From 85bb9a2373fc04d12f26d2e72ca53c1bb66cd53e Mon Sep 17 00:00:00 2001 From: haoxr <1490493387@qq.com> Date: Fri, 18 Sep 2020 18:03:00 +0800 Subject: [PATCH] =?UTF-8?q?refactor:oauth2=E5=8A=9F=E8=83=BD=E9=87=8D?= =?UTF-8?q?=E6=9E=84?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../auth/component/JwtTokenEnhancer.java | 27 ------- .../config/AuthorizationServerConfig.java | 76 ++++++++++-------- .../youlai/auth/config/WebSecurityConfig.java | 26 +----- ...ntroller.java => PublicKeyController.java} | 2 +- youlai-auth/src/main/resources/youlai.jks | Bin 2243 -> 2242 bytes 5 files changed, 44 insertions(+), 87 deletions(-) delete mode 100644 youlai-auth/src/main/java/com/youlai/auth/component/JwtTokenEnhancer.java rename youlai-auth/src/main/java/com/youlai/auth/controller/{KeyPairController.java => PublicKeyController.java} (95%) diff --git a/youlai-auth/src/main/java/com/youlai/auth/component/JwtTokenEnhancer.java b/youlai-auth/src/main/java/com/youlai/auth/component/JwtTokenEnhancer.java deleted file mode 100644 index 928d5f81..00000000 --- a/youlai-auth/src/main/java/com/youlai/auth/component/JwtTokenEnhancer.java +++ /dev/null @@ -1,27 +0,0 @@ -package com.youlai.auth.component; - -import com.youlai.auth.domain.User; -import org.springframework.security.oauth2.common.DefaultOAuth2AccessToken; -import org.springframework.security.oauth2.common.OAuth2AccessToken; -import org.springframework.security.oauth2.provider.OAuth2Authentication; -import org.springframework.security.oauth2.provider.token.TokenEnhancer; -import org.springframework.stereotype.Component; - -import java.util.HashMap; -import java.util.Map; - -/** - * JWT内容增强器 - */ -@Component -public class JwtTokenEnhancer implements TokenEnhancer { - @Override - public OAuth2AccessToken enhance(OAuth2AccessToken accessToken, OAuth2Authentication authentication) { - User user =(User)authentication.getPrincipal(); - Map map=new HashMap<>(); - map.put("id", user.getId()); - map.put("client_id", user.getClientId()); - ((DefaultOAuth2AccessToken)accessToken).setAdditionalInformation(map); - return accessToken; - } -} diff --git a/youlai-auth/src/main/java/com/youlai/auth/config/AuthorizationServerConfig.java b/youlai-auth/src/main/java/com/youlai/auth/config/AuthorizationServerConfig.java index 81456fa5..0735a770 100644 --- a/youlai-auth/src/main/java/com/youlai/auth/config/AuthorizationServerConfig.java +++ b/youlai-auth/src/main/java/com/youlai/auth/config/AuthorizationServerConfig.java @@ -1,7 +1,8 @@ package com.youlai.auth.config; -import com.youlai.auth.component.JwtTokenEnhancer; +import com.youlai.auth.domain.User; import com.youlai.auth.service.JdbcClientDetailsServiceImpl; +import com.youlai.auth.service.UserDetailsServiceImpl; import