添加授权和资源服务
This commit is contained in:
zhuyijun
parent
fa8bdf03c2
commit
13122ce6e9
5
pom.xml
5
pom.xml
@ -117,6 +117,11 @@
|
||||
<artifactId>mybatis-plus-boot-starter</artifactId>
|
||||
<version>${mybatis-plus-boot-starter.version}</version>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.apache.commons</groupId>
|
||||
<artifactId>commons-pool2</artifactId>
|
||||
<version>2.7.0</version>
|
||||
</dependency>
|
||||
|
||||
<!-- https://mvnrepository.com/artifact/org.springframework.security/spring-security-oauth2-authorization-server -->
|
||||
<!-- <dependency>-->
|
||||
|
||||
@ -44,6 +44,10 @@
|
||||
<groupId>com.baomidou</groupId>
|
||||
<artifactId>mybatis-plus-boot-starter</artifactId>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.apache.commons</groupId>
|
||||
<artifactId>commons-pool2</artifactId>
|
||||
</dependency>
|
||||
<!-- 集成nacos-->
|
||||
<dependency>
|
||||
<groupId>com.alibaba.cloud</groupId>
|
||||
|
||||
@ -1,5 +1,7 @@
|
||||
package cn.zyjblogs.oauth;
|
||||
|
||||
import org.mybatis.spring.annotation.MapperScan;
|
||||
import org.mybatis.spring.annotation.MapperScans;
|
||||
import org.springframework.boot.SpringApplication;
|
||||
import org.springframework.boot.autoconfigure.SpringBootApplication;
|
||||
import org.springframework.cloud.openfeign.EnableFeignClients;
|
||||
|
||||
@ -8,11 +8,10 @@ import org.springframework.data.redis.serializer.Jackson2JsonRedisSerializer;
|
||||
import org.springframework.data.redis.serializer.StringRedisSerializer;
|
||||
|
||||
/**
|
||||
* Copyright (C), 2021, 北京同创永益科技发展有限公司
|
||||
*
|
||||
* @author zhuyijun
|
||||
* @version 3.0.0
|
||||
* @description
|
||||
* @description redis配置
|
||||
* @date 2022/8/17 17:58
|
||||
*/
|
||||
|
||||
|
||||
@ -1,7 +1,6 @@
|
||||
package cn.zyjblogs.oauth.config.redis.lock;
|
||||
|
||||
import cn.com.hatechframework.bridge.exception.BcmsException;
|
||||
import cn.com.hatechframework.common.entity.response.ResponseCode;
|
||||
|
||||
import com.baomidou.mybatisplus.core.toolkit.IdWorker;
|
||||
import lombok.extern.slf4j.Slf4j;
|
||||
import org.springframework.beans.factory.annotation.Value;
|
||||
@ -100,7 +99,7 @@ public class RedisLockTemplate {
|
||||
} while (System.currentTimeMillis() - start < currentAcquireTimeout);
|
||||
} catch (InterruptedException e) {
|
||||
log.error("lock error", e);
|
||||
throw new BcmsException(ResponseCode.INTERNAL_SERVER_ERROR, "加锁失败");
|
||||
throw new RuntimeException("加锁失败");
|
||||
}
|
||||
return null;
|
||||
}
|
||||
|
||||
@ -1,12 +1,24 @@
|
||||
package cn.zyjblogs.oauth.config.security;
|
||||
|
||||
import lombok.RequiredArgsConstructor;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.http.HttpMethod;
|
||||
import org.springframework.security.authentication.AuthenticationManager;
|
||||
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
|
||||
import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
|
||||
import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurer;
|
||||
import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
|
||||
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
|
||||
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
|
||||
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;
|
||||
import org.springframework.security.oauth2.provider.ClientDetailsService;
|
||||
import org.springframework.security.oauth2.provider.OAuth2Authentication;
|
||||
import org.springframework.security.oauth2.provider.code.AuthorizationCodeServices;
|
||||
