登陆模块重构

base/common-security/src/main/java/com.yihu.base.security/config/ResourceServerConfig.java

@@ -1,12 +1,11 @@
package com.yihu.base.security.config;
import com.yihu.base.security.properties.SecurityProperties;
import com.yihu.base.security.rbas.IRbasService;
import com.yihu.base.security.rbas.provider.AuthorizeConfigProviderManager;
import com.yihu.base.security.sms.SmsCodeAuthenticationSecurityConfig;
import com.yihu.base.security.sms.filter.SmsvalidateCodeFilter;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
@@ -15,7 +14,6 @@ import org.springframework.security.oauth2.provider.authentication.OAuth2Authent
import org.springframework.security.oauth2.provider.token.TokenStore;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
/**
 * Created by chenweida on 2017/12/4.
@@ -34,30 +32,24 @@ public class ResourceServerConfig extends ResourceServerConfigurerAdapter {
    private TokenStore redisTokenStore;
    @Autowired
    private SmsCodeAuthenticationSecurityConfig smsCodeAuthenticationSecurityConfig;
    @Autowired
    private AuthorizeConfigProviderManager authorizeConfigProviderManager;
    @Override
    public void configure(HttpSecurity http) throws Exception {
        //这是账号密码登陆
        http
                .formLogin()//设置验证码 账号密码登陆
                .loginPage(SecurityProperties.formLoginPage)
                .loginProcessingUrl(SecurityProperties.formLogin)
                .successHandler(authenticationSuccessHandler)
                .failureHandler(authenticationFailureHandler)
                .and()
                .apply(smsCodeAuthenticationSecurityConfig)  //添加自定义短信登陆
                    .loginPage(SecurityProperties.formLoginPage)
                    .loginProcessingUrl(SecurityProperties.formLogin)
                    .successHandler(authenticationSuccessHandler)
                    .failureHandler(authenticationFailureHandler)
                .and()
                .authorizeRequests()
                .antMatchers(
                        SecurityProperties.formLogin,
                        SecurityProperties.formLoginPage,
                        SecurityProperties.mobileLogin,
                        SecurityProperties.mobileSendSms).permitAll()
                .anyRequest().authenticated()
                //.anyRequest().access("@rbasService.hasPerssion(request,authentication)")
                    .apply(smsCodeAuthenticationSecurityConfig)  //添加自定义短信登陆
                .and()
                .csrf().disable();
                    .csrf().disable();
        //验证路径
        authorizeConfigProviderManager.condfig(http.authorizeRequests());
    }
    @Override
@@ -66,4 +58,5 @@ public class ResourceServerConfig extends ResourceServerConfigurerAdapter {
                authenticationManager(authenticationManager).
                tokenStore(redisTokenStore);
    }
}

base/common-security/src/main/java/com.yihu.base.security/hander/BaseAuthenticationSuccessHandler.java

@@ -46,10 +46,6 @@ public class BaseAuthenticationSuccessHandler extends SavedRequestAwareAuthentic
    @Autowired
    private AuthorizationServerTokenServices defaultTokenServices;
    public BaseAuthenticationSuccessHandler() {
        System.out.println(clientDetailsService);
    }
    /*
         * (non-Javadoc)
         *
@@ -124,7 +120,4 @@ public class BaseAuthenticationSuccessHandler extends SavedRequestAwareAuthentic
        return new String[]{token.substring(0, delim), token.substring(delim + 1)};
    }
    public static void main(String[] args) throws UnsupportedEncodingException {
        System.out.println(new String(Base64.encode("cwd:cwd".getBytes()), "UTF-8"));//   Y3dkOmN3ZA==
    }
}

base/common-security/src/main/java/com.yihu.base.security/rbas/provider/AuthorizeConfigProvider.java

@@ -0,0 +1,11 @@
package com.yihu.base.security.rbas.provider;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
/**
 * Created by chenweida on 2017/12/5.
 */
public interface AuthorizeConfigProvider {
    void condfig(ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry config);
}

base/common-security/src/main/java/com.yihu.base.security/rbas/provider/AuthorizeConfigProviderManager.java

@@ -0,0 +1,24 @@
package com.yihu.base.security.rbas.provider;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.stereotype.Component;
import java.util.Set;
/**
 * Created by chenweida on 2017/12/5.
 * 授权路径
 */
@Component
public class AuthorizeConfigProviderManager {
    @Autowired
    Set<AuthorizeConfigProvider> authorizeConfigProviders;
   public void condfig(ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry config) {
        for (AuthorizeConfigProvider authorizeConfigProvider : authorizeConfigProviders) {
            authorizeConfigProvider.condfig(config);
        }
    }
}

base/common-security/src/main/java/com.yihu.base.security/rbas/provider/PerssionAllAuthorizeConfigProvider.java

