优化代码

This commit is contained in:
朱毅骏 2022-08-23 16:17:50 +08:00
parent 4eafe160da
commit 2bf7beadc4
10 changed files with 164 additions and 13 deletions

View File

@ -98,16 +98,16 @@ public class AuthFilter implements GlobalFilter {
*/ */
private boolean isExpired(String token) { private boolean isExpired(String token) {
if (StringUtils.isEmpty(token)) { if (StringUtils.isEmpty(token)) {
return false; return true;
} }
if (!token.startsWith(HttpHeaderConstant.AUTHORIZATION_TYPE)) { if (!token.startsWith(HttpHeaderConstant.AUTHORIZATION_TYPE)) {
return false;
}
String jwt = token.replace(HttpHeaderConstant.AUTHORIZATION_TYPE + " ", "");
OauthClaims body = (OauthClaims) Jwts.parser().setSigningKey(SIGNING_KEY).parseClaimsJws(jwt).getBody();
BaseContextHandler.set(ContextDto.builder().token(jwt).userId(body.getUserId()).username(body.getUsername()).build());
return true; return true;
} }
// String jwt = token.replace(HttpHeaderConstant.AUTHORIZATION_TYPE + " ", "");
// OauthClaims body = (OauthClaims) Jwts.parser().setSigningKey(SIGNING_KEY).parseClaimsJws(jwt).getBody();
// BaseContextHandler.set(ContextDto.builder().token(jwt).userId(body.getUserId()).username(body.getUsername()).build());
return false;
}
/** /**
* 是否是白名单 * 是否是白名单

View File

@ -1,6 +1,7 @@
package cn.zyjblogs.oauth.config.security; package cn.zyjblogs.oauth.config.security;
import lombok.RequiredArgsConstructor; import lombok.RequiredArgsConstructor;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod; import org.springframework.http.HttpMethod;
@ -45,6 +46,7 @@ public class AuthorizationServerConfiguration extends AuthorizationServerConfigu
private final PasswordEncoder passwordEncoder; private final PasswordEncoder passwordEncoder;
private final DataSource dataSource; private final DataSource dataSource;
private final JwtTokenEnhancer jwtTokenEnhancer; private final JwtTokenEnhancer jwtTokenEnhancer;
private final OauthResponseExceptionTranslator oAuthResponseExceptionTranslator;
/** /**
* 令牌端点的安全约束 * 令牌端点的安全约束
* *
@ -93,7 +95,9 @@ public class AuthorizationServerConfiguration extends AuthorizationServerConfigu
.tokenServices(tokenServices()) .tokenServices(tokenServices())
.accessTokenConverter(accessTokenConverter) .accessTokenConverter(accessTokenConverter)
//允许表单认证 //允许表单认证
.allowedTokenEndpointRequestMethods(HttpMethod.POST); .allowedTokenEndpointRequestMethods(HttpMethod.POST)
//自定义异常处理
.exceptionTranslator(oAuthResponseExceptionTranslator);
} }
/** /**

View File

@ -1,18 +1,24 @@
package cn.zyjblogs.oauth.config.security; package cn.zyjblogs.oauth.config.security;
import io.micrometer.core.instrument.util.IOUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Configuration;
import org.springframework.core.io.ClassPathResource;
import org.springframework.security.oauth2.provider.token.DefaultAccessTokenConverter;
import org.springframework.security.oauth2.provider.token.DefaultUserAuthenticationConverter;
import org.springframework.security.oauth2.provider.token.TokenStore; import org.springframework.security.oauth2.provider.token.TokenStore;
import org.springframework.security.oauth2.provider.token.store.InMemoryTokenStore; import org.springframework.security.oauth2.provider.token.store.InMemoryTokenStore;
import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter; import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter;
import org.springframework.security.oauth2.provider.token.store.JwtTokenStore; import org.springframework.security.oauth2.provider.token.store.JwtTokenStore;
import java.io.IOException;
/** /**
* @author zhuyijun * @author zhuyijun
*/ */
@Configuration @Configuration
public class JwtTokenConfig { public class JwtTokenConfig {
private String SIGNING_KEY="zyjblogs123";
/** /**
* 令牌存储策略 * 令牌存储策略
* @return * @return
@ -26,7 +32,18 @@ public class JwtTokenConfig {
@Bean @Bean
public JwtAccessTokenConverter accessTokenConverter(){ public JwtAccessTokenConverter accessTokenConverter(){
JwtAccessTokenConverter converter = new JwtAccessTokenConverter(); JwtAccessTokenConverter converter = new JwtAccessTokenConverter();
converter.setSigningKey(SIGNING_KEY); String privateKey = null;
String publicKey = null;
try {
publicKey = IOUtils.toString(new ClassPathResource("public.txt").getInputStream());
privateKey = IOUtils.toString(new ClassPathResource("private.txt").getInputStream());
} catch (final IOException e) {
throw new RuntimeException("获取不到公私密钥");
}
// 私钥签名
converter.setSigningKey(privateKey);
// 公钥验签
converter.setVerifierKey(publicKey);
return converter; return converter;
} }
} }

