zhuyijun/zyjblogs-parent
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

添加授权和资源服务

Browse Source
This commit is contained in:
zhuyijun 2022-08-17 23:51:13 +08:00
parent fa8bdf03c2
commit 13122ce6e9
27 changed files with 662 additions and 51 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
pom.xml
View File

@ -117,6 +117,11 @@
<artifactId>mybatis-plus-boot-starter</artifactId> <artifactId>mybatis-plus-boot-starter</artifactId>
<version>${mybatis-plus-boot-starter.version}</version> <version>${mybatis-plus-boot-starter.version}</version>
</dependency> </dependency>
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-pool2</artifactId>
<version>2.7.0</version>
</dependency>
<!-- https://mvnrepository.com/artifact/org.springframework.security/spring-security-oauth2-authorization-server --> <!-- https://mvnrepository.com/artifact/org.springframework.security/spring-security-oauth2-authorization-server -->
<!-- <dependency>--> <!-- <dependency>-->

4
zyjblogs-oauth/pom.xml
View File

@ -44,6 +44,10 @@
<groupId>com.baomidou</groupId> <groupId>com.baomidou</groupId>
<artifactId>mybatis-plus-boot-starter</artifactId> <artifactId>mybatis-plus-boot-starter</artifactId>
</dependency> </dependency>
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-pool2</artifactId>
</dependency>
<!-- 集成nacos--> <!-- 集成nacos-->
<dependency> <dependency>
<groupId>com.alibaba.cloud</groupId> <groupId>com.alibaba.cloud</groupId>

2
zyjblogs-oauth/src/main/java/cn/zyjblogs/oauth/OauthApplication.java
View File

@ -1,5 +1,7 @@
package cn.zyjblogs.oauth; package cn.zyjblogs.oauth;
import org.mybatis.spring.annotation.MapperScan;
import org.mybatis.spring.annotation.MapperScans;
import org.springframework.boot.SpringApplication; import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication; import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.cloud.openfeign.EnableFeignClients; import org.springframework.cloud.openfeign.EnableFeignClients;

3
zyjblogs-oauth/src/main/java/cn/zyjblogs/oauth/config/redis/RedisConfig.java
View File

@ -8,11 +8,10 @@ import org.springframework.data.redis.serializer.Jackson2JsonRedisSerializer;
import org.springframework.data.redis.serializer.StringRedisSerializer; import org.springframework.data.redis.serializer.StringRedisSerializer;
/** /**
* Copyright (C), 2021, 北京同创永益科技发展有限公司
* *
* @author zhuyijun * @author zhuyijun
* @version 3.0.0 * @version 3.0.0
* @description * @description redis配置
* @date 2022/8/17 17:58 * @date 2022/8/17 17:58
*/ */

5
zyjblogs-oauth/src/main/java/cn/zyjblogs/oauth/config/redis/lock/RedisLockTemplate.java
View File

@ -1,7 +1,6 @@
package cn.zyjblogs.oauth.config.redis.lock; package cn.zyjblogs.oauth.config.redis.lock;
import cn.com.hatechframework.bridge.exception.BcmsException;
import cn.com.hatechframework.common.entity.response.ResponseCode;
import com.baomidou.mybatisplus.core.toolkit.IdWorker; import com.baomidou.mybatisplus.core.toolkit.IdWorker;
import lombok.extern.slf4j.Slf4j; import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.factory.annotation.Value; import org.springframework.beans.factory.annotation.Value;
@ -100,7 +99,7 @@ public class RedisLockTemplate {
} while (System.currentTimeMillis() - start < currentAcquireTimeout); } while (System.currentTimeMillis() - start < currentAcquireTimeout);
} catch (InterruptedException e) { } catch (InterruptedException e) {
log.error("lock error", e); log.error("lock error", e);
throw new BcmsException(ResponseCode.INTERNAL_SERVER_ERROR, "加锁失败"); throw new RuntimeException("加锁失败");
} }
return null; return null;
} }

59
zyjblogs-oauth/src/main/java/cn/zyjblogs/oauth/config/security/AuthorizationServerConfiguration.java
View File

