代码重构

server/svr-oauth2/pom.xml

@@ -0,0 +1,23 @@
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
    <modelVersion>4.0.0</modelVersion>
    <parent>
        <groupId>com.yihu.jw</groupId>
        <artifactId>svr-lib-parent-pom</artifactId>
        <version>1.0.0</version>
        <relativePath>../../svr-lib-parent-pom/pom.xml</relativePath>
    </parent>
    <groupId>com.yihu.jw</groupId>
    <artifactId>svr-oauth2</artifactId>
    <version>1.0.0</version>
    <dependencies>
        <dependency>
            <groupId>org.springframework.cloud</groupId>
            <artifactId>spring-cloud-starter-oauth2</artifactId>
        </dependency>
    </dependencies>
</project>

server/svr-oauth2/readme.MD

@@ -0,0 +1,2 @@
例子
http://localhost:8080/oauth/authorize?response_type=code&client_id=48f2c2f5-951d-48c8-af98-681f788f662e&redirect_uri=http://examle.com&scope=all

server/svr-oauth2/src/main/java/com/yihu/oauth2/OAuth2Application.java

@@ -0,0 +1,15 @@
package com.yihu.oauth2;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
/**
 * Created by chenweida on 2017/11/28.
 */
@SpringBootApplication
public class OAuth2Application {
    public static void main(String[] args) {
        SpringApplication.run(OAuth2Application.class, args);
    }
}

server/svr-oauth2/src/main/java/com/yihu/oauth2/config/AuthorizationConfig.java

@@ -0,0 +1,73 @@
package com.yihu.oauth2.config;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
import org.springframework.security.oauth2.provider.ClientDetails;
import org.springframework.security.oauth2.provider.ClientDetailsService;
import org.springframework.security.oauth2.provider.client.BaseClientDetails;
import org.springframework.security.oauth2.provider.client.JdbcClientDetailsService;
import org.springframework.security.oauth2.provider.token.TokenStore;
import org.springframework.security.oauth2.provider.token.store.JdbcTokenStore;
import javax.sql.DataSource;
import java.util.HashSet;
import java.util.LinkedList;
import java.util.Set;
/**
 * Created by chenweida on 2017/11/28.
 */
@Configuration
@EnableAuthorizationServer  //开启授权服务器
public class AuthorizationConfig {
    /**
     * token使用jdbc存储
     * @param dataSource
     * @return
     */
    @Bean
    public TokenStore createTokenStore(DataSource dataSource){
        return new JdbcTokenStore(dataSource);
    }
    @Bean
    public ClientDetailsService createClientDetailsService(
            @Qualifier("myDefaultBaseClientDetails")ClientDetails clientDetails,
            DataSource dataSource){
        JdbcClientDetailsService jdbcClientDetailsService = new JdbcClientDetailsService(dataSource);
        jdbcClientDetailsService.addClientDetails(clientDetails);
        return jdbcClientDetailsService;
    }
    @Bean(name = "myDefaultBaseClientDetails")
    public BaseClientDetails createBaseClientDetails(){
        BaseClientDetails baseClientDetails = new BaseClientDetails();
        baseClientDetails.setClientId("whc_client_id");
        baseClientDetails.setClientSecret("whc_client_secret");
        LinkedList<String> scope = new LinkedList<String>();
        scope.add("whc");
        baseClientDetails.setScope(scope);
        Set<String> registeredRedirectUris = new HashSet<String>();
        registeredRedirectUris.add("http://localhost:8080/test");
        baseClientDetails.setRegisteredRedirectUri(registeredRedirectUris);
        LinkedList<String> grant_types = new LinkedList<String>();
        grant_types.add("client_credentials");
        baseClientDetails.setAuthorizedGrantTypes(grant_types);
        baseClientDetails.setAccessTokenValiditySeconds(24 * 60 * 60);
        baseClientDetails.setRefreshTokenValiditySeconds(48 * 60 * 60);
        LinkedList<String> autoApproveScopes = new LinkedList<String>();
        autoApproveScopes.add("whc");
        baseClientDetails.setAutoApproveScopes(autoApproveScopes);
        return baseClientDetails;
    }
}

