mirrors/youlai-mall
1
0
Fork 0
mirror of https://gitee.com/youlaitech/youlai-mall.git synced 2024-12-23 05:00:25 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

refactor:oauth2认证重构

Browse Source
This commit is contained in:
haoxr 2020-09-17 19:53:26 +08:00
parent 9278d176c3
commit 93d4383d10
5 changed files with 42 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
youlai-auth/pom.xml
View File

@ -17,6 +17,12 @@
<dependencies>
<dependency>
<groupId>com.youlai</groupId>
<artifactId>youlai-common-db</artifactId>
<version>${youlai-common.version}</version>
</dependency>
<dependency>
<groupId>com.youlai</groupId>
<artifactId>youlai-admin-api</artifactId>

20
youlai-auth/src/main/java/com/youlai/auth/config/AuthorizationServerConfig.java
View File

@ -1,6 +1,7 @@
package com.youlai.auth.config;
import com.youlai.auth.component.JwtTokenEnhancer;
import com.youlai.auth.service.JdbcClientDetailsServiceImpl;
import com.youlai.common.core.constant.AuthConstants;
import lombok.SneakyThrows;
import org.springframework.beans.factory.annotation.Autowired;
@ -15,6 +16,8 @@ import org.springframework.security.oauth2.config.annotation.web.configuration.A
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;
import org.springframework.security.oauth2.provider.ClientDetailsService;
import org.springframework.security.oauth2.provider.client.JdbcClientDetailsService;
import org.springframework.security.oauth2.provider.token.TokenEnhancer;
import org.springframework.security.oauth2.provider.token.TokenEnhancerChain;
import org.springframework.security.oauth2.provider.token.TokenStore;
@ -22,6 +25,8 @@ import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenCo
import org.springframework.security.oauth2.provider.token.store.KeyStoreKeyFactory;
import org.springframework.security.oauth2.provider.token.store.redis.RedisTokenStore;
import javax.annotation.Resource;
import javax.sql.DataSource;
import java.security.KeyPair;
import java.util.ArrayList;
import java.util.List;
@ -42,6 +47,10 @@ public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdap
@Autowired
private RedisConnectionFactory redisConnectionFactory;
@Autowired
private DataSource dataSource;
/**
* 配置客户端详情
*
@ -51,15 +60,22 @@ public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdap
@Override
@SneakyThrows
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients.inMemory()
/*clients.inMemory()
.withClient("client")
.secret(passwordEncoder.encode("123456"))
.scopes("all")
.authorizedGrantTypes("password", "refresh_token")
.accessTokenValiditySeconds(3600)
.refreshTokenValiditySeconds(86400);
.refreshTokenValiditySeconds(86400);*/
JdbcClientDetailsServiceImpl jdbcClientDetailsService=new JdbcClientDetailsServiceImpl(dataSource);
jdbcClientDetailsService.setFindClientDetailsSql(AuthConstants.CLIENT_DETAILS_FIND_SQL);
jdbcClientDetailsService.setSelectClientDetailsSql(AuthConstants.CLIENT_DETAILS_SELECT_SQL);
clients.withClientDetails(jdbcClientDetailsService);
}
/**
* 配置令牌端点的安全约束
*

5
youlai-auth/src/main/java/com/youlai/auth/config/WebSecurityConfig.java
View File

@ -12,6 +12,7 @@ import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.factory.PasswordEncoderFactories;
import org.springframework.security.crypto.password.PasswordEncoder;
@Configuration
@ -31,8 +32,8 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
}
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
public PasswordEncoder passwordEncoder() {
return PasswordEncoderFactories.createDelegatingPasswordEncoder();
}
@Bean

9
youlai-auth/src/main/java/com/youlai/auth/domain/User.java
View File

@ -1,6 +1,7 @@
package com.youlai.auth.domain;
import com.youlai.admin.api.dto.UserDTO;
import com.youlai.common.core.constant.AuthConstants;
import lombok.Data;
import lombok.NoArgsConstructor;
import org.springframework.security.core.GrantedAuthority;
@ -30,14 +31,14 @@ public class User implements UserDetails {
private Collection<SimpleGrantedAuthority> authorities;
public User(UserDTO user){
public User(UserDTO user) {
this.setId(user.getId());
this.setUsername(user.getUsername());
this.setPassword(user.getPassword());
this.setPassword(AuthConstants.BCRYPT + user.getPassword());
this.setEnabled(user.getStatus().equals(1));
this.setClientId(user.getClientId());
if(user.getRoles()!=null){
authorities=new ArrayList<>();
if (user.getRoles() != null) {
authorities = new ArrayList<>();
user.getRoles().forEach(roleId -> authorities.add(new SimpleGrantedAuthority(String.valueOf(roleId))));
}

10
youlai-auth/src/main/java/com/youlai/auth/service/JdbcClientDetailsServiceImpl.java
View File

@ -1,11 +1,21 @@
package com.youlai.auth.service;
import lombok.SneakyThrows;
import org.springframework.security.oauth2.provider.ClientDetails;
import org.springframework.security.oauth2.provider.client.JdbcClientDetailsService;
import org.springframework.stereotype.Service;
import javax.sql.DataSource;
public class JdbcClientDetailsServiceImpl extends JdbcClientDetailsService {
public JdbcClientDetailsServiceImpl(DataSource dataSource) {
super(dataSource);
}
@Override
@SneakyThrows
public ClientDetails loadClientByClientId(String clientId) {
return super.loadClientByClientId(clientId);
}
}