新增jwt增强

2022-08-18 22:59:07 +08:00 · 2022-08-18 22:59:07 +08:00 · c77960c777
commit c77960c777
parent 85a6e2a486
12 changed files with 222 additions and 11 deletions
--- a/zyjblogs-common-spring-boot-starter/src/main/java/cn/zyjblogs/common/entity/constant/ContextKeyConstant.java
+++ b/zyjblogs-common-spring-boot-starter/src/main/java/cn/zyjblogs/common/entity/constant/ContextKeyConstant.java
@ -0,0 +1,10 @@
+package cn.zyjblogs.common.entity.constant;
+
+/**
+ * @author zhuyijun
+ */
+public class ContextKeyConstant {
+    public static final String USER_ID_KEY = "user_id";
+    public static final String USERNAME_KEY = "username";
+    public static final String TENANT_ID_KEY = "tenant_id";
+}
--- a/zyjblogs-common-spring-boot-starter/src/main/java/cn/zyjblogs/common/entity/jwt/OauthClaims.java
+++ b/zyjblogs-common-spring-boot-starter/src/main/java/cn/zyjblogs/common/entity/jwt/OauthClaims.java
@ -0,0 +1,23 @@
+package cn.zyjblogs.common.entity.jwt;
+
+import io.jsonwebtoken.impl.DefaultClaims;
+
+/**
+ * @author zhuyijun
+ */
+public class OauthClaims extends DefaultClaims {
+
+    public String getUserId(){
+        return this.getString("user_id");
+    }
+    public void setUserId(String userId){
+        this.setValue("user_id",userId);
+    }
+    public String getUsername(){
+        return this.getString("username");
+    }
+
+    public void setUsername(String username){
+        this.setValue("username", username);
+    }
+}
--- a/zyjblogs-gateway/pom.xml
+++ b/zyjblogs-gateway/pom.xml
@ -86,10 +86,10 @@
 <!--            <groupId>org.springframework.security.oauth.boot</groupId>-->
 <!--            <artifactId>spring-security-oauth2-autoconfigure</artifactId>-->
 <!--        </dependency>-->
-        <dependency>
-            <groupId>org.springframework.cloud</groupId>
-            <artifactId>spring-cloud-starter-oauth2</artifactId>
-        </dependency>
+<!--        <dependency>-->
+<!--            <groupId>org.springframework.cloud</groupId>-->
+<!--            <artifactId>spring-cloud-starter-oauth2</artifactId>-->
+<!--        </dependency>-->
        <dependency>
            <groupId>cn.zyjblogs.starter</groupId>
            <artifactId>zyjblogs-common-spring-boot-starter</artifactId>
--- a/zyjblogs-gateway/src/main/java/cn/zyjblogs/gateway/filter/AuthFilter.java
+++ b/zyjblogs-gateway/src/main/java/cn/zyjblogs/gateway/filter/AuthFilter.java
@ -1,11 +1,17 @@
 package cn.zyjblogs.gateway.filter;

 import cn.zyjblogs.common.entity.constant.HttpHeaderConstant;
+import cn.zyjblogs.common.entity.context.BaseContextHandler;
+import cn.zyjblogs.common.entity.dto.ContextDto;
+import cn.zyjblogs.common.entity.jwt.OauthClaims;
 import cn.zyjblogs.common.entity.response.ResponseObject;
 import cn.zyjblogs.common.entity.response.ResponseResult;
 import cn.zyjblogs.common.entity.response.ResponseStatus;
 import com.fasterxml.jackson.core.JsonProcessingException;
 import com.fasterxml.jackson.databind.ObjectMapper;
+import io.jsonwebtoken.Claims;
+import io.jsonwebtoken.Jwt;
+import io.jsonwebtoken.Jwts;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.boot.context.properties.EnableConfigurationProperties;
@ -43,7 +49,7 @@ import java.util.List;
 public class AuthFilter implements GlobalFilter {
    private final WhiteListProperties whiteListProperties;
    private AntPathMatcher antPathMatcher = new AntPathMatcher();
-
+    private String SIGNING_KEY="zyjblogs123";