com.youlai.common.core.constant.AuthConstants; import lombok.SneakyThrows; import org.springframework.beans.factory.annotation.Autowired; @@ -10,7 +11,7 @@ import org.springframework.context.annotation.Configuration; import org.springframework.core.io.ClassPathResource; import org.springframework.data.redis.connection.RedisConnectionFactory; import org.springframework.security.authentication.AuthenticationManager; -import org.springframework.security.crypto.password.PasswordEncoder; +import org.springframework.security.oauth2.common.DefaultOAuth2AccessToken; import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer; import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter; import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer; @@ -26,7 +27,9 @@ import org.springframework.security.oauth2.provider.token.store.redis.RedisToken import javax.sql.DataSource; import java.security.KeyPair; import java.util.ArrayList; +import java.util.HashMap; import java.util.List; +import java.util.Map; /** * 认证服务器 @@ -35,53 +38,38 @@ import java.util.List; @EnableAuthorizationServer public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter { + @Autowired - private PasswordEncoder passwordEncoder; + private DataSource dataSource; + @Autowired private AuthenticationManager authenticationManager; @Autowired - private JwtTokenEnhancer jwtTokenEnhancer; - @Autowired - private RedisConnectionFactory redisConnectionFactory; + private UserDetailsServiceImpl userDetailsService; @Autowired - private DataSource dataSource; - + private RedisConnectionFactory redisConnectionFactory; /** * 配置客户端详情 - * - * @param clients - * @throws Exception */ @Override @SneakyThrows - public void configure(ClientDetailsServiceConfigurer clients) throws Exception { - /*clients.inMemory() - .withClient("client") - .secret(passwordEncoder.encode("123456")) - .scopes("all") - .authorizedGrantTypes("password", "refresh_token") - .accessTokenValiditySeconds(3600) - .refreshTokenValiditySeconds(86400);*/ - - JdbcClientDetailsServiceImpl jdbcClientDetailsService=new JdbcClientDetailsServiceImpl(dataSource); - jdbcClientDetailsService.setFindClientDetailsSql(AuthConstants.CLIENT_DETAILS_FIND_SQL); - jdbcClientDetailsService.setSelectClientDetailsSql(AuthConstants.CLIENT_DETAILS_SELECT_SQL); + public void configure(ClientDetailsServiceConfigurer clients) { + JdbcClientDetailsServiceImpl jdbcClientDetailsService = new JdbcClientDetailsServiceImpl(dataSource); + jdbcClientDetailsService.setFindClientDetailsSql(AuthConstants.FIND_CLIENT_DETAILS_SQL); + jdbcClientDetailsService.setSelectClientDetailsSql(AuthConstants.SELECT_CLIENT_DETAILS_SQL); clients.withClientDetails(jdbcClientDetailsService); - } - /** * 配置令牌端点的安全约束 */ @Override public void configure(AuthorizationServerEndpointsConfigurer endpoints) { - // 配置JWT的内容增强器 TokenEnhancerChain tokenEnhancerChain = new TokenEnhancerChain(); List tokenEnhancers = new ArrayList<>(); - tokenEnhancers.add(jwtTokenEnhancer); + tokenEnhancers.add(tokenEnhancer()); tokenEnhancers.add(jwtAccessTokenConverter()); tokenEnhancerChain.setTokenEnhancers(tokenEnhancers); @@ -89,17 +77,10 @@ public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdap .accessTokenConverter(jwtAccessTokenConverter()) .tokenEnhancer(tokenEnhancerChain) .tokenStore(tokenStore()) - ; + .userDetailsService(userDetailsService); } - @Bean - public TokenStore tokenStore() { - RedisTokenStore tokenStore = new RedisTokenStore(redisConnectionFactory); - tokenStore.setPrefix(AuthConstants.OAUTH2_TOKEN_PREFIX); - return tokenStore; - } - /** * 允许表单认证 @@ -129,4 +110,29 @@ public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdap KeyPair keyPair = factory.getKeyPair("youlai", "123456".toCharArray()); return keyPair; } + + + @Bean + public TokenStore tokenStore() { + RedisTokenStore tokenStore = new RedisTokenStore(redisConnectionFactory); + tokenStore.setPrefix(AuthConstants.OAUTH2_TOKEN_PREFIX); + return tokenStore; + } + + /** + * JWT内容增强 + */ + @Bean + public TokenEnhancer tokenEnhancer() { + return (accessToken, authentication) -> { + Map map = new HashMap<>(2); + User user = (User) authentication.getUserAuthentication().getPrincipal(); + map.put(AuthConstants.JWT_USER_ID_KEY, user.getId()); + map.put(AuthConstants.JWT_CLIENT_ID_KEY, user.getClientId()); + ((DefaultOAuth2AccessToken) accessToken).setAdditionalInformation(map); + return accessToken; + }; + } + + } diff --git a/youlai-auth/src/main/java/com/youlai/auth/config/WebSecurityConfig.java b/youlai-auth/src/main/java/com/youlai/auth/config/WebSecurityConfig.java index cb94809f..acf6d189 100644 --- a/youlai-auth/src/main/java/com/youlai/auth/config/WebSecurityConfig.java +++ b/youlai-auth/src/main/java/com/youlai/auth/config/WebSecurityConfig.java @@ -1,17 +1,12 @@ package com.youlai.auth.config; -import com.youlai.auth.service.UserDetailsServiceImpl; -import org.springframework.beans.factory.annotation.Autowired; import org.springframework.boot.actuate.autoconfigure.security.servlet.EndpointRequest; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.security.authentication.AuthenticationManager; -import org.springframework.security.authentication.dao.DaoAuthenticationProvider; -import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; -import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import org.springframework.security.crypto.factory.PasswordEncoderFactories; import org.springframework.security.crypto.password.PasswordEncoder; @@ -19,9 +14,6 @@ import org.springframework.security.crypto.password.PasswordEncoder; @EnableWebSecurity public class WebSecurityConfig extends WebSecurityConfigurerAdapter { - @Autowired - private UserDetailsServiceImpl userDetailsService; - @Override protected void configure(HttpSecurity http) throws Exception { http.authorizeRequests() @@ -31,27 +23,13 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter { .anyRequest().permitAll(); } - @Bean - public PasswordEncoder passwordEncoder() { - return PasswordEncoderFactories.createDelegatingPasswordEncoder(); - } - @Bean public AuthenticationManager authenticationManagerBean() throws Exception { return super.authenticationManagerBean(); } - @Override - protected void configure(AuthenticationManagerBuilder auth){ - auth.authenticationProvider(daoAuthenticationProvider()); - } - @Bean - public DaoAuthenticationProvider daoAuthenticationProvider() { - DaoAuthenticationProvider provider = new DaoAuthenticationProvider(); - provider.setUserDetailsService(userDetailsService); - provider.setPasswordEncoder(passwordEncoder()); - provider.setHideUserNotFoundExceptions(false); - return provider; + public PasswordEncoder passwordEncoder() { + return PasswordEncoderFactories.createDelegatingPasswordEncoder(); } } diff --git a/youlai-auth/src/main/java/com/youlai/auth/controller/KeyPairController.java b/youlai-auth/src/main/java/com/youlai/auth/controller/PublicKeyController.java similarity index 95% rename from youlai-auth/src/main/java/com/youlai/auth/controller/KeyPairController.java rename to youlai-auth/src/main/java/com/youlai/auth/controller/PublicKeyController.java index 932b8809..81f34045 100644 --- a/youlai-auth/src/main/java/com/youlai/auth/controller/KeyPairController.java +++ b/youlai-auth/src/main/java/com/youlai/auth/controller/PublicKeyController.java @@ -14,7 +14,7 @@ import java.util.Map; */ @RestController @AllArgsConstructor -public class KeyPairController { +public class PublicKeyController { private KeyPair keyPair; diff --git a/youlai-auth/src/main/resources/youlai.jks b/youlai-auth/src/main/resources/youlai.jks index e6ff8072fc068fbd3c0b6676fb19de19332cf8e5..229409da2a31c6fab33edf769aa6cf410a17c7a4 100644 GIT binary patch delta 1972 zcmV;l2TSK z$#v>V&Y>7vgQ7g2)6Yc?M4ZP_5(A>8895<|a+1Bi@T>jiij7H$fd)f!n4RX%QfvWx z%(&#vX~AI&@`Y(8@Bo>)2itWu-_2OL>VpfsFJlc(5b1T4pnuS&`jhr1Q^xW)$!6=Z zU0A;y56yR6BT`Q2o z-n?#Wtnot%C^#V7Gjip4ik<9=vIszNo|K)SujQ4$^nZvYM?zV;GBV+JttzXx8^g)y zzVm#pf#0LOH8jRsXH|Vr*Px;zX!~_#6+yFCNjp!C*S!+PPW(JZX?k`t-}fXXAs8s) z`NN#ue~s_|Rq}A$cz>0_e~?qG;J1`PF$qV_N*=fCvR$62F!(p0ZZ--3Eh&%D8%KO%Pk(|C9BM2{ zCtE!thRJe+!$Ghs%tvSA+&?|j-EqS4)X)tsuC01iOfNp_HXCGH0Bc?