+		this.secret = secret;
+	}
+
+	public void setTokenHeader(String tokenHeader) {
+		this.tokenHeader = tokenHeader;
+	}
+
+	public void setTokenPrefix(String tokenPrefix) {
+		this.tokenPrefix = tokenPrefix + " ";
+	}
+
+	public void setAntMatchers(String antMatchers) {
+		this.antMatchers = antMatchers;
+	}
+}

common/spring_security/src/main/java/com/zy/serurity/config/TokenWebSecurityConfig.java → common/spring_security/src/main/java/com/zy/serurity/config/SecurityConfig.java

@@ -2,11 +2,13 @@ package com.zy.serurity.config;
 
 import com.zy.serurity.filter.TokenAuthenticationFilter;
 import com.zy.serurity.filter.TokenLoginFilter;
+import com.zy.serurity.handler.UserAccessDeniedHandler;
 import com.zy.serurity.security.DefaultPasswordEncoder;
 import com.zy.serurity.security.TokenLogoutHandler;
 import com.zy.serurity.security.TokenManager;
 import com.zy.serurity.security.UnauthorizedEntryPoint;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.data.redis.core.RedisTemplate;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
@@ -16,19 +18,24 @@ import org.springframework.security.config.annotation.web.builders.WebSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.crypto.password.PasswordEncoder;
+
+import javax.annotation.Resource;
 
 /**
- * <p>
- * Security配置类
- * </p>
+ *  Security配置类
  *
- * @author qy
+ * @author zy
  * @since 2019-11-18
  */
 @Configuration
 @EnableWebSecurity
 @EnableGlobalMethodSecurity(prePostEnabled = true)
-public class TokenWebSecurityConfig extends WebSecurityConfigurerAdapter {
+public class SecurityConfig extends WebSecurityConfigurerAdapter {
+
+    @Autowired
+    private UserAccessDeniedHandler userAccessDeniedHandler;
 
     private UserDetailsService userDetailsService;
     private TokenManager tokenManager;
@@ -36,8 +43,8 @@ public class TokenWebSecurityConfig extends WebSecurityConfigurerAdapter {
     private RedisTemplate redisTemplate;
 
     @Autowired
-    public TokenWebSecurityConfig(UserDetailsService userDetailsService, DefaultPasswordEncoder defaultPasswordEncoder,
-                                  TokenManager tokenManager, RedisTemplate redisTemplate) {
+    public SecurityConfig(UserDetailsService userDetailsService, DefaultPasswordEncoder defaultPasswordEncoder,
+                          TokenManager tokenManager, RedisTemplate redisTemplate) {
         this.userDetailsService = userDetailsService;
         this.defaultPasswordEncoder = defaultPasswordEncoder;
         this.tokenManager = tokenManager;
@@ -51,15 +58,17 @@ public class TokenWebSecurityConfig extends WebSecurityConfigurerAdapter {
      */
     @Override
     protected void configure(HttpSecurity http) throws Exception {
-        http.exceptionHandling()
-                .authenticationEntryPoint(new UnauthorizedEntryPoint())
+        http.authorizeRequests()
                 .and().csrf().disable()
                 .authorizeRequests()
                 .anyRequest().authenticated()
+                .and().exceptionHandling()
+                .authenticationEntryPoint(new UnauthorizedEntryPoint())
                 .and().logout().logoutUrl("/admin/acl/index/logout")
-                .addLogoutHandler(new TokenLogoutHandler(tokenManager,redisTemplate)).and()
-                .addFilter(new TokenLoginFilter(authenticationManager(), tokenManager, redisTemplate))
-                .addFilter(new TokenAuthenticationFilter(authenticationManager(), tokenManager, redisTemplate)).httpBasic();
+                .addLogoutHandler(new TokenLogoutHandler(tokenManager,redisTemplate))
+                .and().addFilter(new TokenLoginFilter(this.authenticationManager(), tokenManager, redisTemplate))
+                .addFilter(new TokenAuthenticationFilter(this.authenticationManager(), tokenManager, redisTemplate)).httpBasic()
+        ;
     }
 
     /**
@@ -78,8 +87,20 @@ public class TokenWebSecurityConfig extends WebSecurityConfigurerAdapter {
      * @throws Exception
      */
     @Override
-    public void configure(WebSecurity web) throws Exception {
-        web.ignoring().antMatchers("/api/**",
-                "/swagger-resources/**", "/webjars/**", "/v2/**","/v3/**","/doc.html", "/swagger-ui.html/**");
+    public void configure(WebSecurity web) {
+        web.ignoring().antMatchers(AUTH_WHITELIST);
     }
+
+    /**
+     *     -- swagger ui忽略
+      */
+    private static final String[] AUTH_WHITELIST = {
+            "/**",
+            "/swagger-resources/**","/swagger-ui/**",
+            "/swagger-ui.html",
+            "/v3/**",
+            "/v2/**",
+            "/webjars/**",
+            "/doc.html","/profile/**"
+    };
 }
\ No newline at end of file

common/spring_security/src/main/java/com/zy/serurity/filter/TokenLoginFilter.java

@@ -22,9 +22,8 @@ import java.io.IOException;
 import java.util.ArrayList;
 
