diff --git a/apollo-common/src/main/java/com/ctrip/framework/apollo/common/auth/WebSecurityConfig.java b/apollo-biz/src/main/java/com/ctrip/framework/apollo/biz/auth/WebSecurityConfig.java similarity index 88% rename from apollo-common/src/main/java/com/ctrip/framework/apollo/common/auth/WebSecurityConfig.java rename to apollo-biz/src/main/java/com/ctrip/framework/apollo/biz/auth/WebSecurityConfig.java index 68d5f43f872158141de55561851bd970557e57e2..7b398bf92b06fcf0eec79644a2a129ec03489b02 100644 --- a/apollo-common/src/main/java/com/ctrip/framework/apollo/common/auth/WebSecurityConfig.java +++ b/apollo-biz/src/main/java/com/ctrip/framework/apollo/biz/auth/WebSecurityConfig.java @@ -1,4 +1,6 @@ -package com.ctrip.framework.apollo.common.auth; +package com.ctrip.framework.apollo.biz.auth; + +import com.ctrip.framework.apollo.common.condition.ConditionalOnMissingProfile; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Configuration; @@ -8,6 +10,7 @@ import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; +@ConditionalOnMissingProfile("auth") @Configuration @EnableWebSecurity @EnableGlobalMethodSecurity(prePostEnabled = true) diff --git a/apollo-configservice/src/test/java/com/ctrip/framework/apollo/ConfigServiceTestConfiguration.java b/apollo-configservice/src/test/java/com/ctrip/framework/apollo/ConfigServiceTestConfiguration.java index ad81b9f621def4fb34f099ac0b0254b9de7f994e..877cabebe62106353af7baff8d1b3ffd93642aee 100644 --- a/apollo-configservice/src/test/java/com/ctrip/framework/apollo/ConfigServiceTestConfiguration.java +++ b/apollo-configservice/src/test/java/com/ctrip/framework/apollo/ConfigServiceTestConfiguration.java @@ -1,6 +1,6 @@ package com.ctrip.framework.apollo; -import com.ctrip.framework.apollo.common.auth.WebSecurityConfig; +import com.ctrip.framework.apollo.biz.auth.WebSecurityConfig; import com.ctrip.framework.apollo.configservice.ConfigServiceApplication; import org.springframework.boot.autoconfigure.EnableAutoConfiguration; diff --git a/apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/component/RestTemplateFactory.java b/apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/component/RestTemplateFactory.java index 04492666c1a3f4accd013a682ca670c4eb6b7f7b..e3eebe07020fb557fe5a5187eadf281c27f7b630 100644 --- a/apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/component/RestTemplateFactory.java +++ b/apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/component/RestTemplateFactory.java @@ -1,17 +1,9 @@ package com.ctrip.framework.apollo.portal.component; -import com.google.common.io.BaseEncoding; - - import com.ctrip.framework.apollo.portal.component.config.PortalConfig; -import org.apache.http.Header; -import org.apache.http.auth.AuthScope; -import org.apache.http.auth.UsernamePasswordCredentials; -import org.apache.http.impl.client.BasicCredentialsProvider; import org.apache.http.impl.client.CloseableHttpClient; import org.apache.http.impl.client.HttpClientBuilder; -import org.apache.http.message.BasicHeader; import org.springframework.beans.factory.FactoryBean; import org.springframework.beans.factory.InitializingBean; import org.springframework.beans.factory.annotation.Autowired; @@ -21,8 +13,6 @@ import org.springframework.stereotype.Component; import org.springframework.web.client.RestTemplate; import java.io.UnsupportedEncodingException; -import java.util.ArrayList; -import java.util.Collection; @Component public class RestTemplateFactory implements FactoryBean, InitializingBean { @@ -47,18 +37,7 @@ public class RestTemplateFactory implements FactoryBean, Initializ } public void afterPropertiesSet() throws UnsupportedEncodingException { - Collection
defaultHeaders = new ArrayList
