преди 8 години · 1690e159e7
--- a/server/svr-oauth2/pom.xml
+++ b/server/svr-oauth2/pom.xml
@ -0,0 +1,23 @@
 
				<?xml version="1.0" encoding="UTF-8"?>
			
 
				<project xmlns="http://maven.apache.org/POM/4.0.0"
			
 
				         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
			
 
				         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
			
 
				    <modelVersion>4.0.0</modelVersion>
			
 
				    <parent>
			
 
				        <groupId>com.yihu.jw</groupId>
			
 
				        <artifactId>svr-lib-parent-pom</artifactId>
			
 
				        <version>1.0.0</version>
			
 
				        <relativePath>../../svr-lib-parent-pom/pom.xml</relativePath>
			
 
				    </parent>
			
 
				
			
 
				    <groupId>com.yihu.jw</groupId>
			
 
				    <artifactId>svr-oauth2</artifactId>
			
 
				    <version>1.0.0</version>
			
 
				
			
 
				    <dependencies>
			
 
				        <dependency>
			
 
				            <groupId>org.springframework.cloud</groupId>
			
 
				            <artifactId>spring-cloud-starter-oauth2</artifactId>
			
 
				        </dependency>
			
 
				    </dependencies>
			
 
				</project>
			
--- a/server/svr-oauth2/readme.MD
+++ b/server/svr-oauth2/readme.MD
@ -0,0 +1,2 @@
 
				例子
			
 
				http://localhost:8080/oauth/authorize?response_type=code&client_id=48f2c2f5-951d-48c8-af98-681f788f662e&redirect_uri=http://examle.com&scope=all
			
--- a/server/svr-oauth2/src/main/java/com/yihu/oauth2/OAuth2Application.java
+++ b/server/svr-oauth2/src/main/java/com/yihu/oauth2/OAuth2Application.java
@ -0,0 +1,15 @@
 
				package com.yihu.oauth2;
			
 
				
			
 
				import org.springframework.boot.SpringApplication;
			
 
				import org.springframework.boot.autoconfigure.SpringBootApplication;
			
 
				
			
 
				/**
			
 
				 * Created by chenweida on 2017/11/28.
			
 
				 */
			
 
				@SpringBootApplication
			
 
				public class OAuth2Application {
			
 
				
			
 
				    public static void main(String[] args) {
			
 
				        SpringApplication.run(OAuth2Application.class, args);
			
 
				    }
			
 
				}
			
--- a/server/svr-oauth2/src/main/java/com/yihu/oauth2/config/AuthorizationConfig.java
+++ b/server/svr-oauth2/src/main/java/com/yihu/oauth2/config/AuthorizationConfig.java
@ -0,0 +1,73 @@
 
				package com.yihu.oauth2.config;
			
 
				
			
 
				import org.springframework.beans.factory.annotation.Qualifier;
			
 
				import org.springframework.context.annotation.Bean;
			
 
				import org.springframework.context.annotation.Configuration;
			
 
				import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
			
 
				import org.springframework.security.oauth2.provider.ClientDetails;
			
 
				import org.springframework.security.oauth2.provider.ClientDetailsService;
			
 
				import org.springframework.security.oauth2.provider.client.BaseClientDetails;
			
 
				import org.springframework.security.oauth2.provider.client.JdbcClientDetailsService;
			
 
				import org.springframework.security.oauth2.provider.token.TokenStore;
			
 
				import org.springframework.security.oauth2.provider.token.store.JdbcTokenStore;
			
 
				
			
 
				import javax.sql.DataSource;
			
 
				import java.util.HashSet;
			
 
				import java.util.LinkedList;
			
 
				import java.util.Set;
			
 
				
			
 
				/**
			
 
				 * Created by chenweida on 2017/11/28.
			