 /**
- * <p>
- * 登录过滤器，继承UsernamePasswordAuthenticationFilter，对用户名密码进行登录校验
- * </p>
+ * 登录过滤器，继承 UsernamePasswordAuthenticationFilter
+ * 对用户名密码进行登录校验
  *
  * @author zy
  * @since 2019-11-08

common/spring_security/src/main/java/com/zy/serurity/handler/UserAccessDeniedHandler.java

+package com.zy.serurity.handler;//package com.zy.springsecurityoauth2.handler;
+
+import com.zy.commonutils.R;
+import com.zy.servicebase.utils.ResponseUtil;
+import org.springframework.security.access.AccessDeniedException;
+import org.springframework.security.web.access.AccessDeniedHandler;
+import org.springframework.stereotype.Component;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+
+/**
+ * @author zhangyu
+ * @description 权限处理类
+ */
+//@Component
+public class UserAccessDeniedHandler implements AccessDeniedHandler {
+
+	@Override
+	public void handle(HttpServletRequest request, HttpServletResponse response,
+			AccessDeniedException accessDeniedException) throws IOException, ServletException {
+		ResponseUtil.out(response, R.error().message("授权失败！"));
+	}
+
+}

common/spring_security/src/main/java/com/zy/serurity/security/TokenLogoutHandler.java

@@ -32,12 +32,10 @@ public class TokenLogoutHandler implements LogoutHandler {
         String token = request.getHeader("token");
         if (token != null) {
             tokenManager.removeToken(token);
-
             //清空当前用户缓存中的权限数据
             String userName = tokenManager.getUserFromToken(token);
             redisTemplate.delete(userName);
         }
         ResponseUtil.out(response, R.ok());
     }
-
 }
\ No newline at end of file

common/spring_security/src/main/java/com/zy/serurity/security/UnauthorizedEntryPoint.java

@@ -12,7 +12,7 @@ import java.io.IOException;
 
 /**
  * <p>
- * 未授权的统一处理方式
+ *  未授权的统一处理方式
  * </p>
  *
  * @author zy
@@ -23,6 +23,6 @@ public class UnauthorizedEntryPoint implements AuthenticationEntryPoint {
     @Override
     public void commence(HttpServletRequest request, HttpServletResponse response,
                          AuthenticationException authException) throws IOException, ServletException {
-        ResponseUtil.out(response, R.error());
+        ResponseUtil.out(response, R.error().message("授权失败！"));
     }
 }

common/tool_utils/pom.xml

@@ -12,11 +12,6 @@
     <artifactId>tool_utils</artifactId>
 
     <dependencies>
-        <!-- JWT-->
-        <dependency>
-            <groupId>io.jsonwebtoken</groupId>
-            <artifactId>jjwt</artifactId>
-        </dependency>
         <dependency>
             <groupId>com.alibaba</groupId>
             <artifactId>fastjson</artifactId>

common/tool_utils/src/main/java/com/zy/commonutils/MD5.java

@@ -31,8 +31,4 @@ public final class MD5 {
         }
     }
 
-    public static void main(String[] args) {
-        System.out.println(MD5.encrypt("111111"));
-    }
-
 }

service/mall_service/service_acl/pom.xml

@@ -12,15 +12,21 @@
     <artifactId>service_acl</artifactId>
 
     <dependencies>
+        <!--服务注册-->
         <dependency>
-            <groupId>com.zy</groupId>
-            <artifactId>spring_security</artifactId>
-            <version>1.0.0</version>
+            <groupId>org.springframework.cloud</groupId>
+            <artifactId>spring-cloud-starter-alibaba-nacos-config</artifactId>
         </dependency>
+
         <dependency>
             <groupId>com.alibaba</groupId>
             <artifactId>fastjson</artifactId>
         </dependency>
+        <!-- Spring Security依赖 -->
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-security</artifactId>
+        </dependency>
     </dependencies>
 
 </project>
\ No newline at end of file

service/mall_service/service_acl/src/main/java/com/zy/aclservice/AclApplication.java

@@ -20,5 +20,4 @@ public class AclApplication {
     public static void main(String[] args) {
         SpringApplication.run(AclApplication.class, args);
     }
-
 }

service/mall_service/service_acl/src/main/java/com/zy/aclservice/serurity/config/SecurityConfig.java