server/svr-oauth2/src/main/java/com/yihu/oauth2/config/ResourceConfig.java

@@ -0,0 +1,14 @@
package com.yihu.oauth2.config;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
/**
 * Created by chenweida on 2017/11/28.
 */
@Configuration
@EnableResourceServer  //开启资源服务器
public class ResourceConfig {
}

server/svr-oauth2/src/main/resources/application.yml

@@ -0,0 +1,15 @@
spring:
  application:
    name: svr-oauth2
---
spring:
  profiles: jwdev
---
spring:
  profiles: jwtest
---
spring:
  profiles: jwprod

svr-lib-parent-pom/pom.xml

@@ -32,6 +32,7 @@
        <module>../server/svr-discovery</module><!--发现服务-->
        <module>../server/svr-dashboard</module><!--监控服务-->
        <module>../server/svr-logServer</module><!--分布式追踪服务-->
        <module>../server/svr-oauth2</module><!--授权认证服务器-->
        <!--业务微服务-->
        <module>../svr/svr-base</module><!--基础微服务-->
@@ -233,6 +234,11 @@
                <artifactId>spring-cloud-starter-sleuth</artifactId>
                <version>${version.springCloud.start}</version>
            </dependency>
            <dependency>
                <groupId>org.springframework.cloud</groupId>
                <artifactId>spring-cloud-starter-oauth2</artifactId>
                <version>${version.springCloud.start}</version>
            </dependency>
            <!--springCloud end-->
            <!--springBoot start-->

svr/svr-demo/pom.xml

@@ -30,5 +30,9 @@
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-test</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.cloud</groupId>
            <artifactId>spring-cloud-starter-oauth2</artifactId>
        </dependency>
    </dependencies>
</project>

svr/svr-demo/src/main/java/com/yihu/jw/config/BaseAuthenticationFailureHandler.java

@@ -0,0 +1,31 @@
package com.yihu.jw.config;
import org.codehaus.jackson.map.ObjectMapper;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
import org.springframework.stereotype.Component;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
/**
 * Created by chenweida on 2017/11/29.
 * 认证失败之后的处理
 */
@Component
public class BaseAuthenticationFailureHandler extends SimpleUrlAuthenticationFailureHandler {
    private ObjectMapper objectMapper=new ObjectMapper();
    @Override
    public void onAuthenticationFailure(HttpServletRequest request,
                                        HttpServletResponse response,
                                        AuthenticationException authenticationException) throws IOException, ServletException {
        System.out.println("认证失败");
        response.setContentType("application/json;charset=UTF-8");
        response.getWriter().write(objectMapper.writeValueAsString(authenticationException));
    }
}

svr/svr-demo/src/main/java/com/yihu/jw/config/BaseAuthenticationSuccessHandler.java

@@ -0,0 +1,35 @@
package com.yihu.jw.config;
import org.codehaus.jackson.map.ObjectMapper;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.Authentication;
import org.springframework.security.oauth2.provider.OAuth2Request;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler;
import org.springframework.stereotype.Component;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
/**
 * Created by chenweida on 2017/11/29.
 * 认证成功之后的处理
 */
@Component
public class BaseAuthenticationSuccessHandler extends SimpleUrlAuthenticationSuccessHandler {
    private ObjectMapper objectMapper=new ObjectMapper();
    @Override
    public void onAuthenticationSuccess(
            HttpServletRequest request,
            HttpServletResponse response,
            Authentication authentication) throws IOException, ServletException {
        System.out.println("认证成功");
        //OAuth2Request oAuth2Request=new OAuth2Request();
        response.setContentType("application/json;charset=UTF-8");
        response.getWriter().write(objectMapper.writeValueAsString(authentication));
    }
}

