7 jaren geleden · 10b0728ab9
--- a/base/common-security/readme.MD
+++ b/base/common-security/readme.MD
@ -1,12 +1,23 @@
 
				**授权码模式:(一般开放API用)**
			
 
				
			
 
				注:
			
 
				    1. 获取客户端的实现逻辑结合自己的客户端用户体系实现 （com.yihu.base.security.rbas.ClientServiceProvider）
			
 
				第一步
			
 
				获取code
			
 
				http://localhost:8060/oauth/authorize?response_type=code&client_id=cwd&redirect_uri=http://example.com&scope=all
			
 
				参数说明：
			
 
				response_type=code 固定
			
 
				scope=all 固定
			
 
				client_id=cwd 根据用户表中自己定义的填写
			
 
				redirect_uri=http://example.com 根据用户表中自己定义的填写
			
 
				
			
 
				第二步 
			
 
				获取token post请求
			
 
				http://localhost:8060/oauth/token
			
 
				header:  Basic {appid}:{appsecuri} 加密  例如 Basic Y3dkOmN3ZA==
			
 
				  
			
 
				{
			
 
				     "grant_type":"authorization_code",  
			
 
				     "grant_type":"authorization_code", 授权模式固定
			
 
				     "client_id":"cwd",
			
 
				     "code":"第一步请求获取的code",
			
 
				     "redirect_uri":"http://example.com",
			
@ -14,14 +25,18 @@ header:  Basic {appid}:{appsecuri} 加密  例如 Basic Y3dkOmN3ZA==
 
				}
			
 
				返回值
			
 
				{
			
 
				    "access_token":"bd677e24-2de5-4862-a5e1-8f90a074db42",
			
 
				    "access_token":"bd677e24-2de5-4862-a5e1-8f90a074db42",   默认2小时过期时间 可以配置 ，由于每次请求都需要验证access_token，所以access_token存储在redis
			
 
				    "token_type":"bearer",
			
 
				    "refresh_token":"1427b997-ef94-4061-8940-c71da6549acd",
			
 
				    "refresh_token":"1427b997-ef94-4061-8940-c71da6549acd",  默认2小时过期时间 可以配置 
			
 
				    "expires_in":43199,
			
 
				    "scope":"all"
			
 
				}
			
 
				
			
 
				**密码模式（一般自己公司系统用）**
			
 
				
			
 
				注:  
			
 
				    1. 获取用户的实现逻辑结合自己的用户体系实现 （org.springframework.security.core.userdetails.UserDetailsService）
			
 
				    
			
 
				获取token post请求
			
 
				http://localhost:8060/oauth/token
			
 
				header:  Basic {appid}:{appsecuri} 加密  例如 Basic Y3dkOmN3ZA==
			
@ -42,7 +57,7 @@ header:  Basic {appid}:{appsecuri} 加密  例如 Basic Y3dkOmN3ZA==
 
				    "scope":"all"
			
 
				}
			
 
				
			
 
				**刷新token **
			
 
				**刷新token**
			
 
				获取token post请求
			
 
				http://localhost:8060/oauth/token
			
 
				header:  Basic {appid}:{appsecuri} 加密  例如 Basic Y3dkOmN3ZA==
			
@ -69,6 +84,8 @@ http://localhost:8060/authentication/form
 
				
			
 
				header:  Basic {appid}:{appsecuri} 加密  例如 Basic Y3dkOmN3ZA==
			
 
				
			
 
				注:  
			
 
				    1. 获取用户的实现逻辑结合自己的用户体系实现 （org.springframework.security.core.userdetails.UserDetailsService）
			
 
				body
			
 
				{
			
 
				    "username":"test",
			
@ -87,6 +104,11 @@ body
 
				**自定义手机号短信验证码登陆**
			
 
				
			
 
				获取短信
			
 
				注:  
			
 
				    1. 短信验证码默认存在redis中(不可配置)
			
 
				   2. 短信超时时间1分钟(可配置)
			
 
				   3. 手机号码验证规则可自定义(实现接口com.yihu.base.security.sms.mobile.MobileCheck)
			
 
				   4. 短信发送器必须自己实现(实现接口com.yihu.base.security.sms.sender.SmsCodeSender)
			
 
				GET
			
 
				http://localhost:8060/code/sms
			
 
				
			
@ -98,6 +120,8 @@ body
 
				
			
 
				POST
			
 
				http://localhost:8060/authentication/mobile
			
 
				注:  
			
 
				    1. 短信登陆成功验证码会删除
			
 
				
			
 
				header:  Basic {appid}:{appsecuri} 加密  例如 Basic Y3dkOmN3ZA==
			
 
				
