代码重构

base/common-security/pom.xml

@@ -0,0 +1,40 @@
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
    <modelVersion>4.0.0</modelVersion>
    <parent>
        <groupId>com.yihu.base</groupId>
        <artifactId>common-lib-parent-pom</artifactId>
        <version>1.0.0</version>
        <relativePath>../../common-lib-parent-pom/pom.xml</relativePath>
    </parent>
    <groupId>com.yihu.base</groupId>
    <artifactId>common-security</artifactId>
    <version>1.0.0</version>
    <dependencies>
        <dependency>
            <groupId>org.springframework.cloud</groupId>
            <artifactId>spring-cloud-starter-oauth2</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-data-redis</artifactId>
        </dependency>
        <dependency>
            <groupId>commons-collections</groupId>
            <artifactId>commons-collections</artifactId>
        </dependency>
        <dependency>
            <groupId>commons-codec</groupId>
            <artifactId>commons-codec</artifactId>
        </dependency>
        <dependency>
            <groupId>commons-lang</groupId>
            <artifactId>commons-lang</artifactId>
            <version>2.6</version>
        </dependency>
    </dependencies>
</project>

svr/svr-demo/src/main/java/com/yihu/jw/config/Oauth2Config.java

@@ -1,15 +1,13 @@
package com.yihu.jw.config;
package com.yihu.base.security;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
/**
 * Created by chenweida on 2017/11/29.
 * Created by chenweida on 2017/12/4.
 */
@Configuration
@EnableAuthorizationServer  //开启授权服务器
@EnableResourceServer  //开启资源服务器
public class Oauth2Config {
public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {
}

server/svr-oauth2/src/main/java/com/yihu/oauth2/config/ResourceConfig.java

@@ -1,14 +1,14 @@
package com.yihu.oauth2.config;
package com.yihu.base.security;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
/**
 * Created by chenweida on 2017/11/28.
 * Created by chenweida on 2017/12/4.
 */
@Configuration
@EnableResourceServer  //开启资源服务器
public class ResourceConfig {
public class ResourceServerConfig extends ResourceServerConfigurerAdapter {
}

base/common-security/src/main/java/com.yihu.base.security/hander/BaseAuthenticationSuccessHandler.java

@@ -0,0 +1,121 @@
/**
 *
 */
package com.yihu.base.security.hander;
import com.fasterxml.jackson.databind.ObjectMapper;
import org.apache.commons.codec.binary.StringUtils;
import org.apache.commons.collections.MapUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.core.Authentication;
import org.springframework.security.crypto.codec.Base64;
import org.springframework.security.oauth2.common.OAuth2AccessToken;
import org.springframework.security.oauth2.common.exceptions.UnapprovedClientAuthenticationException;
import org.springframework.security.oauth2.provider.*;
import org.springframework.security.oauth2.provider.token.AuthorizationServerTokenServices;
import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
import org.springframework.stereotype.Component;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
/**
 * @author chenweida
 * <p>
 * 账号密码提交需要在 head 中添加 Basic clientID:cliengSecurty
 */
@Component("BaseAuthenticationSuccessHandler")
public class BaseAuthenticationSuccessHandler extends SavedRequestAwareAuthenticationSuccessHandler {
    private Logger logger = LoggerFactory.getLogger(getClass());
    private ObjectMapper objectMapper = new ObjectMapper();
    @Autowired
    private ClientDetailsService clientDetailsService;
    @Autowired
    private AuthorizationServerTokenServices authorizationServerTokenServices;
    /*
     * (non-Javadoc)
     *
     * @see org.springframework.security.web.authentication.
     * AuthenticationSuccessHandler#onAuthenticationSuccess(javax.servlet.http.
     * HttpServletRequest, javax.servlet.http.HttpServletResponse,
     * org.springframework.security.core.Authentication)
     */
    @Override
    public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response,
                                        Authentication authentication) throws IOException, ServletException {
        String header = request.getHeader("Authorization");
        if (header != null && header.startsWith("Basic ")) {
            throw new UnapprovedClientAuthenticationException("请求头没有client信息");
        }
        //解析头部的basic信息
        String[] tokens = extractAndDecodeHeader(header, request);
        assert tokens.length == 2;
        String clientId = tokens[0];
        String clientSecurity = tokens[1];
        //得到ClientDetails
        ClientDetails clientDetails = clientDetailsService.loadClientByClientId(clientId);
        if (clientDetails == null) {
            throw new UnapprovedClientAuthenticationException("clientId不存在 client:" + clientId);
        } else if (!StringUtils.equals(clientDetails.getClientSecret(), clientSecurity)) {
            throw new UnapprovedClientAuthenticationException("clientSecurity 不匹配 client:" + clientId);
        }
        TokenRequest tokenRequest = new TokenRequest(MapUtils.EMPTY_MAP, clientId, clientDetails.getScope(), "custom_password");
        OAuth2Request oAuth2Request = tokenRequest.createOAuth2Request(clientDetails);
        OAuth2Authentication oAuth2Authentication = new OAuth2Authentication(oAuth2Request, authentication);
        OAuth2AccessToken token = authorizationServerTokenServices.createAccessToken(oAuth2Authentication);
        response.setContentType("application/json;charset=UTF-8");
        response.getWriter().write(objectMapper.writeValueAsString(token));
    }
    /**
     * 解析
     *
     * @param header
     * @param request
     * @return
     * @throws IOException
     */
    private String[] extractAndDecodeHeader(String header, HttpServletRequest request)
            throws IOException {
        byte[] base64Token = header.substring(6).getBytes("UTF-8");
        byte[] decoded;
        try {
            decoded = Base64.decode(base64Token);
        } catch (IllegalArgumentException e) {
            throw new BadCredentialsException(
                    "Failed to decode basic authentication token");
        }
        String token = new String(decoded, "UTF-8");
        int delim = token.indexOf(":");
        if (delim == -1) {
            throw new BadCredentialsException("Basic 信息不合法");
        }
        return new String[]{token.substring(0, delim), token.substring(delim + 1)};
    }
    public static void main(String[] args) throws UnsupportedEncodingException {
        System.out.println(new String(Base64.encode("cwd:cwd".getBytes()), "UTF-8"));//   Y3dkOmN3ZA==
    }
}