svr/svr-demo/src/main/java/com/yihu/jw/config/Oauth2Config.java

@@ -0,0 +1,15 @@
package com.yihu.jw.config;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
/**
 * Created by chenweida on 2017/11/29.
 */
@Configuration
@EnableAuthorizationServer  //开启授权服务器
@EnableResourceServer  //开启资源服务器
public class Oauth2Config {
}

svr/svr-demo/src/main/java/com/yihu/jw/config/SecurityConfig.java

@@ -0,0 +1,87 @@
package com.yihu.jw.config;
import com.yihu.jw.service.UserService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.servlet.configuration.EnableWebMvcSecurity;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
/**
 * Created by chenweida on 2017/11/29.
 */
@EnableWebMvcSecurity
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {
    @Autowired
    private UserService userService;
    @Autowired
    private BaseAuthenticationSuccessHandler baseAuthenticationSuccessHandler;
    @Autowired
    private BaseAuthenticationFailureHandler baseAuthenticationFailureHandler;
    /**
     * 处理用户密码加密解密
     * 密码加密工具类 验证密码使用 項目中使用要根據自己項目中的加密規則自定義
     *
     * @return
     */
    @Bean
    PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }
    /**
     * HttpSecurity：一般用它来具体控制权限，角色，url等安全的东西。
     *
     * @param http
     * @throws Exception
     */
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
                .formLogin()
                .loginPage("/denglu.html") //自定义登陆页面
                .loginProcessingUrl("/authentication/form") //登陆页面的请求路径
                .usernameParameter("username") //登陆页面的usernma
                .passwordParameter("password") //登陆页面的password
                .successHandler(baseAuthenticationSuccessHandler) //认证成功之后的处理
                .failureHandler(baseAuthenticationFailureHandler) //认证失败之后的处理
                .and()
                .authorizeRequests()
                .antMatchers("/denglu.html", "/authentication/form").permitAll() ///denglu.html 不用认证
                .anyRequest().authenticated() //其他请求需要验证
                .and()
                .sessionManagement()  //session 管理器
                .and()
                .userDetailsService(userService)  //自定义用户认证
                .csrf().disable(); //关闭csrf （防止跨站请求仿造攻击）默认是开启的
    }
    /**
     * ：用来做登录认证的
     *
     * @param auth
     * @throws Exception
     */
    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.jdbcAuthentication();
    }
    /**
     * For example, if you wish to ignore certain requests
     *
     * @param web
     * @throws Exception
     */
    @Override
    public void configure(WebSecurity web) throws Exception {
        super.configure(web);
    }
}

svr/svr-demo/src/main/java/com/yihu/jw/model/MyUser.java

@@ -0,0 +1,74 @@
package com.yihu.jw.model;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;
import java.util.Collection;
/**
 * Created by chenweida on 2017/11/29.
 */
public class MyUser implements UserDetails {
    /**
     * 权限
     * @return
     */
    @Override
    public Collection<? extends GrantedAuthority> getAuthorities() {
        return null;
    }
    /**
     * 密码
     * @return
     */
    @Override
    public String getPassword() {
        return "123456";
    }
    /**
     * 账号
     * @return
     */
    @Override
    public String getUsername() {
        return "admin";
    }
    /**
     * 账号是否过期  false 过期 true 未过期
     * @return
     */
    @Override
    public boolean isAccountNonExpired() {
        return true;
    }
    /**
     * 账号是否冻结 false 冻结 true 未冻结
     * @return
     */
    @Override
    public boolean isAccountNonLocked() {
        return true;
    }
    /**
     * 密码是否过期 false 过期 true 未过期
     * @return
     */
    @Override
    public boolean isCredentialsNonExpired() {
        return true;
    }
    /**
     * 账号是否可用 false 可用 true 不可用
     * @return
     */
    @Override
    public boolean isEnabled() {
        return true;
    }
}