View File

@ -1,9 +1,11 @@
package cn.zyjblogs.oauth.config.security; package cn.zyjblogs.oauth.config.security;
import lombok.RequiredArgsConstructor;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.authentication.dao.DaoAuthenticationProvider; import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
import org.springframework.security.core.Authentication; import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException; import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
@ -17,10 +19,10 @@ import org.springframework.stereotype.Component;
@Component("oauthAuthenticationProvider") @Component("oauthAuthenticationProvider")
public class OauthAuthenticationProvider extends DaoAuthenticationProvider { public class OauthAuthenticationProvider extends DaoAuthenticationProvider {
public OauthAuthenticationProvider(UserDetailsService userDetailsService){
public OauthAuthenticationProvider(UserDetailsService userDetailsService,PasswordEncoder passwordEncoder){
this.setPasswordEncoder(passwordEncoder);
setUserDetailsService(userDetailsService); setUserDetailsService(userDetailsService);
this.setPasswordEncoder(new BCryptPasswordEncoder());
setForcePrincipalAsString(false);
} }
@Override @Override

View File

@ -0,0 +1,41 @@
package cn.zyjblogs.oauth.config.security;
import lombok.extern.slf4j.Slf4j;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.security.oauth2.common.exceptions.OAuth2Exception;
import org.springframework.security.oauth2.provider.error.WebResponseExceptionTranslator;
import org.springframework.stereotype.Component;
/**
* Copyright (C), 2019, 北京同创永益科技发展有限公司
*
* @author YeMeng
* @version 1.0
* <Author> <Time> <Version> <Description>
* YeMeng 2019/12/25 17:54 1.0 自定义oauth server异常返回
* @program hatech-framework
* 自定义oauth server异常返回
* @create 2019/12/25 17:54
*/
@Slf4j
@Component
public class OauthResponseExceptionTranslator implements WebResponseExceptionTranslator<OAuth2Exception> {
/**
* 异常信息转换
*
* @param e 异常
* @return org.springframework.http.ResponseEntity<org.springframework.security.oauth2.common.exceptions.OAuth2Exception>
* @author YeMeng
* @date 2019/12/25 19:15
*/
@Override
public ResponseEntity<OAuth2Exception> translate(Exception e) throws Exception {
log.error("oauth认证失败 {}", e.getMessage());
OAuth2Exception exception = new OAuth2Exception(e.getMessage());
return new ResponseEntity<>(exception, HttpStatus.valueOf(500));
}
}