(); - Header header = new BasicHeader("Authorization", - "Basic " + BaseEncoding.base64().encode("apollo:".getBytes("UTF-8"))); - defaultHeaders.add(header); - - BasicCredentialsProvider credentialsProvider = new BasicCredentialsProvider(); - credentialsProvider.setCredentials(AuthScope.ANY, - new UsernamePasswordCredentials("apollo", "")); - CloseableHttpClient httpClient = - HttpClientBuilder.create().setDefaultCredentialsProvider(credentialsProvider) - .setDefaultHeaders(defaultHeaders).build(); - + CloseableHttpClient httpClient = HttpClientBuilder.create().build(); restTemplate = new RestTemplate(httpMessageConverters.getConverters()); HttpComponentsClientHttpRequestFactory requestFactory = diff --git a/apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/entity/po/UserPO.java b/apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/entity/po/UserPO.java index b274287f8005553ba7c68705224846de336052e3..5734e197bbecf75cd7db065983fce7868064a0ee 100644 --- a/apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/entity/po/UserPO.java +++ b/apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/entity/po/UserPO.java @@ -12,18 +12,18 @@ import javax.persistence.Table; * @author lepdou 2017-04-08 */ @Entity -@Table(name = "users") +@Table(name = "Users") public class UserPO { @Id @GeneratedValue @Column(name = "Id") private long id; - @Column(name = "username", nullable = false) + @Column(name = "Username", nullable = false) private String username; - @Column(name = "password", nullable = false) + @Column(name = "Password", nullable = false) private String password; - @Column(name = "enabled", nullable = false) + @Column(name = "Enabled", nullable = false) private int enabled; public long getId() { @@ -62,7 +62,7 @@ public class UserPO { UserInfo userInfo = new UserInfo(); userInfo.setName(this.getUsername()); userInfo.setUserId(this.getUsername()); - userInfo.setEmail("apollo@acme.com"); + userInfo.setEmail(this.getUsername() + "@acme.com"); return userInfo; } } diff --git a/apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/spi/configuration/AuthConfiguration.java b/apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/spi/configuration/AuthConfiguration.java index 73106cd8832b938d12a271a06a03de0dc83b72c6..430a643118ef1969730aafe52a6192e00ddae655 100644 --- a/apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/spi/configuration/AuthConfiguration.java +++ b/apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/spi/configuration/AuthConfiguration.java @@ -34,7 +34,6 @@ import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; -import org.springframework.security.crypto.password.PasswordEncoder; import org.springframework.security.provisioning.JdbcUserDetailsManager; import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint; @@ -211,11 +210,11 @@ public class AuthConfiguration { } @Bean - public JdbcUserDetailsManager jdbcUserDetailsManager(DataSource datasource) { - JdbcUserDetailsManager userDetailsService = new JdbcUserDetailsManager(); - userDetailsService.setDataSource(datasource); - - return userDetailsService; + public JdbcUserDetailsManager jdbcUserDetailsManager(AuthenticationManagerBuilder auth, DataSource datasource) throws Exception { + return auth.jdbcAuthentication().passwordEncoder(new BCryptPasswordEncoder()).dataSource(datasource) + .usersByUsernameQuery("select Username,Password,Enabled from `Users` where Username=?") + .authoritiesByUsernameQuery("select Username,Authority from `Authorities` where Username = ?") + .getUserDetailsService(); } @Bean @@ -224,42 +223,27 @@ public class AuthConfiguration { return new SpringSecurityUserService(); } + } - @Order(99) - @Configuration - @Profile("auth") - @EnableWebSecurity - @EnableGlobalMethodSecurity(prePostEnabled = true) - static class SpringSecurityConfigurer extends WebSecurityConfigurerAdapter { - - public static final String USER_ROLE = "user"; - - @Autowired - private DataSource datasource; - - - @Override - protected void configure(HttpSecurity http) throws Exception { - http.csrf().disable(); - http.headers().frameOptions().sameOrigin(); - http.authorizeRequests() - .antMatchers("/openapi/*").permitAll() - .antMatchers("/*").hasAnyRole(USER_ROLE); - http.formLogin().loginPage("/signin").permitAll().failureUrl("/signin?