 
				 */
			
 
				@Configuration
			
 
				@EnableAuthorizationServer  //开启授权服务器
			
 
				public class AuthorizationConfig {
			
 
				    /**
			
 
				     * token使用jdbc存储
			
 
				     * @param dataSource
			
 
				     * @return
			
 
				     */
			
 
				    @Bean
			
 
				    public TokenStore createTokenStore(DataSource dataSource){
			
 
				        return new JdbcTokenStore(dataSource);
			
 
				    }
			
 
				
			
 
				    @Bean
			
 
				    public ClientDetailsService createClientDetailsService(
			
 
				            @Qualifier("myDefaultBaseClientDetails")ClientDetails clientDetails,
			
 
				            DataSource dataSource){
			
 
				        JdbcClientDetailsService jdbcClientDetailsService = new JdbcClientDetailsService(dataSource);
			
 
				        jdbcClientDetailsService.addClientDetails(clientDetails);
			
 
				
			
 
				        return jdbcClientDetailsService;
			
 
				    }
			
 
				
			
 
				    @Bean(name = "myDefaultBaseClientDetails")
			
 
				    public BaseClientDetails createBaseClientDetails(){
			
 
				        BaseClientDetails baseClientDetails = new BaseClientDetails();
			
 
				
			
 
				        baseClientDetails.setClientId("whc_client_id");
			
 
				        baseClientDetails.setClientSecret("whc_client_secret");
			
 
				
			
 
				        LinkedList<String> scope = new LinkedList<String>();
			
 
				        scope.add("whc");
			
 
				        baseClientDetails.setScope(scope);
			
 
				
			
 
				        Set<String> registeredRedirectUris = new HashSet<String>();
			
 
				        registeredRedirectUris.add("http://localhost:8080/test");
			
 
				        baseClientDetails.setRegisteredRedirectUri(registeredRedirectUris);
			
 
				
			
 
				        LinkedList<String> grant_types = new LinkedList<String>();
			
 
				        grant_types.add("client_credentials");
			
 
				        baseClientDetails.setAuthorizedGrantTypes(grant_types);
			
 
				
			
 
				        baseClientDetails.setAccessTokenValiditySeconds(24 * 60 * 60);
			
 
				        baseClientDetails.setRefreshTokenValiditySeconds(48 * 60 * 60);
			
 
				
			
 
				        LinkedList<String> autoApproveScopes = new LinkedList<String>();
			
 
				        autoApproveScopes.add("whc");
			
 
				        baseClientDetails.setAutoApproveScopes(autoApproveScopes);
			
 
				
			
 
				        return baseClientDetails;
			
 
				    }
			
 
				}
			
--- a/server/svr-oauth2/src/main/java/com/yihu/oauth2/config/ResourceConfig.java
+++ b/server/svr-oauth2/src/main/java/com/yihu/oauth2/config/ResourceConfig.java
@ -0,0 +1,14 @@
 
				package com.yihu.oauth2.config;
			
 
				
			
 
				import org.springframework.context.annotation.Configuration;
			
 
				import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
			
 
				import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
			
 
				
			
 
				/**
			
 
				 * Created by chenweida on 2017/11/28.
			
 
				 */
			
 
				
			
 
				@Configuration
			
 
				@EnableResourceServer  //开启资源服务器
			
 
				public class ResourceConfig {
			
 
				}
			
--- a/server/svr-oauth2/src/main/resources/application.yml
+++ b/server/svr-oauth2/src/main/resources/application.yml
@ -0,0 +1,15 @@
 
				spring:
			
 
				  application:
			
 
				    name: svr-oauth2
			
 
				
			
 
				---
			
 
				spring:
			
 
				  profiles: jwdev
			
 
				
			
 
				---
			
 
				spring:
			
 
				  profiles: jwtest
			
 
				
			
 
				---
			
 
				spring:
			
 
				  profiles: jwprod
			
--- a/svr-lib-parent-pom/pom.xml
+++ b/svr-lib-parent-pom/pom.xml
@ -32,6 +32,7 @@
 
				        <module>../server/svr-discovery</module><!--发现服务-->
			
 
				        <module>../server/svr-dashboard</module><!--监控服务-->
			
 
				        <module>../server/svr-logServer</module><!--分布式追踪服务-->
			
 
				        <module>../server/svr-oauth2</module><!--授权认证服务器-->
			
 
				
			
 
				        <!--业务微服务-->
			
 
				        <module>../svr/svr-base</module><!--基础微服务-->
			
@ -233,6 +234,11 @@
 
				                <artifactId>spring-cloud-starter-sleuth</artifactId>
			
 
				                <version>${version.springCloud.start}</version>
			
 
				            </dependency>
			
 
				            <dependency>
			
 
				                <groupId>org.springframework.cloud</groupId>
			
 
				                <artifactId>spring-cloud-starter-oauth2</artifactId>
			
 
				                <version>${version.springCloud.start}</version>
			
 
				            </dependency>
			
 
				            <!--springCloud end-->
			
 
				