+package com.zy.aclservice.serurity.config;
+
+import com.zy.aclservice.serurity.filter.TokenAuthenticationFilter;
+import com.zy.aclservice.serurity.filter.TokenLoginFilter;
+import com.zy.aclservice.serurity.security.DefaultPasswordEncoder;
+import com.zy.aclservice.serurity.security.TokenLogoutHandler;
+import com.zy.aclservice.serurity.security.TokenManager;
+import com.zy.aclservice.serurity.security.UnauthorizedEntryPoint;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.data.redis.core.RedisTemplate;
+import org.springframework.http.HttpMethod;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.builders.WebSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.core.userdetails.UserDetailsService;
+
+/**
+ *  Security配置类
+ *
+ * @author zy
+ * @since 2019-11-18
+ */
+@Configuration
+@EnableWebSecurity
+@EnableGlobalMethodSecurity(prePostEnabled = true)
+public class SecurityConfig extends WebSecurityConfigurerAdapter {
+
+    private UserDetailsService userDetailsService;
+    private TokenManager tokenManager;
+    private DefaultPasswordEncoder defaultPasswordEncoder;
+    private RedisTemplate redisTemplate;
+
+    @Autowired
+    public SecurityConfig(UserDetailsService userDetailsService, DefaultPasswordEncoder defaultPasswordEncoder,
+                          TokenManager tokenManager, RedisTemplate redisTemplate) {
+        this.userDetailsService = userDetailsService;
+        this.defaultPasswordEncoder = defaultPasswordEncoder;
+        this.tokenManager = tokenManager;
+        this.redisTemplate = redisTemplate;
+    }
+
+    /**
+     * 配置设置
+     * @param http
+     * @throws Exception
+     */
+    @Override
+    protected void configure(HttpSecurity http) throws Exception {
+            http.exceptionHandling()
+                    .authenticationEntryPoint(new UnauthorizedEntryPoint())
+                    .and().csrf().disable().authorizeRequests()
+                    .antMatchers(AUTH_WHITELIST).permitAll()
+                    .antMatchers(HttpMethod.OPTIONS).permitAll()
+                    .anyRequest().authenticated()
+                    .and().logout().logoutUrl("/admin/acl/index/logout")
+                    .addLogoutHandler(new TokenLogoutHandler(tokenManager,redisTemplate)).and()
+                .addFilter(new TokenLoginFilter(authenticationManager(), tokenManager, redisTemplate))
+                .addFilter(new TokenAuthenticationFilter(authenticationManager(), tokenManager, redisTemplate)).httpBasic();
+    }
+
+    /**
+     * 密码处理
+     * @param auth authrization
+     * @throws Exception
+     */
+    @Override
+    public void configure(AuthenticationManagerBuilder auth) throws Exception {
+        auth.userDetailsService(userDetailsService).passwordEncoder(defaultPasswordEncoder);
+    }
+
+    /**
+     * 配置哪些请求不拦截
+     * @param web
+     * @throws Exception
+     */
+    @Override
+    public void configure(WebSecurity web) {
+        web.ignoring().antMatchers(AUTH_WHITELIST);
+    }
+
+    /**
+     *     -- swagger ui忽略
+      */
+    private static final String[] AUTH_WHITELIST = {
+            "/swagger-resources/**","/swagger-ui/**",
+            "/swagger-ui.html",
+            "/v3/**",
+            "/v2/**",
+            "/webjars/**",
+            "/doc.html","/profile/**"
+    };
+}
\ No newline at end of file

service/mall_service/service_acl/src/main/java/com/zy/aclservice/serurity/entity/SecurityUser.java

+package com.zy.aclservice.serurity.entity;
+
+import lombok.Data;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.util.StringUtils;
+
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.List;
+
+/**
+ * <p>
+ * 安全认证用户详情信息
+ * </p>
+ *
+ * @author zy
+ * @since 2019-11-08
+ */
+@Data
+@Slf4j
+public class SecurityUser implements UserDetails {
+
+    //当前登录用户
+    private transient User currentUserInfo;
+
+    //当前权限
+    private List<String> permissionValueList;
+
+    public SecurityUser() { }
+
+    public SecurityUser(User user) {
+        if (user != null) {
+            this.currentUserInfo = user;
+        }
+    }
+
+    @Override
+    public Collection<? extends GrantedAuthority> getAuthorities() {
+        Collection<GrantedAuthority> authorities = new ArrayList<>();
+        for(String permissionValue : permissionValueList) {
+            if(StringUtils.isEmpty(permissionValue)) {continue;}
+            SimpleGrantedAuthority authority = new SimpleGrantedAuthority(permissionValue);
+            authorities.add(authority);
+        }
+
+        return authorities;
+    }
+
+    @Override
+    public String getPassword() {
+        return currentUserInfo.getPassword();
+    }
+
+    @Override
+    public String getUsername() {
+        return currentUserInfo.getUsername();
+    }
+
+    @Override
+    public boolean isAccountNonExpired() {
+        return true;
+    }
+
+    @Override
+    public boolean isAccountNonLocked() {
+        return true;
+    }
+
+    @Override
+    public boolean isCredentialsNonExpired() {
+        return true;
+    }
+
+    @Override
+    public boolean isEnabled() {
+        return true;
+    }
+}

service/mall_service/service_acl/src/main/java/com/zy/aclservice/serurity/entity/User.java

+package com.zy.aclservice.serurity.entity;
+
+import io.swagger.annotations.ApiModel;
+import io.swagger.annotations.ApiModelProperty;
+import lombok.Data;
+
+import java.io.Serializable;
+
+/**
+ * <p>
+ * 用户实体类
+ * </p>
+ *
+ * @author zy
+ * @since 2019-11-08
+ */
+@Data
+@ApiModel(description = "用户实体类")
+public class User implements Serializable {
+
+	private static final long serialVersionUID = 1L;
+
+	@ApiModelProperty(value = "微信openid")
+	private String username;
+
+	@ApiModelProperty(value = "密码")
+	private String password;
+
+	@ApiModelProperty(value = "昵称")
+	private String nickName;
+
+	@ApiModelProperty(value = "用户头像")
+	private String salt;
+
+	@ApiModelProperty(value = "用户签名")
+	private String token;
+
+}
+
+
+

service/mall_service/service_acl/src/main/java/com/zy/aclservice/serurity/filter/TokenAuthenticationFilter.java