@ -1,12 +1,24 @@
package cn.zyjblogs.oauth.config.security; package cn.zyjblogs.oauth.config.security;
import lombok.RequiredArgsConstructor;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer; import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter; import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer; import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer; import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer; import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;
import org.springframework.security.oauth2.provider.ClientDetailsService;
import org.springframework.security.oauth2.provider.OAuth2Authentication;
import org.springframework.security.oauth2.provider.code.AuthorizationCodeServices;
import org.springframework.security.oauth2.provider.code.InMemoryAuthorizationCodeServices;
import org.springframework.security.oauth2.provider.token.AuthorizationServerTokenServices;
import org.springframework.security.oauth2.provider.token.DefaultTokenServices;
import org.springframework.security.oauth2.provider.token.TokenStore;
/** /**
* @author zhuyijun * @author zhuyijun
@ -16,10 +28,11 @@ import org.springframework.security.oauth2.config.annotation.web.configurers.Aut
*/ */
@Configuration @Configuration
@EnableAuthorizationServer @EnableAuthorizationServer
@RequiredArgsConstructor
public class AuthorizationServerConfiguration extends AuthorizationServerConfigurerAdapter { public class AuthorizationServerConfiguration extends AuthorizationServerConfigurerAdapter {
public AuthorizationServerConfiguration() { private final TokenStore tokenStore;
private final ClientDetailsService clientDetailsService;
} private final AuthenticationManager authenticationManager;
/** /**
* 令牌端点的安全约束 * 令牌端点的安全约束
@ -33,8 +46,10 @@ public class AuthorizationServerConfiguration extends AuthorizationServerConfigu
security security
//允许匿名访问端点url:/oauth/token_key //允许匿名访问端点url:/oauth/token_key
.tokenKeyAccess("permitAll()") .tokenKeyAccess("permitAll()")
.checkTokenAccess("permitAll()")
//TODO 待处理令牌访问安全
//允许匿名访问端点url:/oauth/check_token //允许匿名访问端点url:/oauth/check_token
.checkTokenAccess("isAuthenticated()") // .checkTokenAccess("isAuthenticated()")
.allowFormAuthenticationForClients(); .allowFormAuthenticationForClients();
} }
@ -54,11 +69,12 @@ public class AuthorizationServerConfiguration extends AuthorizationServerConfigu
//secret //secret
.secret(new BCryptPasswordEncoder().encode("secret")) .secret(new BCryptPasswordEncoder().encode("secret"))
//资源列表 //资源列表
.resourceIds("res1") .resourceIds("zyjblogs-rbac")
.authorizedGrantTypes("authorization_code", .authorizedGrantTypes("authorization_code",
"password", "client_credentials", "implicit", "refresh_token") "password", "client_credentials", "implicit", "refresh_token")
//允许授权封范围 //允许授权封范围
.scopes("all") .scopes("all")
//
.autoApprove(false) .autoApprove(false)
//加上验证回调地址 //加上验证回调地址
.redirectUris("https://www.baidu.com"); .redirectUris("https://www.baidu.com");
@ -73,6 +89,37 @@ public class AuthorizationServerConfiguration extends AuthorizationServerConfigu
*/ */
@Override @Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception { public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
super.configure(endpoints); endpoints.
//密码模式
authenticationManager(authenticationManager)
//授权码模式
.authorizationCodeServices(authorizationCodeServices())
.tokenServices(tokenServices())
//允许表单认证
.allowedTokenEndpointRequestMethods(HttpMethod.POST);
}
/**
* 令牌管理服务
* @return
*/
@Bean
public AuthorizationServerTokenServices tokenServices(){
DefaultTokenServices tokenServices = new DefaultTokenServices();
//客户端信息服务
tokenServices.setClientDetailsService(clientDetailsService);
//是否产生刷新令牌
tokenServices.setSupportRefreshToken(true);
//令牌储存策略
tokenServices.setTokenStore(tokenStore);
//令牌默认有效期
tokenServices.setAccessTokenValiditySeconds(7200);
//刷新令牌默认有效期3天
tokenServices.setRefreshTokenValiditySeconds(259200);
return tokenServices;
}
@Bean
public AuthorizationCodeServices authorizationCodeServices(){
return new InMemoryAuthorizationCodeServices();
} }
} }

