From 2bf7beadc4aadfba7e8afb35dc6a28f0c17a6efa Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E6=9C=B1=E6=AF=85=E9=AA=8F?= <zhuyijun@hatech.com.cn>
Date: Tue, 23 Aug 2022 16:17:50 +0800
Subject: [PATCH] =?UTF-8?q?=E4=BC=98=E5=8C=96=E4=BB=A3=E7=A0=81?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../zyjblogs/gateway/filter/AuthFilter.java   | 12 +++---
 .../AuthorizationServerConfiguration.java     |  6 ++-
 .../oauth/config/security/JwtTokenConfig.java | 21 +++++++++-
 .../security/OauthAuthenticationProvider.java |  8 ++--
 .../OauthResponseExceptionTranslator.java     | 41 +++++++++++++++++++
 zyjblogs-oauth/src/main/resources/private.txt | 27 ++++++++++++
 zyjblogs-oauth/src/main/resources/public.txt  |  9 ++++
 .../rbac/config/security/TokenConfig.java     | 17 +++++++-
 zyjblogs-rbac/src/main/resources/private.txt  | 27 ++++++++++++
 zyjblogs-rbac/src/main/resources/public.txt   |  9 ++++
 10 files changed, 164 insertions(+), 13 deletions(-)
 create mode 100644 zyjblogs-oauth/src/main/java/cn/zyjblogs/oauth/config/security/OauthResponseExceptionTranslator.java
 create mode 100644 zyjblogs-oauth/src/main/resources/private.txt
 create mode 100644 zyjblogs-oauth/src/main/resources/public.txt
 create mode 100644 zyjblogs-rbac/src/main/resources/private.txt
 create mode 100644 zyjblogs-rbac/src/main/resources/public.txt

diff --git a/zyjblogs-gateway/src/main/java/cn/zyjblogs/gateway/filter/AuthFilter.java b/zyjblogs-gateway/src/main/java/cn/zyjblogs/gateway/filter/AuthFilter.java
index 2e56fc9..09afd65 100644
--- a/zyjblogs-gateway/src/main/java/cn/zyjblogs/gateway/filter/AuthFilter.java
+++ b/zyjblogs-gateway/src/main/java/cn/zyjblogs/gateway/filter/AuthFilter.java
@@ -98,15 +98,15 @@ public class AuthFilter implements GlobalFilter {
      */
     private boolean isExpired(String token) {
         if (StringUtils.isEmpty(token)) {
-            return false;
+            return true;
         }
         if (!token.startsWith(HttpHeaderConstant.AUTHORIZATION_TYPE)) {
-            return false;
+            return true;
         }
-        String jwt = token.replace(HttpHeaderConstant.AUTHORIZATION_TYPE + " ", "");
-        OauthClaims body = (OauthClaims) Jwts.parser().setSigningKey(SIGNING_KEY).parseClaimsJws(jwt).getBody();
-        BaseContextHandler.set(ContextDto.builder().token(jwt).userId(body.getUserId()).username(body.getUsername()).build());
-        return true;
+//        String jwt = token.replace(HttpHeaderConstant.AUTHORIZATION_TYPE + " ", "");
+//        OauthClaims body = (OauthClaims) Jwts.parser().setSigningKey(SIGNING_KEY).parseClaimsJws(jwt).getBody();
+//        BaseContextHandler.set(ContextDto.builder().token(jwt).userId(body.getUserId()).username(body.getUsername()).build());
+        return false;
     }
 