+package com.zy.aclservice.serurity.filter;
+
+import com.zy.aclservice.serurity.security.TokenManager;
+import com.zy.commonutils.R;
+import com.zy.servicebase.utils.ResponseUtil;
+import org.springframework.data.redis.core.RedisTemplate;
+import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
+import org.springframework.util.StringUtils;
+
+import javax.servlet.FilterChain;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.List;
+
+/**
+ * <p>
+ * 访问过滤器
+ * </p>
+ *
+ * @author zy
+ * @since 2019-11-08
+ */
+public class TokenAuthenticationFilter extends BasicAuthenticationFilter {
+    private TokenManager tokenManager;
+    private RedisTemplate redisTemplate;
+
+    public TokenAuthenticationFilter(AuthenticationManager authManager, TokenManager tokenManager, RedisTemplate redisTemplate) {
+        super(authManager);
+        this.tokenManager = tokenManager;
+        this.redisTemplate = redisTemplate;
+    }
+
+    @Override
+    protected void doFilterInternal(HttpServletRequest req, HttpServletResponse res, FilterChain chain) throws IOException, ServletException {
+        logger.info("=================" + req.getRequestURI());
+        if(!req.getRequestURI().contains("admin")) {
+            chain.doFilter(req, res);
+            return;
+        }
+        UsernamePasswordAuthenticationToken authentication = null;
+        try {
+            authentication = getAuthentication(req);
+        } catch (Exception e) {
+            ResponseUtil.out(res, R.error());
+        }
+        if (authentication != null) {
+            SecurityContextHolder.getContext().setAuthentication(authentication);
+        } else {
+            ResponseUtil.out(res, R.error());
+            return;
+        }
+        chain.doFilter(req, res);
+    }
+
+    private UsernamePasswordAuthenticationToken getAuthentication(HttpServletRequest request) {
+        String token = request.getHeader("token");
+        if (token != null && !"".equals(token.trim())) {
+            String userName = tokenManager.getUserFromToken(token);
+
+            List<String> permissionValueList = (List<String>) redisTemplate.opsForValue().get(userName);
+            Collection<GrantedAuthority> authorities = new ArrayList<>();
+            for(String permissionValue : permissionValueList) {
+                if(StringUtils.isEmpty(permissionValue)) {continue;}
+                SimpleGrantedAuthority authority = new SimpleGrantedAuthority(permissionValue);
+                authorities.add(authority);
+            }
+            if (!StringUtils.isEmpty(userName)) {
+                return new UsernamePasswordAuthenticationToken(userName, token, authorities);
+            }
+            return null;
+        }
+        return null;
+    }
+}
\ No newline at end of file

service/mall_service/service_acl/src/main/java/com/zy/aclservice/serurity/filter/TokenLoginFilter.java

+package com.zy.aclservice.serurity.filter;
+
+import com.fasterxml.jackson.databind.ObjectMapper;
+import com.zy.aclservice.serurity.entity.SecurityUser;
+import com.zy.aclservice.serurity.entity.User;
+import com.zy.aclservice.serurity.security.TokenManager;
+import com.zy.commonutils.R;
+import com.zy.servicebase.utils.ResponseUtil;
+import org.springframework.data.redis.core.RedisTemplate;
+import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
+import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
+import javax.servlet.FilterChain;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+import java.util.ArrayList;
+
+/**
+ * 登录过滤器，继承 UsernamePasswordAuthenticationFilter
+ * 对用户名密码进行登录校验
+ *
+ * @author zy
+ * @since 2019-11-08
+ */
+public class TokenLoginFilter extends UsernamePasswordAuthenticationFilter {
+
+    private AuthenticationManager authenticationManager;
+    private TokenManager tokenManager;
+    private RedisTemplate redisTemplate;
+
+    public TokenLoginFilter(AuthenticationManager authenticationManager, TokenManager tokenManager, RedisTemplate redisTemplate) {
+        this.authenticationManager = authenticationManager;
+        this.tokenManager = tokenManager;
+        this.redisTemplate = redisTemplate;
+        this.setPostOnly(false);
+        this.setRequiresAuthenticationRequestMatcher(new AntPathRequestMatcher("/admin/acl/login","POST"));
+    }
+
+    @Override
+    public Authentication attemptAuthentication(HttpServletRequest req, HttpServletResponse res) throws AuthenticationException {
+        try {
+            User user = (User) new ObjectMapper().readValue(req.getInputStream(), User.class);
+            return authenticationManager.authenticate(new UsernamePasswordAuthenticationToken(user.getUsername(), user.getPassword(), new ArrayList<>()));
+        } catch (IOException e) {
+            throw new RuntimeException(e);
+        }
+    }
+
+    /**
+     * 登录成功
+     * @param req
+     * @param res
+     * @param chain
+     * @param auth
+     * @throws IOException
+     * @throws ServletException
+     */
+    @Override
+    protected void successfulAuthentication(HttpServletRequest req, HttpServletResponse res, FilterChain chain,
+                                            Authentication auth) throws IOException, ServletException {
+        SecurityUser user = (SecurityUser) auth.getPrincipal();
+        String token = tokenManager.createToken(user.getCurrentUserInfo().getUsername());
+        redisTemplate.opsForValue().set(user.getCurrentUserInfo().getUsername(), user.getPermissionValueList());
+        ResponseUtil.out(res, R.ok().data("token", token));
+    }
+
+    /**
+     * 登录失败
+     * @param request
+     * @param response
+     * @param e
+     * @throws IOException
+     * @throws ServletException
+     */
+    @Override
+    protected void unsuccessfulAuthentication(HttpServletRequest request, HttpServletResponse response,
+                                              AuthenticationException e) throws IOException, ServletException {
+        ResponseUtil.out(response, R.error());
+    }
+}

service/mall_service/service_acl/src/main/java/com/zy/aclservice/serurity/handler/UserAccessDeniedHandler.java

