Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
程序猿小郑
microservices-platform
提交
578dba07
microservices-platform
项目概览
程序猿小郑
/
microservices-platform
与 Fork 源项目一致
Fork自
zlt2000 / microservices-platform
通知
4
Star
1
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
microservices-platform
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
578dba07
编写于
8月 05, 2019
作者:
zlt2000
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
增强jwtToken额外添加用户id参数,@LoginUser注解能获取(id、username和roles)三个属性
上级
c88369dd
变更
6
隐藏空白更改
内联
并排
Showing
6 changed file
with
128 addition
and
3 deletion
+128
-3
zlt-commons/zlt-auth-client-spring-boot-starter/src/main/java/com/central/oauth2/common/converter/CustomUserAuthenticationConverter.java
...2/common/converter/CustomUserAuthenticationConverter.java
+95
-0
zlt-commons/zlt-auth-client-spring-boot-starter/src/main/java/com/central/oauth2/common/store/AuthJwtTokenStore.java
...va/com/central/oauth2/common/store/AuthJwtTokenStore.java
+17
-2
zlt-commons/zlt-auth-client-spring-boot-starter/src/main/java/com/central/oauth2/common/store/ResJwtTokenStore.java
...ava/com/central/oauth2/common/store/ResJwtTokenStore.java
+4
-0
zlt-commons/zlt-common-spring-boot-starter/src/main/java/com/central/common/constant/SecurityConstants.java
...n/java/com/central/common/constant/SecurityConstants.java
+5
-0
zlt-commons/zlt-common-spring-boot-starter/src/main/java/com/central/common/resolver/TokenArgumentResolver.java
...va/com/central/common/resolver/TokenArgumentResolver.java
+2
-0
zlt-gateway/zuul-gateway/src/main/java/com/central/gateway/filter/pre/UserInfoHeaderFilter.java
.../com/central/gateway/filter/pre/UserInfoHeaderFilter.java
+5
-1
未找到文件。
zlt-commons/zlt-auth-client-spring-boot-starter/src/main/java/com/central/oauth2/common/converter/CustomUserAuthenticationConverter.java
0 → 100644
浏览文件 @
578dba07
package
com.central.oauth2.common.converter
;
import
com.central.common.model.SysUser
;
import
org.springframework.security.authentication.UsernamePasswordAuthenticationToken
;
import
org.springframework.security.core.Authentication
;
import
org.springframework.security.core.GrantedAuthority
;
import
org.springframework.security.core.authority.AuthorityUtils
;
import
org.springframework.security.core.userdetails.UserDetails
;
import
org.springframework.security.core.userdetails.UserDetailsService
;
import
org.springframework.security.oauth2.provider.token.UserAuthenticationConverter
;
import
org.springframework.util.StringUtils
;
import
java.util.Collection
;
import
java.util.LinkedHashMap
;
import
java.util.Map
;
/**
* 优化自org.springframework.security.oauth2.provider.token.DefaultUserAuthenticationConverter
* jwt返回的principal改为返回SysUser,增加扩展字段
*
* @author zlt
* @date 2019/8/5
*/
public
class
CustomUserAuthenticationConverter
implements
UserAuthenticationConverter
{
private
Collection
<?
extends
GrantedAuthority
>
defaultAuthorities
;
private
UserDetailsService
userDetailsService
;
/**
* Optional {@link UserDetailsService} to use when extracting an {@link Authentication} from the incoming map.
*
* @param userDetailsService the userDetailsService to set
*/
public
void
setUserDetailsService
(
UserDetailsService
userDetailsService
)
{
this
.
userDetailsService
=
userDetailsService
;
}
/**
* Default value for authorities if an Authentication is being created and the input has no data for authorities.
* Note that unless this property is set, the default Authentication created by {@link #extractAuthentication(Map)}
* will be unauthenticated.
*
* @param defaultAuthorities the defaultAuthorities to set. Default null.
*/
public
void
setDefaultAuthorities
(
String
[]
defaultAuthorities
)
{
this
.
defaultAuthorities
=
AuthorityUtils
.
commaSeparatedStringToAuthorityList
(
StringUtils
.
arrayToCommaDelimitedString
(
defaultAuthorities
));
}
@Override
public
Map
<
String
,
?>
convertUserAuthentication
(
Authentication
authentication
)
{
Map
<
String
,
Object
>
response
=
new
LinkedHashMap
<
String
,
Object
>();
response
.
put
(
USERNAME
,
authentication
.
getName
());
if
(
authentication
.
getAuthorities
()
!=
null
&&
!
authentication
.
getAuthorities
().
isEmpty
())
{
response
.
put
(
AUTHORITIES
,
AuthorityUtils
.
authorityListToSet
(
authentication
.
getAuthorities
()));
}
return
response
;
}
@Override
public
Authentication
extractAuthentication
(
Map
<
String
,
?>
map
)
{
if
(
map
.
containsKey
(
USERNAME
))
{
Object
principal
=
map
.