import org.springframework.security.oauth2.provider.code.InMemoryAuthorizationCodeServices;
|
||||
import org.springframework.security.oauth2.provider.token.AuthorizationServerTokenServices;
|
||||
import org.springframework.security.oauth2.provider.token.DefaultTokenServices;
|
||||
import org.springframework.security.oauth2.provider.token.TokenStore;
|
||||
|
||||
/**
|
||||
* @author zhuyijun
|
||||
@ -16,10 +28,11 @@ import org.springframework.security.oauth2.config.annotation.web.configurers.Aut
|
||||
*/
|
||||
@Configuration
|
||||
@EnableAuthorizationServer
|
||||
@RequiredArgsConstructor
|
||||
public class AuthorizationServerConfiguration extends AuthorizationServerConfigurerAdapter {
|
||||
public AuthorizationServerConfiguration() {
|
||||
|
||||
}
|
||||
private final TokenStore tokenStore;
|
||||
private final ClientDetailsService clientDetailsService;
|
||||
private final AuthenticationManager authenticationManager;
|
||||
|
||||
/**
|
||||
* 令牌端点的安全约束
|
||||
@ -33,8 +46,10 @@ public class AuthorizationServerConfiguration extends AuthorizationServerConfigu
|
||||
security
|
||||
//允许匿名访问端点:url:/oauth/token_key
|
||||
.tokenKeyAccess("permitAll()")
|
||||
.checkTokenAccess("permitAll()")
|
||||
//TODO 待处理令牌访问安全
|
||||
//允许匿名访问端点:url:/oauth/check_token
|
||||
.checkTokenAccess("isAuthenticated()")
|
||||
// .checkTokenAccess("isAuthenticated()")
|
||||
.allowFormAuthenticationForClients();
|
||||
}
|
||||
|
||||
@ -54,11 +69,12 @@ public class AuthorizationServerConfiguration extends AuthorizationServerConfigu
|
||||
//secret
|
||||
.secret(new BCryptPasswordEncoder().encode("secret"))
|
||||
//资源列表
|
||||
.resourceIds("res1")
|
||||
.resourceIds("zyjblogs-rbac")
|
||||
.authorizedGrantTypes("authorization_code",
|
||||
"password", "client_credentials", "implicit", "refresh_token")
|
||||
//允许授权封范围
|
||||
.scopes("all")
|
||||
//
|
||||
.autoApprove(false)
|
||||
//加上验证回调地址
|
||||
.redirectUris("https://www.baidu.com");
|
||||
@ -73,6 +89,37 @@ public class AuthorizationServerConfiguration extends AuthorizationServerConfigu
|
||||
*/
|
||||
@Override
|
||||
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
|
||||
super.configure(endpoints);
|
||||
endpoints.
|
||||
//密码模式
|
||||
authenticationManager(authenticationManager)
|
||||
//授权码模式
|
||||
.authorizationCodeServices(authorizationCodeServices())
|
||||
.tokenServices(tokenServices())
|
||||
//允许表单认证
|
||||
.allowedTokenEndpointRequestMethods(HttpMethod.POST);
|
||||
}
|
||||
|
||||
/**
|
||||
* 令牌管理服务
|
||||
* @return
|
||||
*/
|
||||
@Bean
|
||||
public AuthorizationServerTokenServices tokenServices(){
|
||||
DefaultTokenServices tokenServices = new DefaultTokenServices();
|
||||
//客户端信息服务
|
||||
tokenServices.setClientDetailsService(clientDetailsService);
|
||||
//是否产生刷新令牌
|
||||
tokenServices.setSupportRefreshToken(true);
|
||||
//令牌储存策略
|
||||
tokenServices.setTokenStore(tokenStore);
|
||||
//令牌默认有效期
|
||||
tokenServices.setAccessTokenValiditySeconds(7200);
|
||||
//刷新令牌默认有效期3天
|
||||
tokenServices.setRefreshTokenValiditySeconds(259200);
|
||||
return tokenServices;
|
||||
}
|
||||
@Bean
|
||||
public AuthorizationCodeServices authorizationCodeServices(){
|
||||
return new InMemoryAuthorizationCodeServices();
|
||||
}
|
||||
}
|
||||
@ -0,0 +1,19 @@
|
||||
package cn.zyjblogs.oauth.config.security;
|
||||
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.security.oauth2.provider.token.TokenStore;
|
||||
import org.springframework.security.oauth2.provider.token.store.InMemoryTokenStore;
|
||||
|
||||
/**
|
||||