     /**
diff --git a/zyjblogs-oauth/src/main/java/cn/zyjblogs/oauth/config/security/AuthorizationServerConfiguration.java b/zyjblogs-oauth/src/main/java/cn/zyjblogs/oauth/config/security/AuthorizationServerConfiguration.java
index 6da6871..a252eb1 100644
--- a/zyjblogs-oauth/src/main/java/cn/zyjblogs/oauth/config/security/AuthorizationServerConfiguration.java
+++ b/zyjblogs-oauth/src/main/java/cn/zyjblogs/oauth/config/security/AuthorizationServerConfiguration.java
@@ -1,6 +1,7 @@
 package cn.zyjblogs.oauth.config.security;
 
 import lombok.RequiredArgsConstructor;
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.http.HttpMethod;
@@ -45,6 +46,7 @@ public class AuthorizationServerConfiguration extends AuthorizationServerConfigu
     private final PasswordEncoder passwordEncoder;
     private final DataSource dataSource;
     private final JwtTokenEnhancer jwtTokenEnhancer;
+    private final OauthResponseExceptionTranslator oAuthResponseExceptionTranslator;
     /**
      * 令牌端点的安全约束
      *
@@ -93,7 +95,9 @@ public class AuthorizationServerConfiguration extends AuthorizationServerConfigu
                 .tokenServices(tokenServices())
                 .accessTokenConverter(accessTokenConverter)
                 //允许表单认证
-                .allowedTokenEndpointRequestMethods(HttpMethod.POST);
+                .allowedTokenEndpointRequestMethods(HttpMethod.POST)
+                //自定义异常处理
+                .exceptionTranslator(oAuthResponseExceptionTranslator);
     }
 
     /**
diff --git a/zyjblogs-oauth/src/main/java/cn/zyjblogs/oauth/config/security/JwtTokenConfig.java b/zyjblogs-oauth/src/main/java/cn/zyjblogs/oauth/config/security/JwtTokenConfig.java
index ab706c7..b32b9a4 100644
--- a/zyjblogs-oauth/src/main/java/cn/zyjblogs/oauth/config/security/JwtTokenConfig.java
+++ b/zyjblogs-oauth/src/main/java/cn/zyjblogs/oauth/config/security/JwtTokenConfig.java
@@ -1,18 +1,24 @@
 package cn.zyjblogs.oauth.config.security;
 
+import io.micrometer.core.instrument.util.IOUtils;
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.core.io.ClassPathResource;
+import org.springframework.security.oauth2.provider.token.DefaultAccessTokenConverter;
+import org.springframework.security.oauth2.provider.token.DefaultUserAuthenticationConverter;
 import org.springframework.security.oauth2.provider.token.TokenStore;
 import org.springframework.security.oauth2.provider.token.store.InMemoryTokenStore;
 import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter;
 import org.springframework.security.oauth2.provider.token.store.JwtTokenStore;
 
+import java.io.IOException;
+
 /**
  * @author zhuyijun
  */
 @Configuration
 public class JwtTokenConfig {
-    private String SIGNING_KEY="zyjblogs123";
     /**
      * 令牌存储策略
      * @return
@@ -26,7 +32,18 @@ public class JwtTokenConfig {
     @Bean
     public JwtAccessTokenConverter accessTokenConverter(){
         JwtAccessTokenConverter converter = new JwtAccessTokenConverter();
-        converter.setSigningKey(SIGNING_KEY);
+        String privateKey = null;
+        String publicKey = null;
+        try {
+            publicKey = IOUtils.toString(new ClassPathResource("public.txt").getInputStream());
+            privateKey = IOUtils.toString(new ClassPathResource("private.txt").getInputStream());
+        } catch (final IOException e) {
+            throw new RuntimeException("获取不到公私密钥");
+        }
+        // 私钥签名
+        converter.setSigningKey(privateKey);
+        // 公钥验签
+        converter.setVerifierKey(publicKey);
         return converter;
     }
 }
diff --git a/zyjblogs-oauth/src/main/java/cn/zyjblogs/oauth/config/security/OauthAuthenticationProvider.java b/zyjblogs-oauth/src/main/java/cn/zyjblogs/oauth/config/security/OauthAuthenticationProvider.java
index 6a2c587..30b7f0e 100644
--- a/zyjblogs-oauth/src/main/java/cn/zyjblogs/oauth/config/security/OauthAuthenticationProvider.java
+++ b/zyjblogs-oauth/src/main/java/cn/zyjblogs/oauth/config/security/OauthAuthenticationProvider.java
@@ -1,9 +1,11 @@
 package cn.zyjblogs.oauth.config.security;
 