			
 
				            <!--springBoot start-->
			
--- a/svr/svr-demo/pom.xml
+++ b/svr/svr-demo/pom.xml
@ -30,5 +30,9 @@
 
				            <groupId>org.springframework.boot</groupId>
			
 
				            <artifactId>spring-boot-starter-test</artifactId>
			
 
				        </dependency>
			
 
				        <dependency>
			
 
				            <groupId>org.springframework.cloud</groupId>
			
 
				            <artifactId>spring-cloud-starter-oauth2</artifactId>
			
 
				        </dependency>
			
 
				    </dependencies>
			
 
				</project>
			
--- a/svr/svr-demo/src/main/java/com/yihu/jw/config/BaseAuthenticationFailureHandler.java
+++ b/svr/svr-demo/src/main/java/com/yihu/jw/config/BaseAuthenticationFailureHandler.java
@ -0,0 +1,31 @@
 
				package com.yihu.jw.config;
			
 
				
			
 
				import org.codehaus.jackson.map.ObjectMapper;
			
 
				import org.springframework.security.core.AuthenticationException;
			
 
				import org.springframework.security.web.authentication.AuthenticationFailureHandler;
			
 
				import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
			
 
				import org.springframework.stereotype.Component;
			
 
				
			
 
				import javax.servlet.ServletException;
			
 
				import javax.servlet.http.HttpServletRequest;
			
 
				import javax.servlet.http.HttpServletResponse;
			
 
				import java.io.IOException;
			
 
				
			
 
				/**
			
 
				 * Created by chenweida on 2017/11/29.
			
 
				 * 认证失败之后的处理
			
 
				 */
			
 
				@Component
			
 
				public class BaseAuthenticationFailureHandler extends SimpleUrlAuthenticationFailureHandler {
			
 
				
			
 
				    private ObjectMapper objectMapper=new ObjectMapper();
			
 
				    @Override
			
 
				    public void onAuthenticationFailure(HttpServletRequest request,
			
 
				                                        HttpServletResponse response,
			
 
				                                        AuthenticationException authenticationException) throws IOException, ServletException {
			
 
				
			
 
				        System.out.println("认证失败");
			
 
				        response.setContentType("application/json;charset=UTF-8");
			
 
				        response.getWriter().write(objectMapper.writeValueAsString(authenticationException));
			
 
				    }
			
 
				}
			
--- a/svr/svr-demo/src/main/java/com/yihu/jw/config/BaseAuthenticationSuccessHandler.java
+++ b/svr/svr-demo/src/main/java/com/yihu/jw/config/BaseAuthenticationSuccessHandler.java
@ -0,0 +1,35 @@
 
				package com.yihu.jw.config;
			
 
				
			
 
				import org.codehaus.jackson.map.ObjectMapper;
			
 
				import org.springframework.beans.factory.annotation.Autowired;
			
 
				import org.springframework.security.core.Authentication;
			
 
				import org.springframework.security.oauth2.provider.OAuth2Request;
			
 
				import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
			
 
				import org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler;
			
 
				import org.springframework.stereotype.Component;
			
 
				
			
 
				import javax.servlet.ServletException;
			
 
				import javax.servlet.http.HttpServletRequest;
			
 
				import javax.servlet.http.HttpServletResponse;
			
 
				import java.io.IOException;
			
 
				
			
 
				/**
			
 
				 * Created by chenweida on 2017/11/29.
			
 
				 * 认证成功之后的处理
			
 
				 */
			
 
				@Component
			
 
				public class BaseAuthenticationSuccessHandler extends SimpleUrlAuthenticationSuccessHandler {
			
 
				
			
 
				    private ObjectMapper objectMapper=new ObjectMapper();
			
 
				
			
 
				    @Override
			
 
				    public void onAuthenticationSuccess(
			
 
				            HttpServletRequest request,
			
 
				            HttpServletResponse response,
			
 
				            Authentication authentication) throws IOException, ServletException {
			
 
				        System.out.println("认证成功");
			
 
				        //OAuth2Request oAuth2Request=new OAuth2Request();
			
 
				        response.setContentType("application/json;charset=UTF-8");
			
 
				        response.getWriter().write(objectMapper.writeValueAsString(authentication));
			
 
				    }
			
 
				}
			
--- a/svr/svr-demo/src/main/java/com/yihu/jw/config/Oauth2Config.java
+++ b/svr/svr-demo/src/main/java/com/yihu/jw/config/Oauth2Config.java
@ -0,0 +1,15 @@
 
				package com.yihu.jw.config;
			
 
				
			
 
				import org.springframework.context.annotation.Configuration;
			
 
				import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
			
 
				import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
			
 
				
			
 
				/**
			
 
				 * Created by chenweida on 2017/11/29.
			