base/common-security/src/main/java/com.yihu.base.security/hander/BseAuthenctiationFailureHandler.java

@@ -0,0 +1,46 @@
/**
 * 
 */
package com.yihu.base.security.hander;
import com.fasterxml.jackson.databind.ObjectMapper;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
import org.springframework.stereotype.Component;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
/**
 * @author zhailiang
 *
 */
@Component("BseAuthenctiationFailureHandler")
public class BseAuthenctiationFailureHandler extends SimpleUrlAuthenticationFailureHandler {
	private Logger logger = LoggerFactory.getLogger(getClass());
	
	@Autowired
	private ObjectMapper objectMapper;
	
	/* (non-Javadoc)
	 * @see org.springframework.security.web.authentication.AuthenticationFailureHandler#onAuthenticationFailure(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, org.springframework.security.core.AuthenticationException)
	 */
	@Override
	public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response,
										AuthenticationException exception) throws IOException, ServletException {
		
		logger.info("登录失败");
		
		
	}
}

base/common-security/src/main/java/com.yihu.base.security/rbas/RbasService.java

@@ -0,0 +1,14 @@
package com.yihu.base.security.rbas;
import org.springframework.security.core.Authentication;
import javax.servlet.http.HttpServletRequest;
/**
 * Created by chenweida on 2017/12/1.
 * 需要权限认证的使用这个接口
 */
public interface RbasService {
     Boolean hasPerssion(HttpServletRequest request, Authentication authentication) ;
}

common-lib-parent-pom/pom.xml

@@ -34,6 +34,7 @@
        <module>../base/common-data-mysql</module>
        <module>../base/common-data-redis</module>
        <module>../base/common-data-hbase</module>
        <module>../base/common-security</module>
    </modules>
</project>

server/svr-configuration/pom.xml

@@ -13,7 +13,7 @@
    <groupId>com.yihu.jw</groupId>
    <artifactId>svr-configuration</artifactId>
    <version>1.0-SNAPSHOT</version>
    <version>1.0.0</version>
    <dependencies>
        <dependency>

server/svr-dashboard/pom.xml

@@ -11,7 +11,7 @@
    </parent>
    <groupId>com.yihu.jw</groupId>
    <artifactId>svr-dashboard</artifactId>
    <version>1.0-SNAPSHOT</version>
    <version>1.0.0</version>
    <dependencies>
        <dependency>
            <groupId>org.springframework.boot</groupId>