19
zyjblogs-oauth/src/main/java/cn/zyjblogs/oauth/config/security/TokenConfig.java Normal file
View File

@ -0,0 +1,19 @@
package cn.zyjblogs.oauth.config.security;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.oauth2.provider.token.TokenStore;
import org.springframework.security.oauth2.provider.token.store.InMemoryTokenStore;
/**
* @author zhuyijun
*/
@Configuration
public class TokenConfig {
//令牌存储策略
@Bean
public TokenStore tokenStore(){
//内存方式生成普通令牌
return new InMemoryTokenStore();
}
}

56
zyjblogs-oauth/src/main/java/cn/zyjblogs/oauth/config/security/WebSecurityConfiguration.java
View File

@ -2,34 +2,19 @@ package cn.zyjblogs.oauth.config.security;
import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity; import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.User; import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder; import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
@Configuration @Configuration
@EnableWebSecurity @EnableWebSecurity
public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter { public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {
/***
* 定义用户
* @author zhuyijun
* @Description
* @date 14:51
*/
@Override
public UserDetailsService userDetailsServiceBean() throws Exception {
InMemoryUserDetailsManager userDetailsManager = new InMemoryUserDetailsManager();
userDetailsManager.createUser(User.withUsername("zhangsan").password("$2a$10$jwUQH.QkSvznnPRlte87k.Kw3CaLwBJbanUHM70Ry4to1Q.aXgKTi").authorities("p1").build());
userDetailsManager.createUser(User.withUsername("lisi").password("123456").authorities("p2").build());
return userDetailsManager;
}
/** /**
* 密码编码解码 * 密码编码解码
* *
@ -41,25 +26,19 @@ public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {
} }
// @Bean
// @Override
// public AuthenticationManager authenticationManagerBean() throws Exception {
// return super.authenticationManagerBean();
// }
/** /**
* 配置认证方式 * 认证管理器
* * @param
* @param auth * @author zhuyijun
* @author tanyuanzhi * @date 2022/8/17 下午9:56
* @date 2021/10/28 15:05 * @return org.springframework.security.authentication.AuthenticationManager
*/ */
// @Override @Bean
// protected void configure(AuthenticationManagerBuilder auth) throws Exception { @Override
// public AuthenticationManager authenticationManagerBean() throws Exception {
// return super.authenticationManagerBean();
// } }
@Override @Override
protected void configure(HttpSecurity http) throws Exception { protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable(); http.csrf().disable();
@ -72,12 +51,13 @@ public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {
.authenticated() .authenticated()
.and() .and()
//允许表单登录 //允许表单登录
.formLogin() .formLogin();
.successForwardUrl("/demo/success");
} }
@Override @Override
public void configure(WebSecurity web) { public void configure(WebSecurity web) {
web.ignoring().antMatchers("/user/robot-token"); // web.ignoring().antMatchers("/user/robot-token");
} }
} }

10
zyjblogs-oauth/src/main/java/cn/zyjblogs/oauth/server/user/constant/CommonConstant.java Normal file
View File

@ -0,0 +1,10 @@
package cn.zyjblogs.oauth.server.user.constant;
/**
*
* @author zhuyijun
*/
public class CommonConstant {
public static final Integer NO_DELETED = 0;
public static final Integer IS_DELETED = 1;
}

20
zyjblogs-oauth/src/main/java/cn/zyjblogs/oauth/server/user/constant/UserEnum.java Normal file
View File

@ -0,0 +1,20 @@
package cn.zyjblogs.oauth.server.user.constant;
import lombok.AllArgsConstructor;
import lombok.Getter;
/**
* @author zhuyijun
*/
@AllArgsConstructor
@Getter
public enum UserEnum {
/**
* 用户枚举
*/
NORMAL(0,"正常"),
DISABLE(1,"禁用");
private Integer code;
private String name;
}

10
zyjblogs-oauth/src/main/java/cn/zyjblogs/oauth/server/user/mapper/UserMapper.java Normal file
View File