 
				 */
			
 
				@Configuration
			
 
				@EnableAuthorizationServer  //开启授权服务器
			
 
				@EnableResourceServer  //开启资源服务器
			
 
				public class Oauth2Config {
			
 
				
			
 
				}
			
--- a/svr/svr-demo/src/main/java/com/yihu/jw/config/SecurityConfig.java
+++ b/svr/svr-demo/src/main/java/com/yihu/jw/config/SecurityConfig.java
@ -0,0 +1,87 @@
 
				package com.yihu.jw.config;
			
 
				
			
 
				import com.yihu.jw.service.UserService;
			
 
				import org.springframework.beans.factory.annotation.Autowired;
			
 
				import org.springframework.context.annotation.Bean;
			
 
				import org.springframework.context.annotation.Configuration;
			
 
				import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
			
 
				import org.springframework.security.config.annotation.web.builders.HttpSecurity;
			
 
				import org.springframework.security.config.annotation.web.builders.WebSecurity;
			
 
				import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
			
 
				import org.springframework.security.config.annotation.web.servlet.configuration.EnableWebMvcSecurity;
			
 
				import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
			
 
				import org.springframework.security.crypto.password.PasswordEncoder;
			
 
				
			
 
				/**
			
 
				 * Created by chenweida on 2017/11/29.
			
 
				 */
			
 
				@EnableWebMvcSecurity
			
 
				@Configuration
			
 
				public class SecurityConfig extends WebSecurityConfigurerAdapter {
			
 
				    @Autowired
			
 
				    private UserService userService;
			
 
				    @Autowired
			
 
				    private BaseAuthenticationSuccessHandler baseAuthenticationSuccessHandler;
			
 
				    @Autowired
			
 
				    private BaseAuthenticationFailureHandler baseAuthenticationFailureHandler;
			
 
				
			
 
				    /**
			
 
				     * 处理用户密码加密解密
			
 
				     * 密码加密工具类 验证密码使用 項目中使用要根據自己項目中的加密規則自定義
			
 
				     *
			
 
				     * @return
			
 
				     */
			
 
				    @Bean
			
 
				    PasswordEncoder passwordEncoder() {
			
 
				        return new BCryptPasswordEncoder();
			
 
				    }
			
 
				
			
 
				    /**
			
 
				     * HttpSecurity：一般用它来具体控制权限，角色，url等安全的东西。
			
 
				     *
			
 
				     * @param http
			
 
				     * @throws Exception
			
 
				     */
			
 
				    @Override
			
 
				    protected void configure(HttpSecurity http) throws Exception {
			
 
				        http
			
 
				                .formLogin()
			
 
				                .loginPage("/denglu.html") //自定义登陆页面
			
 
				                .loginProcessingUrl("/authentication/form") //登陆页面的请求路径
			
 
				                .usernameParameter("username") //登陆页面的usernma
			
 
				                .passwordParameter("password") //登陆页面的password
			
 
				                .successHandler(baseAuthenticationSuccessHandler) //认证成功之后的处理
			
 
				                .failureHandler(baseAuthenticationFailureHandler) //认证失败之后的处理
			
 
				                .and()
			
 
				                .authorizeRequests()
			
 
				                .antMatchers("/denglu.html", "/authentication/form").permitAll() ///denglu.html 不用认证
			
 
				                .anyRequest().authenticated() //其他请求需要验证
			
 
				                .and()
			
 
				                .sessionManagement()  //session 管理器
			
 
				                .and()
			
 
				                .userDetailsService(userService)  //自定义用户认证
			
 
				                .csrf().disable(); //关闭csrf （防止跨站请求仿造攻击）默认是开启的
			
 
				    }
			
 
				
			
 
				    /**
			
 
				     * ：用来做登录认证的
			
 
				     *
			
 
				     * @param auth
			
 
				     * @throws Exception
			
 
				     */
			
 
				    @Override
			
 
				    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
			
 
				        auth.jdbcAuthentication();
			