+import lombok.RequiredArgsConstructor;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
@@ -17,10 +19,10 @@ import org.springframework.stereotype.Component;
 @Component("oauthAuthenticationProvider")
 public class OauthAuthenticationProvider extends DaoAuthenticationProvider {
 
-    public OauthAuthenticationProvider(UserDetailsService userDetailsService){
+
+    public OauthAuthenticationProvider(UserDetailsService userDetailsService,PasswordEncoder passwordEncoder){
+        this.setPasswordEncoder(passwordEncoder);
         setUserDetailsService(userDetailsService);
-        this.setPasswordEncoder(new BCryptPasswordEncoder());
-        setForcePrincipalAsString(false);
     }
 
     @Override
diff --git a/zyjblogs-oauth/src/main/java/cn/zyjblogs/oauth/config/security/OauthResponseExceptionTranslator.java b/zyjblogs-oauth/src/main/java/cn/zyjblogs/oauth/config/security/OauthResponseExceptionTranslator.java
new file mode 100644
index 0000000..d9cf681
--- /dev/null
+++ b/zyjblogs-oauth/src/main/java/cn/zyjblogs/oauth/config/security/OauthResponseExceptionTranslator.java
@@ -0,0 +1,41 @@
+package cn.zyjblogs.oauth.config.security;
+
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.http.HttpStatus;
+import org.springframework.http.ResponseEntity;
+import org.springframework.security.oauth2.common.exceptions.OAuth2Exception;
+import org.springframework.security.oauth2.provider.error.WebResponseExceptionTranslator;
+import org.springframework.stereotype.Component;
+
+/**
+ * Copyright (C), 2019, 北京同创永益科技发展有限公司
+ *
+ * @author YeMeng
+ * @version 1.0
+ * <Author>                <Time>                  <Version>                   <Description>
+ * YeMeng              2019/12/25 17:54             1.0                         自定义oauth server异常返回
+ * @program hatech-framework
+ * 自定义oauth server异常返回
+ * @create 2019/12/25 17:54
+ */
+@Slf4j
+@Component
+public class OauthResponseExceptionTranslator implements WebResponseExceptionTranslator<OAuth2Exception> {
+
+
+    /**
+     * 异常信息转换
+     *
+     * @param e 异常
+     * @return org.springframework.http.ResponseEntity<org.springframework.security.oauth2.common.exceptions.OAuth2Exception>
+     * @author YeMeng
+     * @date 2019/12/25 19:15
+     */
+    @Override
+    public ResponseEntity<OAuth2Exception> translate(Exception e) throws Exception {
+        log.error("oauth认证失败 {}", e.getMessage());
+        OAuth2Exception exception = new OAuth2Exception(e.getMessage());
+        return new ResponseEntity<>(exception, HttpStatus.valueOf(500));
+
+    }
+}
diff --git a/zyjblogs-oauth/src/main/resources/private.txt b/zyjblogs-oauth/src/main/resources/private.txt
new file mode 100644
index 0000000..86e2f1c
--- /dev/null
+++ b/zyjblogs-oauth/src/main/resources/private.txt