+package com.zy.aclservice.serurity.handler;//package com.zy.springsecurityoauth2.handler;
+
+import com.zy.commonutils.R;
+import com.zy.servicebase.utils.ResponseUtil;
+import org.springframework.security.access.AccessDeniedException;
+import org.springframework.security.web.access.AccessDeniedHandler;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+
+/**
+ * @author zhangyu
+ * @description 权限处理类
+ */
+//@Component
+public class UserAccessDeniedHandler implements AccessDeniedHandler {
+
+	@Override
+	public void handle(HttpServletRequest request, HttpServletResponse response,
+			AccessDeniedException accessDeniedException) throws IOException, ServletException {
+		ResponseUtil.out(response, R.error().message("授权失败！"));
+	}
+
+}

service/mall_service/service_acl/src/main/java/com/zy/aclservice/serurity/security/DefaultPasswordEncoder.java

+package com.zy.aclservice.serurity.security;
+
+import com.zy.commonutils.MD5;
+import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.stereotype.Component;
+
+/**
+ * <p>
+ * t密码的处理方法类型
+ * </p>
+ *
+ * @author zy
+ * @since 2019-11-08
+ */
+@Component
+public class DefaultPasswordEncoder implements PasswordEncoder {
+
+    public DefaultPasswordEncoder() {
+        this(-1);
+    }
+
+    /**
+     * @param strength
+     *            the log rounds to use, between 4 and 31
+     */
+    public DefaultPasswordEncoder(int strength) {
+
+    }
+
+    @Override
+    public String encode(CharSequence rawPassword) {
+        return MD5.encrypt(rawPassword.toString());
+    }
+
+    @Override
+    public boolean matches(CharSequence rawPassword, String encodedPassword) {
+        return encodedPassword.equals(MD5.encrypt(rawPassword.toString()));
+    }
+}
\ No newline at end of file

service/mall_service/service_acl/src/main/java/com/zy/aclservice/serurity/security/TokenLogoutHandler.java

+package com.zy.aclservice.serurity.security;
+
+import com.zy.commonutils.R;
+import com.zy.servicebase.utils.ResponseUtil;
+import org.springframework.data.redis.core.RedisTemplate;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.web.authentication.logout.LogoutHandler;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+/**
+ * <p>
+ * 登出业务逻辑类
+ * </p>
+ *
+ * @author zy
+ * @since 2019-11-08
+ */
+public class TokenLogoutHandler implements LogoutHandler {
+
+    private TokenManager tokenManager;
+    private RedisTemplate redisTemplate;
+
+    public TokenLogoutHandler(TokenManager tokenManager, RedisTemplate redisTemplate) {
+        this.tokenManager = tokenManager;
+        this.redisTemplate = redisTemplate;
+    }
+
+    @Override
+    public void logout(HttpServletRequest request, HttpServletResponse response, Authentication authentication) {
+        String token = request.getHeader("token");
+        if (token != null) {
+            tokenManager.removeToken(token);
+            //清空当前用户缓存中的权限数据
+            String userName = tokenManager.getUserFromToken(token);
+            redisTemplate.delete(userName);
+        }
+        ResponseUtil.out(response, R.ok());
+    }
+}
\ No newline at end of file

service/mall_service/service_acl/src/main/java/com/zy/aclservice/serurity/security/TokenManager.java

+package com.zy.aclservice.serurity.security;
+
+import io.jsonwebtoken.CompressionCodecs;
+import io.jsonwebtoken.Jwts;
+import io.jsonwebtoken.SignatureAlgorithm;
+import org.springframework.stereotype.Component;
+
+import java.util.Date;
+
+/**
+ * <p>
+ * token管理
+ * </p>
+ *
+ * @author zy
+ * @since 2019-11-08
+ */
+@Component
+public class TokenManager {
+
+    private long tokenExpiration = 24*60*60*1000;
+    private String tokenSignKey = "123456";
+
+    public String createToken(String username) {
+        String token = Jwts.builder().setSubject(username)
+                .setExpiration(new Date(System.currentTimeMillis() + tokenExpiration))
+                .signWith(SignatureAlgorithm.HS512, tokenSignKey).compressWith(CompressionCodecs.GZIP).compact();
+        return token;
+    }
+
+    public String getUserFromToken(String token) {
+        String user = Jwts.parser().setSigningKey(tokenSignKey).parseClaimsJws(token).getBody().getSubject();
+        return user;
+    }
+
+    public void removeToken(String token) {
+        // jwttoken 无需删除，客户端扔掉即可。
+    }
+
+}

service/mall_service/service_acl/src/main/java/com/zy/aclservice/serurity/security/UnauthorizedEntryPoint.java