* @author zhuyijun
|
||||
*/
|
||||
@Configuration
|
||||
public class TokenConfig {
|
||||
//令牌存储策略
|
||||
@Bean
|
||||
public TokenStore tokenStore(){
|
||||
//内存方式,生成普通令牌
|
||||
return new InMemoryTokenStore();
|
||||
}
|
||||
}
|
||||
@ -2,34 +2,19 @@ package cn.zyjblogs.oauth.config.security;
|
||||
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.security.authentication.AuthenticationManager;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.builders.WebSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
||||
import org.springframework.security.core.userdetails.User;
|
||||
import org.springframework.security.core.userdetails.UserDetailsService;
|
||||
import org.springframework.security.config.http.SessionCreationPolicy;
|
||||
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
|
||||
import org.springframework.security.crypto.password.PasswordEncoder;
|
||||
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
|
||||
|
||||
@Configuration
|
||||
@EnableWebSecurity
|
||||
public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {
|
||||
|
||||
/***
|
||||
* 定义用户
|
||||
* @author zhuyijun
|
||||
* @Description
|
||||
* @date 14:51
|
||||
*/
|
||||
@Override
|
||||
public UserDetailsService userDetailsServiceBean() throws Exception {
|
||||
InMemoryUserDetailsManager userDetailsManager = new InMemoryUserDetailsManager();
|
||||
userDetailsManager.createUser(User.withUsername("zhangsan").password("$2a$10$jwUQH.QkSvznnPRlte87k.Kw3CaLwBJbanUHM70Ry4to1Q.aXgKTi").authorities("p1").build());
|
||||
userDetailsManager.createUser(User.withUsername("lisi").password("123456").authorities("p2").build());
|
||||
return userDetailsManager;
|
||||
}
|
||||
|
||||
/**
|
||||
* 密码编码解码
|
||||
*
|
||||
@ -41,25 +26,19 @@ public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {
|
||||
}
|
||||
|
||||
|
||||
// @Bean
|
||||
// @Override
|
||||
// public AuthenticationManager authenticationManagerBean() throws Exception {
|
||||
// return super.authenticationManagerBean();
|
||||
// }
|
||||
|
||||
|
||||
/**
|
||||
* 配置认证方式
|
||||
*
|
||||
* @param auth
|
||||
* @author tanyuanzhi
|
||||
* @date 2021/10/28 15:05
|
||||
*/
|
||||
// @Override
|
||||
// protected void configure(AuthenticationManagerBuilder auth) throws Exception {
|
||||
//
|
||||
//
|
||||
// }
|
||||
* 认证管理器
|
||||
* @param
|
||||
* @author zhuyijun
|
||||
* @date 2022/8/17 下午9:56
|
||||
* @return org.springframework.security.authentication.AuthenticationManager
|
||||
*/
|
||||
@Bean
|
||||
@Override
|
||||
public AuthenticationManager authenticationManagerBean() throws Exception {
|
||||
return super.authenticationManagerBean();
|
||||
}
|
||||
|
||||
@Override
|
||||
protected void configure(HttpSecurity http) throws Exception {
|
||||
http.csrf().disable();
|
||||
@ -72,12 +51,13 @@ public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {
|
||||
.authenticated()
|
||||
.and()
|
||||
//允许表单登录
|
||||
.formLogin()
|
||||
.successForwardUrl("/demo/success");
|
||||
.formLogin();
|
||||
}
|
||||
|
||||
|
||||
@Override
|
||||
public void configure(WebSecurity web) {
|
||||
web.ignoring().antMatchers("/user/robot-token");
|
||||
// web.ignoring().antMatchers("/user/robot-token");
|
||||
}
|
||||
|
||||
}
|
||||
@ -0,0 +1,10 @@
|
||||
package cn.zyjblogs.oauth.server.user.constant;
|
||||
|
||||
/**
|
||||
*
|
||||
* @author zhuyijun
|
||||
*/
|
||||
public class CommonConstant {
|
||||
public static final Integer NO_DELETED = 0;
|
||||
public static final Integer IS_DELETED = 1;
|
||||
}
|
||||
@ -0,0 +1,20 @@