svr/svr-demo/src/main/java/com/yihu/jw/service/UserService.java

@@ -0,0 +1,48 @@
package com.yihu.jw.service;
import com.sun.javafx.scene.control.skin.VirtualFlow;
import com.yihu.jw.model.MyUser;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.stereotype.Service;
import java.util.ArrayList;
/**
 * Created by chenweida on 2017/11/29.
 * 处理用户校验
 */
@Service
public class UserService implements UserDetailsService {
    @Autowired
    private PasswordEncoder passwordEncoder;
    /**
     * 我们只需要把用户返回给spring-security 密码框架自己帮我们校验
     *
     * @param userName
     * @return
     * @throws UsernameNotFoundException
     */
    @Override
    public UserDetails loadUserByUsername(String userName) throws UsernameNotFoundException {
        if ("admin".equals(userName)) {
            System.out.printf("password:"+passwordEncoder.encode("123456"));
            return new User("admin",
                    "123456",
                    true,
                    true,
                    true,
                    true,
                    new ArrayList<>()  //权限
            );
        } else {
            throw new UsernameNotFoundException("用户不存在");
        }
    }
}

svr/svr-demo/src/main/resources/resources/bangdingweixin.html

@@ -0,0 +1,13 @@
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>登录</title>
</head>
<body>
	<h2>标准绑定页面</h2>
	<form action="/connect/weixin" method="post">
		<button type="submit">绑定微信</button>
	</form>
</body>
</html>

svr/svr-demo/src/main/resources/resources/denglu.html

@@ -0,0 +1,61 @@
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>登录</title>
</head>
<body>
	<h2>标准登录页面</h2>
	<h3>表单登录</h3>
	<form action="/authentication/form" method="post">
		<table>
			<tr>
				<td>用户名:</td> 
				<td><input type="text" name="username"></td>
			</tr>
			<tr>
				<td>密码:</td>
				<td><input type="password" name="password"></td>
			</tr>
			<tr>
				<td>图形验证码:</td>
				<td>
					<input type="text" name="imageCode">
					<img src="/code/image?width=200">
				</td>
			</tr>
			<tr>
				<td colspan='2'><input name="remember-me" type="checkbox" value="true" />记住我</td>
			</tr>
			<tr>
				<td colspan="2"><button type="submit">登录</button></td>
			</tr>
		</table>
	</form>
	
	<h3>短信登录</h3>
	<form action="/authentication/mobile" method="post">
		<table>
			<tr>
				<td>手机号:</td>
				<td><input type="text" name="mobile" value="13012345678"></td>
			</tr>
			<tr>
				<td>短信验证码:</td>
				<td>
					<input type="text" name="smsCode">
					<a href="/code/sms?mobile=13012345678">发送验证码</a>
				</td>
			</tr>
			<tr>
				<td colspan="2"><button type="submit">登录</button></td>
			</tr>
		</table>
	</form>
	<br>
	<h3>社交登录</h3>
	<a href="/qqLogin/callback.do">QQ登录</a>
	&nbsp;&nbsp;&nbsp;&nbsp;
	<a href="/qqLogin/weixin">微信登录</a>
</body>
</html>

svr/svr-demo/src/main/resources/resources/session/invalid.html

@@ -0,0 +1,10 @@
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>Session失效</title>
</head>
<body>
	<h2>session失效页面</h2>
</body>
</html>

svr/svr-demo/src/main/resources/resources/zhuce.html

@@ -0,0 +1,11 @@
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>登录</title>
</head>
<body>
	<h2>标准注册页面</h2>
	<h3>这是系统注册页面，请配置imooc.security.browser.signUpUrl属性来设置自己的注册页</h3>
</body>
</html>