    @Override
    public Mono<Void> filter(ServerWebExchange exchange, GatewayFilterChain chain) {
@ -98,6 +104,8 @@ public class AuthFilter implements GlobalFilter {
            return false;
        }
        String jwt = token.replace(HttpHeaderConstant.AUTHORIZATION_TYPE + " ", "");
+        OauthClaims body = (OauthClaims) Jwts.parser().setSigningKey(SIGNING_KEY).parseClaimsJws(jwt).getBody();
+        BaseContextHandler.set(ContextDto.builder().token(jwt).userId(body.getUserId()).username(body.getUsername()).build());
        return true;
    }

--- a/zyjblogs-oauth/pom.xml
+++ b/zyjblogs-oauth/pom.xml
@ -78,6 +78,12 @@
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-data-redis</artifactId>
        </dependency>
+        <dependency>
+            <groupId>cn.zyjblogs.starter</groupId>
+            <artifactId>zyjblogs-common-spring-boot-starter</artifactId>
+            <version>${zyjblogs.version}</version>
+            <scope>compile</scope>
+        </dependency>
    </dependencies>
    <build>
        <plugins>
--- a/zyjblogs-oauth/src/main/java/cn/zyjblogs/oauth/config/security/AuthorizationServerConfiguration.java
+++ b/zyjblogs-oauth/src/main/java/cn/zyjblogs/oauth/config/security/AuthorizationServerConfiguration.java
@ -44,6 +44,7 @@ public class AuthorizationServerConfiguration extends AuthorizationServerConfigu
    private final JwtAccessTokenConverter accessTokenConverter;
    private final PasswordEncoder passwordEncoder;
    private final DataSource dataSource;
+    private final JwtTokenEnhancer jwtTokenEnhancer;
    /**
     * 令牌端点的安全约束
     *
@ -56,7 +57,7 @@ public class AuthorizationServerConfiguration extends AuthorizationServerConfigu
        security
                //允许匿名访问端点：url:/oauth/token_key
                .tokenKeyAccess("permitAll()")
-                .checkTokenAccess("permitAll()")
+                .checkTokenAccess("isAuthenticated()")
                //TODO 待处理令牌访问安全
                //允许匿名访问端点：url:/oauth/check_token
 //                .checkTokenAccess("isAuthenticated()")
@ -83,12 +84,14 @@ public class AuthorizationServerConfiguration extends AuthorizationServerConfigu
     */
    @Override
    public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
+
        endpoints.
                //密码模式
                authenticationManager(authenticationManager)
                //授权码模式
                .authorizationCodeServices(authorizationCodeServices(dataSource))
                .tokenServices(tokenServices())
+                .accessTokenConverter(accessTokenConverter)
                //允许表单认证
                .allowedTokenEndpointRequestMethods(HttpMethod.POST);
    }
@ -107,8 +110,9 @@ public class AuthorizationServerConfiguration extends AuthorizationServerConfigu
        tokenServices.setSupportRefreshToken(true);
        //令牌储存策略
        tokenServices.setTokenStore(tokenStore);
-        tokenServices.setTokenEnhancer(accessTokenConverter);
-
+        TokenEnhancerChain enhancerChain = new TokenEnhancerChain();
+        enhancerChain.setTokenEnhancers(List.of(jwtTokenEnhancer,accessTokenConverter));
+        tokenServices.setTokenEnhancer(enhancerChain);
        //令牌默认有效期
        tokenServices.setAccessTokenValiditySeconds(7200);
        //刷新令牌默认有效期3天
--- a/zyjblogs-oauth/src/main/java/cn/zyjblogs/oauth/config/security/JwtTokenConfig.java
+++ b/zyjblogs-oauth/src/main/java/cn/zyjblogs/oauth/config/security/JwtTokenConfig.java