$KfNG5oe8>r zgBBCF_Y4OwsWXrkf&`qZAjM&Z{e=A~+5R-4zkex{FPuhazzyK34L*21%fDxy2_#{a zg}>r#;uCT+nnlnF_%5OE2EYR-2rnGgqSIJ3dx}Ut^Fa`%t%zWRNoV%;r#APGS#89H z{5{gZW;n)E^&Wm)>Z+JDgNCbtAzY|%)^Xdu_cz#}CD&3Y9Gxfqn^4eAAeN$+5csBu z`hObxjXDt3BnEI!imF#oObJ^@j9h5Ng)MhB$`#Ugr#%I(>V2kQm0uy+6QpLT6Nv(c z8sKj3O9J+)`Ngq$Q6EuE{7jgA-wT?yDT_IvnfMg=nUjU}t|chg zE0k`B3~mQU?!@K}{bF0MAn$ejX8!T+1%Gt%Z}X{cANuskILC1ImxO|McaR?JX&LVg zS!6WTYPpxl(D&DsP5cNC)xnUFYwD5G;^j8fi;@2{f(xY3Va~T)$i|%zCL{07eNyX) zt$=jjTNi^~4|1|by0JL=4Onr82Wj%&yWT%??z9l4|J>jmZf8P$@xn0neud;+0)I=` z5gJQ38P%j#`nxwdRnq7qyM-Cu-hJ`VLfp( zCWVDC%Ge*#H7LzP#xFS+y}1KUl$jl5?6epQ-tj6&=FC&%S)+L$1lX`gmoctXI-1tI zn#W=V2jREi!g__LU+-y95`X-XfPZL2%GovCCzl3s!>rA94l}3?xu|3suD)q~ zEPLcZQg+!bPx1Kx5Bwba1amHMr-K7BpYgo!{p6m5O`V%4v7GBGzWGB7qUI9iid1#gp61|WZn0dNBU%eQde>;<=U7sSG>Xg(wR zxc0`kT2Y8819I_ld`HA*?$c8nCWVU3jf|CGKc89u7et8(o4<0~ewOETJzsUV!8?OE zCcZ+#hFKbX_dDwjy}@7C)X=^G=6Y;hZn83{3u{X1YbcReLxgy_8BRU#4fUCV`#b2Y zW_*9ejqbU3C|R;j{VVF^W8$czT5Uu*&A^f6iWqx{_ARu@|6Hq!(#Se{vS2f%A3Ipl z8=#H)(G1T_b>eZb%3{C=;K1Z6(Fyh~CKw%y`R+)J7DRfCwMUlfWmc!$KZ`y!?kpQT z#0Hfr*Z0Od6ihD&${a<`e87Ng#5C+zncaVldjbOi00E;RFdr}-1_M`iatYl9Ts8xqfsp;)D<3(0z zm@MB(5g6ud-iIOmkn^oe$R!t0%qLW(vRDM5Q?tyG1E)9!ET*e_4rg=diXo-YC^+>7 z>#lx(gl6oPI=X<+UXP+tphLHxrAXzUnPOjG1!BZ&M`h6HiCm?Jc8KF=g0<|{N$UDs G6-uLG#GdmTT1J1xa;R}Ez7u`jk~r(yEkpa9!|^T6b*IeG7W{et_Gsp! z8{=D&yecBNH7W<4_uPNM<59Ubt-jI{Hirv0>WHh(_C+Sg-+vjIAE54Juzy)-7FuRs zcB>jixcaME>;#h4Ck|Te^9h6BbN#Fv^T2DPlcNJ_-pgoa)=;Fny=i?dS!X>th4pR- zA^J@$jWbPsEFvjbg=J5k0&=z^Wzt?qg?`GP&bJ`|ze2kw(9XNDvexf+8(+)uLwCHn z1Q_39ixSsOSAQX+qRVP0xWBzq+_Og+5+t6wsrI;gcppxL8)6j=3|~-jXcN#cP*BAz zZoZijfT=Z){n^RQDEL3G-qVRR;yfU|G!cBczBxOh@#eS`aP%=E(o(ALVnkX(;4$+c z9-^36+!2dI2vz%sGRB=2@@mnO$=rYo-qie8ny3%A$bY&)=HF^*uIJO4Diu9Yiokt` z%;Mg8XSkPdfqO%_Z=x)Y3<=O0$V$(WBQw`Pj@q7X{c^v&XX&FW_r}8K$q22XBdw{X zF|x}W(NR=}ozRkdei=gNKK1uxSHJu8u@DL&rgww80aJl(A=>5WjO$%@VhhjfG%*<` zxuo=7SAX#1jsPEEqsu5oVfTbm1vrv)I^=#1ITuaMX`Dp0O{{7Fy4hJ$n(oy*8K%O| zCv*qj{g*Vv&Gl`V`uS=O->n9*y0JbXlb2F?A632{q>4y`4zQUkr!l88Enb)N0N2g3 zXQGu?ZKoiP)8j(Wd<7_#saeXzSN2VMkmf~SD1SJBKryr*(l=y}6rC>3x|CkLS1RcP zBY%!roJk!=Ia=DMbwZnu+}G_Bp%{Z$%EqsmEO(+1wtHYvg3B({VKWx}8-X_kgx{Yz zg|~+!Dc6l$g0mo^iTLgmdBw-m#)t*=%@J1_UVzHE_`GG^oZDBugmn+*2fE-*=^%E0 z-+$pG!vzpoM{bO278rmz_Iw>3P@1iBPTE=enLq*L5Dp@o1u8uAdD+(cgcKY@8BfnPUy!*tLx_?+izj zP>(yAzBCSX_5WfG_3Ii9qM~jIz@7%45 zY!6R$UMaQB1c`NTSIa6e&z@$54EniL!-oYv@C0kVOH2h!3OJbxuyyjpk8{X8oZGvTHt{27YPf*~*d{}G7uRaUNX}Z6Ot2IB`M3k^u zhHbBr*C7X050MrG7Y#BnF)}eWF*Y(XH8fh2RRwR8QU)M@!vzw_h~@2j!H2l>j849qbT&p8 zP}5;y+IS#AYz@oE@ag&J2M=C>?D>xs8j0$NcC&XjP$bn4Z}O&}6~IQ8xt zQ3*Zj)nh0Lv(JtV$=d?Cr#*hvlR?+ns;w?#cyq$42TWT;KKiO}4=}$0Y^Kq$E9109 zJ$NFo^SjKWf%AWW9$MRR8E@~|k*bsp9R>qc9S#H*1QaZ; z4(dO3XGbJAwXm7Fuqr2efU7VK1_>&LNQUx$uw29qXwf1_a(FFES5iV|{AABmnQhBTCr0K4)Wjlms}-~l{aa18y2BrW{~XaU zW^yHW4K`02R>R1o(%&V@rhoDsAA0B#Kzl%k!v`R6%+Jv=x{KRF(^h)=U-PHho