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpQIBAAKCAQEA4jXKxEFsDsjng2nHppqCGTR1NQLfHJlGzc5hWalP/YgbJWIq
+dGXDy704Q2DuuoOe/t6KQcYI6/C7Ua9yumYpMoKZOA5b7gmh/k0SUfsCErKwzE93
+DIAnLbRoT/hkGJD1Dn7V7yTzYf2BjaFoY5ittZJ/UXM18TAqW7S1q0qCuv25Fb9N
+AEMh63EaX3N+DMW8rg51GBfRvtVfACbIyFo98PW2/wOQhppGWkxdzgJdJUwPhZ+F
+o9DZ18044hapYPNuZ31ordIGptYL6pB/0VKhkbDLk4oOnkhhWW0DmsTSFyhOiaQq
+tuxdrjPV7sqR1NokreZAtbUctVNezNBlYWoJTwIDAQABAoIBAEzioadw4QxpZp74
+3h4XV+6/MLMy5ahvxGwBIH98F68BitB6/BkR2amvB6eHE70bLXhNJUrTx4aCDPjn
+nCQUwx3i27b80mwmpAOuKHLq0LqQN51JyRnbmPVk4yuDLmpXIqOpoock1QBSTK1Z
+1gQ8CZa0U0fY09XFXDBNTI4KxkJNhPxAOGWhQoeXQ6qgAnhiOwEGhely2XRVCvUo
+tVhN04uMl+W5Vw3+X/2D41eA5eeDYi/kgi7n2cuZK/l8bV/arwpEm7ryxqwAV1RI
+M4cPwBTNoVf/h1tAGgmBCPGZ9RkSlNF+Rob7SaCvyKwqnwHH16041a2sEY8NZMsh
+e0REpgECgYEA8KqDEjkmlhpMPe6H5ykZgDTxFcqD9pHI+XmFROF39gNFE/auwqiK
+oVTMfvAlU58PKTc8P20gIdVdwN1CFcO21dXYD+I1kg/Tt6oYmnqzb4YUi/BFao01
+hAvPDr/K99VANluynnvPX+kzz+HD+Bi+XgHi3BCOMtsQAfKl5lBCJwECgYEA8J99
+gC8XBx+406OShRUm/zDpWHQmWtLHbO+2aih4ht6k+mV9B/txacoSdi/E6MnVrPRV
+nry3xGqd/wcRHDx6nKBcT4x/t28bNP76EH2OUpMom3f/4y/qMzFVKBIwJcaSEqOd
+xAZo6qVeEHa+abDQGlObAYyYUiLRLzhbZ50AAE8CgYEAiczIMeYBXw79urRaopRY
+4pztsdF8T/FXhuj60t7axkVHB1BG7nR8tDWOxdwRM1ku4CWdXJ/KNzUpcmX+EeI3
+TScdiLK4g8KGMnK1lbZOCbxXBW11AbaK/umYDFTrDY7QLo/ArZgsvDkWDqCxidv5
+HHCuCd183keqWcMrFL29swECgYEAhvpAsVY5CbL+wCHCwEqkTISIcSj+lvYkDnTN
+k/FN4wIj855Yq9CdxyUmhAu53ofSCCormVbtkw3nwTaan4dBlHjUL3916VU3Itxh
+NDzqSGHqZoPDFBM9wifLSCYjwh0ItdH4Xwzlb7MB+CRUHf+kTRBXJGBU1cZYJ6/q
+fk3wwTsCgYEA5rs2T67JO1R9vfmIQilB8SUn0bGlVo3Mrx3b3MqX4bDjjnsCyi8L
+VMOwzwA2aOJ4FJ50sDZVr1Yv4sygrQ0k8Qo4tKY4Z0qWDbiTxp/dFnH3WGjlR3uD
+HEhVf0kJ1LI9diDu5l6dyUL7Vzaj5R9icvVa+M3lNNiRjgZi9VVgeRw=
+-----END RSA PRIVATE KEY-----
\ No newline at end of file
diff --git a/zyjblogs-oauth/src/main/resources/public.txt b/zyjblogs-oauth/src/main/resources/public.txt
new file mode 100644
index 0000000..2ed6092
--- /dev/null
+++ b/zyjblogs-oauth/src/main/resources/public.txt
@@ -0,0 +1,9 @@
+-----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4jXKxEFsDsjng2nHppqC
+GTR1NQLfHJlGzc5hWalP/YgbJWIqdGXDy704Q2DuuoOe/t6KQcYI6/C7Ua9yumYp
+MoKZOA5b7gmh/k0SUfsCErKwzE93DIAnLbRoT/hkGJD1Dn7V7yTzYf2BjaFoY5it
+tZJ/UXM18TAqW7S1q0qCuv25Fb9NAEMh63EaX3N+DMW8rg51GBfRvtVfACbIyFo9
+8PW2/wOQhppGWkxdzgJdJUwPhZ+Fo9DZ18044hapYPNuZ31ordIGptYL6pB/0VKh
+kbDLk4oOnkhhWW0DmsTSFyhOiaQqtuxdrjPV7sqR1NokreZAtbUctVNezNBlYWoJ
+TwIDAQAB
+-----END PUBLIC KEY-----
\ No newline at end of file
diff --git a/zyjblogs-rbac/src/main/java/cn/zyjblogs/rbac/config/security/TokenConfig.java b/zyjblogs-rbac/src/main/java/cn/zyjblogs/rbac/config/security/TokenConfig.java
index 223d143..2a702a3 100644
--- a/zyjblogs-rbac/src/main/java/cn/zyjblogs/rbac/config/security/TokenConfig.java
+++ b/zyjblogs-rbac/src/main/java/cn/zyjblogs/rbac/config/security/TokenConfig.java
@@ -1,11 +1,15 @@
 package cn.zyjblogs.rbac.config.security;
 