|
||||
package cn.zyjblogs.oauth.server.user.constant;
|
||||
|
||||
import lombok.AllArgsConstructor;
|
||||
import lombok.Getter;
|
||||
|
||||
/**
|
||||
* @author zhuyijun
|
||||
*/
|
||||
|
||||
@AllArgsConstructor
|
||||
@Getter
|
||||
public enum UserEnum {
|
||||
/**
|
||||
* 用户枚举
|
||||
*/
|
||||
NORMAL(0,"正常"),
|
||||
DISABLE(1,"禁用");
|
||||
private Integer code;
|
||||
private String name;
|
||||
}
|
||||
@ -0,0 +1,10 @@
|
||||
package cn.zyjblogs.oauth.server.user.mapper;
|
||||
|
||||
import cn.zyjblogs.oauth.server.user.po.UserPo;
|
||||
import com.baomidou.mybatisplus.core.mapper.BaseMapper;
|
||||
import org.apache.ibatis.annotations.Mapper;
|
||||
|
||||
@Mapper
|
||||
public interface UserMapper extends BaseMapper<UserPo> {
|
||||
UserPo findUserByname(String userName);
|
||||
}
|
||||
@ -0,0 +1,78 @@
|
||||
package cn.zyjblogs.oauth.server.user.po;
|
||||
|
||||
import org.springframework.security.core.GrantedAuthority;
|
||||
import org.springframework.security.oauth2.provider.ClientDetails;
|
||||
|
||||
import java.util.Collection;
|
||||
import java.util.Map;
|
||||
import java.util.Set;
|
||||
|
||||
/**
|
||||
* @author zhuyijun
|
||||
*/
|
||||
public class OauthClientDetail implements ClientDetails {
|
||||
@Override
|
||||
public String getClientId() {
|
||||
return null;
|
||||
}
|
||||
|
||||
@Override
|
||||
public Set<String> getResourceIds() {
|
||||
return null;
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean isSecretRequired() {
|
||||
return false;
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getClientSecret() {
|
||||
return null;
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean isScoped() {
|
||||
return false;
|
||||
}
|
||||
|
||||
@Override
|
||||
public Set<String> getScope() {
|
||||
return null;
|
||||
}
|
||||
|
||||
@Override
|
||||
public Set<String> getAuthorizedGrantTypes() {
|
||||
return null;
|
||||
}
|
||||
|
||||
@Override
|
||||
public Set<String> getRegisteredRedirectUri() {
|
||||
return null;
|
||||
}
|
||||
|
||||
@Override
|
||||
public Collection<GrantedAuthority> getAuthorities() {
|
||||
return null;
|
||||
}
|
||||
|
||||
@Override
|
||||
public Integer getAccessTokenValiditySeconds() {
|
||||
return null;
|
||||
}
|
||||
|
||||
@Override
|
||||
public Integer getRefreshTokenValiditySeconds() {
|
||||
return null;
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean isAutoApprove(String s) {
|
||||
return false;
|
||||
}
|
||||
|
||||
@Override
|
||||
public Map<String, Object> getAdditionalInformation() {
|
||||
return null;
|
||||
}
|
||||
}
|
||||
@ -0,0 +1,81 @@
|
||||
package cn.zyjblogs.oauth.server.user.po;
|
||||
|
||||
|
||||
import cn.zyjblogs.oauth.server.user.constant.CommonConstant;
|
||||
import cn.zyjblogs.oauth.server.user.constant.UserEnum;
|
||||
import lombok.AllArgsConstructor;
|
||||
import lombok.Builder;
|
||||
import lombok.Data;
|
||||
import lombok.NoArgsConstructor;
|
||||
import lombok.Setter;
|
||||
import org.springframework.security.core.GrantedAuthority;
|
||||
import org.springframework.security.core.userdetails.UserDetails;
|
||||
|
||||
import java.util.Collection;
|
||||
import java.util.Set;
|
||||
|
||||
/**
|
||||
* @author zhuyijun
|
||||
*/
|
||||
@Setter
|
||||
@AllArgsConstructor
|
||||
@NoArgsConstructor
|
||||
@Builder
|
||||
public class OauthUserDetails implements UserDetails {
|
||||
private String id;
|
||||
|
||||
private String username;
|
||||
|
||||
private String name;
|
||||
|
||||
private String password;
|
||||
|
||||