@ -0,0 +1,10 @@
package cn.zyjblogs.oauth.server.user.mapper;
import cn.zyjblogs.oauth.server.user.po.UserPo;
import com.baomidou.mybatisplus.core.mapper.BaseMapper;
import org.apache.ibatis.annotations.Mapper;
@Mapper
public interface UserMapper extends BaseMapper<UserPo> {
UserPo findUserByname(String userName);
}

78
zyjblogs-oauth/src/main/java/cn/zyjblogs/oauth/server/user/po/OauthClientDetail.java Normal file
View File

@ -0,0 +1,78 @@
package cn.zyjblogs.oauth.server.user.po;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.oauth2.provider.ClientDetails;
import java.util.Collection;
import java.util.Map;
import java.util.Set;
/**
* @author zhuyijun
*/
public class OauthClientDetail implements ClientDetails {
@Override
public String getClientId() {
return null;
}
@Override
public Set<String> getResourceIds() {
return null;
}
@Override
public boolean isSecretRequired() {
return false;
}
@Override
public String getClientSecret() {
return null;
}
@Override
public boolean isScoped() {
return false;
}
@Override
public Set<String> getScope() {
return null;
}
@Override
public Set<String> getAuthorizedGrantTypes() {
return null;
}
@Override
public Set<String> getRegisteredRedirectUri() {
return null;
}
@Override
public Collection<GrantedAuthority> getAuthorities() {
return null;
}
@Override
public Integer getAccessTokenValiditySeconds() {
return null;
}
@Override
public Integer getRefreshTokenValiditySeconds() {
return null;
}
@Override
public boolean isAutoApprove(String s) {
return false;
}
@Override
public Map<String, Object> getAdditionalInformation() {
return null;
}
}

81
zyjblogs-oauth/src/main/java/cn/zyjblogs/oauth/server/user/po/OauthUserDetails.java Normal file
View File

@ -0,0 +1,81 @@
package cn.zyjblogs.oauth.server.user.po;
import cn.zyjblogs.oauth.server.user.constant.CommonConstant;
import cn.zyjblogs.oauth.server.user.constant.UserEnum;
import lombok.AllArgsConstructor;
import lombok.Builder;
import lombok.Data;
import lombok.NoArgsConstructor;
import lombok.Setter;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;
import java.util.Collection;
import java.util.Set;
/**
* @author zhuyijun
*/
@Setter
@AllArgsConstructor
@NoArgsConstructor
@Builder
public class OauthUserDetails implements UserDetails {
private String id;
private String username;
private String name;
private String password;
private Integer phone;
private String email;
private String inviteUserId;
private Integer status;
private Integer deleted;
private Collection<GrantedAuthority> authorities;
private boolean accountNonExpired = true;
private boolean accountNonLocked = true;
private boolean credentialsNonExpired = true;
private boolean enabled = true;
@Override
public Collection<? extends GrantedAuthority> getAuthorities() {
return authorities;
}
@Override
public String getPassword() {
return password;
}
@Override
public String getUsername() {
return username;
}
@Override
public boolean isAccountNonExpired() {
return accountNonExpired;
}
@Override
public boolean isAccountNonLocked() {
return CommonConstant.NO_DELETED.equals(deleted) && UserEnum.NORMAL.getCode().equals(status);
}
@Override
public boolean isCredentialsNonExpired() {
return credentialsNonExpired;
}
@Override
public boolean isEnabled() {
return UserEnum.NORMAL.getCode().equals(status);
}
}

82
zyjblogs-oauth/src/main/java/cn/zyjblogs/oauth/server/user/po/UserPo.java Normal file
View File