server/svr-logServer/pom.xml

@@ -11,7 +11,7 @@
    </parent>
    <groupId>com.yih.jw</groupId>
    <artifactId>svr-logServer</artifactId>
    <version>1.0-SNAPSHOT</version>
    <version>1.0.0</version>
    <dependencies>
        <dependency>

server/svr-oauth2/pom.xml

@@ -1,23 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
    <modelVersion>4.0.0</modelVersion>
    <parent>
        <groupId>com.yihu.jw</groupId>
        <artifactId>svr-lib-parent-pom</artifactId>
        <version>1.0.0</version>
        <relativePath>../../svr-lib-parent-pom/pom.xml</relativePath>
    </parent>
    <groupId>com.yihu.jw</groupId>
    <artifactId>svr-oauth2</artifactId>
    <version>1.0.0</version>
    <dependencies>
        <dependency>
            <groupId>org.springframework.cloud</groupId>
            <artifactId>spring-cloud-starter-oauth2</artifactId>
        </dependency>
    </dependencies>
</project>

server/svr-oauth2/readme.MD

@@ -1,2 +0,0 @@
例子
http://localhost:8080/oauth/authorize?response_type=code&client_id=48f2c2f5-951d-48c8-af98-681f788f662e&redirect_uri=http://examle.com&scope=all

server/svr-oauth2/src/main/java/com/yihu/oauth2/OAuth2Application.java

@@ -1,15 +0,0 @@
package com.yihu.oauth2;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
/**
 * Created by chenweida on 2017/11/28.
 */
@SpringBootApplication
public class OAuth2Application {
    public static void main(String[] args) {
        SpringApplication.run(OAuth2Application.class, args);
    }
}

server/svr-oauth2/src/main/java/com/yihu/oauth2/config/AuthorizationConfig.java

@@ -1,73 +0,0 @@
package com.yihu.oauth2.config;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
import org.springframework.security.oauth2.provider.ClientDetails;
import org.springframework.security.oauth2.provider.ClientDetailsService;
import org.springframework.security.oauth2.provider.client.BaseClientDetails;
import org.springframework.security.oauth2.provider.client.JdbcClientDetailsService;
import org.springframework.security.oauth2.provider.token.TokenStore;
import org.springframework.security.oauth2.provider.token.store.JdbcTokenStore;
import javax.sql.DataSource;
import java.util.HashSet;
import java.util.LinkedList;
import java.util.Set;
/**
 * Created by chenweida on 2017/11/28.
 */
@Configuration
@EnableAuthorizationServer  //开启授权服务器
public class AuthorizationConfig {
    /**
     * token使用jdbc存储
     * @param dataSource
     * @return
     */
    @Bean
    public TokenStore createTokenStore(DataSource dataSource){
        return new JdbcTokenStore(dataSource);
    }
    @Bean
    public ClientDetailsService createClientDetailsService(
            @Qualifier("myDefaultBaseClientDetails")ClientDetails clientDetails,
            DataSource dataSource){
        JdbcClientDetailsService jdbcClientDetailsService = new JdbcClientDetailsService(dataSource);
        jdbcClientDetailsService.addClientDetails(clientDetails);
        return jdbcClientDetailsService;
    }
    @Bean(name = "myDefaultBaseClientDetails")
    public BaseClientDetails createBaseClientDetails(){
        BaseClientDetails baseClientDetails = new BaseClientDetails();
        baseClientDetails.setClientId("whc_client_id");
        baseClientDetails.setClientSecret("whc_client_secret");
        LinkedList<String> scope = new LinkedList<String>();
        scope.add("whc");
        baseClientDetails.setScope(scope);
        Set<String> registeredRedirectUris = new HashSet<String>();
        registeredRedirectUris.add("http://localhost:8080/test");
        baseClientDetails.setRegisteredRedirectUri(registeredRedirectUris);
        LinkedList<String> grant_types = new LinkedList<String>();
        grant_types.add("client_credentials");
        baseClientDetails.setAuthorizedGrantTypes(grant_types);
        baseClientDetails.setAccessTokenValiditySeconds(24 * 60 * 60);
        baseClientDetails.setRefreshTokenValiditySeconds(48 * 60 * 60);
        LinkedList<String> autoApproveScopes = new LinkedList<String>();
        autoApproveScopes.add("whc");
        baseClientDetails.setAutoApproveScopes(autoApproveScopes);
        return baseClientDetails;
    }
}