			
--- a/base/common-security/src/main/java/com.yihu.base.security/config/AuthorizationServerConfig.java
+++ b/base/common-security/src/main/java/com.yihu.base.security/config/AuthorizationServerConfig.java
@ -13,6 +13,8 @@ import org.springframework.data.redis.connection.RedisConnectionFactory;
 
				import org.springframework.security.authentication.AuthenticationManager;
			
 
				import org.springframework.security.core.userdetails.UserDetailsService;
			
 
				import org.springframework.security.crypto.password.PasswordEncoder;
			
 
				import org.springframework.security.oauth2.common.DefaultOAuth2AccessToken;
			
 
				import org.springframework.security.oauth2.common.OAuth2AccessToken;
			
 
				import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
			
 
				import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
			
 
				import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
			
@ -52,6 +54,7 @@ public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdap
 
				    @Override
			
 
				    public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
			
 
				        security.passwordEncoder(passwordEncoder);
			
 
				
			
 
				    }
			
 
				
			
 
				    @Override
			
@ -104,6 +107,7 @@ public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdap
 
				    TokenStore tokenStore() {
			
 
				        RedisTokenStore redisTokenStore = new RedisTokenStore(redisConnectionFactory);
			
 
				        redisTokenStore.setPrefix(SecurityProperties.prefix_accesstoken);
			
 
				
			
 
				        return redisTokenStore;
			
 
				    }
			
 
				}
			
--- a/base/common-security/src/main/java/com.yihu.base.security/properties/AccessTokenPorperties.java
+++ b/base/common-security/src/main/java/com.yihu.base.security/properties/AccessTokenPorperties.java
@ -9,12 +9,14 @@ import org.springframework.stereotype.Component;
 
				 */
			
 
				@Component
			
 
				public class AccessTokenPorperties {
			
 
				    @Value("${security.oauth2.token.accessTokenValidityHours}")
			
 
				    private Integer accessTokenValidityHours = 2; //accesstoken超时时间
			
 
				    @Value("${security.oauth2.token.accessTokenValidityHours:2}")
			
 
				    private Integer accessTokenValidityHours ; //accesstoken超时时间
			
 
				
			
 
				    @Value("${security.oauth2.token.refreshTokenValidityHours}")
			
 
				    private Integer refreshTokenValidityHours = 2;//刷新token过期时间
			
 
				    @Value("${security.oauth2.token.refreshTokenValidityHours:2}")
			
 
				    private Integer refreshTokenValidityHours ;//刷新token过期时间
			
 
				
			
 
				    @Value("${security.oauth2.token.tokenType:accessToken}")
			
 
				    private String tokenType;
			
 
				
			
 
				    public Integer getAccessTokenValidityHours() {
			
 
				        return accessTokenValidityHours;
			
@ -31,4 +33,12 @@ public class AccessTokenPorperties {
 
				    public void setRefreshTokenValidityHours(Integer refreshTokenValidityHours) {
			
 
				        this.refreshTokenValidityHours = refreshTokenValidityHours;
			
 
				    }
			
 
				
			
 
				    public String getTokenType() {
			
 
				        return tokenType;
			
 
				    }
			
 
				
			
 
				    public void setTokenType(String tokenType) {
			
 
				        this.tokenType = tokenType;
			
 
				    }
			
 
				}
			
--- a/base/common-security/src/main/java/com.yihu.base.security/properties/SmsValidateProperties.java
+++ b/base/common-security/src/main/java/com.yihu.base.security/properties/SmsValidateProperties.java
@ -10,10 +10,10 @@ import org.springframework.stereotype.Component;
 
				@Component
			
 
				public class SmsValidateProperties {
			
 
				
			
 
				    @Value("${security.oauth2.sms.expireIn}")
			
 
				    @Value("${security.oauth2.sms.expireIn:1}")
			
 
				    private Integer expireIn = 1; //短信验证码过期时间
			
 
				
			
 
				    @Value("${security.oauth2.sms.length}")
			
 
				    @Value("${security.oauth2.sms.length:6}")
			
 
				    private Integer length = 6; //短信验证码过期时间
			
 
				
			
 
				    public Integer getExpireIn() {
			
--- a/base/common-security/src/main/resources/template.yml
+++ b/base/common-security/src/main/resources/template.yml
@ -35,6 +35,7 @@ security:
 
				    token:
			
 
				      accessTokenValidityHours: 2 # 2小时
			
 
				      refreshTokenValidityHours: 2 # 2小时
			
 
				      tokenType: accessToken
			
 
				    sms:
			
 
				      expireIn: 1 ##1分钟
			
 
				      expireIn: 1 ##1分钟过期
			
 
				      length: 6 #验证码长度
			
--- a/server/svr-discovery/src/main/resources/application.yml
+++ b/server/svr-discovery/src/main/resources/application.yml
@ -14,6 +14,11 @@ eureka:
 
				    registry-fetch-interval-seconds: 30 #定期的更新客户端的服务清单 30秒更新一次
			
 
				    fetch-registry: false #如果是做高可用的发现服务那就要改成true
			
 
				
