From c616af407f69b583b094c563ca76f350fcc8a708 Mon Sep 17 00:00:00 2001 From: haoxr <1490493387@qq.com> Date: Tue, 17 Nov 2020 20:23:21 +0800 Subject: [PATCH] feat:. --- .../config/AuthorizationServerConfig.java | 2 +- .../youlai/auth/config/WebSecurityConfig.java | 86 +++++++++++++++++-- .../auth/exception/AuthExceptionHandler.java | 18 ++++ youlai-common/common-database/pom.xml | 30 ------- .../database/config/MybatisPlusConfig.java | 32 ------- .../common/database/handler/MetaHandler.java | 25 ------ .../main/resources/META-INF/spring.factories | 2 - youlai-common/common-web/pom.xml | 2 +- .../gateway/config/ResourceServerConfig.java | 34 ++------ 9 files changed, 102 insertions(+), 129 deletions(-) create mode 100644 youlai-auth/src/main/java/com/youlai/auth/exception/AuthExceptionHandler.java delete mode 100644 youlai-common/common-database/pom.xml delete mode 100644 youlai-common/common-database/src/main/java/com/youlai/common/database/config/MybatisPlusConfig.java delete mode 100644 youlai-common/common-database/src/main/java/com/youlai/common/database/handler/MetaHandler.java delete mode 100644 youlai-common/common-database/src/main/resources/META-INF/spring.factories diff --git a/youlai-auth/src/main/java/com/youlai/auth/config/AuthorizationServerConfig.java b/youlai-auth/src/main/java/com/youlai/auth/config/AuthorizationServerConfig.java index 9f8da8c9f..94e7f4376 100644 --- a/youlai-auth/src/main/java/com/youlai/auth/config/AuthorizationServerConfig.java +++ b/youlai-auth/src/main/java/com/youlai/auth/config/AuthorizationServerConfig.java @@ -70,7 +70,7 @@ public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdap // refresh token有两种使用方式:重复使用(true)、非重复使用(false),默认为true // 1 重复使用:access token过期刷新时, refresh token过期时间未改变,仍以初次生成的时间为准 // 2 非重复使用:access token过期刷新时, refresh token过期时间延续,在refresh token有效期内刷新便永不失效达到无需再次登录的目的 - .reuseRefreshTokens(true); + .reuseRefreshTokens(false); } /** diff --git a/youlai-auth/src/main/java/com/youlai/auth/config/WebSecurityConfig.java b/youlai-auth/src/main/java/com/youlai/auth/config/WebSecurityConfig.java index 1c32a61bb..9262fc22e 100644 --- a/youlai-auth/src/main/java/com/youlai/auth/config/WebSecurityConfig.java +++ b/youlai-auth/src/main/java/com/youlai/auth/config/WebSecurityConfig.java @@ -1,39 +1,107 @@ package com.youlai.auth.config; +import com.fasterxml.jackson.databind.ObjectMapper; +import lombok.extern.slf4j.Slf4j; import org.springframework.boot.actuate.autoconfigure.security.servlet.EndpointRequest; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; -import org.springframework.security.authentication.AuthenticationManager; +import org.springframework.security.authentication.*; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; +import org.springframework.security.core.AuthenticationException; +import org.springframework.security.core.CredentialsContainer; import org.springframework.security.crypto.factory.PasswordEncoderFactories; import org.springframework.security.crypto.password.PasswordEncoder; +import org.springframework.security.web.authentication.AuthenticationFailureHandler; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import java.io.IOException; +import java.io.PrintWriter; +import java.util.HashMap; +import java.util.Map; @Configuration @EnableWebSecurity +@Slf4j public class WebSecurityConfig extends WebSecurityConfigurerAdapter { @Override protected void configure(HttpSecurity http) throws Exception { - http - .authorizeRequests().requestMatchers(EndpointRequest.toAnyEndpoint()).permitAll() - .and() - .authorizeRequests().antMatchers("/oauth/public_key","/oauth/logout").permitAll().anyRequest().authenticated() - .and() - .csrf().disable(); + // 