+import org.apache.commons.io.IOUtils;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.core.io.ClassPathResource;
 import org.springframework.security.oauth2.provider.token.TokenStore;
 import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter;
 import org.springframework.security.oauth2.provider.token.store.JwtTokenStore;
 
+import java.io.IOException;
+
 /**
  * @author zhuyijun
  */
@@ -25,7 +29,18 @@ public class TokenConfig {
     @Bean
     public JwtAccessTokenConverter accessTokenConverter(){
         JwtAccessTokenConverter converter = new JwtAccessTokenConverter();
-        converter.setSigningKey(SIGNING_KEY);
+        String privateKey = null;
+        String publicKey = null;
+        try {
+            publicKey = IOUtils.toString(new ClassPathResource("public.txt").getInputStream());
+            privateKey = IOUtils.toString(new ClassPathResource("private.txt").getInputStream());
+        } catch (final IOException e) {
+            throw new RuntimeException("获取不到公私密钥");
+        }
+        // 私钥签名
+        converter.setSigningKey(privateKey);
+        // 公钥验签
+        converter.setVerifierKey(publicKey);
         return converter;
     }
 }
diff --git a/zyjblogs-rbac/src/main/resources/private.txt b/zyjblogs-rbac/src/main/resources/private.txt
new file mode 100644
index 0000000..86e2f1c
--- /dev/null
+++ b/zyjblogs-rbac/src/main/resources/private.txt
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpQIBAAKCAQEA4jXKxEFsDsjng2nHppqCGTR1NQLfHJlGzc5hWalP/YgbJWIq
+dGXDy704Q2DuuoOe/t6KQcYI6/C7Ua9yumYpMoKZOA5b7gmh/k0SUfsCErKwzE93
+DIAnLbRoT/hkGJD1Dn7V7yTzYf2BjaFoY5ittZJ/UXM18TAqW7S1q0qCuv25Fb9N
+AEMh63EaX3N+DMW8rg51GBfRvtVfACbIyFo98PW2/wOQhppGWkxdzgJdJUwPhZ+F
+o9DZ18044hapYPNuZ31ordIGptYL6pB/0VKhkbDLk4oOnkhhWW0DmsTSFyhOiaQq
+tuxdrjPV7sqR1NokreZAtbUctVNezNBlYWoJTwIDAQABAoIBAEzioadw4QxpZp74
+3h4XV+6/MLMy5ahvxGwBIH98F68BitB6/BkR2amvB6eHE70bLXhNJUrTx4aCDPjn