 
				    }
			
 
				
			
 
				    /**
			
 
				     * For example, if you wish to ignore certain requests
			
 
				     *
			
 
				     * @param web
			
 
				     * @throws Exception
			
 
				     */
			
 
				    @Override
			
 
				    public void configure(WebSecurity web) throws Exception {
			
 
				        super.configure(web);
			
 
				    }
			
 
				}
			
--- a/svr/svr-demo/src/main/java/com/yihu/jw/model/MyUser.java
+++ b/svr/svr-demo/src/main/java/com/yihu/jw/model/MyUser.java
@ -0,0 +1,74 @@
 
				package com.yihu.jw.model;
			
 
				
			
 
				import org.springframework.security.core.GrantedAuthority;
			
 
				import org.springframework.security.core.userdetails.UserDetails;
			
 
				
			
 
				import java.util.Collection;
			
 
				
			
 
				/**
			
 
				 * Created by chenweida on 2017/11/29.
			
 
				 */
			
 
				public class MyUser implements UserDetails {
			
 
				    /**
			
 
				     * 权限
			
 
				     * @return
			
 
				     */
			
 
				    @Override
			
 
				    public Collection<? extends GrantedAuthority> getAuthorities() {
			
 
				        return null;
			
 
				    }
			
 
				
			
 
				    /**
			
 
				     * 密码
			
 
				     * @return
			
 
				     */
			
 
				    @Override
			
 
				    public String getPassword() {
			
 
				        return "123456";
			
 
				    }
			
 
				
			
 
				    /**
			
 
				     * 账号
			
 
				     * @return
			
 
				     */
			
 
				    @Override
			
 
				    public String getUsername() {
			
 
				        return "admin";
			
 
				    }
			
 
				
			
 
				    /**
			
 
				     * 账号是否过期  false 过期 true 未过期
			
 
				     * @return
			
 
				     */
			
 
				    @Override
			
 
				    public boolean isAccountNonExpired() {
			
 
				        return true;
			
 
				    }
			
 
				
			
 
				    /**
			
 
				     * 账号是否冻结 false 冻结 true 未冻结
			
 
				     * @return
			
 
				     */
			
 
				    @Override
			
 
				    public boolean isAccountNonLocked() {
			
 
				        return true;
			
 
				    }
			
 
				
			
 
				    /**
			
 
				     * 密码是否过期 false 过期 true 未过期
			
 
				     * @return
			
 
				     */
			
 
				    @Override
			
 
				    public boolean isCredentialsNonExpired() {
			
 
				        return true;
			
 
				    }
			
 
				
			
 
				    /**
			
 
				     * 账号是否可用 false 可用 true 不可用
			
 
				     * @return
			
 
				     */
			
 
				    @Override
			
 
				    public boolean isEnabled() {
			
 
				        return true;
			
 
				    }
			
 
				}
			
--- a/svr/svr-demo/src/main/java/com/yihu/jw/service/UserService.java
+++ b/svr/svr-demo/src/main/java/com/yihu/jw/service/UserService.java
@ -0,0 +1,48 @@
 
				package com.yihu.jw.service;
			
 
				
			
 
				import com.sun.javafx.scene.control.skin.VirtualFlow;
			
 
				import com.yihu.jw.model.MyUser;
			
 
				import org.springframework.beans.factory.annotation.Autowired;
			
 
				import org.springframework.security.core.userdetails.User;
			
 
				import org.springframework.security.core.userdetails.UserDetails;
			
 
				import org.springframework.security.core.userdetails.UserDetailsService;
			
 
				import org.springframework.security.core.userdetails.UsernameNotFoundException;
			
 
				import org.springframework.security.crypto.password.PasswordEncoder;
			
 
				import org.springframework.stereotype.Service;
			
 
				
			
 
				import java.util.ArrayList;
			
 
				
			
 
				/**
			
 
				 * Created by chenweida on 2017/11/29.
			