private Integer phone;
|
||||
|
||||
private String email;
|
||||
|
||||
private String inviteUserId;
|
||||
|
||||
private Integer status;
|
||||
|
||||
private Integer deleted;
|
||||
private Collection<GrantedAuthority> authorities;
|
||||
private boolean accountNonExpired = true;
|
||||
private boolean accountNonLocked = true;
|
||||
private boolean credentialsNonExpired = true;
|
||||
private boolean enabled = true;
|
||||
@Override
|
||||
public Collection<? extends GrantedAuthority> getAuthorities() {
|
||||
return authorities;
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getPassword() {
|
||||
return password;
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getUsername() {
|
||||
return username;
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean isAccountNonExpired() {
|
||||
return accountNonExpired;
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean isAccountNonLocked() {
|
||||
return CommonConstant.NO_DELETED.equals(deleted) && UserEnum.NORMAL.getCode().equals(status);
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean isCredentialsNonExpired() {
|
||||
return credentialsNonExpired;
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean isEnabled() {
|
||||
return UserEnum.NORMAL.getCode().equals(status);
|
||||
}
|
||||
}
|
||||
@ -0,0 +1,82 @@
|
||||
package cn.zyjblogs.oauth.server.user.po;
|
||||
|
||||
import com.alibaba.fastjson.annotation.JSONField;
|
||||
import com.baomidou.mybatisplus.annotation.IdType;
|
||||
import com.baomidou.mybatisplus.annotation.TableField;
|
||||
import com.baomidou.mybatisplus.annotation.TableId;
|
||||
import com.baomidou.mybatisplus.annotation.TableName;
|
||||
import lombok.AllArgsConstructor;
|
||||
import lombok.Builder;
|
||||
import lombok.Data;
|
||||
import lombok.NoArgsConstructor;
|
||||
|
||||
import java.io.Serializable;
|
||||
import java.time.LocalDateTime;
|
||||
|
||||
/**
|
||||
* @author zhuyijun
|
||||
*/
|
||||
@Data
|
||||
@AllArgsConstructor
|
||||
@NoArgsConstructor
|
||||
@Builder
|
||||
@TableName("user")
|
||||
public class UserPo implements Serializable {
|
||||
|
||||
@TableId(value = "id", type = IdType.ASSIGN_UUID)
|
||||
private String id;
|
||||
|
||||
@TableField("username")
|
||||
private String username;
|
||||
|
||||
@TableField("name")
|
||||
private String name;
|
||||
|
||||
@TableField("age")
|
||||
private Integer age;
|
||||
|
||||
@TableField("avatar")
|
||||
private String avatar;
|
||||
|
||||
@TableField("password")
|
||||
private String password;
|
||||
|
||||
@TableField("phone")
|
||||
private Integer phone;
|
||||
|
||||
@TableField("email")
|
||||
private String email;
|
||||
|
||||
@TableField("invite_user_id")
|
||||
private String inviteUserId;
|
||||
|
||||
@TableField("status")
|
||||
private Integer status;
|
||||
|
||||
@TableField("follow_num")
|
||||
private Integer followNum;
|
||||
|
||||
@TableField("fans_num")
|
||||
private Integer fansNum;
|
||||
|
||||
@TableField("deleted")
|
||||
private Integer deleted;
|
||||
|
||||
@TableField("description")
|
||||
private String description;
|
||||
|
||||
@TableField("create_user_id")
|
||||
private String createUserId;
|
||||
|
||||
@JSONField(format = "yyyy-MM-dd HH:mm:ss")
|
||||
@TableField("create_time")
|
||||
private LocalDateTime createTime;
|
||||
|
||||
@TableField("update_user_id")
|
||||
private String updateUserId;
|
||||
|
||||
|
||||
@JSONField(format = "yyyy-MM-dd HH:mm:ss")
|
||||
@TableField("update_time")
|
||||
private LocalDateTime updateTime;
|
||||
}
|
||||
