From 13bb2edb61b96f61e4b9f9e07e8763d950cca82e Mon Sep 17 00:00:00 2001 From: lbw Date: Mon, 30 May 2022 11:55:13 +0800 Subject: [PATCH] =?UTF-8?q?:bug:=20Fixing=20a=20bug.=20=E4=BB=A4=E7=89=8C?= =?UTF-8?q?=E6=8A=BD=E5=8F=96=E5=A4=B1=E8=B4=A5?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- db/auth.sql | 81 ------------------- .../CustomjwtAuthenticationConverter.java | 36 --------- .../component/PigBearerTokenExtractor.java | 2 +- .../PigRemoteRegisteredClientRepository.java | 5 +- .../src/main/resources/logback-spring.xml | 2 +- 5 files changed, 5 insertions(+), 121 deletions(-) delete mode 100644 db/auth.sql delete mode 100644 pig-common/pig-common-security/src/main/java/com/pig4cloud/pig/common/security/component/CustomjwtAuthenticationConverter.java diff --git a/db/auth.sql b/db/auth.sql deleted file mode 100644 index aea28210..00000000 --- a/db/auth.sql +++ /dev/null @@ -1,81 +0,0 @@ -SET NAMES utf8mb4; -SET FOREIGN_KEY_CHECKS = 0; - --- ---------------------------- --- Table structure for oauth2_authorization --- ---------------------------- -DROP TABLE IF EXISTS `oauth2_authorization`; -CREATE TABLE `oauth2_authorization` ( - `id` varchar(100) NOT NULL, - `registered_client_id` varchar(100) NOT NULL, - `principal_name` varchar(200) NOT NULL, - `authorization_grant_type` varchar(100) NOT NULL, - `attributes` longtext CHARACTER SET utf8mb4 COLLATE utf8mb4_0900_ai_ci, - `state` varchar(500) DEFAULT NULL, - `authorization_code_value` blob, - `authorization_code_issued_at` timestamp NULL DEFAULT NULL, - `authorization_code_expires_at` timestamp NULL DEFAULT NULL, - `authorization_code_metadata` varchar(2000) DEFAULT NULL, - `access_token_value` blob, - `access_token_issued_at` timestamp NULL DEFAULT NULL, - `access_token_expires_at` timestamp NULL DEFAULT NULL, - `access_token_metadata` varchar(2000) DEFAULT NULL, - `access_token_type` varchar(100) DEFAULT NULL, - `access_token_scopes` varchar(1000) DEFAULT NULL, - `oidc_id_token_value` blob, - `oidc_id_token_issued_at` timestamp NULL DEFAULT NULL, - `oidc_id_token_expires_at` timestamp NULL DEFAULT NULL, - `oidc_id_token_metadata` varchar(2000) DEFAULT NULL, - `refresh_token_value` blob, - `refresh_token_issued_at` timestamp NULL DEFAULT NULL, - `refresh_token_expires_at` timestamp NULL DEFAULT NULL, - `refresh_token_metadata` varchar(2000) DEFAULT NULL, - PRIMARY KEY (`id`) -) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci; - --- ---------------------------- --- Table structure for oauth2_authorization_consent --- ---------------------------- -DROP TABLE IF EXISTS `oauth2_authorization_consent`; -CREATE TABLE `oauth2_authorization_consent` ( - `registered_client_id` varchar(100) NOT NULL, - `principal_name` varchar(200) NOT NULL, - `authorities` varchar(1000) NOT NULL, - PRIMARY KEY (`registered_client_id`,`principal_name`) -) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci; - --- ---------------------------- --- Records of oauth2_authorization_consent --- ---------------------------- -BEGIN; -COMMIT; - --- ---------------------------- --- Table structure for oauth2_registered_client --- ---------------------------- -DROP TABLE IF EXISTS `oauth2_registered_client`; -CREATE TABLE `oauth2_registered_client` ( - `id` varchar(100) NOT NULL, - `client_id` varchar(100) NOT NULL, - `client_id_issued_at` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP, - `client_secret` varchar(200) DEFAULT NULL, - `client_secret_expires_at` timestamp NULL DEFAULT NULL, - `client_name` varchar(200) NOT NULL, - `client_authentication_methods` varchar(1000) NOT NULL, - `authorization_grant_types` varchar(1000) NOT