@@ -0,0 +1,28 @@
package com.yihu.base.security.rbas.provider;
import com.yihu.base.security.properties.SecurityProperties;
import org.springframework.core.annotation.Order;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.stereotype.Component;
/**
 * Created by chenweida on 2017/12/5.
 * 允许通过的路径
 */
@Component
@Order(Integer.MIN_VALUE)
public class PerssionAllAuthorizeConfigProvider implements AuthorizeConfigProvider {
    @Override
    public void condfig(ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry config) {
        config
                .antMatchers(
                        SecurityProperties.formLogin,
                        SecurityProperties.formLoginPage,
                        SecurityProperties.mobileLogin,
                        SecurityProperties.mobileSendSms
                ).permitAll();
    }
}

base/common-security/src/main/java/com.yihu.base.security/rbas/provider/RbasAuthorizeConfigProvider.java

@@ -0,0 +1,20 @@
package com.yihu.base.security.rbas.provider;
import org.springframework.core.annotation.Order;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.stereotype.Component;
/**
 * Created by chenweida on 2017/12/5.
 * 角色认证
 */
@Component
@Order(Integer.MAX_VALUE)
public class RbasAuthorizeConfigProvider implements AuthorizeConfigProvider {
    @Override
    public void condfig(ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry config) {
        // config.anyRequest().access("@rbasService.hasPerssion(request,authentication)");
        config.anyRequest().access("@rbasbean.hello()");
    }
}

svr-lib-parent-pom/pom.xml

@@ -50,7 +50,7 @@
        <version.mysql>5.1.38</version.mysql>
        <version.jackson>2.8.1</version.jackson>
        <version.myCommon>1.0.0</version.myCommon>
        <version.spring>4.3.8.RELEASE</version.spring>
        <version.spring>4.3.10.RELEASE</version.spring>
        <version.spring.security>4.2.3.RELEASE</version.spring.security>
        <version.spring-data-jpa>1.11.3.RELEASE</version.spring-data-jpa>

svr/svr-demo/src/main/java/com/yihu/DemoApplication.java

@@ -1,5 +1,6 @@
package com.yihu;
import org.apache.catalina.core.ApplicationContext;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.context.annotation.ComponentScan;
@@ -10,9 +11,10 @@ import org.springframework.context.annotation.EnableAspectJAutoProxy;
 */
@SpringBootApplication
@ComponentScan(basePackages={"com"})
@EnableAspectJAutoProxy(proxyTargetClass=true,exposeProxy = true)
@ComponentScan(basePackages = {"com"})
@EnableAspectJAutoProxy(proxyTargetClass = true, exposeProxy = true)
public class DemoApplication {
    public static void main(String[] args) {
        SpringApplication.run(DemoApplication.class, args);
    }

svr/svr-demo/src/main/java/com/yihu/jw/service/ClientService.java

@@ -25,10 +25,6 @@ import java.util.Set;
@Component("baseClientDetailsService")
public class ClientService implements ClientServiceProvider {
    public ClientService() {
        System.out.println("初始化");
    }
    @Override
    public ClientDetails loadClientByClientId(String clientId) throws ClientRegistrationException {
//        SaasDO saasDO = saasDao.findByAppId(clientId);

svr/svr-demo/src/main/java/com/yihu/jw/service/RbasService.java

@@ -2,18 +2,47 @@ package com.yihu.jw.service;
import com.yihu.base.security.rbas.IRbasService;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.stereotype.Component;
import org.springframework.stereotype.Service;
import org.springframework.util.AntPathMatcher;
import javax.servlet.http.HttpServletRequest;
import java.util.HashSet;
import java.util.Set;
/**
 * Created by chenweida on 2017/12/5.
 * 判断用户是否有权限访问该路径
 */
@Service("rbasService")
@Component("rbasbean")
public class RbasService implements IRbasService {
    private AntPathMatcher antPathMatcher = new AntPathMatcher();
    @Override
    public Boolean hasPerssion(HttpServletRequest request, Authentication authentication) {
        Object principal = authentication.getPrincipal();
        boolean hasPerssion = false;
        if (principal instanceof UserDetails) {
            //获取用户名字
            String username = ((UserDetails) principal).getUsername();
            //获取用户全部权限
            Set<String> uris = new HashSet<>();
            for (String uri : uris) {
                if (antPathMatcher.match(uri, request.getRequestURI())) {
                    hasPerssion = true;
                    break;
                }
            }
        }
        return hasPerssion;
    }
    public Boolean hello() {
        return true;
    }
}

svr/svr-demo/src/main/java/com/yihu/jw/service/UserService.java

@@ -14,6 +14,7 @@ import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.oauth2.provider.ClientDetails;
import org.springframework.security.oauth2.provider.ClientDetailsService;
import org.springframework.security.oauth2.provider.ClientRegistrationException;
import org.springframework.stereotype.Component;
import org.springframework.stereotype.Service;
import org.springframework.util.StringUtils;
@@ -26,7 +27,7 @@ import java.util.Set;
 * Created by chenweida on 2017/11/29.
 * 处理用户校验
 */
@Service
@Component
public class UserService implements UserDetailsService {
    @Autowired