server/svr-oauth2/src/main/resources/application.yml

@@ -1,15 +0,0 @@
spring:
  application:
    name: svr-oauth2
---
spring:
  profiles: jwdev
---
spring:
  profiles: jwtest
---
spring:
  profiles: jwprod

svr-lib-parent-pom/pom.xml

@@ -32,7 +32,6 @@
        <module>../server/svr-discovery</module><!--发现服务-->
        <module>../server/svr-dashboard</module><!--监控服务-->
        <module>../server/svr-logServer</module><!--分布式追踪服务-->
        <module>../server/svr-oauth2</module><!--授权认证服务器-->
        <!--业务微服务-->
        <module>../svr/svr-base</module><!--基础微服务-->
@@ -69,6 +68,8 @@
        <version.net-json>2.4</version.net-json>
        <version.springside>4.2.3-GA</version.springside>
        <version.common.lang3>3.2.1</version.common.lang3>
        <version.commons.collections>3.2.2</version.commons.collections>
        <version.commons.codec>1.11</version.commons.codec>
        <version.elasticsearch>2.4.4</version.elasticsearch>
        <version.elasticsearch-sql>2.4.1.0</version.elasticsearch-sql>
@@ -90,7 +91,11 @@
        <dependencies>
            <!--自己的封装 common -->
            <dependency>
                <groupId>com.yihu.base</groupId>
                <artifactId>common-security</artifactId>
                <version>${version.myCommon}</version>
            </dependency>
            <dependency>
                <groupId>com.yihu.jw</groupId>
                <artifactId>common-entity</artifactId>
@@ -555,6 +560,16 @@
                <artifactId>commons-lang3</artifactId>
                <version>${version.common.lang3}</version>
            </dependency>
            <dependency>
                <groupId>commons-collections</groupId>
                <artifactId>commons-collections</artifactId>
                <version>${version.commons.collections}</version>
            </dependency>
            <dependency>
                <groupId>commons-codec</groupId>
                <artifactId>commons-codec</artifactId>
                <version>${version.commons.codec}</version>
            </dependency>
            <!--hadoop start-->
            <dependency>
                <groupId>org.apache.hadoop</groupId>

svr/svr-base/src/main/java/com/yihu/jw/business/user/contorller/EmployeeController.java

@@ -1,20 +1,33 @@
package com.yihu.jw.business.user.contorller;
import com.yihu.jw.business.user.service.EmployeeService;
import com.yihu.jw.rm.base.BaseRequestMapping;
import com.yihu.jw.rm.base.BaseSmsRequestMapping;
import io.swagger.annotations.Api;
import io.swagger.annotations.ApiOperation;
import io.swagger.annotations.ApiParam;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.RestController;
/**
 * Created by chenweida on 2017/5/11.
 */
@RestController
@RequestMapping("/employee")
@RequestMapping(BaseSmsRequestMapping.api_common)
@Api(description = "医生，行政人员等非患者用户")
public class EmployeeController {
    @Autowired
    private EmployeeService employeeService;
    @ApiOperation(value = "根据行政人员账号查找用户")
    @GetMapping(value = BaseRequestMapping.Employee.api_getEmployeeByAccount)
    public String getEmployeeByAccount(
            @ApiParam(name = "userAccount", value = "用户账号", required = true) @RequestParam(value = "userAccount", required = true) String userAccount) {
        
        return "调用根据code查找患者";
    }
}

svr/svr-demo/pom.xml

@@ -18,6 +18,10 @@
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-web</artifactId>
        </dependency>
        <dependency>
            <groupId>com.yihu.base</groupId>
            <artifactId>common-security</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-data-jpa</artifactId>
@@ -30,9 +34,5 @@
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-test</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.cloud</groupId>
            <artifactId>spring-cloud-starter-oauth2</artifactId>
        </dependency>
    </dependencies>
</project>

svr/svr-demo/readme.MD

@@ -0,0 +1 @@
http://localhost:8080/oauth/authorize?client_id=cwd&redirect_uri=localhost:8080&scope=all

svr/svr-demo/src/main/java/com/yihu/jw/config/BaseAuthenticationFailureHandler.java