@ -0,0 +1,9 @@
|
||||
package cn.zyjblogs.oauth.server.user.service;
|
||||
|
||||
import cn.zyjblogs.oauth.server.user.po.UserPo;
|
||||
import com.baomidou.mybatisplus.extension.service.IService;
|
||||
|
||||
|
||||
public interface UserService extends IService<UserPo> {
|
||||
|
||||
}
|
||||
@ -0,0 +1,31 @@
|
||||
package cn.zyjblogs.oauth.server.user.service.impl;
|
||||
|
||||
import cn.zyjblogs.oauth.server.user.po.OauthUserDetails;
|
||||
import cn.zyjblogs.oauth.server.user.po.UserPo;
|
||||
import cn.zyjblogs.oauth.server.user.service.UserService;
|
||||
import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
|
||||
import com.baomidou.mybatisplus.core.toolkit.Wrappers;
|
||||
import lombok.RequiredArgsConstructor;
|
||||
import org.springframework.beans.BeanUtils;
|
||||
import org.springframework.security.core.GrantedAuthority;
|
||||
import org.springframework.security.core.userdetails.UserDetails;
|
||||
import org.springframework.security.core.userdetails.UserDetailsService;
|
||||
import org.springframework.security.core.userdetails.UsernameNotFoundException;
|
||||
import org.springframework.stereotype.Service;
|
||||
|
||||
import java.util.List;
|
||||
|
||||
@Service
|
||||
@RequiredArgsConstructor
|
||||
public class OauthUserDetailsServiceImpl implements UserDetailsService {
|
||||
private final UserService userService;
|
||||
@Override
|
||||
public UserDetails loadUserByUsername(String s) throws UsernameNotFoundException {
|
||||
LambdaQueryWrapper<UserPo> queryWrapper = Wrappers.lambdaQuery();
|
||||
queryWrapper.eq(UserPo::getUsername,s);
|
||||
UserPo userPo = userService.getBaseMapper().selectOne(queryWrapper);
|
||||
OauthUserDetails oauthUserDetails = new OauthUserDetails();
|
||||
BeanUtils.copyProperties(userPo, oauthUserDetails);
|
||||
return oauthUserDetails;
|
||||
}
|
||||
}
|
||||
@ -0,0 +1,15 @@
|
||||
package cn.zyjblogs.oauth.server.user.service.impl;
|
||||
|
||||
import cn.zyjblogs.oauth.server.user.mapper.UserMapper;
|
||||
import cn.zyjblogs.oauth.server.user.po.UserPo;
|
||||
import cn.zyjblogs.oauth.server.user.service.UserService;
|
||||
import com.baomidou.mybatisplus.extension.service.impl.ServiceImpl;
|
||||
import lombok.RequiredArgsConstructor;
|
||||
import org.springframework.stereotype.Service;
|
||||
|
||||
|
||||
@Service
|
||||
@RequiredArgsConstructor
|
||||
public class UserServiceImpl extends ServiceImpl<UserMapper, UserPo> implements UserService {
|
||||
|
||||
}
|
||||
@ -1,7 +1,7 @@
|
||||
hatech:
|
||||
config:
|
||||
nacos:
|
||||
host: ${HATECH_CONFIG_NACOS_HOST:192.168.137.1}
|
||||
host: ${HATECH_CONFIG_NACOS_HOST:127.0.0.1}
|
||||
port: ${HATECH_CONFIG_NACOS_PORT:8848}
|
||||
username: ${HATECH_CONFIG_NACOS_USERNAME:nacos}
|
||||
password: ${HATECH_CONFIG_NACOS_PASSWORD:nacos}
|
||||
|
||||
@ -4,6 +4,7 @@ import org.springframework.boot.SpringApplication;
|
||||
import org.springframework.boot.autoconfigure.SpringBootApplication;
|
||||
import org.springframework.cloud.openfeign.EnableFeignClients;
|
||||
import org.springframework.scheduling.annotation.EnableAsync;
|
||||
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
|
||||
|
||||
/**
|
||||
* Copyright (C), 2021, 北京同创永益科技发展有限公司
|
||||
|
||||
@ -0,0 +1,53 @@
|
||||
package cn.zyjblogs.rbac.config.resource;
|
||||
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.http.SessionCreationPolicy;
|
||||
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
|
||||
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
|
||||