View File

@ -0,0 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEpQIBAAKCAQEA4jXKxEFsDsjng2nHppqCGTR1NQLfHJlGzc5hWalP/YgbJWIq
dGXDy704Q2DuuoOe/t6KQcYI6/C7Ua9yumYpMoKZOA5b7gmh/k0SUfsCErKwzE93
DIAnLbRoT/hkGJD1Dn7V7yTzYf2BjaFoY5ittZJ/UXM18TAqW7S1q0qCuv25Fb9N
AEMh63EaX3N+DMW8rg51GBfRvtVfACbIyFo98PW2/wOQhppGWkxdzgJdJUwPhZ+F
o9DZ18044hapYPNuZ31ordIGptYL6pB/0VKhkbDLk4oOnkhhWW0DmsTSFyhOiaQq
tuxdrjPV7sqR1NokreZAtbUctVNezNBlYWoJTwIDAQABAoIBAEzioadw4QxpZp74
3h4XV+6/MLMy5ahvxGwBIH98F68BitB6/BkR2amvB6eHE70bLXhNJUrTx4aCDPjn
nCQUwx3i27b80mwmpAOuKHLq0LqQN51JyRnbmPVk4yuDLmpXIqOpoock1QBSTK1Z
1gQ8CZa0U0fY09XFXDBNTI4KxkJNhPxAOGWhQoeXQ6qgAnhiOwEGhely2XRVCvUo
tVhN04uMl+W5Vw3+X/2D41eA5eeDYi/kgi7n2cuZK/l8bV/arwpEm7ryxqwAV1RI
M4cPwBTNoVf/h1tAGgmBCPGZ9RkSlNF+Rob7SaCvyKwqnwHH16041a2sEY8NZMsh
e0REpgECgYEA8KqDEjkmlhpMPe6H5ykZgDTxFcqD9pHI+XmFROF39gNFE/auwqiK
oVTMfvAlU58PKTc8P20gIdVdwN1CFcO21dXYD+I1kg/Tt6oYmnqzb4YUi/BFao01
hAvPDr/K99VANluynnvPX+kzz+HD+Bi+XgHi3BCOMtsQAfKl5lBCJwECgYEA8J99
gC8XBx+406OShRUm/zDpWHQmWtLHbO+2aih4ht6k+mV9B/txacoSdi/E6MnVrPRV
nry3xGqd/wcRHDx6nKBcT4x/t28bNP76EH2OUpMom3f/4y/qMzFVKBIwJcaSEqOd
xAZo6qVeEHa+abDQGlObAYyYUiLRLzhbZ50AAE8CgYEAiczIMeYBXw79urRaopRY
4pztsdF8T/FXhuj60t7axkVHB1BG7nR8tDWOxdwRM1ku4CWdXJ/KNzUpcmX+EeI3
TScdiLK4g8KGMnK1lbZOCbxXBW11AbaK/umYDFTrDY7QLo/ArZgsvDkWDqCxidv5
HHCuCd183keqWcMrFL29swECgYEAhvpAsVY5CbL+wCHCwEqkTISIcSj+lvYkDnTN
k/FN4wIj855Yq9CdxyUmhAu53ofSCCormVbtkw3nwTaan4dBlHjUL3916VU3Itxh
NDzqSGHqZoPDFBM9wifLSCYjwh0ItdH4Xwzlb7MB+CRUHf+kTRBXJGBU1cZYJ6/q
fk3wwTsCgYEA5rs2T67JO1R9vfmIQilB8SUn0bGlVo3Mrx3b3MqX4bDjjnsCyi8L
VMOwzwA2aOJ4FJ50sDZVr1Yv4sygrQ0k8Qo4tKY4Z0qWDbiTxp/dFnH3WGjlR3uD
HEhVf0kJ1LI9diDu5l6dyUL7Vzaj5R9icvVa+M3lNNiRjgZi9VVgeRw=
-----END RSA PRIVATE KEY-----

View File

@ -0,0 +1,9 @@
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4jXKxEFsDsjng2nHppqC
GTR1NQLfHJlGzc5hWalP/YgbJWIqdGXDy704Q2DuuoOe/t6KQcYI6/C7Ua9yumYp
MoKZOA5b7gmh/k0SUfsCErKwzE93DIAnLbRoT/hkGJD1Dn7V7yTzYf2BjaFoY5it
tZJ/UXM18TAqW7S1q0qCuv25Fb9NAEMh63EaX3N+DMW8rg51GBfRvtVfACbIyFo9
8PW2/wOQhppGWkxdzgJdJUwPhZ+Fo9DZ18044hapYPNuZ31ordIGptYL6pB/0VKh
kbDLk4oOnkhhWW0DmsTSFyhOiaQqtuxdrjPV7sqR1NokreZAtbUctVNezNBlYWoJ
TwIDAQAB
-----END PUBLIC KEY-----

View File

@ -1,11 +1,15 @@
package cn.zyjblogs.rbac.config.security; package cn.zyjblogs.rbac.config.security;
import org.apache.commons.io.IOUtils;
import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Configuration;
import org.springframework.core.io.ClassPathResource;
import org.springframework.security.oauth2.provider.token.TokenStore; import org.springframework.security.oauth2.provider.token.TokenStore;
import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter; import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter;
import org.springframework.security.oauth2.provider.token.store.JwtTokenStore; import org.springframework.security.oauth2.provider.token.store.JwtTokenStore;
import java.io.IOException;
/** /**
* @author zhuyijun * @author zhuyijun
*/ */
@ -25,7 +29,18 @@ public class TokenConfig {
@Bean @Bean
public JwtAccessTokenConverter accessTokenConverter(){ public JwtAccessTokenConverter accessTokenConverter(){
JwtAccessTokenConverter converter = new JwtAccessTokenConverter(); JwtAccessTokenConverter converter = new JwtAccessTokenConverter();
converter.setSigningKey(SIGNING_KEY); String privateKey = null;
String publicKey = null;
try {
publicKey = IOUtils.toString(new ClassPathResource("public.txt").getInputStream());
privateKey = IOUtils.toString(new ClassPathResource("private.txt").getInputStream());
} catch (final IOException e) {
throw new RuntimeException("获取不到公私密钥");
}
// 私钥签名
converter.setSigningKey(privateKey);
// 公钥验签
converter.setVerifierKey(publicKey);
return converter; return converter;
} }
} }