			
 
				  server:
			
 
				    enable-self-preservation: true  ##是否开启自我保护模式，默认为true。
			
 
				    eviction-interval-timer-in-ms: 60000 ##eureka server清理无效节点的时间间隔，默认60000毫秒，即60秒
			
 
				
			
 
				
			
 
				
			
 
				#eurika界面的账号密码
			
 
				security:
			
--- a/svr/svr-demo/readme.MD
+++ b/svr/svr-demo/readme.MD
@ -1,88 +0,0 @@
 
				**授权码模式:(一直开放API用)**
			
 
				获取code
			
 
				http://localhost:8060/oauth/authorize?response_type=code&client_id=cwd&redirect_uri=http://example.com&scope=all
			
 
				获取token post请求
			
 
				http://localhost:8060/oauth/token
			
 
				header:  Basic {appid}:{appsecuri} 加密  例如 Basic Y3dkOmN3ZA==
			
 
				  
			
 
				{
			
 
				     "grant_type":"authorization_code",  
			
 
				     "client_id":"cwd",
			
 
				     "code":"第一步请求获取的code",
			
 
				     "redirect_uri":"http://example.com",
			
 
				     "scope":"all"
			
 
				}
			
 
				返回值
			
 
				{
			
 
				    "access_token":"bd677e24-2de5-4862-a5e1-8f90a074db42",
			
 
				    "token_type":"bearer",
			
 
				    "refresh_token":"1427b997-ef94-4061-8940-c71da6549acd",
			
 
				    "expires_in":43199,
			
 
				    "scope":"all"
			
 
				}
			
 
				
			
 
				**密码模式（一般自己公司系统用）**
			
 
				获取token post请求
			
 
				http://localhost:8060/oauth/token
			
 
				header:  Basic {appid}:{appsecuri} 加密  例如 Basic Y3dkOmN3ZA==
			
 
				  
			
 
				{
			
 
				     "grant_type":"password",  
			
 
				     "username":"jojo",
			
 
				     "password":"123456",
			
 
				     "scope":"all"
			
 
				}
			
 
				
			
 
				返回值
			
 
				{
			
 
				    "access_token":"630e2ccc-a5ce-4486-a855-ba755eb3d0d2",
			
 
				    "token_type":"bearer",
			
 
				    "refresh_token":"bbb36b54-61b2-4d86-aed3-91c5135174c3",
			
 
				    "expires_in":43199,
			
 
				    "scope":"all"
			
 
				}
			
 
				
			
 
				**刷新token **
			
 
				获取token post请求
			
 
				http://localhost:8060/oauth/token
			
 
				header:  Basic {appid}:{appsecuri} 加密  例如 Basic Y3dkOmN3ZA==
			
 
				  
			
 
				{
			
 
				     "grant_type":"refresh_token",
			
 
				     "refresh_token":"all"
			
 
				}
			
 
				
			
 
				返回值
			
 
				{
			
 
				    "access_token":"630e2ccc-a5ce-4486-a855-ba755eb3d0d2",
			
 
				    "token_type":"bearer",
			
 
				    "refresh_token":"bbb36b54-61b2-4d86-aed3-91c5135174c3",
			
 
				    "expires_in":43199,
			
 
				    "scope":"all"
			
 
				}
			
 
				
			
 
				
			
 
				
			
 
				**自定义账号密码登陆**
			
 
				POST
			
 
				http://localhost:8060/authentication/form
			
 
				header
			
 
				Authorization  Basic Y3dkOmN3ZA==
			
 
				
			
 
				body
			
 
				{
			
 
				    "username":"test",
			
 
				    "password":"123456"
			
 
				}
			
 
				
			
 
				
			
 
				
			
 
				**自定义手机号短信验证码登陆**
			
 
				
			
 
				
			
 
				**访问方式**
			
 
				http://localhost:8060/user
			
 
				header 
			
 
				{
			
 
				"Authorization":"bearer 5fe6b2c3-f69c-4ddc-a36a-367cdf9479a3"      即 bearer accesstoken
			
 
				}
			
--- a/svr/svr-demo/src/main/resources/application.yml
+++ b/svr/svr-demo/src/main/resources/application.yml
@ -41,11 +41,4 @@ quartz:
 
				  overwriteExistingJobs: true ##是否覆盖job
			
 
				
			
 
				
			
 
				security:
			
 
				  oauth2:
			
 
				    token:
			
 
				      accessTokenValidityHours: 2 # 2小时
			
 
				      refreshTokenValidityHours: 2 # 2小时
			
 
				    sms:
			
 
				      expireIn: 1 ##1分钟
			
 
				      length: 6 #验证码长度