+package com.zy.aclservice.serurity.security;
+
+import com.zy.commonutils.R;
+import com.zy.servicebase.utils.ResponseUtil;
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.web.AuthenticationEntryPoint;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+
+/**
+ * <p>
+ *  未授权的统一处理方式
+ * </p>
+ *
+ * @author zy
+ * @since 2019-11-08
+ */
+public class UnauthorizedEntryPoint implements AuthenticationEntryPoint {
+
+    @Override
+    public void commence(HttpServletRequest request, HttpServletResponse response,
+                         AuthenticationException authException) throws IOException, ServletException {
+        ResponseUtil.out(response, R.error().message("授权失败！"));
+    }
+}

service/mall_service/service_acl/src/main/java/com/zy/aclservice/service/impl/IndexServiceImpl.java

@@ -16,6 +16,9 @@ import java.util.List;
 import java.util.Map;
 import java.util.stream.Collectors;
 
+/**
+ * @author zhangyu
+ */
 @Service
 public class IndexServiceImpl implements IndexService {
 

service/mall_service/service_acl/src/main/java/com/zy/aclservice/service/impl/UserDetailsServiceImpl.java

 package com.zy.aclservice.service.impl;
 
 import com.zy.aclservice.entity.User;
+import com.zy.aclservice.serurity.entity.SecurityUser;
 import com.zy.aclservice.service.PermissionService;
 import com.zy.aclservice.service.UserService;
-import com.zy.serurity.entity.SecurityUser;
 import org.springframework.beans.BeanUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.core.userdetails.UsernameNotFoundException;
 import org.springframework.stereotype.Service;
-
 import java.util.List;
 
 
 /**
- * <p>
- * 自定义userDetailsService - 认证用户详情
- * </p>
+ * 自定义 userDetailsService - 认证用户详情
  *
  * @author qy
  * @since 2019-11-08
@@ -40,13 +37,13 @@ public class UserDetailsServiceImpl implements UserDetailsService {
     public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
         // 从数据库中取出用户信息
         User user = userService.selectByUsername(username);
-
+        System.out.println(user.getUsername() + "++++++++++++++++++++++++++++");
         // 判断用户是否存在
         if (null == user){
-            //throw new UsernameNotFoundException("用户名不存在！");
+            throw new UsernameNotFoundException("用户名不存在！");
         }
-        // 返回UserDetails实现类
-        com.zy.serurity.entity.User curUser = new com.zy.serurity.entity.User();
+        // 返回 UserDetails 实现类
+        com.zy.aclservice.serurity.entity.User curUser = new com.zy.aclservice.serurity.entity.User();
         BeanUtils.copyProperties(user,curUser);
 
         List<String> authorities = permissionService.selectPermissionValueByUserId(user.getId());