web-gateway/pom.xml

@@ -35,10 +35,6 @@
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-web</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-security</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-data-jpa</artifactId>
@@ -59,6 +55,10 @@
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-actuator</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-security</artifactId>
        </dependency>
        <dependency>

web-gateway/src/main/java/com/yihu/jw/config/security/SecurityConfig.java

@@ -0,0 +1,49 @@
package com.yihu.jw.config.security;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
/**
 * Created by chenweida on 2017/11/29.
 */
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
    /**
     * HttpSecurity：一般用它来具体控制权限，角色，url等安全的东西。
     * @param http
     * @throws Exception
     */
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests()
                .anyRequest()
                .fullyAuthenticated()
                .and()
                .httpBasic()
                .and()
                .csrf().disable();
    }
    /**
     * ：用来做登录认证的
     * @param auth
     * @throws Exception
     */
    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        super.configure(auth);
    }
    /**
     * For example, if you wish to ignore certain requests
     * @param web
     * @throws Exception
     */
    @Override
    public void configure(WebSecurity web) throws Exception {
        super.configure(web);
    }
}

web-gateway/src/main/java/com/yihu/jw/controller/login/UserService.java

@@ -0,0 +1,18 @@
package com.yihu.jw.controller.login;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Service;
/**
 * Created by chenweida on 2017/11/29.
 * 获取用户信息
 */
@Service
public class UserService implements UserDetailsService {
    @Override
    public UserDetails loadUserByUsername(String s) throws UsernameNotFoundException {
        return null;
    }
}

web-gateway/src/main/java/com/yihu/jw/feign/base/user/EmployeeFeign.java

@@ -0,0 +1,20 @@
package com.yihu.jw.feign.base.user;
import com.yihu.jw.feign.fallbackfactory.base.base.SaasFeignFallbackFactory;
import com.yihu.jw.feign.fallbackfactory.base.user.EmployeeFeignFallbackFactory;
import com.yihu.jw.restmodel.CommonContants;
import com.yihu.jw.rm.base.BaseRequestMapping;
import org.springframework.cloud.netflix.feign.FeignClient;
import org.springframework.web.bind.annotation.RequestMapping;
/**
 * Created by chenweida on 2017/11/29.
 */
@FeignClient(
        name = CommonContants.svr_base // name值是eurika的实例名字
        ,fallbackFactory  = EmployeeFeignFallbackFactory.class
)
@RequestMapping(value = BaseRequestMapping.api_base_common)
public interface EmployeeFeign {
}

web-gateway/src/main/java/com/yihu/jw/feign/fallback/DemoFeignFallback.java

@@ -1,22 +0,0 @@
package com.yihu.jw.feign.fallback;
import com.yihu.jw.feign.DemoFeign;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.stereotype.Component;
import org.springframework.web.bind.annotation.RequestParam;
/**
 * Created by chenweida on 2017/5/13.
 */
@Component
public class DemoFeignFallback implements DemoFeign {
    private Logger logger = LoggerFactory.getLogger(DemoFeignFallback.class);
    @Override
    public String findByCode( @RequestParam(value = "code", required = true) String code) {
        logger.info("进入断路器");
        return "断路器启动";
    }
}

web-gateway/src/main/java/com/yihu/jw/feign/fallbackfactory/base/user/EmployeeFeignFallbackFactory.java

@@ -0,0 +1,14 @@
package com.yihu.jw.feign.fallbackfactory.base.user;
import com.yihu.jw.feign.base.user.EmployeeFeign;
import feign.hystrix.FallbackFactory;
/**
 * Created by chenweida on 2017/11/29.
 */
public class EmployeeFeignFallbackFactory  implements FallbackFactory<EmployeeFeign> {
    @Override
    public EmployeeFeign create(Throwable cause) {
        return null;
    }
}

web-gateway/src/main/resources/application.yml

@@ -14,6 +14,7 @@ feign:
    enabled: true
management:
  security:
    enabled: false  ##关闭 refresh的权限认证