import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;
|
||||
import org.springframework.security.oauth2.provider.token.RemoteTokenServices;
|
||||
import org.springframework.security.oauth2.provider.token.ResourceServerTokenServices;
|
||||
|
||||
/**
|
||||
* 资源服务
|
||||
* @author zhuyijun
|
||||
*/
|
||||
@Configuration
|
||||
@EnableResourceServer
|
||||
public class ResourceServerConfig extends ResourceServerConfigurerAdapter {
|
||||
private static final String RESOURCE_ID="zyjblogs-rbac";
|
||||
public ResourceServerConfig() {
|
||||
super();
|
||||
}
|
||||
|
||||
@Override
|
||||
public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
|
||||
resources.resourceId(RESOURCE_ID)
|
||||
// 验证令牌的服务
|
||||
.tokenServices(tokenServices())
|
||||
.stateless(true);
|
||||
}
|
||||
|
||||
@Override
|
||||
public void configure(HttpSecurity http) throws Exception {
|
||||
http.authorizeRequests()
|
||||
.antMatchers("/**")
|
||||
.access("#oauth2.hasAnyScope('all')")
|
||||
.and()
|
||||
.csrf().disable()
|
||||
.sessionManagement()
|
||||
.sessionCreationPolicy(SessionCreationPolicy.STATELESS);
|
||||
}
|
||||
|
||||
@Bean
|
||||
public ResourceServerTokenServices tokenServices(){
|
||||
RemoteTokenServices services = new RemoteTokenServices() ;
|
||||
services.setCheckTokenEndpointUrl("http://127.0.0.1:9029/oauth/check_token");
|
||||
services.setClientId(RESOURCE_ID);
|
||||
services.setClientSecret("secret");
|
||||
return services;
|
||||
}
|
||||
}
|
||||
|
||||
@ -0,0 +1,24 @@
|
||||
package cn.zyjblogs.rbac.config.security;
|
||||
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
||||
|
||||
@Configuration
|
||||
@EnableWebSecurity
|
||||
public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {
|
||||
|
||||
@Override
|
||||
protected void configure(HttpSecurity http) throws Exception {
|
||||
http.csrf().disable();
|
||||
//使HttpSecurity接收以"/login/","/oauth/"开头请求, 配置HttpSecurity不阻止swagger页面
|
||||
http.authorizeRequests()
|
||||
.antMatchers("/webjars/**", "/swagger-ui.html/**", "/swagger-resources/**", "/v2/api-docs/**")
|
||||
.permitAll()
|
||||
//以下请求必须认证通过
|
||||
.antMatchers("/demo/**", "/oauth/**", "/login")
|
||||
.authenticated()
|
||||
.anyRequest().permitAll();
|
||||
}
|
||||
}
|
||||
@ -0,0 +1,25 @@
|
||||
package cn.zyjblogs.rbac.server.user.controller;
|
||||
|
||||
import cn.zyjblogs.rbac.server.user.po.UserPo;
|
||||
import cn.zyjblogs.rbac.server.user.service.UserService;
|
||||
import lombok.RequiredArgsConstructor;
|
||||
import org.springframework.web.bind.annotation.GetMapping;
|
||||
import org.springframework.web.bind.annotation.RequestMapping;
|
||||
import org.springframework.web.bind.annotation.ResponseBody;
|
||||
import org.springframework.web.bind.annotation.RestController;
|
||||
|
||||
/**
|
||||
* @author zhuyijun
|
||||
*/
|
||||
@RestController
|
||||
@RequestMapping("/user")
|
||||
@RequiredArgsConstructor
|
||||
@ResponseBody
|
||||
public class UserController {
|
||||
private final UserService userService;
|
||||
@GetMapping("/id")
|
||||
public UserPo findById(String id){
|
||||
return userService.getById(id);
|
||||
}
|
||||
|
||||
}
|
||||
@ -0,0 +1,10 @@
|
||||
package cn.zyjblogs.rbac.server.user.mapper;
|
||||
|
||||
import cn.zyjblogs.rbac.server.user.po.UserPo;
|
||||
import com.baomidou.mybatisplus.core.mapper.BaseMapper;
|
||||
import org.apache.ibatis.annotations.Mapper;
|
||||
|
||||
@Mapper
|
||||
public interface UserMapper extends BaseMapper<UserPo> {
|
||||
UserPo findUserByname(String userName);
|
||||
}
|
||||