@ -11,7 +11,7 @@ import org.springframework.security.oauth2.provider.token.store.JwtTokenStore;
 * @author zhuyijun
 */
@Configuration
-public class TokenConfig {
+public class JwtTokenConfig {
    private String SIGNING_KEY="zyjblogs123";
    /**
     * 令牌存储策略
--- a/zyjblogs-oauth/src/main/java/cn/zyjblogs/oauth/config/security/JwtTokenEnhancer.java
+++ b/zyjblogs-oauth/src/main/java/cn/zyjblogs/oauth/config/security/JwtTokenEnhancer.java
@ -0,0 +1,39 @@
+package cn.zyjblogs.oauth.config.security;
+
+import cn.zyjblogs.common.entity.constant.ContextKeyConstant;
+import cn.zyjblogs.oauth.server.user.po.OauthUserDetails;
+import org.springframework.security.oauth2.common.DefaultOAuth2AccessToken;
+import org.springframework.security.oauth2.common.OAuth2AccessToken;
+import org.springframework.security.oauth2.provider.OAuth2Authentication;
+import org.springframework.security.oauth2.provider.token.TokenEnhancer;
+import org.springframework.stereotype.Component;
+
+import java.util.HashMap;
+import java.util.Map;
+
+/**
+ * jwt内容增强器
+ * @author zhuyijun
+ */
+@Component
+public class JwtTokenEnhancer implements TokenEnhancer {
+    /**
+     *  token增强
+     * @param oAuth2AccessToken
+     * @param authentication
+    * @author zhuyijun
+    * @date 2022/8/18 下午8:51
+    * @return org.springframework.security.oauth2.common.OAuth2AccessToken
+    */
+    @Override
+    public OAuth2AccessToken enhance(OAuth2AccessToken oAuth2AccessToken, OAuth2Authentication authentication) {
+        OauthUserDetails authUser = (OauthUserDetails) authentication.getPrincipal();
+        final Map<String, Object> additionalInfo = new HashMap<>(4);
+        // 注意添加的额外信息，不能和已有的json对象中的key重名
+        additionalInfo.put(ContextKeyConstant.USER_ID_KEY, authUser.getId());
+        additionalInfo.put(ContextKeyConstant.USERNAME_KEY, authUser.getUsername());
+        ((DefaultOAuth2AccessToken) oAuth2AccessToken).setAdditionalInformation(additionalInfo);
+        return oAuth2AccessToken;
+
+    }
+}
--- a/zyjblogs-oauth/src/main/java/cn/zyjblogs/oauth/config/security/OauthAuthenticationProvider.java
+++ b/zyjblogs-oauth/src/main/java/cn/zyjblogs/oauth/config/security/OauthAuthenticationProvider.java
@ -0,0 +1,19 @@
+package cn.zyjblogs.oauth.config.security;
+
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.stereotype.Component;
+
+/**
+ * @author zhuyijun
+ */
+//@Component("oauthAuthenticationProvider")
+//public class OauthAuthenticationProvider extends DaoAuthenticationProvider {
+//
+//    @Override
+//    protected void additionalAuthenticationChecks(UserDetails userDetails, UsernamePasswordAuthenticationToken authentication) throws AuthenticationException {
+//        super.additionalAuthenticationChecks(userDetails, authentication);
+//    }
+//}
--- a/zyjblogs-oauth/src/main/java/cn/zyjblogs/oauth/config/security/WebSecurityConfiguration.java
+++ b/zyjblogs-oauth/src/main/java/cn/zyjblogs/oauth/config/security/WebSecurityConfiguration.java
@ -1,8 +1,11 @@
 package cn.zyjblogs.oauth.config.security;

+import cn.zyjblogs.oauth.server.user.service.impl.OauthUserDetailsServiceImpl;
+import lombok.RequiredArgsConstructor;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.builders.WebSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
@ -19,8 +22,11 @@ import javax.sql.DataSource;

@Configuration
@EnableWebSecurity
+@RequiredArgsConstructor
 public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {

+//    private final OauthUserDetailsServiceImpl oauthUserDetailsService;
+//    private final OauthAuthenticationProvider oauthAuthenticationProvider;
    /**
     * 密码编码解码
     *
@ -44,6 +50,13 @@ public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {
        return super.authenticationManagerBean();
    }

+//    @Override
+//    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+//        auth.authenticationProvider(oauthAuthenticationProvider)
+//                .userDetailsService(oauthUserDetailsService)
+//                .passwordEncoder(passwordEncoder());
+//    }
+
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.csrf().disable();
--- a/zyjblogs-oauth/src/main/java/cn/zyjblogs/oauth/server/user/po/OauthUserDetails.java
+++ b/zyjblogs-oauth/src/main/java/cn/zyjblogs/oauth/server/user/po/OauthUserDetails.java
@ -11,6 +11,7 @@ import lombok.Setter;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.userdetails.UserDetails;

+import java.io.Serializable;
 import java.util.Collection;
 import java.util.Set;

@ -21,7 +22,7 @@ import java.util.Set;
@AllArgsConstructor
@NoArgsConstructor
@Builder
-public class OauthUserDetails implements UserDetails {
+public class OauthUserDetails implements UserDetails, Serializable {
    private String id;

    private String username;
@ -44,6 +45,91 @@ public class OauthUserDetails implements UserDetails {
    private boolean accountNonLocked = true;
    private boolean credentialsNonExpired = true;
    private boolean enabled = true;
+
+    public String getId() {
+        return id;
+    }
+
+    public void setId(String id) {
+        this.id = id;
+    }
+
+    public void setUsername(String username) {
+        this.username = username;
+    }
+
+    public String getName() {
+        return name;
+    }
+
+    public void setName(String name) {
+        this.name = name;
+    }
+
+    public void setPassword(String password) {
+        this.password = password;
+    }
+
+    public Integer getPhone() {
+        return phone;
+    }
+
+    public void setPhone(Integer phone) {
+        this.phone = phone;
+    }
+
+    public String getEmail() {
+        return email;
+    }
+
+    public void setEmail(String email) {
+        this.email = email;
+    }
+
+    public String getInviteUserId() {
+        return inviteUserId;
+    }
+
+    public void setInviteUserId(String inviteUserId) {
+        this.inviteUserId = inviteUserId;
+    }
+
+    public Integer getStatus() {
+        return status;
+    }
+
+    public void setStatus(Integer status) {
+        this.status = status;
+    }
+
+    public Integer getDeleted() {
+        return deleted;
+    }
+
+    public void setDeleted(Integer deleted) {
+        this.deleted = deleted;
+    }
+
+    public void setAuthorities(Collection<GrantedAuthority> authorities) {
+        this.authorities = authorities;
+    }
+
+    public void setAccountNonExpired(boolean accountNonExpired) {
+        this.accountNonExpired = accountNonExpired;
+    }
+
+    public void setAccountNonLocked(boolean accountNonLocked) {
+        this.accountNonLocked = accountNonLocked;
+    }
+
+    public void setCredentialsNonExpired(boolean credentialsNonExpired) {
+        this.credentialsNonExpired = credentialsNonExpired;
+    }
+
+    public void setEnabled(boolean enabled) {
+        this.enabled = enabled;
+    }
+
    @Override
    public Collection<? extends GrantedAuthority> getAuthorities() {
        return authorities;
--- a/zyjblogs-oauth/src/main/java/cn/zyjblogs/oauth/server/user/service/impl/OauthUserDetailsServiceImpl.java
+++ b/zyjblogs-oauth/src/main/java/cn/zyjblogs/oauth/server/user/service/impl/OauthUserDetailsServiceImpl.java
@ -15,7 +15,10 @@ import org.springframework.stereotype.Service;

 import java.util.List;

-@Service
+/**
+ * @author zhuyijun
+ */
+@Service("oauthUserDetailsService")
@RequiredArgsConstructor
 public class OauthUserDetailsServiceImpl implements UserDetailsService {
    private final UserService userService;