 
				 * 处理用户校验
			
 
				 */
			
 
				@Service
			
 
				public class UserService implements UserDetailsService {
			
 
				
			
 
				    @Autowired
			
 
				    private PasswordEncoder passwordEncoder;
			
 
				
			
 
				    /**
			
 
				     * 我们只需要把用户返回给spring-security 密码框架自己帮我们校验
			
 
				     *
			
 
				     * @param userName
			
 
				     * @return
			
 
				     * @throws UsernameNotFoundException
			
 
				     */
			
 
				    @Override
			
 
				    public UserDetails loadUserByUsername(String userName) throws UsernameNotFoundException {
			
 
				        if ("admin".equals(userName)) {
			
 
				            System.out.printf("password:"+passwordEncoder.encode("123456"));
			
 
				            return new User("admin",
			
 
				                    "123456",
			
 
				                    true,
			
 
				                    true,
			
 
				                    true,
			
 
				                    true,
			
 
				                    new ArrayList<>()  //权限
			
 
				            );
			
 
				        } else {
			
 
				            throw new UsernameNotFoundException("用户不存在");
			
 
				        }
			
 
				    }
			
 
				}
			
--- a/svr/svr-demo/src/main/resources/resources/bangdingweixin.html
+++ b/svr/svr-demo/src/main/resources/resources/bangdingweixin.html
@ -0,0 +1,13 @@
 
				<!DOCTYPE html>
			
 
				<html>
			
 
				<head>
			
 
				<meta charset="UTF-8">
			
 
				<title>登录</title>
			
 
				</head>
			
 
				<body>
			
 
					<h2>标准绑定页面</h2>
			
 
					<form action="/connect/weixin" method="post">
			
 
						<button type="submit">绑定微信</button>
			
 
					</form>
			
 
				</body>
			
 
				</html>
			
--- a/svr/svr-demo/src/main/resources/resources/denglu.html
+++ b/svr/svr-demo/src/main/resources/resources/denglu.html
@ -0,0 +1,61 @@
 
				<!DOCTYPE html>
			
 
				<html>
			
 
				<head>
			
 
				<meta charset="UTF-8">
			
 
				<title>登录</title>
			
 
				</head>
			
 
				<body>
			
 
					<h2>标准登录页面</h2>
			
 
					<h3>表单登录</h3>
			
 
					<form action="/authentication/form" method="post">
			
 
						<table>
			
 
							<tr>
			
 
								<td>用户名:</td> 
			
 
								<td><input type="text" name="username"></td>
			
 
							</tr>
			
 
							<tr>
			
 
								<td>密码:</td>
			
 
								<td><input type="password" name="password"></td>
			
 
							</tr>
			
 
							<tr>
			
 
								<td>图形验证码:</td>
			
 
								<td>
			
 
									<input type="text" name="imageCode">
			
 
									<img src="/code/image?width=200">
			
 
								</td>
			
 
							</tr>
			
 
							<tr>
			
 
								<td colspan='2'><input name="remember-me" type="checkbox" value="true" />记住我</td>
			
 
							</tr>
			
 
							<tr>
			
 
								<td colspan="2"><button type="submit">登录</button></td>
			
 
							</tr>
			
 
						</table>
			
 
					</form>
			
 
					
			
 
					<h3>短信登录</h3>
			
 
					<form action="/authentication/mobile" method="post">
			
 
						<table>
			
 
							<tr>
			
 
								<td>手机号:</td>
			
 
								<td><input type="text" name="mobile" value="13012345678"></td>
			
 
							</tr>
			
 
							<tr>
			
 
								<td>短信验证码:</td>
			
 
								<td>
			
 
									<input type="text" name="smsCode">
			
 
									<a href="/code/sms?mobile=13012345678">发送验证码</a>
			
 
								</td>
			
 
							</tr>
			
 
							<tr>
			
 
								<td colspan="2"><button type="submit">登录</button></td>
			
 
							</tr>
			
 
						</table>
			
 
					</form>
			
 
					<br>
			
 
					<h3>社交登录</h3>
			
 
					<a href="/qqLogin/callback.do">QQ登录</a>
			
 
					&nbsp;&nbsp;&nbsp;&nbsp;
			
 
					<a href="/qqLogin/weixin">微信登录</a>
			
 
				</body>
			
 
				</html>
			
--- a/svr/svr-demo/src/main/resources/resources/session/invalid.html
+++ b/svr/svr-demo/src/main/resources/resources/session/invalid.html
@ -0,0 +1,10 @@
 