#/error").and().httpBasic(); - http.logout().invalidateHttpSession(true).clearAuthentication(true).logoutSuccessUrl("/signin?#/logout"); - http.exceptionHandling().authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/signin")); - } - - @Autowired - public void configureGlobal(AuthenticationManagerBuilder auth, JdbcUserDetailsManager userDetailsService) - throws Exception { - PasswordEncoder encoder = new BCryptPasswordEncoder(); - - auth.userDetailsService(userDetailsService).passwordEncoder(encoder); - auth.jdbcAuthentication().dataSource(datasource).usersByUsernameQuery( - "select username,password, enabled from users where username=?"); - } - + @Order(99) + @Profile("auth") + @Configuration + @EnableWebSecurity + @EnableGlobalMethodSecurity(prePostEnabled = true) + static class SpringSecurityConfigurer extends WebSecurityConfigurerAdapter { + + public static final String USER_ROLE = "user"; + + @Override + protected void configure(HttpSecurity http) throws Exception { + http.csrf().disable(); + http.headers().frameOptions().sameOrigin(); + http.authorizeRequests() + .antMatchers("/openapi/*").permitAll() + .antMatchers("/*").hasAnyRole(USER_ROLE); + http.formLogin().loginPage("/signin").permitAll().failureUrl("/signin?#/error").and().httpBasic(); + http.logout().invalidateHttpSession(true).clearAuthentication(true).logoutSuccessUrl("/signin?#/logout"); + http.exceptionHandling().authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/signin")); } } @@ -296,4 +280,16 @@ public class AuthConfiguration { } } + @ConditionalOnMissingProfile("auth") + @Configuration + @EnableWebSecurity + @EnableGlobalMethodSecurity(prePostEnabled = true) + static class DefaultWebSecurityConfig extends WebSecurityConfigurerAdapter { + + @Override + protected void configure(HttpSecurity http) throws Exception { + http.csrf().disable(); + http.headers().frameOptions().sameOrigin(); + } + } } diff --git a/apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/spi/configuration/EmailConfiguration.java b/apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/spi/configuration/EmailConfiguration.java index d9505294adf48737950ee2156bcb699fa09d1e17..8eb069ca6f0936e8afa201f25db219162b845134 100644 --- a/apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/spi/configuration/EmailConfiguration.java +++ b/apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/spi/configuration/EmailConfiguration.java @@ -1,6 +1,7 @@ package com.ctrip.framework.apollo.portal.spi.configuration; +import com.ctrip.framework.apollo.common.condition.ConditionalOnMissingProfile; import com.ctrip.framework.apollo.portal.spi.EmailService; import com.ctrip.framework.apollo.portal.spi.ctrip.CtripEmailService; import com.ctrip.framework.apollo.portal.spi.ctrip.CtripEmailRequestBuilder; @@ -36,7 +37,7 @@ public class EmailConfiguration { * spring.profiles.active != ctrip */ @Configuration - @Profile({"!ctrip"}) + @ConditionalOnMissingProfile({"ctrip"}) public static class DefaultEmailConfiguration { @Bean @ConditionalOnMissingBean(EmailService.class) diff --git a/apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/spi/configuration/MQConfiguration.java b/apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/spi/configuration/MQConfiguration.java index b0cc2a88a4e97622245bc371968750f0e32c33e0..88325257b8f347d4fffa21293c13ab27a064d85f 100644 --- a/apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/spi/configuration/MQConfiguration.java +++ b/apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/spi/configuration/MQConfiguration.java @@ -1,5 +1,6 @@ package com.ctrip.framework.apollo.portal.spi.configuration; +import com.ctrip.framework.apollo.common.condition.ConditionalOnMissingProfile; import com.ctrip.framework.apollo.portal.spi.ctrip.CtripMQService; import com.ctrip.framework.apollo.portal.spi.defaultimpl.DefaultMQService; @@ -24,7 +25,7 @@ public class MQConfiguration { * spring.profiles.active != ctrip */ @Configuration - @Profile({"!ctrip"}) + @ConditionalOnMissingProfile({"ctrip"}) public static class DefaultMQConfiguration { @Bean diff --git a/scripts/sql-docker/apolloportaldb.sql b/scripts/sql-docker/apolloportaldb.sql index 268c5859d01c2fdd6148e3701d7de5e7ca468309..0f32bdc8294a49d32ed9ab290eae8c24ac63f0ba 100644 --- a/scripts/sql-docker/apolloportaldb.sql +++ b/scripts/sql-docker/apolloportaldb.sql @@ -276,29 +276,29 @@ CREATE TABLE `UserRole` ( ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COMMENT='用户和role的绑定表'; -# Dump of table users +# Dump of table Users # ------------------------------------------------------------ -DROP TABLE IF EXISTS `users`; +DROP TABLE IF EXISTS `Users`; -CREATE TABLE `users` ( +CREATE TABLE `Users` ( `Id` int(10) unsigned NOT NULL AUTO_INCREMENT COMMENT '自增Id', - `username` varchar(64) NOT NULL DEFAULT 'default' COMMENT '用户名', - `password` varchar(64) NOT NULL DEFAULT 'default' COMMENT '密码', - `enabled` tinyint(4) DEFAULT NULL COMMENT '是否有效', + `Username` varchar(64) NOT NULL DEFAULT 'default' COMMENT '用户名', + `Password` varchar(64) NOT NULL DEFAULT 'default' COMMENT '密码', + `Enabled` tinyint(4) DEFAULT NULL COMMENT '是否有效', PRIMARY KEY (`Id`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COMMENT='用户表'; -# Dump of table authorities +# Dump of table Authorities # ------------------------------------------------------------ -DROP TABLE IF EXISTS `authorities`; +DROP TABLE IF EXISTS `Authorities`; -CREATE TABLE `authorities` ( +CREATE TABLE `Authorities` ( `Id` int(11) unsigned NOT NULL AUTO_INCREMENT COMMENT '自增Id', - `username` varchar(50) NOT NULL, - `authority` varchar(50) NOT NULL, + `Username` varchar(50) NOT NULL, + `Authority` varchar(50) NOT NULL, PRIMARY KEY (`Id`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4; @@ -309,15 +309,15 @@ INSERT INTO `ServerConfig` (`Key`, `Value`, `Comment`) VALUES ('apollo.portal.envs', 'dev', '可支持的环境列表'), ('organizations', '[{\"orgId\":\"全辅导\",\"orgName\":\"全辅导\"},{\"orgId\":\"全课云\",\"orgName\":\"全课云\"}]', '部门列表'), - ('superAdmin', 'admin', 'Portal超级管理员'), + ('superAdmin', 'apollo', 'Portal超级管理员'), ('api.readTimeout', '10000', 'http接口read timeout'), ('consumer.token.salt', 'someSalt', 'consumer token salt'); -INSERT INTO `users` ( `username`, `password`, `enabled`) +INSERT INTO `Users` (`Username`, `Password`, `Enabled`) VALUES - ('admin', '$2a$10$7r20uS.BQ9uBpf3Baj3uQOZvMVvB1RN3PYoKE94gtz2.WAOuiiwXS', 1); + ('apollo', '$2a$10$7r20uS.BQ9uBpf3Baj3uQOZvMVvB1RN3PYoKE94gtz2.WAOuiiwXS', 1); -INSERT INTO `authorities` (`username`, `authority`) VALUES ('admin', 'ROLE_user'); +INSERT INTO `Authorities` (`Username`, `Authority`) VALUES ('apollo', 'ROLE_user'); /*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */; /*!40101 SET SQL_MODE=@OLD_SQL_MODE */; diff --git a/scripts/sql/apolloportaldb.sql b/scripts/sql/apolloportaldb.sql index e069373f9af83e4c4ac74a801e721c2f669c8a37..50690aab5021da697c741ca0bcdf79e202d21f54 100644 --- a/scripts/sql/apolloportaldb.sql +++ b/scripts/sql/apolloportaldb.sql @@ -275,29 +275,29 @@ CREATE TABLE `UserRole` ( KEY `IX_UserId_RoleId` (`UserId`,`RoleId`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COMMENT='用户和role的绑定表'; -# Dump of table users +# Dump of table Users # ------------------------------------------------------------ -DROP TABLE IF EXISTS `users`; +DROP TABLE IF EXISTS `Users`; -CREATE TABLE `users` ( +CREATE