@ -0,0 +1,82 @@
package cn.zyjblogs.oauth.server.user.po;
import com.alibaba.fastjson.annotation.JSONField;
import com.baomidou.mybatisplus.annotation.IdType;
import com.baomidou.mybatisplus.annotation.TableField;
import com.baomidou.mybatisplus.annotation.TableId;
import com.baomidou.mybatisplus.annotation.TableName;
import lombok.AllArgsConstructor;
import lombok.Builder;
import lombok.Data;
import lombok.NoArgsConstructor;
import java.io.Serializable;
import java.time.LocalDateTime;
/**
* @author zhuyijun
*/
@Data
@AllArgsConstructor
@NoArgsConstructor
@Builder
@TableName("user")
public class UserPo implements Serializable {
@TableId(value = "id", type = IdType.ASSIGN_UUID)
private String id;
@TableField("username")
private String username;
@TableField("name")
private String name;
@TableField("age")
private Integer age;
@TableField("avatar")
private String avatar;
@TableField("password")
private String password;
@TableField("phone")
private Integer phone;
@TableField("email")
private String email;
@TableField("invite_user_id")
private String inviteUserId;
@TableField("status")
private Integer status;
@TableField("follow_num")
private Integer followNum;
@TableField("fans_num")
private Integer fansNum;
@TableField("deleted")
private Integer deleted;
@TableField("description")
private String description;
@TableField("create_user_id")
private String createUserId;
@JSONField(format = "yyyy-MM-dd HH:mm:ss")
@TableField("create_time")
private LocalDateTime createTime;
@TableField("update_user_id")
private String updateUserId;
@JSONField(format = "yyyy-MM-dd HH:mm:ss")
@TableField("update_time")
private LocalDateTime updateTime;
}

9
zyjblogs-oauth/src/main/java/cn/zyjblogs/oauth/server/user/service/UserService.java Normal file
View File

@ -0,0 +1,9 @@
package cn.zyjblogs.oauth.server.user.service;
import cn.zyjblogs.oauth.server.user.po.UserPo;
import com.baomidou.mybatisplus.extension.service.IService;
public interface UserService extends IService<UserPo> {
}

31
zyjblogs-oauth/src/main/java/cn/zyjblogs/oauth/server/user/service/impl/OauthUserDetailsServiceImpl.java Normal file
View File

@ -0,0 +1,31 @@
package cn.zyjblogs.oauth.server.user.service.impl;
import cn.zyjblogs.oauth.server.user.po.OauthUserDetails;
import cn.zyjblogs.oauth.server.user.po.UserPo;
import cn.zyjblogs.oauth.server.user.service.UserService;
import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
import com.baomidou.mybatisplus.core.toolkit.Wrappers;
import lombok.RequiredArgsConstructor;
import org.springframework.beans.BeanUtils;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Service;
import java.util.List;
@Service
@RequiredArgsConstructor
public class OauthUserDetailsServiceImpl implements UserDetailsService {
private final UserService userService;
@Override
public UserDetails loadUserByUsername(String s) throws UsernameNotFoundException {
LambdaQueryWrapper<UserPo> queryWrapper = Wrappers.lambdaQuery();
queryWrapper.eq(UserPo::getUsername,s);
UserPo userPo = userService.getBaseMapper().selectOne(queryWrapper);
OauthUserDetails oauthUserDetails = new OauthUserDetails();
BeanUtils.copyProperties(userPo, oauthUserDetails);
return oauthUserDetails;
}
}

15
zyjblogs-oauth/src/main/java/cn/zyjblogs/oauth/server/user/service/impl/UserServiceImpl.java Normal file
View File

@ -0,0 +1,15 @@
package cn.zyjblogs.oauth.server.user.service.impl;
import cn.zyjblogs.oauth.server.user.mapper.UserMapper;
import cn.zyjblogs.oauth.server.user.po.UserPo;
import cn.zyjblogs.oauth.server.user.service.UserService;
import com.baomidou.mybatisplus.extension.service.impl.ServiceImpl;
import lombok.RequiredArgsConstructor;
import org.springframework.stereotype.Service;
@Service
@RequiredArgsConstructor
public class UserServiceImpl extends ServiceImpl<UserMapper, UserPo> implements UserService {
}