				<!DOCTYPE html>
			
 
				<html>
			
 
				<head>
			
 
				<meta charset="UTF-8">
			
 
				<title>Session失效</title>
			
 
				</head>
			
 
				<body>
			
 
					<h2>session失效页面</h2>
			
 
				</body>
			
 
				</html>
			
--- a/svr/svr-demo/src/main/resources/resources/zhuce.html
+++ b/svr/svr-demo/src/main/resources/resources/zhuce.html
@ -0,0 +1,11 @@
 
				<!DOCTYPE html>
			
 
				<html>
			
 
				<head>
			
 
				<meta charset="UTF-8">
			
 
				<title>登录</title>
			
 
				</head>
			
 
				<body>
			
 
					<h2>标准注册页面</h2>
			
 
					<h3>这是系统注册页面，请配置imooc.security.browser.signUpUrl属性来设置自己的注册页</h3>
			
 
				</body>
			
 
				</html>
			
--- a/web-gateway/pom.xml
+++ b/web-gateway/pom.xml
@ -35,10 +35,6 @@
 
				            <groupId>org.springframework.boot</groupId>
			
 
				            <artifactId>spring-boot-starter-web</artifactId>
			
 
				        </dependency>
			
 
				        <dependency>
			
 
				            <groupId>org.springframework.boot</groupId>
			
 
				            <artifactId>spring-boot-starter-security</artifactId>
			
 
				        </dependency>
			
 
				        <dependency>
			
 
				            <groupId>org.springframework.boot</groupId>
			
 
				            <artifactId>spring-boot-starter-data-jpa</artifactId>
			
@ -59,6 +55,10 @@
 
				            <groupId>org.springframework.boot</groupId>
			
 
				            <artifactId>spring-boot-starter-actuator</artifactId>
			
 
				        </dependency>
			
 
				        <dependency>
			
 
				            <groupId>org.springframework.boot</groupId>
			
 
				            <artifactId>spring-boot-starter-security</artifactId>
			
 
				        </dependency>
			
 
				
			
 
				
			
 
				        <dependency>
			
--- a/web-gateway/src/main/java/com/yihu/jw/config/security/SecurityConfig.java
+++ b/web-gateway/src/main/java/com/yihu/jw/config/security/SecurityConfig.java
@ -0,0 +1,49 @@
 
				package com.yihu.jw.config.security;
			
 
				
			
 
				import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
			
 
				import org.springframework.security.config.annotation.web.builders.HttpSecurity;
			
 
				import org.springframework.security.config.annotation.web.builders.WebSecurity;
			
 
				import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
			
 
				import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
			
 
				
			
 
				/**
			
 
				 * Created by chenweida on 2017/11/29.
			
 
				 */
			
 
				@EnableWebSecurity
			
 
				public class SecurityConfig extends WebSecurityConfigurerAdapter {
			
 
				    /**
			
 
				     * HttpSecurity：一般用它来具体控制权限，角色，url等安全的东西。
			
 
				     * @param http
			
 
				     * @throws Exception
			
 
				     */
			
 
				    @Override
			
 
				    protected void configure(HttpSecurity http) throws Exception {
			
 
				        http.authorizeRequests()
			
 
				                .anyRequest()
			
 
				                .fullyAuthenticated()
			
 
				                .and()
			
 
				                .httpBasic()
			
 
				                .and()
			
 
				                .csrf().disable();
			
 
				    }
			
 
				
			
 
				    /**
			
 
				     * ：用来做登录认证的
			
 
				     * @param auth
			
 
				     * @throws Exception
			
 
				     */
			
 
				    @Override
			
 
				    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
			
 
				        super.configure(auth);
			
 
				    }
			
 
				
			
 
				    /**
			
 
				     * For example, if you wish to ignore certain requests
			
 
				     * @param web
			
 
				     * @throws Exception
			
 
				     */
			
 
				    @Override
			
 
				    public void configure(WebSecurity web) throws Exception {
			
 
				        super.configure(web);
			
 
				    }
			
 
				}
			
--- a/web-gateway/src/main/java/com/yihu/jw/controller/login/UserService.java
+++ b/web-gateway/src/main/java/com/yihu/jw/controller/login/UserService.java
@ -0,0 +1,18 @@
 
				package com.yihu.jw.controller.login;
			
 
				
			
 
				import org.springframework.security.core.userdetails.UserDetails;
			
 
				import org.springframework.security.core.userdetails.UserDetailsService;
			
 
				import org.springframework.security.core.userdetails.UsernameNotFoundException;
			
 
				import org.springframework.stereotype.Service;
			
 
				
			
 
				/**
			
 
				 * Created by chenweida on 2017/11/29.
			