service/mall_service/service_acl/src/main/resources/application.properties

-# \u670D\u52A1\u7AEF\u53E3
-server.port=9002
-# \u670D\u52A1\u540D
-spring.application.name=service-acl
-# \u73AF\u5883\u8BBE\u7F6E\uFF1Adev\u3001test\u3001prod
-spring.profiles.active=dev
-
-# mysql\u6570\u636E\u5E93\u8FDE\u63A5
-spring.datasource.driver-class-name=com.mysql.cj.jdbc.Driver
-spring.datasource.url=jdbc:mysql://39.98.107.99:3306/mall?allowPublicKeyRetrieval=true&useSSL=false&useUnicode=true&characterEncoding=UTF-8&serverTimezone=Asia/Shanghai
-spring.datasource.username=root
-spring.datasource.password=151613
-
-# mybatis\u65E5\u5FD7
-mybatis-plus.configuration.log-impl=org.apache.ibatis.logging.stdout.StdOutImpl
-# mybatis xml \u6587\u4EF6\u4F4D\u7F6E
-mybatis-plus.mapper-locations=classpath:com/zy/aclservice/mapper/xml/*.xml
-
-# \u8FD4\u56DEjson\u7684\u5168\u5C40\u65F6\u95F4\u683C\u5F0F
-spring.jackson.date-format=yyyy-MM-dd HH:mm:ss
-spring.jackson.time-zone=GMT+8
-
-# Redis \u914D\u7F6E
-spring.redis.host=106.14.45.61
-spring.redis.port=6379
-spring.redis.database= 0
-spring.redis.timeout=1800000
-spring.redis.lettuce.pool.max-active=20
-spring.redis.lettuce.pool.max-wait=-1
-#\u6700\u5927\u963B\u585E\u7B49\u5F85\u65F6\u95F4(\u8D1F\u6570\u8868\u793A\u6CA1\u9650\u5236)
-spring.redis.lettuce.pool.max-idle=5
-spring.redis.lettuce.pool.min-idle=0
-
-# nacos\u670D\u52A1\u5730\u5740
-spring.cloud.nacos.discovery.server-addr=106.14.45.61:8848
-
-#\u5F00\u542F\u7194\u65AD\u673A\u5236
-feign.hystrix.enabled=true
-# \u8BBE\u7F6Ehystrix\u8D85\u65F6\u65F6\u95F4\uFF0C\u9ED8\u8BA41000ms
-#hystrix.metrics.polling-interval-ms=
-hystrix.command.default.execution.isolation.thread.timeoutInMilliseconds=6000
\ No newline at end of file
+## \u670D\u52A1\u7AEF\u53E3
+#server.port=9002
+## \u670D\u52A1\u540D
+#spring.application.name=service-acl
+## \u73AF\u5883\u8BBE\u7F6E\uFF1Adev\u3001test\u3001prod
+#spring.profiles.active=dev
+#
+## mysql\u6570\u636E\u5E93\u8FDE\u63A5
+#spring.datasource.driver-class-name=com.mysql.cj.jdbc.Driver
+#spring.datasource.url=jdbc:mysql://39.98.107.99:3306/mall?allowPublicKeyRetrieval=true&useSSL=false&useUnicode=true&characterEncoding=UTF-8&serverTimezone=Asia/Shanghai
+#spring.datasource.username=root
+#spring.datasource.password=151613
+#
+## mybatis\u65E5\u5FD7
+#mybatis-plus.configuration.log-impl=org.apache.ibatis.logging.stdout.StdOutImpl
+## mybatis xml \u6587\u4EF6\u4F4D\u7F6E
+#mybatis-plus.mapper-locations=classpath:com/zy/aclservice/mapper/xml/*.xml
+#
+## \u8FD4\u56DEjson\u7684\u5168\u5C40\u65F6\u95F4\u683C\u5F0F
+#spring.jackson.date-format=yyyy-MM-dd HH:mm:ss
+#spring.jackson.time-zone=GMT+8
+#
+## Redis \u914D\u7F6E
+#spring.redis.host=106.14.45.61
+#spring.redis.port=6379
+#spring.redis.database= 0
+#spring.redis.timeout=1800000
+#spring.redis.lettuce.pool.max-active=20
+#spring.redis.lettuce.pool.max-wait=-1
+##\u6700\u5927\u963B\u585E\u7B49\u5F85\u65F6\u95F4(\u8D1F\u6570\u8868\u793A\u6CA1\u9650\u5236)
+#spring.redis.lettuce.pool.max-idle=5
+#spring.redis.lettuce.pool.min-idle=0
+#
+## nacos\u670D\u52A1\u5730\u5740
+#spring.cloud.nacos.discovery.server-addr=106.14.45.61:8848
+#
+##\u5F00\u542F\u7194\u65AD\u673A\u5236
+#feign.hystrix.enabled=true
+## \u8BBE\u7F6Ehystrix\u8D85\u65F6\u65F6\u95F4\uFF0C\u9ED8\u8BA41000ms
+##hystrix.metrics.polling-interval-ms=
+#hystrix.command.default.execution.isolation.thread.timeoutInMilliseconds=6000
\ No newline at end of file

service/mall_service/service_acl/src/main/resources/application.yml

+# JWT配置
+jwt:
+  # 密匙Key
+  secret: Guli-Education
+  # HeaderKey
+  tokenHeader: Authorization
+  # Token前缀
+  tokenPrefix: Bearer
+  # 过期时间，单位秒
+  expiration: 300
+  # 刷新时间，单位天
+  refreshTime: 1
+  # 配置白名单（不需要认证）
+  antMatchers: /admin/acl/login,/doc.html,/pro/**
\ No newline at end of file

service/mall_service/service_acl/src/main/resources/bootstrap.properties

+## \u670D\u52A1\u540D
+spring.application.name=service-acl
+
+# Nacos \u670D\u52A1\u914D\u7F6E\u4E2D\u5FC3
+spring.cloud.nacos.config.server-addr=106.14.45.61:8848
+# Nacos \u914D\u7F6E\u73AF\u5883
+spring.cloud.nacos.config.namespace=dc33b715-e385-4e07-aff7-ea9a20767cf0
+
+# \u52A0\u8F7D Nacos \u914D\u7F6E
+spring.cloud.nacos.config.ext-config[0].data-id=redis.properties
+spring.cloud.nacos.config.ext-config[1].data-id=mysql.properties
+spring.cloud.nacos.config.ext-config[2].data-id=service-acl.properties
+spring.cloud.nacos.config.ext-config[3].data-id=nacos.properties
+
+# \u5F00\u542F\u52A8\u6001\u5237\u65B0\u914D\u7F6E\uFF0C\u5426\u5219\u914D\u7F6E\u6587\u4EF6\u4FEE\u6539\uFF0C\u5DE5\u7A0B\u65E0\u6CD5\u611F\u77E5
+spring.cloud.nacos.config.ext-config[0].refresh=true
+spring.cloud.nacos.config.ext-config[1].refresh=true
+spring.cloud.nacos.config.ext-config[2].refresh=true
+spring.cloud.nacos.config.ext-config[3].refresh=true
\ No newline at end of file

service/mall_service/service_edu/src/main/java/com/zy/eduservice/controller/EduChapterController.java

@@ -20,7 +20,6 @@ import java.util.List;
  * @since 2022-03-19
  */
 @Api("章节小节管理")
-@CrossOrigin
 @RestController
 @RequestMapping("/eduservice/chapter")
 public class EduChapterController {

service/mall_service/service_edu/src/main/java/com/zy/eduservice/controller/EduCourseController.java