+nCQUwx3i27b80mwmpAOuKHLq0LqQN51JyRnbmPVk4yuDLmpXIqOpoock1QBSTK1Z
+1gQ8CZa0U0fY09XFXDBNTI4KxkJNhPxAOGWhQoeXQ6qgAnhiOwEGhely2XRVCvUo
+tVhN04uMl+W5Vw3+X/2D41eA5eeDYi/kgi7n2cuZK/l8bV/arwpEm7ryxqwAV1RI
+M4cPwBTNoVf/h1tAGgmBCPGZ9RkSlNF+Rob7SaCvyKwqnwHH16041a2sEY8NZMsh
+e0REpgECgYEA8KqDEjkmlhpMPe6H5ykZgDTxFcqD9pHI+XmFROF39gNFE/auwqiK
+oVTMfvAlU58PKTc8P20gIdVdwN1CFcO21dXYD+I1kg/Tt6oYmnqzb4YUi/BFao01
+hAvPDr/K99VANluynnvPX+kzz+HD+Bi+XgHi3BCOMtsQAfKl5lBCJwECgYEA8J99
+gC8XBx+406OShRUm/zDpWHQmWtLHbO+2aih4ht6k+mV9B/txacoSdi/E6MnVrPRV
+nry3xGqd/wcRHDx6nKBcT4x/t28bNP76EH2OUpMom3f/4y/qMzFVKBIwJcaSEqOd
+xAZo6qVeEHa+abDQGlObAYyYUiLRLzhbZ50AAE8CgYEAiczIMeYBXw79urRaopRY
+4pztsdF8T/FXhuj60t7axkVHB1BG7nR8tDWOxdwRM1ku4CWdXJ/KNzUpcmX+EeI3
+TScdiLK4g8KGMnK1lbZOCbxXBW11AbaK/umYDFTrDY7QLo/ArZgsvDkWDqCxidv5
+HHCuCd183keqWcMrFL29swECgYEAhvpAsVY5CbL+wCHCwEqkTISIcSj+lvYkDnTN
+k/FN4wIj855Yq9CdxyUmhAu53ofSCCormVbtkw3nwTaan4dBlHjUL3916VU3Itxh
+NDzqSGHqZoPDFBM9wifLSCYjwh0ItdH4Xwzlb7MB+CRUHf+kTRBXJGBU1cZYJ6/q
+fk3wwTsCgYEA5rs2T67JO1R9vfmIQilB8SUn0bGlVo3Mrx3b3MqX4bDjjnsCyi8L
+VMOwzwA2aOJ4FJ50sDZVr1Yv4sygrQ0k8Qo4tKY4Z0qWDbiTxp/dFnH3WGjlR3uD
+HEhVf0kJ1LI9diDu5l6dyUL7Vzaj5R9icvVa+M3lNNiRjgZi9VVgeRw=
+-----END RSA PRIVATE KEY-----
\ No newline at end of file
diff --git a/zyjblogs-rbac/src/main/resources/public.txt b/zyjblogs-rbac/src/main/resources/public.txt
new file mode 100644
index 0000000..2ed6092
--- /dev/null
+++ b/zyjblogs-rbac/src/main/resources/public.txt
@@ -0,0 +1,9 @@
+-----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4jXKxEFsDsjng2nHppqC
+GTR1NQLfHJlGzc5hWalP/YgbJWIqdGXDy704Q2DuuoOe/t6KQcYI6/C7Ua9yumYp
+MoKZOA5b7gmh/k0SUfsCErKwzE93DIAnLbRoT/hkGJD1Dn7V7yTzYf2BjaFoY5it
+tZJ/UXM18TAqW7S1q0qCuv25Fb9NAEMh63EaX3N+DMW8rg51GBfRvtVfACbIyFo9
+8PW2/wOQhppGWkxdzgJdJUwPhZ+Fo9DZ18044hapYPNuZ31ordIGptYL6pB/0VKh
+kbDLk4oOnkhhWW0DmsTSFyhOiaQqtuxdrjPV7sqR1NokreZAtbUctVNezNBlYWoJ
+TwIDAQAB
+-----END PUBLIC KEY-----
\ No newline at end of file