 
				 * 获取用户信息
			
 
				 */
			
 
				@Service
			
 
				public class UserService implements UserDetailsService {
			
 
				    @Override
			
 
				    public UserDetails loadUserByUsername(String s) throws UsernameNotFoundException {
			
 
				        return null;
			
 
				    }
			
 
				}
			
--- a/web-gateway/src/main/java/com/yihu/jw/feign/base/user/EmployeeFeign.java
+++ b/web-gateway/src/main/java/com/yihu/jw/feign/base/user/EmployeeFeign.java
@ -0,0 +1,20 @@
 
				package com.yihu.jw.feign.base.user;
			
 
				
			
 
				import com.yihu.jw.feign.fallbackfactory.base.base.SaasFeignFallbackFactory;
			
 
				import com.yihu.jw.feign.fallbackfactory.base.user.EmployeeFeignFallbackFactory;
			
 
				import com.yihu.jw.restmodel.CommonContants;
			
 
				import com.yihu.jw.rm.base.BaseRequestMapping;
			
 
				import org.springframework.cloud.netflix.feign.FeignClient;
			
 
				import org.springframework.web.bind.annotation.RequestMapping;
			
 
				
			
 
				/**
			
 
				 * Created by chenweida on 2017/11/29.
			
 
				 */
			
 
				@FeignClient(
			
 
				        name = CommonContants.svr_base // name值是eurika的实例名字
			
 
				        ,fallbackFactory  = EmployeeFeignFallbackFactory.class
			
 
				)
			
 
				@RequestMapping(value = BaseRequestMapping.api_base_common)
			
 
				public interface EmployeeFeign {
			
 
				
			
 
				}
			
--- a/web-gateway/src/main/java/com/yihu/jw/feign/fallback/DemoFeignFallback.java
+++ b/web-gateway/src/main/java/com/yihu/jw/feign/fallback/DemoFeignFallback.java
@ -1,22 +0,0 @@
 
				package com.yihu.jw.feign.fallback;
			
 
				
			
 
				import com.yihu.jw.feign.DemoFeign;
			
 
				import org.slf4j.Logger;
			
 
				import org.slf4j.LoggerFactory;
			
 
				import org.springframework.stereotype.Component;
			
 
				import org.springframework.web.bind.annotation.RequestParam;
			
 
				
			
 
				/**
			
 
				 * Created by chenweida on 2017/5/13.
			
 
				 */
			
 
				@Component
			
 
				public class DemoFeignFallback implements DemoFeign {
			
 
				
			
 
				    private Logger logger = LoggerFactory.getLogger(DemoFeignFallback.class);
			
 
				
			
 
				    @Override
			
 
				    public String findByCode( @RequestParam(value = "code", required = true) String code) {
			
 
				        logger.info("进入断路器");
			
 
				        return "断路器启动";
			
 
				    }
			
 
				}
			
--- a/web-gateway/src/main/java/com/yihu/jw/feign/fallbackfactory/base/user/EmployeeFeignFallbackFactory.java
+++ b/web-gateway/src/main/java/com/yihu/jw/feign/fallbackfactory/base/user/EmployeeFeignFallbackFactory.java
@ -0,0 +1,14 @@
 
				package com.yihu.jw.feign.fallbackfactory.base.user;
			
 
				
			
 
				import com.yihu.jw.feign.base.user.EmployeeFeign;
			
 
				import feign.hystrix.FallbackFactory;
			
 
				
			
 
				/**
			
 
				 * Created by chenweida on 2017/11/29.
			
 
				 */
			
 
				public class EmployeeFeignFallbackFactory  implements FallbackFactory<EmployeeFeign> {
			
 
				    @Override
			
 
				    public EmployeeFeign create(Throwable cause) {
			
 
				        return null;
			
 
				    }
			
 
				}
			
--- a/web-gateway/src/main/resources/application.yml
+++ b/web-gateway/src/main/resources/application.yml
@ -14,6 +14,7 @@ feign:
 
				    enabled: true
			
 
				
			
 
				
			
 
				
			
 
				management:
			
 
				  security:
			
 
				    enabled: false  ##关闭 refresh的权限认证