登录失败处理handler,返回一段json + http + .formLogin().failureHandler( + (req, resp, e) -> { + resp.setContentType("application/json;charset=utf-8"); + PrintWriter out = resp.getWriter(); + Map map = new HashMap<>(); + map.put("status", 401); + if (e instanceof LockedException) { + map.put("msg", "账户被锁定,登录失败!"); + } else if (e instanceof BadCredentialsException) { + map.put("msg", "用户名或密码输入错误,登录失败!"); + } else if (e instanceof DisabledException) { + map.put("msg", "账户被禁用,登录失败!"); + } else if (e instanceof AccountExpiredException) { + map.put("msg", "账户过期,登录失败!"); + } else if (e instanceof CredentialsContainer) { + map.put("msg", "密码过期,登录失败"); + } else { + map.put("msg", "登录失败!"); + } + out.write(new ObjectMapper().writeValueAsString(map)); + out.flush(); + out.close(); + } + + + ) + .and() + .authorizeRequests().requestMatchers(EndpointRequest.toAnyEndpoint()).permitAll() + .and() + .authorizeRequests().antMatchers("/oauth/public_key", "/oauth/logout").permitAll().anyRequest().authenticated() + .and() + .csrf().disable(); + } /** - * 如果不配置SpringBoot会自动配置一个AuthenticationManager,覆盖掉内存中的用户 + * 如果不配置SpringBoot会自动配置一个AuthenticationManager,覆盖掉内存中的用户 */ @Bean public AuthenticationManager authenticationManagerBean() throws Exception { return super.authenticationManagerBean(); } + @Bean - public PasswordEncoder passwordEncoder() { + AuthenticationFailureHandler authenticationFailureHandler() { + return (request, response, e) -> { + + /* + if (!user.isEnabled()) { + throw new DisabledException("该账户已被禁用!"); + } else if (!user.isAccountNonLocked()) { + throw new LockedException("该账号已被锁定!"); + } else if (!user.isAccountNonExpired()) { + throw new AccountExpiredException("该账号已过期!"); + } else if (!user.isCredentialsNonExpired()) { + throw new CredentialsExpiredException("该账户的登录凭证已过期,请重新登录!"); + } +*/ + if (e instanceof DisabledException) { + log.info(e.getMessage()); + } else if (e instanceof LockedException) { + log.info(e.getMessage()); + } else if (e instanceof AccountExpiredException) { + log.info(e.getMessage()); + } + }; + } + + @Bean + public PasswordEncoder passwordEncoder() { return PasswordEncoderFactories.createDelegatingPasswordEncoder(); } } diff --git a/youlai-auth/src/main/java/com/youlai/auth/exception/AuthExceptionHandler.java b/youlai-auth/src/main/java/com/youlai/auth/exception/AuthExceptionHandler.java new file mode 100644 index 000000000..ac617182f --- /dev/null +++ b/youlai-auth/src/main/java/com/youlai/auth/exception/AuthExceptionHandler.java @@ -0,0 +1,18 @@ +package com.youlai.auth.exception; + +import com.youlai.common.core.result.Result; +import com.youlai.common.core.result.ResultCode; +import lombok.extern.slf4j.Slf4j; +import org.springframework.security.oauth2.common.exceptions.InvalidTokenException; +import org.springframework.web.bind.annotation.ExceptionHandler; +import org.springframework.web.bind.annotation.RestControllerAdvice; + +@RestControllerAdvice +@Slf4j +public class AuthExceptionHandler { + + @ExceptionHandler(InvalidTokenException.class) + public Result handleBizException(InvalidTokenException e) { + return Result.custom(ResultCode.TOKEN_INVALID_OR_EXPIRED); + } +} diff --git a/youlai-common/common-database/pom.xml b/youlai-common/common-database/pom.xml deleted file mode 100644 index 400d2147b..000000000 --- a/youlai-common/common-database/pom.xml +++ /dev/null @@ -1,30 +0,0 @@ - - - - youlai-common - com.youlai - 1.0.0-SNAPSHOT - - 4.0.0 - - common-database - - - - mysql - mysql-connector-java - - - - com.alibaba - druid-spring-boot-starter - - - - com.baomidou - mybatis-plus-boot-starter - - - diff --git a/youlai-common/common-database/src/main/java/com/youlai/common/database/config/MybatisPlusConfig.java b/youlai-common/common-database/src/main/java/com/youlai/common/database/config/MybatisPlusConfig.java deleted file mode 100644 index 1ae9a3325..000000000 --- a/youlai-common/common-database/src/main/java/com/youlai/common/database/config/MybatisPlusConfig.java +++ /dev/null @@ -1,32 +0,0 @@ -package com.youlai.common.database.config; - -import com.baomidou.mybatisplus.core.config.GlobalConfig; -import com.baomidou.mybatisplus.extension.plugins.PaginationInterceptor; -import com.youlai.common.database.handler.MetaHandler; -import org.springframework.context.annotation.Bean; -import org.springframework.context.annotation.Configuration; -import org.springframework.transaction.annotation.EnableTransactionManagement; - -@Configuration -@EnableTransactionManagement -public class MybatisPlusConfig { - - /** - * 分页插件,自动识别数据库类型 多租户,请参考官网【插件扩展】 - */ - @Bean - public PaginationInterceptor paginationInterceptor() { - return new PaginationInterceptor(); - } - - - /** - * 自动填充数据库创建人、创建时间、更新人、更新时间 - */ - @Bean - public GlobalConfig globalConfig() { - GlobalConfig globalConfig = new GlobalConfig(); - globalConfig.setMetaObjectHandler(new MetaHandler()); - return globalConfig; - } -} diff --git a/youlai-common/common-database/src/main/java/com/youlai/common/database/handler/MetaHandler.java b/youlai-common/common-database/src/main/java/com/youlai/common/database/handler/MetaHandler.java deleted file mode 100644 index 2a86c98bd..000000000 --- a/youlai-common/common-database/src/main/java/com/youlai/common/database/handler/MetaHandler.java +++ /dev/null @@ -1,25 +0,0 @@ -package com.youlai.common.database.handler; - -import com.baomidou.mybatisplus.core.handlers.MetaObjectHandler; -import org.apache.ibatis.reflection.MetaObject; -import org.springframework.stereotype.Component; - -import java.util.Date; - -/** - * @author haoxr - **/ -@Component -public class MetaHandler implements MetaObjectHandler { - - @Override - public void insertFill(MetaObject metaObject) { - this.setFieldValByName("gmtCreate", new Date(), metaObject); - this.setFieldValByName("gmtModified", new Date(), metaObject); - } - - @Override - public void updateFill(MetaObject metaObject) { - this.setFieldValByName("gmtCreate", new Date(), metaObject); - } -} diff --git a/youlai-common/common-database/src/main/resources/META-INF/spring.factories b/youlai-common/common-database/src/main/resources/META-INF/spring.factories deleted file mode 100644 index d7af623d5..000000000 --- a/youlai-common/common-database/src/main/resources/META-INF/spring.factories +++ /dev/null @@ -1,2 +0,0 @@ -org.springframework.boot.autoconfigure.EnableAutoConfiguration=\ - com.youlai.common.database.config.MybatisPlusConfig diff --git a/youlai-common/common-web/pom.xml b/youlai-common/common-web/pom.xml index 7118cc206..360209ed1 100644 --- a/youlai-common/common-web/pom.xml +++ b/youlai-common/common-web/pom.xml @@ -22,10 +22,10 @@ ${youlai.version} - org.springframework.boot spring-boot-starter-web + true diff --git a/youlai-gateway/src/main/java/com/youlai/gateway/config/ResourceServerConfig.java b/youlai-gateway/src/main/java/com/youlai/gateway/config/ResourceServerConfig.java index 548124b75..f6cb18dda 100644 --- a/youlai-gateway/src/main/java/com/youlai/gateway/config/ResourceServerConfig.java +++ b/youlai-gateway/src/main/java/com/youlai/gateway/config/ResourceServerConfig.java @@ -1,6 +1,5 @@ package com.youlai.gateway.config; - import cn.hutool.core.util.ArrayUtil; import cn.hutool.json.JSONUtil; import com.youlai.common.core.constant.AuthConstants; @@ -21,7 +20,6 @@ import org.springframework.security.config.annotation.web.reactive.EnableWebFlux import org.springframework.security.config.web.server.ServerHttpSecurity; import org.springframework.security.core.AuthenticationException; import org.springframework.security.oauth2.jwt.Jwt; -import org.springframework.security.oauth2.server.resource.InvalidBearerTokenException; import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationConverter; import org.springframework.security.oauth2.server.resource.authentication.JwtGrantedAuthoritiesConverter; import org.springframework.security.oauth2.server.resource.authentication.ReactiveJwtAuthenticationConverterAdapter; @@ -48,15 +46,14 @@ public class ResourceServerConfig { public SecurityWebFilterChain securityWebFilterChain(ServerHttpSecurity http) { http.oauth2ResourceServer().jwt() .jwtAuthenticationConverter(jwtAuthenticationConverter()); - http.oauth2ResourceServer().authenticationEntryPoint(serverAuthenticationEntryPoint()); - //http.formLogin().authenticationFailureHandler(serverAuthenticationFailureHandler()); + http.oauth2ResourceServer().authenticationEntryPoint(authenticationEntryPoint()); http.authorizeExchange() .pathMatchers(ArrayUtil.toArray(whiteListConfig.getUrls(), String.class)).permitAll() .anyExchange().access(authorizationManager) .and() .exceptionHandling() .accessDeniedHandler(accessDeniedHandler()) // 处理未授权 - .authenticationEntryPoint(serverAuthenticationEntryPoint()) //处理未认证 + .authenticationEntryPoint(authenticationEntryPoint()) //处理未认证 .and().csrf().disable(); return http.build(); @@ -87,37 +84,17 @@ public class ResourceServerConfig { }; } - /** * token无效或者已过期 * * @return */ @Bean - ServerAuthenticationEntryPoint serverAuthenticationEntryPoint() { + ServerAuthenticationEntryPoint authenticationEntryPoint() { return (exchange, e) -> { Mono mono = Mono.defer(() -> Mono.just(exchange.getResponse())) .flatMap(response -> { - response.setStatusCode(HttpStatus.OK); - response.getHeaders().set(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE); - response.getHeaders().set("Access-Control-Allow-Origin", "*"); - response.getHeaders().set("Cache-Control", "no-cache"); - String body = JSONUtil.toJsonStr(Result.custom(ResultCode.TOKEN_INVALID_OR_EXPIRED)); - DataBuffer buffer = response.bufferFactory().wrap(body.getBytes(Charset.forName("UTF-8"))); - return response.writeWith(Mono.just(buffer)) - .doOnError(error -> DataBufferUtils.release(buffer)); - }); - - return mono; - }; - } - - @Bean - ServerAuthenticationFailureHandler serverAuthenticationFailureHandler() { - return (exchange, e) -> { - Mono mono = Mono.defer(() -> Mono.just(exchange.getExchange().getResponse())) - .flatMap(response -> { - response.setStatusCode(HttpStatus.OK); + response.setStatusCode(HttpStatus.UNAUTHORIZED); response.getHeaders().set(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE); response.getHeaders().set("Access-Control-Allow-Origin", "*"); response.getHeaders().set("Cache-Control", "no-cache"); @@ -131,6 +108,7 @@ public class ResourceServerConfig { } + /** * @return * @link https://blog.csdn.net/qq_24230139/article/details/105091273 @@ -148,6 +126,4 @@ public class ResourceServerConfig { jwtAuthenticationConverter.setJwtGrantedAuthoritiesConverter(jwtGrantedAuthoritiesConverter); return new ReactiveJwtAuthenticationConverterAdapter(jwtAuthenticationConverter); } - - }