TABLE `Users` ( `Id` int(10) unsigned NOT NULL AUTO_INCREMENT COMMENT '自增Id', - `username` varchar(64) NOT NULL DEFAULT 'default' COMMENT '用户名', - `password` varchar(64) NOT NULL DEFAULT 'default' COMMENT '密码', - `enabled` tinyint(4) DEFAULT NULL COMMENT '是否有效', + `Username` varchar(64) NOT NULL DEFAULT 'default' COMMENT '用户名', + `Password` varchar(64) NOT NULL DEFAULT 'default' COMMENT '密码', + `Enabled` tinyint(4) DEFAULT NULL COMMENT '是否有效', PRIMARY KEY (`Id`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COMMENT='用户表'; -# Dump of table authorities +# Dump of table Authorities # ------------------------------------------------------------ -DROP TABLE IF EXISTS `authorities`; +DROP TABLE IF EXISTS `Authorities`; -CREATE TABLE `authorities` ( +CREATE TABLE `Authorities` ( `Id` int(11) unsigned NOT NULL AUTO_INCREMENT COMMENT '自增Id', - `username` varchar(50) NOT NULL, - `authority` varchar(50) NOT NULL, + `Username` varchar(50) NOT NULL, + `Authority` varchar(50) NOT NULL, PRIMARY KEY (`Id`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4; @@ -308,15 +308,15 @@ INSERT INTO `ServerConfig` (`Key`, `Value`, `Comment`) VALUES ('apollo.portal.envs', 'dev', '可支持的环境列表'), ('organizations', '[{\"orgId\":\"TEST1\",\"orgName\":\"样例部门1\"},{\"orgId\":\"TEST2\",\"orgName\":\"样例部门2\"}]', '部门列表'), - ('superAdmin', 'admin', 'Portal超级管理员'), + ('superAdmin', 'apollo', 'Portal超级管理员'), ('api.readTimeout', '10000', 'http接口read timeout'), ('consumer.token.salt', 'someSalt', 'consumer token salt'); -INSERT INTO `users` ( `username`, `password`, `enabled`) +INSERT INTO `Users` (`Username`, `Password`, `Enabled`) VALUES - ('admin', '$2a$10$7r20uS.BQ9uBpf3Baj3uQOZvMVvB1RN3PYoKE94gtz2.WAOuiiwXS', 1); + ('apollo', '$2a$10$7r20uS.BQ9uBpf3Baj3uQOZvMVvB1RN3PYoKE94gtz2.WAOuiiwXS', 1); -INSERT INTO `authorities` (`username`, `authority`) VALUES ('admin', 'ROLE_user'); +INSERT INTO `Authorities` (`Username`, `Authority`) VALUES ('apollo', 'ROLE_user'); /*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */; /*!40101 SET SQL_MODE=@OLD_SQL_MODE */; diff --git a/scripts/sql/delta/v060-v062/apolloportaldb-v060-v062.sql b/scripts/sql/delta/v060-v062/apolloportaldb-v060-v062.sql index 1d5c8780f96834a46ef3f261198b3082743d9ff1..cdf21251e7c73fd4b894360f797ba72a634bab04 100644 --- a/scripts/sql/delta/v060-v062/apolloportaldb-v060-v062.sql +++ b/scripts/sql/delta/v060-v062/apolloportaldb-v060-v062.sql @@ -1,4 +1,4 @@ -# delta schema to upgrade apollo config db from v0.6.0 to v0.6.2 +# delta schema to upgrade apollo portal db from v0.6.0 to v0.6.2 Use ApolloPortalDB; diff --git a/scripts/sql/delta/v080-v090/apolloportaldb-v080-v090.sql b/scripts/sql/delta/v080-v090/apolloportaldb-v080-v090.sql new file mode 100644 index 0000000000000000000000000000000000000000..3a6e19021ae5ab8c3b40793e2ef9f835afb3a6d6 --- /dev/null +++ b/scripts/sql/delta/v080-v090/apolloportaldb-v080-v090.sql @@ -0,0 +1,24 @@ +# delta schema to upgrade apollo portal db from v0.8.0 to v0.9.0 + +Use ApolloPortalDB; + +CREATE TABLE `Users` ( + `Id` int(10) unsigned NOT NULL AUTO_INCREMENT COMMENT '自增Id', + `Username` varchar(64) NOT NULL DEFAULT 'default' COMMENT '用户名', + `Password` varchar(64) NOT NULL DEFAULT 'default' COMMENT '密码', + `Enabled` tinyint(4) DEFAULT NULL COMMENT '是否有效', + PRIMARY KEY (`Id`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COMMENT='用户表'; + +CREATE TABLE `Authorities` ( + `Id` int(11) unsigned NOT NULL AUTO_INCREMENT COMMENT '自增Id', + `Username` varchar(50) NOT NULL, + `Authority` varchar(50) NOT NULL, + PRIMARY KEY (`Id`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4; + +INSERT INTO `Users` (`Username`, `Password`, `Enabled`) +VALUES + ('apollo', '$2a$10$7r20uS.BQ9uBpf3Baj3uQOZvMVvB1RN3PYoKE94gtz2.WAOuiiwXS', 1); + +INSERT INTO `Authorities` (`Username`, `Authority`) VALUES ('apollo', 'ROLE_user');