get
(
USERNAME
);
Collection
<?
extends
GrantedAuthority
>
authorities
=
getAuthorities
(
map
);
if
(
userDetailsService
!=
null
)
{
UserDetails
user
=
userDetailsService
.
loadUserByUsername
((
String
)
map
.
get
(
USERNAME
));
authorities
=
user
.
getAuthorities
();
principal
=
user
;
}
else
{
Integer
id
=
(
Integer
)
map
.
get
(
"id"
);
SysUser
user
=
new
SysUser
();
user
.
setUsername
((
String
)
principal
);
user
.
setId
(
Long
.
valueOf
(
id
));
principal
=
user
;
}
return
new
UsernamePasswordAuthenticationToken
(
principal
,
"N/A"
,
authorities
);
}
return
null
;
}
private
Collection
<?
extends
GrantedAuthority
>
getAuthorities
(
Map
<
String
,
?>
map
)
{
if
(!
map
.
containsKey
(
AUTHORITIES
))
{
return
defaultAuthorities
;
}
Object
authorities
=
map
.
get
(
AUTHORITIES
);
if
(
authorities
instanceof
String
)
{
return
AuthorityUtils
.
commaSeparatedStringToAuthorityList
((
String
)
authorities
);
}
if
(
authorities
instanceof
Collection
)
{
return
AuthorityUtils
.
commaSeparatedStringToAuthorityList
(
StringUtils
.
collectionToCommaDelimitedString
((
Collection
<?>)
authorities
));
}
throw
new
IllegalArgumentException
(
"Authorities must be either a String or a Collection"
);
}
}
zlt-commons/zlt-auth-client-spring-boot-starter/src/main/java/com/central/oauth2/common/store/AuthJwtTokenStore.java
浏览文件 @
578dba07
package
com.central.oauth2.common.store
;
import
com.central.common.model.SysUser
;
import
com.central.oauth2.common.converter.CustomUserAuthenticationConverter
;
import
org.springframework.cloud.bootstrap.encrypt.KeyProperties
;
import
org.springframework.context.annotation.Bean
;
import
org.springframework.security.oauth2.common.DefaultOAuth2AccessToken
;
import
org.springframework.security.oauth2.provider.token.DefaultAccessTokenConverter
;
import
org.springframework.security.oauth2.provider.token.TokenEnhancer
;
import
org.springframework.security.oauth2.provider.token.TokenStore
;
import
org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter
;
import
org.springframework.security.oauth2.provider.token.store.JwtTokenStore
;
...
...
@@ -9,6 +14,8 @@ import org.springframework.security.oauth2.provider.token.store.KeyStoreKeyFacto
import
javax.annotation.Resource
;
import
java.security.KeyPair
;
import
java.util.HashMap
;
import
java.util.Map
;
/**
* 认证服务器使用 JWT RSA 非对称加密令牌
...
...
@@ -38,6 +45,8 @@ public class AuthJwtTokenStore {
(
keyProperties
.
getKeyStore
().
getLocation
(),
keyProperties
.
getKeyStore
().
getSecret
().
toCharArray
())
.
getKeyPair
(
keyProperties
.
getKeyStore
().
getAlias
());
converter
.
setKeyPair
(
keyPair
);
DefaultAccessTokenConverter
tokenConverter
=
(
DefaultAccessTokenConverter
)
converter
.
getAccessTokenConverter
();
tokenConverter
.
setUserTokenConverter
(
new
CustomUserAuthenticationConverter
());
return
converter
;
}
...
...
@@ -47,12 +56,18 @@ public class AuthJwtTokenStore {
*
* @return TokenEnhancer
*/
/*
@Bean
@Bean
public
TokenEnhancer
tokenEnhancer
()
{
return
(
accessToken
,
authentication
)
->
{
final
Map
<
String
,
Object
>
additionalInfo
=
new
HashMap
<>(
1
);
Object
principal
=
authentication
.
getPrincipal
();
//增加id参数
if
(
principal
instanceof
SysUser
)
{
SysUser
user
=
(
SysUser
)
principal
;
additionalInfo
.
put
(
"id"
,
user
.
getId
());
}
((
DefaultOAuth2AccessToken
)
accessToken
).
setAdditionalInformation
(
additionalInfo
);
return
accessToken
;
};
}
*/
}
}
zlt-commons/zlt-auth-client-spring-boot-starter/src/main/java/com/central/oauth2/common/store/ResJwtTokenStore.java
浏览文件 @
578dba07
...
...
@@ -2,6 +2,7 @@ package com.central.oauth2.common.store;
import
cn.hutool.core.util.StrUtil
;
import
com.central.common.constant.SecurityConstants
;
import
com.central.oauth2.common.converter.CustomUserAuthenticationConverter
;
import
org.springframework.beans.factory.annotation.Autowired
;
import
org.springframework.boot.autoconfigure.security.oauth2.resource.ResourceServerProperties
;
import
org.springframework.context.annotation.Bean
;
...