@@ -1,31 +0,0 @@
package com.yihu.jw.config;
import org.codehaus.jackson.map.ObjectMapper;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
import org.springframework.stereotype.Component;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
/**
 * Created by chenweida on 2017/11/29.
 * 认证失败之后的处理
 */
@Component
public class BaseAuthenticationFailureHandler extends SimpleUrlAuthenticationFailureHandler {
    private ObjectMapper objectMapper=new ObjectMapper();
    @Override
    public void onAuthenticationFailure(HttpServletRequest request,
                                        HttpServletResponse response,
                                        AuthenticationException authenticationException) throws IOException, ServletException {
        System.out.println("认证失败");
        response.setContentType("application/json;charset=UTF-8");
        response.getWriter().write(objectMapper.writeValueAsString(authenticationException));
    }
}

svr/svr-demo/src/main/java/com/yihu/jw/config/BaseAuthenticationSuccessHandler.java

@@ -1,35 +0,0 @@
package com.yihu.jw.config;
import org.codehaus.jackson.map.ObjectMapper;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.Authentication;
import org.springframework.security.oauth2.provider.OAuth2Request;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler;
import org.springframework.stereotype.Component;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
/**
 * Created by chenweida on 2017/11/29.
 * 认证成功之后的处理
 */
@Component
public class BaseAuthenticationSuccessHandler extends SimpleUrlAuthenticationSuccessHandler {
    private ObjectMapper objectMapper=new ObjectMapper();
    @Override
    public void onAuthenticationSuccess(
            HttpServletRequest request,
            HttpServletResponse response,
            Authentication authentication) throws IOException, ServletException {
        System.out.println("认证成功");
        //OAuth2Request oAuth2Request=new OAuth2Request();
        response.setContentType("application/json;charset=UTF-8");
        response.getWriter().write(objectMapper.writeValueAsString(authentication));
    }
}

svr/svr-demo/src/main/java/com/yihu/jw/config/SecurityConfig.java

@@ -1,87 +0,0 @@
package com.yihu.jw.config;
import com.yihu.jw.service.UserService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.servlet.configuration.EnableWebMvcSecurity;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
/**
 * Created by chenweida on 2017/11/29.
 */
@EnableWebMvcSecurity
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {
    @Autowired
    private UserService userService;
    @Autowired
    private BaseAuthenticationSuccessHandler baseAuthenticationSuccessHandler;
    @Autowired
    private BaseAuthenticationFailureHandler baseAuthenticationFailureHandler;
    /**
     * 处理用户密码加密解密
     * 密码加密工具类 验证密码使用 項目中使用要根據自己項目中的加密規則自定義
     *
     * @return
     */
    @Bean
    PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }
    /**
     * HttpSecurity：一般用它来具体控制权限，角色，url等安全的东西。
     *
     * @param http
     * @throws Exception
     */
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
                .formLogin()
                .loginPage("/denglu.html") //自定义登陆页面
                .loginProcessingUrl("/authentication/form") //登陆页面的请求路径
                .usernameParameter("username") //登陆页面的usernma
                .passwordParameter("password") //登陆页面的password
                .successHandler(baseAuthenticationSuccessHandler) //认证成功之后的处理
                .failureHandler(baseAuthenticationFailureHandler) //认证失败之后的处理
                .and()
                .authorizeRequests()
                .antMatchers("/denglu.html", "/authentication/form").permitAll() ///denglu.html 不用认证
                .anyRequest().authenticated() //其他请求需要验证
                .and()
                .sessionManagement()  //session 管理器
                .and()
                .userDetailsService(userService)  //自定义用户认证
                .csrf().disable(); //关闭csrf （防止跨站请求仿造攻击）默认是开启的
    }
    /**
     * ：用来做登录认证的
     *
     * @param auth
     * @throws Exception
     */
    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.jdbcAuthentication();
    }
    /**
     * For example, if you wish to ignore certain requests
     *
     * @param web
     * @throws Exception
     */
    @Override
    public void configure(WebSecurity web) throws Exception {
        super.configure(web);
    }
}

svr/svr-demo/src/main/java/com/yihu/jw/dao/SaasDao.java

@@ -0,0 +1,14 @@
package com.yihu.jw.dao;
import com.yihu.jw.model.SaasDO;
import org.springframework.data.jpa.repository.JpaSpecificationExecutor;
import org.springframework.data.jpa.repository.Query;
import org.springframework.data.repository.PagingAndSortingRepository;
/**
 * Created by chenweida on 2017/12/1.
 */
public interface SaasDao extends PagingAndSortingRepository<SaasDO, String>, JpaSpecificationExecutor<SaasDO> {
    @Query("from SaasDO where appId=?1")
    SaasDO findByAppId(String clientId);
}