2
zyjblogs-oauth/src/main/resources/bootstrap-test.yml
View File

@ -1,7 +1,7 @@
hatech: hatech:
config: config:
nacos: nacos:
host: ${HATECH_CONFIG_NACOS_HOST:192.168.137.1} host: ${HATECH_CONFIG_NACOS_HOST:127.0.0.1}
port: ${HATECH_CONFIG_NACOS_PORT:8848} port: ${HATECH_CONFIG_NACOS_PORT:8848}
username: ${HATECH_CONFIG_NACOS_USERNAME:nacos} username: ${HATECH_CONFIG_NACOS_USERNAME:nacos}
password: ${HATECH_CONFIG_NACOS_PASSWORD:nacos} password: ${HATECH_CONFIG_NACOS_PASSWORD:nacos}

1
zyjblogs-rbac/src/main/java/cn/zyjblogs/rbac/RbacApplication.java
View File

@ -4,6 +4,7 @@ import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication; import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.cloud.openfeign.EnableFeignClients; import org.springframework.cloud.openfeign.EnableFeignClients;
import org.springframework.scheduling.annotation.EnableAsync; import org.springframework.scheduling.annotation.EnableAsync;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
/** /**
* Copyright (C), 2021, 北京同创永益科技发展有限公司 * Copyright (C), 2021, 北京同创永益科技发展有限公司

53
zyjblogs-rbac/src/main/java/cn/zyjblogs/rbac/config/resource/ResourceServerConfig.java Normal file
View File

@ -0,0 +1,53 @@
package cn.zyjblogs.rbac.config.resource;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;
import org.springframework.security.oauth2.provider.token.RemoteTokenServices;
import org.springframework.security.oauth2.provider.token.ResourceServerTokenServices;
/**
* 资源服务
* @author zhuyijun
*/
@Configuration
@EnableResourceServer
public class ResourceServerConfig extends ResourceServerConfigurerAdapter {
private static final String RESOURCE_ID="zyjblogs-rbac";
public ResourceServerConfig() {
super();
}
@Override
public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
resources.resourceId(RESOURCE_ID)
// 验证令牌的服务
.tokenServices(tokenServices())
.stateless(true);
}
@Override
public void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/**")
.access("#oauth2.hasAnyScope('all')")
.and()
.csrf().disable()
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS);
}
@Bean
public ResourceServerTokenServices tokenServices(){
RemoteTokenServices services = new RemoteTokenServices() ;
services.setCheckTokenEndpointUrl("http://127.0.0.1:9029/oauth/check_token");
services.setClientId(RESOURCE_ID);
services.setClientSecret("secret");
return services;
}
}

24
zyjblogs-rbac/src/main/java/cn/zyjblogs/rbac/config/security/WebSecurityConfiguration.java Normal file
View File

@ -0,0 +1,24 @@
package cn.zyjblogs.rbac.config.security;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
@Configuration
@EnableWebSecurity
public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable();
//使HttpSecurity接收以"/login/","/oauth/"开头请求, 配置HttpSecurity不阻止swagger页面
http.authorizeRequests()
.antMatchers("/webjars/**", "/swagger-ui.html/**", "/swagger-resources/**", "/v2/api-docs/**")
.permitAll()
//以下请求必须认证通过
.antMatchers("/demo/**", "/oauth/**", "/login")
.authenticated()
.anyRequest().permitAll();
}
}

25
zyjblogs-rbac/src/main/java/cn/zyjblogs/rbac/server/user/controller/UserController.java Normal file
View File

@ -0,0 +1,25 @@
package cn.zyjblogs.rbac.server.user.controller;
import cn.zyjblogs.rbac.server.user.po.UserPo;
import cn.zyjblogs.rbac.server.user.service.UserService;
import lombok.RequiredArgsConstructor;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.web.bind.annotation.RestController;
/**
* @author zhuyijun
*/
@RestController
@RequestMapping("/user")
@RequiredArgsConstructor
@ResponseBody
public class UserController {
private final UserService userService;
@GetMapping("/id")
public UserPo findById(String id){
return userService.getById(id);
}
}

10
zyjblogs-rbac/src/main/java/cn/zyjblogs/rbac/server/user/mapper/UserMapper.java Normal file
View File