NULL, - `redirect_uris` varchar(1000) DEFAULT NULL, - `scopes` varchar(1000) NOT NULL, - `client_settings` varchar(2000) NOT NULL, - `token_settings` varchar(2000) NOT NULL, - PRIMARY KEY (`id`) -) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci; - --- ---------------------------- --- Records of oauth2_registered_client --- ---------------------------- -BEGIN; -INSERT INTO `oauth2_registered_client` VALUES ('jumuning', 'jumuning', '2021-11-24 10:39:41', '{bcrypt}$2a$10$aNZ7R/TpKdRBrPT/gl7Avur0mj.1MAwbz47RT1Lm0sNZm51K4WFvC', NULL, 'jumuning', 'client_secret_post,client_secret_basic', 'refresh_token,client_credentials,password,authorization_code', 'https://www.baidu.com', 'message.read,role.admin', '{\"@class\":\"java.util.Collections$UnmodifiableMap\",\"settings.client.require-proof-key\":false,\"settings.client.require-authorization-consent\":false}', '{\"@class\":\"java.util.Collections$UnmodifiableMap\",\"settings.token.reuse-refresh-tokens\":true,\"settings.token.id-token-signature-algorithm\":[\"org.springframework.security.oauth2.jose.jws.SignatureAlgorithm\",\"RS256\"],\"settings.token.access-token-time-to-live\":[\"java.time.Duration\",3600.000000000],\"settings.token.refresh-token-time-to-live\":[\"java.time.Duration\",3600.000000000]}'); -INSERT INTO `oauth2_registered_client` VALUES ('pig', 'pig', '2021-11-24 16:35:24', '{bcrypt}$2a$10$oKyVIM.bR8Bjt5PCMZzRJedqEfaQkUhfLkbxpNfM8xPS/JnjtVFZ2', NULL, 'pig', 'client_secret_post,client_secret_basic', 'refresh_token,client_credentials,password,authorization_code', 'https://pig4cloud.com', 'message.read,message.write', '{\"@class\":\"java.util.Collections$UnmodifiableMap\",\"settings.client.require-proof-key\":false,\"settings.client.require-authorization-consent\":false}', '{\"@class\":\"java.util.Collections$UnmodifiableMap\",\"settings.token.reuse-refresh-tokens\":true,\"settings.token.id-token-signature-algorithm\":[\"org.springframework.security.oauth2.jose.jws.SignatureAlgorithm\",\"RS256\"],\"settings.token.access-token-time-to-live\":[\"java.time.Duration\",10800.000000000],\"settings.token.refresh-token-time-to-live\":[\"java.time.Duration\",10800.000000000]}'); -COMMIT; - -SET FOREIGN_KEY_CHECKS = 1; diff --git a/pig-common/pig-common-security/src/main/java/com/pig4cloud/pig/common/security/component/CustomjwtAuthenticationConverter.java b/pig-common/pig-common-security/src/main/java/com/pig4cloud/pig/common/security/component/CustomjwtAuthenticationConverter.java deleted file mode 100644 index 9e4d9bb5..00000000 --- a/pig-common/pig-common-security/src/main/java/com/pig4cloud/pig/common/security/component/CustomjwtAuthenticationConverter.java +++ /dev/null @@ -1,36 +0,0 @@ -package com.pig4cloud.pig.common.security.component; - -import lombok.RequiredArgsConstructor; -import org.springframework.core.convert.converter.Converter; -import org.springframework.security.authentication.AbstractAuthenticationToken; -import org.springframework.security.core.GrantedAuthority; -import org.springframework.security.core.authority.AuthorityUtils; -import org.springframework.security.oauth2.core.OAuth2TokenType; -import org.springframework.security.oauth2.jwt.Jwt; -import org.springframework.security.oauth2.jwt.JwtClaimNames; -import org.springframework.security.oauth2.server.authorization.OAuth2Authorization; -import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService; -import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken; - -import java.util.Collection; - -/** - * @author lengleng - * @date 2022/5/28 - */ -@RequiredArgsConstructor -public class