@ -0,0 +1,82 @@
|
||||
package cn.zyjblogs.rbac.server.user.po;
|
||||
|
||||
import com.alibaba.fastjson.annotation.JSONField;
|
||||
import com.baomidou.mybatisplus.annotation.IdType;
|
||||
import com.baomidou.mybatisplus.annotation.TableField;
|
||||
import com.baomidou.mybatisplus.annotation.TableId;
|
||||
import com.baomidou.mybatisplus.annotation.TableName;
|
||||
import lombok.AllArgsConstructor;
|
||||
import lombok.Builder;
|
||||
import lombok.Data;
|
||||
import lombok.NoArgsConstructor;
|
||||
|
||||
import java.io.Serializable;
|
||||
import java.time.LocalDateTime;
|
||||
|
||||
/**
|
||||
* @author zhuyijun
|
||||
*/
|
||||
@Data
|
||||
@AllArgsConstructor
|
||||
@NoArgsConstructor
|
||||
@Builder
|
||||
@TableName("user")
|
||||
public class UserPo implements Serializable {
|
||||
|
||||
@TableId(value = "id", type = IdType.ASSIGN_UUID)
|
||||
private String id;
|
||||
|
||||
@TableField("username")
|
||||
private String username;
|
||||
|
||||
@TableField("name")
|
||||
private String name;
|
||||
|
||||
@TableField("age")
|
||||
private Integer age;
|
||||
|
||||
@TableField("avatar")
|
||||
private String avatar;
|
||||
|
||||
@TableField("password")
|
||||
private String password;
|
||||
|
||||
@TableField("phone")
|
||||
private Integer phone;
|
||||
|
||||
@TableField("email")
|
||||
private String email;
|
||||
|
||||
@TableField("invite_user_id")
|
||||
private String inviteUserId;
|
||||
|
||||
@TableField("status")
|
||||
private Integer status;
|
||||
|
||||
@TableField("follow_num")
|
||||
private Integer followNum;
|
||||
|
||||
@TableField("fans_num")
|
||||
private Integer fansNum;
|
||||
|
||||
@TableField("deleted")
|
||||
private Integer deleted;
|
||||
|
||||
@TableField("description")
|
||||
private String description;
|
||||
|
||||
@TableField("create_user_id")
|
||||
private String createUserId;
|
||||
|
||||
@JSONField(format = "yyyy-MM-dd HH:mm:ss")
|
||||
@TableField("create_time")
|
||||
private LocalDateTime createTime;
|
||||
|
||||
@TableField("update_user_id")
|
||||
private String updateUserId;
|
||||
|
||||
|
||||
@JSONField(format = "yyyy-MM-dd HH:mm:ss")
|
||||
@TableField("update_time")
|
||||
private LocalDateTime updateTime;
|
||||
}
|
||||
@ -0,0 +1,9 @@
|
||||
package cn.zyjblogs.rbac.server.user.service;
|
||||
|
||||
import cn.zyjblogs.rbac.server.user.po.UserPo;
|
||||
import com.baomidou.mybatisplus.extension.service.IService;
|
||||
|
||||
|
||||
public interface UserService extends IService<UserPo> {
|
||||
|
||||
}
|
||||
@ -0,0 +1,16 @@
|
||||
package cn.zyjblogs.rbac.server.user.service.impl;
|
||||
|
||||
|
||||
import cn.zyjblogs.rbac.server.user.mapper.UserMapper;
|
||||
import cn.zyjblogs.rbac.server.user.po.UserPo;
|
||||
import cn.zyjblogs.rbac.server.user.service.UserService;
|
||||
import com.baomidou.mybatisplus.extension.service.impl.ServiceImpl;
|
||||
import lombok.RequiredArgsConstructor;
|
||||
import org.springframework.stereotype.Service;
|
||||
|
||||
|
||||
@Service
|
||||
@RequiredArgsConstructor
|
||||
public class UserServiceImpl extends ServiceImpl<UserMapper, UserPo> implements UserService {
|
||||
|
||||
}
|
||||
@ -1,7 +1,7 @@
|
||||
hatech:
|
||||
config:
|
||||
nacos:
|
||||
host: ${HATECH_CONFIG_NACOS_HOST:192.168.137.1}
|
||||
host: ${HATECH_CONFIG_NACOS_HOST:127.0.0.1}
|
||||
port: ${HATECH_CONFIG_NACOS_PORT:8848}
|
||||
username: ${HATECH_CONFIG_NACOS_USERNAME:nacos}
|
||||
password: ${HATECH_CONFIG_NACOS_PASSWORD:nacos}
|
||||
|
||||
Loading…
Reference in New Issue
Block a user