View File

@ -0,0 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEpQIBAAKCAQEA4jXKxEFsDsjng2nHppqCGTR1NQLfHJlGzc5hWalP/YgbJWIq
dGXDy704Q2DuuoOe/t6KQcYI6/C7Ua9yumYpMoKZOA5b7gmh/k0SUfsCErKwzE93
DIAnLbRoT/hkGJD1Dn7V7yTzYf2BjaFoY5ittZJ/UXM18TAqW7S1q0qCuv25Fb9N
AEMh63EaX3N+DMW8rg51GBfRvtVfACbIyFo98PW2/wOQhppGWkxdzgJdJUwPhZ+F
o9DZ18044hapYPNuZ31ordIGptYL6pB/0VKhkbDLk4oOnkhhWW0DmsTSFyhOiaQq
tuxdrjPV7sqR1NokreZAtbUctVNezNBlYWoJTwIDAQABAoIBAEzioadw4QxpZp74
3h4XV+6/MLMy5ahvxGwBIH98F68BitB6/BkR2amvB6eHE70bLXhNJUrTx4aCDPjn
nCQUwx3i27b80mwmpAOuKHLq0LqQN51JyRnbmPVk4yuDLmpXIqOpoock1QBSTK1Z
1gQ8CZa0U0fY09XFXDBNTI4KxkJNhPxAOGWhQoeXQ6qgAnhiOwEGhely2XRVCvUo
tVhN04uMl+W5Vw3+X/2D41eA5eeDYi/kgi7n2cuZK/l8bV/arwpEm7ryxqwAV1RI
M4cPwBTNoVf/h1tAGgmBCPGZ9RkSlNF+Rob7SaCvyKwqnwHH16041a2sEY8NZMsh
e0REpgECgYEA8KqDEjkmlhpMPe6H5ykZgDTxFcqD9pHI+XmFROF39gNFE/auwqiK
oVTMfvAlU58PKTc8P20gIdVdwN1CFcO21dXYD+I1kg/Tt6oYmnqzb4YUi/BFao01
hAvPDr/K99VANluynnvPX+kzz+HD+Bi+XgHi3BCOMtsQAfKl5lBCJwECgYEA8J99
gC8XBx+406OShRUm/zDpWHQmWtLHbO+2aih4ht6k+mV9B/txacoSdi/E6MnVrPRV
nry3xGqd/wcRHDx6nKBcT4x/t28bNP76EH2OUpMom3f/4y/qMzFVKBIwJcaSEqOd
xAZo6qVeEHa+abDQGlObAYyYUiLRLzhbZ50AAE8CgYEAiczIMeYBXw79urRaopRY
4pztsdF8T/FXhuj60t7axkVHB1BG7nR8tDWOxdwRM1ku4CWdXJ/KNzUpcmX+EeI3
TScdiLK4g8KGMnK1lbZOCbxXBW11AbaK/umYDFTrDY7QLo/ArZgsvDkWDqCxidv5
HHCuCd183keqWcMrFL29swECgYEAhvpAsVY5CbL+wCHCwEqkTISIcSj+lvYkDnTN
k/FN4wIj855Yq9CdxyUmhAu53ofSCCormVbtkw3nwTaan4dBlHjUL3916VU3Itxh
NDzqSGHqZoPDFBM9wifLSCYjwh0ItdH4Xwzlb7MB+CRUHf+kTRBXJGBU1cZYJ6/q
fk3wwTsCgYEA5rs2T67JO1R9vfmIQilB8SUn0bGlVo3Mrx3b3MqX4bDjjnsCyi8L
VMOwzwA2aOJ4FJ50sDZVr1Yv4sygrQ0k8Qo4tKY4Z0qWDbiTxp/dFnH3WGjlR3uD
HEhVf0kJ1LI9diDu5l6dyUL7Vzaj5R9icvVa+M3lNNiRjgZi9VVgeRw=
-----END RSA PRIVATE KEY-----

View File

@ -0,0 +1,9 @@
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4jXKxEFsDsjng2nHppqC
GTR1NQLfHJlGzc5hWalP/YgbJWIqdGXDy704Q2DuuoOe/t6KQcYI6/C7Ua9yumYp
MoKZOA5b7gmh/k0SUfsCErKwzE93DIAnLbRoT/hkGJD1Dn7V7yTzYf2BjaFoY5it
tZJ/UXM18TAqW7S1q0qCuv25Fb9NAEMh63EaX3N+DMW8rg51GBfRvtVfACbIyFo9
8PW2/wOQhppGWkxdzgJdJUwPhZ+Fo9DZ18044hapYPNuZ31ordIGptYL6pB/0VKh
kbDLk4oOnkhhWW0DmsTSFyhOiaQqtuxdrjPV7sqR1NokreZAtbUctVNezNBlYWoJ
TwIDAQAB
-----END PUBLIC KEY-----