svr/svr-demo/src/main/java/com/yihu/jw/model/SaasDO.java

@@ -0,0 +1,177 @@
package com.yihu.jw.model;// default package
import org.hibernate.annotations.GenericGenerator;
import org.springframework.data.annotation.CreatedBy;
import org.springframework.data.annotation.CreatedDate;
import org.springframework.data.annotation.LastModifiedBy;
import org.springframework.data.annotation.LastModifiedDate;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.oauth2.provider.ClientDetails;
import javax.persistence.*;
import java.io.Serializable;
import java.util.*;
/**
 * WlyySaas entity. @author MyEclipse Persistence Tools
 */
@Entity
@Table(name = "base_saas")
public class SaasDO implements Serializable, ClientDetails {
    // Fields
    private String name;//名称
    private Integer status;//状态 -1 已删除 0待审核 1审核通过 2 审核不通过
    private String remark;//备注
    // Constructors
    @CreatedDate
    @Column(name = "create_time", nullable = false, length = 0, updatable = false)
    private Date createTime;
    @CreatedBy
    @Column(name = "create_user", updatable = false)
    private String createUser;
    @CreatedBy
    @Column(name = "create_user_name", updatable = false)
    private String createUserName;
    @LastModifiedDate
    @Column(name = "update_time", nullable = false, length = 0)
    private Date updateTime;
    @LastModifiedBy
    @Column(name = "update_user", length = 100)
    private String updateUser;
    @LastModifiedBy
    @Column(name = "update_user_name", length = 50)
    private String updateUserName;
    @Column(name = "app_id", length = 255)
    private String appId;
    @Column(name = "app_secret", length = 255)
    private String appSecret;
    @Column(name = "url", length = 255)
    private String url;
    @Id
    @GeneratedValue(generator = "uuid")
    @GenericGenerator(name = "uuid", strategy = "uuid")
    private String id;  // 非业务主键
    /**
     * default constructor
     */
    public SaasDO() {
    }
    @Column(name = "name", length = 200)
    public String getName() {
        return this.name;
    }
    public void setName(String name) {
        this.name = name;
    }
    @Column(name = "status", precision = 2, scale = 0)
    public Integer getStatus() {
        return this.status;
    }
    public void setStatus(Integer status) {
        this.status = status;
    }
    @Column(name = "remark", length = 1000)
    public String getRemark() {
        return this.remark;
    }
    public void setRemark(String remark) {
        this.remark = remark;
    }
    public Date getCreateTime() {
        return createTime;
    }
    public void setCreateTime(Date createTime) {
        this.createTime = createTime;
    }
    @Override
    public String getClientId() {
        return appId;
    }
    @Override
    public String getClientSecret() {
        return appSecret;
    }
    @Override
    public Set<String> getResourceIds() {
        return null;
    }
    @Override
    public boolean isSecretRequired() {
        return false;
    }
    @Override
    public boolean isScoped() {
        return false;
    }
    @Override
    public Set<String> getScope() {
        return null;
    }
    @Override
    public Set<String> getAuthorizedGrantTypes() {
        return null;
    }
    @Override
    public Set<String> getRegisteredRedirectUri() {
        Set<String> strings=new HashSet<>();
        strings.add(url);
        return strings;
    }
    @Override
    public Collection<GrantedAuthority> getAuthorities() {
        return null;
    }
    @Override
    public Integer getAccessTokenValiditySeconds() {
        return null;
    }
    @Override
    public Integer getRefreshTokenValiditySeconds() {
        return null;
    }
    @Override
    public boolean isAutoApprove(String scope) {
        return false;
    }
    @Override
    public Map<String, Object> getAdditionalInformation() {
        return null;
    }
}

svr/svr-demo/src/main/java/com/yihu/jw/service/ClientService.java

@@ -0,0 +1,27 @@
package com.yihu.jw.service;
import com.yihu.jw.dao.SaasDao;
import com.yihu.jw.model.SaasDO;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.oauth2.provider.ClientDetails;
import org.springframework.security.oauth2.provider.ClientDetailsService;
import org.springframework.security.oauth2.provider.ClientRegistrationException;
import org.springframework.stereotype.Service;
/**
 * Created by chenweida on 2017/12/1.
 */
@Service
public class ClientService implements ClientDetailsService {
    @Autowired
    private SaasDao saasDao;
    @Override
    public ClientDetails loadClientByClientId(String clientId) throws ClientRegistrationException {
        SaasDO saasDO = saasDao.findByAppId(clientId);
        if (saasDO == null) {
            throw new ClientRegistrationException("用户没有注册");
        }
        return saasDO;
    }
}