@ -0,0 +1,10 @@
package cn.zyjblogs.rbac.server.user.mapper;
import cn.zyjblogs.rbac.server.user.po.UserPo;
import com.baomidou.mybatisplus.core.mapper.BaseMapper;
import org.apache.ibatis.annotations.Mapper;
@Mapper
public interface UserMapper extends BaseMapper<UserPo> {
UserPo findUserByname(String userName);
}

82
zyjblogs-rbac/src/main/java/cn/zyjblogs/rbac/server/user/po/UserPo.java Normal file
View File

@ -0,0 +1,82 @@
package cn.zyjblogs.rbac.server.user.po;
import com.alibaba.fastjson.annotation.JSONField;
import com.baomidou.mybatisplus.annotation.IdType;
import com.baomidou.mybatisplus.annotation.TableField;
import com.baomidou.mybatisplus.annotation.TableId;
import com.baomidou.mybatisplus.annotation.TableName;
import lombok.AllArgsConstructor;
import lombok.Builder;
import lombok.Data;
import lombok.NoArgsConstructor;
import java.io.Serializable;
import java.time.LocalDateTime;
/**
* @author zhuyijun
*/
@Data
@AllArgsConstructor
@NoArgsConstructor
@Builder
@TableName("user")
public class UserPo implements Serializable {
@TableId(value = "id", type = IdType.ASSIGN_UUID)
private String id;
@TableField("username")
private String username;
@TableField("name")
private String name;
@TableField("age")
private Integer age;
@TableField("avatar")
private String avatar;
@TableField("password")
private String password;
@TableField("phone")
private Integer phone;
@TableField("email")
private String email;
@TableField("invite_user_id")
private String inviteUserId;
@TableField("status")
private Integer status;
@TableField("follow_num")
private Integer followNum;
@TableField("fans_num")
private Integer fansNum;
@TableField("deleted")
private Integer deleted;
@TableField("description")
private String description;
@TableField("create_user_id")
private String createUserId;
@JSONField(format = "yyyy-MM-dd HH:mm:ss")
@TableField("create_time")
private LocalDateTime createTime;
@TableField("update_user_id")
private String updateUserId;
@JSONField(format = "yyyy-MM-dd HH:mm:ss")
@TableField("update_time")
private LocalDateTime updateTime;
}

9
zyjblogs-rbac/src/main/java/cn/zyjblogs/rbac/server/user/service/UserService.java Normal file
View File

@ -0,0 +1,9 @@
package cn.zyjblogs.rbac.server.user.service;
import cn.zyjblogs.rbac.server.user.po.UserPo;
import com.baomidou.mybatisplus.extension.service.IService;
public interface UserService extends IService<UserPo> {
}

16
zyjblogs-rbac/src/main/java/cn/zyjblogs/rbac/server/user/service/impl/UserServiceImpl.java Normal file
View File

@ -0,0 +1,16 @@
package cn.zyjblogs.rbac.server.user.service.impl;
import cn.zyjblogs.rbac.server.user.mapper.UserMapper;
import cn.zyjblogs.rbac.server.user.po.UserPo;
import cn.zyjblogs.rbac.server.user.service.UserService;
import com.baomidou.mybatisplus.extension.service.impl.ServiceImpl;
import lombok.RequiredArgsConstructor;
import org.springframework.stereotype.Service;
@Service
@RequiredArgsConstructor
public class UserServiceImpl extends ServiceImpl<UserMapper, UserPo> implements UserService {
}

2
zyjblogs-rbac/src/main/resources/bootstrap-test.yml
View File

@ -1,7 +1,7 @@
hatech: hatech:
config: config:
nacos: nacos:
host: ${HATECH_CONFIG_NACOS_HOST:192.168.137.1} host: ${HATECH_CONFIG_NACOS_HOST:127.0.0.1}
port: ${HATECH_CONFIG_NACOS_PORT:8848} port: ${HATECH_CONFIG_NACOS_PORT:8848}
username: ${HATECH_CONFIG_NACOS_USERNAME:nacos} username: ${HATECH_CONFIG_NACOS_USERNAME:nacos}
password: ${HATECH_CONFIG_NACOS_PASSWORD:nacos} password: ${HATECH_CONFIG_NACOS_PASSWORD:nacos}