@@ -29,7 +29,6 @@ import java.util.List;
  * @since 2022-03-19
  */
 @Api("添加课程信息")
-@CrossOrigin
 @RestController
 @RequestMapping("/eduservice/course")
 public class EduCourseController {
@@ -113,15 +112,16 @@ public class EduCourseController {
         //QueryWrapper,构建
         QueryWrapper<EduCourse> wrapper = new QueryWrapper<>();
         //多条件组合查询，动态sql
-        String status = courseQuery.getStatus();
-        String title = courseQuery.getTitle();
-        if (!StringUtils.isEmpty(title)) {
-            wrapper.like("title", title);
+        if(courseQuery != null){
+            String status = courseQuery.getStatus();
+            String title = courseQuery.getTitle();
+            if (!StringUtils.isEmpty(title)) {
+                wrapper.like("title", title);
+            }
+            if (!StringUtils.isEmpty(status)) {
+                wrapper.eq("status", status);
+            }
         }
-        if (!StringUtils.isEmpty(status)) {
-            wrapper.eq("status", status);
-        }
-
         wrapper.orderByDesc("gmt_create");
 
         //调用方法，实现分页查询

service/mall_service/service_edu/src/main/java/com/zy/eduservice/controller/EduSubjectController.java

@@ -19,7 +19,6 @@ import java.util.List;
  * @author zyGardenia
  * @since 2022-03-19
  */
-@CrossOrigin
 @RestController
 @RequestMapping("/eduservice/subject")
 public class EduSubjectController {

service/mall_service/service_edu/src/main/java/com/zy/eduservice/controller/EduTeacherController.java

@@ -25,7 +25,6 @@ import java.util.List;
  * @since 2022-03-17
  */
 @Api("讲师管理")
-@CrossOrigin
 @RestController
 @RequestMapping("/eduservice/teacher")
 public class EduTeacherController {

service/mall_service/service_edu/src/main/java/com/zy/eduservice/controller/EduVideoController.java

@@ -19,7 +19,6 @@ import org.springframework.web.bind.annotation.*;
  */
 @RestController
 @RequestMapping("/eduservice/video")
-@CrossOrigin
 public class EduVideoController {
     @Autowired
     private EduVideoService eduVideoService;

service/mall_service/service_order/src/main/java/com/zy/eduorder/controller/OrderController.java

@@ -19,7 +19,6 @@ import javax.servlet.http.HttpServletRequest;
  * @author zyGardenia
  * @since 2022-03-22
  */
-@CrossOrigin
 @RestController
 @RequestMapping("/eduorder/order")
 public class OrderController {

service/mall_service/service_order/src/main/java/com/zy/eduorder/controller/PayLogController.java

@@ -21,7 +21,6 @@ import java.util.Map;
  * @author zyGardenia
  * @since 2022-03-22
  */
-@CrossOrigin
 @RestController
 @RequestMapping("/eduorder/pay-log")
 public class PayLogController {

service/mall_service/service_statistics/src/main/java/com/zy/staservice/StaApplication.java

@@ -9,6 +9,9 @@ import org.springframework.context.annotation.ComponentScan;
 import org.springframework.scheduling.annotation.EnableScheduling;
 import org.springframework.transaction.annotation.EnableTransactionManagement;
 
+/**
+ * @author zhangyu
+ */
 @EnableScheduling
 @EnableTransactionManagement
 @EnableDiscoveryClient

service/mall_service/service_statistics/src/main/java/com/zy/staservice/controller/DailyController.java

 package com.zy.staservice.controller;
 
-
 import com.zy.commonutils.R;
 import com.zy.staservice.service.DailyService;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -17,7 +16,6 @@ import java.util.Map;
  * @since 2022-03-23
  */
 @RestController
-@CrossOrigin
 @RequestMapping("/staservice/daily")
 public class DailyController {
     @Autowired

service/mall_service/service_ucenter/src/main/java/com/zy/usercenterservice/controller/UcenterMemberController.java

@@ -23,7 +23,6 @@ import javax.servlet.http.HttpServletRequest;
  */
 @RestController
 @RequestMapping("/usercenter/member")
-@CrossOrigin
 public class UcenterMemberController {
     @Autowired
     private UcenterMemberService ucenterMemberService;

service/mall_service/service_ucenter/src/main/java/com/zy/usercenterservice/controller/WxApiController.java

@@ -19,7 +19,6 @@ import java.util.HashMap;
 
 @Controller
 @RequestMapping("/api/ucenter/wx")
-@CrossOrigin
 public class WxApiController {
     @Autowired
     private UcenterMemberService ucenterMemberService;

service/resource_service/service_msg/src/main/java/com/zy/cmsservice/controller/EmailController.java

@@ -18,7 +18,6 @@ import javax.servlet.http.HttpServletRequest;
  * @version 1.0
  * @create 2022/3/19 18:00
  */
-@CrossOrigin
 @RestController
 @RequestMapping("/email/qq/")
 public class EmailController {

service/resource_service/service_oss/src/main/java/com/zy/ossservice/controller/FileSolveController.java

@@ -15,7 +15,6 @@ import java.util.List;
  * @create 2022/3/19 20:15
  */
 @RestController
-@CrossOrigin
 @RequestMapping("/fileoss/upload")
 public class FileSolveController {
     @Autowired