svr/svr-demo/src/main/resources/application.yml

@@ -21,11 +21,22 @@ spring:
    test-while-idle: true #指明连接是否被空闲连接回收器(如果有)进行检验，如果检测失败，则连接将被从池中去除
    min-evictable-idle-time-millis: 3600000 #连接池中连接，在时间段内一直空闲，被逐出连接池的时间(1000*60*60)，以毫秒为单位
    time-between-eviction-runs-millis: 300000 #在空闲连接回收器线程运行期间休眠的时间值,以毫秒为单位，一般比minEvictableIdleTimeMillis小
    url: jdbc:mysql://172.19.103.77/wlyy?useUnicode=true&characterEncoding=utf-8&autoReconnect=true
    url: jdbc:mysql://127.0.0.1/oauth?useUnicode=true&characterEncoding=utf-8&autoReconnect=true
    username: root
    password: 123456
  redis:
    host: 172.19.103.88 # Redis server host.
    port: 6379 # Redis server port.
    database: 1
quartz:
  namespace: svr-demo ##quartz的命名空间，名称一样实现消费负载
  overwriteExistingJobs: true ##是否覆盖job

web-gateway/pom.xml

@@ -31,6 +31,11 @@
            <groupId>com.yihu.base</groupId>
            <artifactId>common-swagger</artifactId>
        </dependency>
        <dependency>
            <groupId>com.yihu.base</groupId>
            <artifactId>common-security</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-web</artifactId>
@@ -59,8 +64,16 @@
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-security</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-data-redis</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.cloud</groupId>
            <artifactId>spring-cloud-starter-oauth2</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.cloud</groupId>
            <artifactId>spring-cloud-starter-eureka</artifactId>
@@ -113,6 +126,19 @@
            <artifactId>spring-security-core</artifactId>
            <version>RELEASE</version>
        </dependency>
        <dependency>
            <groupId>commons-collections</groupId>
            <artifactId>commons-collections</artifactId>
        </dependency>
        <dependency>
            <groupId>commons-codec</groupId>
            <artifactId>commons-codec</artifactId>
        </dependency>
        <dependency>
            <groupId>com.yihu.base</groupId>
            <artifactId>common-security</artifactId>
            <version>1.0.0</version>
        </dependency>
    </dependencies>
    <build>
        <plugins>

web-gateway/src/main/java/com/yihu/jw/config/security/SecurityConfig.java

@@ -1,49 +0,0 @@
package com.yihu.jw.config.security;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
/**
 * Created by chenweida on 2017/11/29.
 */
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
    /**
     * HttpSecurity：一般用它来具体控制权限，角色，url等安全的东西。
     * @param http
     * @throws Exception
     */
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests()
                .anyRequest()
                .fullyAuthenticated()
                .and()
                .httpBasic()
                .and()
                .csrf().disable();
    }
    /**
     * ：用来做登录认证的
     * @param auth
     * @throws Exception
     */
    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        super.configure(auth);
    }
    /**
     * For example, if you wish to ignore certain requests
     * @param web
     * @throws Exception
     */
    @Override
    public void configure(WebSecurity web) throws Exception {
        super.configure(web);
    }
}

web-gateway/src/main/java/com/yihu/jw/config/security/roleService/ClientService.java

@@ -0,0 +1,28 @@
package com.yihu.jw.config.security.roleService;
import com.yihu.jw.feign.base.user.EmployeeFeign;
import com.yihu.jw.restmodel.common.Envelop;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.oauth2.provider.ClientDetails;
import org.springframework.security.oauth2.provider.ClientDetailsService;
import org.springframework.security.oauth2.provider.ClientRegistrationException;
import org.springframework.stereotype.Service;
/**
 * Created by chenweida on 2017/11/29.
 * 获取用户信息
 */
@Service
public class ClientService implements ClientDetailsService {
    @Autowired
    private EmployeeFeign employeeFeign;
    @Override
    public ClientDetails loadClientByClientId(String clientId) throws ClientRegistrationException {
        return null;
    }
}

web-gateway/src/main/java/com/yihu/jw/config/security/roleService/UserRbasService.java