CustomjwtAuthenticationConverter implements Converter { - - private final OAuth2AuthorizationService authorizationService; - - @Override - public final AbstractAuthenticationToken convert(Jwt jwt) { - Collection authorities = AuthorityUtils.NO_AUTHORITIES; - String principalClaimValue = jwt.getClaimAsString(JwtClaimNames.SUB); - - OAuth2Authorization token = authorizationService.findByToken(jwt.getTokenValue(), OAuth2TokenType.ACCESS_TOKEN); - - return new JwtAuthenticationToken(jwt, authorities, principalClaimValue); - } - -} diff --git a/pig-common/pig-common-security/src/main/java/com/pig4cloud/pig/common/security/component/PigBearerTokenExtractor.java b/pig-common/pig-common-security/src/main/java/com/pig4cloud/pig/common/security/component/PigBearerTokenExtractor.java index 27781163..a5e9f5c0 100644 --- a/pig-common/pig-common-security/src/main/java/com/pig4cloud/pig/common/security/component/PigBearerTokenExtractor.java +++ b/pig-common/pig-common-security/src/main/java/com/pig4cloud/pig/common/security/component/PigBearerTokenExtractor.java @@ -36,7 +36,7 @@ import java.util.regex.Pattern; */ public class PigBearerTokenExtractor implements BearerTokenResolver { - private static final Pattern authorizationPattern = Pattern.compile("^Bearer (?[a-zA-Z0-9-._~+/]+=*)$", + private static final Pattern authorizationPattern = Pattern.compile("^Bearer (?[a-zA-Z0-9-:._~+/]+=*)$", Pattern.CASE_INSENSITIVE); private boolean allowFormEncodedBodyParameter = false; diff --git a/pig-common/pig-common-security/src/main/java/com/pig4cloud/pig/common/security/service/PigRemoteRegisteredClientRepository.java b/pig-common/pig-common-security/src/main/java/com/pig4cloud/pig/common/security/service/PigRemoteRegisteredClientRepository.java index 18ab041b..3bfc620c 100644 --- a/pig-common/pig-common-security/src/main/java/com/pig4cloud/pig/common/security/service/PigRemoteRegisteredClientRepository.java +++ b/pig-common/pig-common-security/src/main/java/com/pig4cloud/pig/common/security/service/PigRemoteRegisteredClientRepository.java @@ -3,10 +3,12 @@ package com.pig4cloud.pig.common.security.service; import cn.hutool.core.util.BooleanUtil; import com.pig4cloud.pig.admin.api.entity.SysOauthClientDetails; import com.pig4cloud.pig.admin.api.feign.RemoteClientDetailsService; +import com.pig4cloud.pig.common.core.constant.CacheConstants; import com.pig4cloud.pig.common.core.constant.SecurityConstants; import com.pig4cloud.pig.common.core.util.R; import lombok.RequiredArgsConstructor; import lombok.SneakyThrows; +import org.springframework.cache.annotation.Cacheable; import org.springframework.security.oauth2.core.AuthorizationGrantType; import org.springframework.security.oauth2.core.ClientAuthenticationMethod; import org.springframework.security.oauth2.core.OAuth2TokenFormat; @@ -78,8 +80,7 @@ public class PigRemoteRegisteredClientRepository implements RegisteredClientRepo */ @Override @SneakyThrows - // @Cacheable(value = CacheConstants.CLIENT_DETAILS_KEY, key = "#clientId", unless = - // "#result == null") + @Cacheable(value = CacheConstants.CLIENT_DETAILS_KEY, key = "#clientId", unless = "#result == null") public RegisteredClient findByClientId(String clientId) { R detailsR = clientDetailsService.getClientDetailsById(clientId, SecurityConstants.FROM_IN); diff --git a/pig-upms/pig-upms-biz/src/main/resources/logback-spring.xml b/pig-upms/pig-upms-biz/src/main/resources/logback-spring.xml index fa238198..58a4eacd 100755 --- a/pig-upms/pig-upms-biz/src/main/resources/logback-spring.xml +++ b/pig-upms/pig-upms-biz/src/main/resources/logback-spring.xml @@ -69,7 +69,7 @@ - +