...
@@ -10,6 +11,7 @@ import org.springframework.core.io.Resource;
import
org.springframework.http.HttpEntity
;
import
org.springframework.http.HttpHeaders
;
import
org.springframework.http.HttpMethod
;
import
org.springframework.security.oauth2.provider.token.DefaultAccessTokenConverter
;
import
org.springframework.security.oauth2.provider.token.TokenStore
;
import
org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter
;
import
org.springframework.security.oauth2.provider.token.store.JwtTokenStore
;
...
...
@@ -41,6 +43,8 @@ public class ResJwtTokenStore {
public
JwtAccessTokenConverter
jwtAccessTokenConverter
()
{
JwtAccessTokenConverter
converter
=
new
JwtAccessTokenConverter
();
converter
.
setVerifierKey
(
getPubKey
());
DefaultAccessTokenConverter
tokenConverter
=
(
DefaultAccessTokenConverter
)
converter
.
getAccessTokenConverter
();
tokenConverter
.
setUserTokenConverter
(
new
CustomUserAuthenticationConverter
());
return
converter
;
}
...
...
zlt-commons/zlt-common-spring-boot-starter/src/main/java/com/central/common/constant/SecurityConstants.java
浏览文件 @
578dba07
...
...
@@ -16,6 +16,11 @@ public interface SecurityConstants {
*/
String
USER_HEADER
=
"x-user-header"
;
/**
* 用户id信息头
*/
String
USER_ID_HEADER
=
"x-userId-header"
;
/**
* 角色信息头
*/
...
...
zlt-commons/zlt-common-spring-boot-starter/src/main/java/com/central/common/resolver/TokenArgumentResolver.java
浏览文件 @
578dba07
...
...
@@ -58,6 +58,7 @@ public class TokenArgumentResolver implements HandlerMethodArgumentResolver {
LoginUser
loginUser
=
methodParameter
.
getParameterAnnotation
(
LoginUser
.
class
);
boolean
isFull
=
loginUser
.
isFull
();
HttpServletRequest
request
=
nativeWebRequest
.
getNativeRequest
(
HttpServletRequest
.
class
);
String
userId
=
request
.
getHeader
(
SecurityConstants
.
USER_ID_HEADER
);
String
username
=
request
.
getHeader
(
SecurityConstants
.
USER_HEADER
);
String
roles
=
request
.
getHeader
(
SecurityConstants
.
ROLE_HEADER
);
if
(
StrUtil
.
isBlank
(
username
))
{
...
...
@@ -69,6 +70,7 @@ public class TokenArgumentResolver implements HandlerMethodArgumentResolver {
user
=
userService
.
selectByUsername
(
username
);
}
else
{
user
=
new
SysUser
();
user
.
setId
(
Long
.
valueOf
(
userId
));
user
.
setUsername
(
username
);
}
List
<
SysRole
>
sysRoleList
=
new
ArrayList
<>();
...
...
zlt-gateway/zuul-gateway/src/main/java/com/central/gateway/filter/pre/UserInfoHeaderFilter.java
浏览文件 @
578dba07
...
...
@@ -2,6 +2,7 @@ package com.central.gateway.filter.pre;
import
cn.hutool.core.collection.CollectionUtil
;
import
com.central.common.constant.SecurityConstants
;
import
com.central.common.model.SysUser
;
import
com.netflix.zuul.ZuulFilter
;
import
com.netflix.zuul.context.RequestContext
;
import
org.springframework.cloud.netflix.zuul.filters.support.FilterConstants
;
...
...
@@ -40,12 +41,15 @@ public class UserInfoHeaderFilter extends ZuulFilter {
public
Object
run
()
{
Authentication
authentication
=
SecurityContextHolder
.
getContext
().
getAuthentication
();
if
(
authentication
!=
null
&&
!(
authentication
instanceof
AnonymousAuthenticationToken
))
{
String
username
=
authentication
.
getName
();
SysUser
user
=
(
SysUser
)
authentication
.
getPrincipal
();
Long
userId
=
user
.
getId
();
String
username
=
user
.
getUsername
();
OAuth2Authentication
oauth2Authentication
=
(
OAuth2Authentication
)
authentication
;
String
clientId
=
oauth2Authentication
.
getOAuth2Request
().
getClientId
();
RequestContext
ctx
=
RequestContext
.
getCurrentContext
();
ctx
.
addZuulRequestHeader
(
SecurityConstants
.
USER_ID_HEADER
,
String
.
valueOf
(
userId
));
ctx
.
addZuulRequestHeader
(
SecurityConstants
.
USER_HEADER
,
username
);
ctx
.
addZuulRequestHeader
(
SecurityConstants
.
CLIENT_HEADER
,
clientId
);
ctx
.
addZuulRequestHeader
(
SecurityConstants
.
ROLE_HEADER
,
CollectionUtil
.
join
(
authentication
.
getAuthorities
(),
","
));
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录