@@ -0,0 +1,41 @@
package com.yihu.jw.config.security.roleService;
import com.yihu.base.security.rbas.RbasService;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.stereotype.Component;
import org.springframework.util.AntPathMatcher;
import javax.servlet.http.HttpServletRequest;
import java.util.HashSet;
import java.util.Set;
/**
 * Created by chenweida on 2017/11/30.
 */
@Component("rbasService")
public class UserRbasService implements RbasService {
    private AntPathMatcher antPathMatcher = new AntPathMatcher();
    public Boolean hasPerssion(HttpServletRequest request, Authentication authentication) {
        Object principal = authentication.getPrincipal();
        boolean hasPerssion = false;
        if (principal instanceof UserDetails) {
            //用户名字
            String userName = ((UserDetails) principal).getUsername();
            //根据用户名字去数据库查找权限
            Set<String> urls = new HashSet<>();
            for (String url : urls) {
                if (antPathMatcher.match(url, request.getRequestURI())) {
                    hasPerssion = true;
                    break;
                }
            }
        }
        return hasPerssion;
    }
}

web-gateway/src/main/java/com/yihu/jw/controller/login/UserService.java

@@ -1,5 +1,8 @@
package com.yihu.jw.controller.login;
package com.yihu.jw.config.security.roleService;
import com.yihu.jw.feign.base.user.EmployeeFeign;
import com.yihu.jw.restmodel.common.Envelop;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
@@ -11,8 +14,12 @@ import org.springframework.stereotype.Service;
 */
@Service
public class UserService implements UserDetailsService {
    @Autowired
    private EmployeeFeign employeeFeign;
    @Override
    public UserDetails loadUserByUsername(String s) throws UsernameNotFoundException {
    public UserDetails loadUserByUsername(String userName) throws UsernameNotFoundException {
        Envelop user= employeeFeign.getEmployeeByAccount(userName);
        return null;
    }
}

web-gateway/src/main/java/com/yihu/jw/controller/login/LoginController.java

@@ -1,12 +1,9 @@
package com.yihu.jw.controller.login;
import com.yihu.jw.restmodel.common.Envelop;
import com.yihu.jw.config.security.roleService.UserService;
import io.swagger.annotations.Api;
import io.swagger.annotations.ApiOperation;
import io.swagger.annotations.ApiParam;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.cloud.sleuth.Tracer;
import org.springframework.http.MediaType;
import org.springframework.web.bind.annotation.*;
/**
@@ -17,18 +14,20 @@ import org.springframework.web.bind.annotation.*;
public class LoginController {
    @Autowired
    private Tracer tracer;
    @Autowired
    private UserService userService;
    @GetMapping(value = "/employLogin", consumes = MediaType.APPLICATION_JSON_UTF8_VALUE)
    @ApiOperation(value = "患者登陆", notes = "患者登陆")
    public Envelop employLogin(
            @ApiParam(name = "account", value = "账号", defaultValue = "")
            @RequestParam(name = "account", required = true) String account,
            @ApiParam(name = "password", value = "密码", defaultValue = "")
            @RequestParam(name = "password", required = true) String password,
            @ApiParam(name = "type", value = "登陆方式(默认1)：1账号密码 2账号验证码", defaultValue = "")
            @RequestParam(name = "type", required = false, defaultValue = "1") Integer type) throws Exception {
        return null;
    }
//    @GetMapping(value = "/employLogin", consumes = MediaType.APPLICATION_JSON_UTF8_VALUE)
//    @ApiOperation(value = "患者登陆", notes = "患者登陆")
//    public Envelop employLogin(
//            @ApiParam(name = "account", value = "账号", defaultValue = "")
//            @RequestParam(name = "account", required = true) String account,
//            @ApiParam(name = "password", value = "密码", defaultValue = "")
//            @RequestParam(name = "password", required = true) String password,
//            @ApiParam(name = "type", value = "登陆方式(默认1)：1账号密码 2账号验证码", defaultValue = "")
//            @RequestParam(name = "type", required = false, defaultValue = "1") Integer type) throws Exception {
//
//        return null;
//    }
}

web-gateway/src/main/java/com/yihu/jw/feign/base/user/EmployeeFeign.java

@@ -1,11 +1,13 @@
package com.yihu.jw.feign.base.user;
import com.yihu.jw.feign.fallbackfactory.base.base.SaasFeignFallbackFactory;
import com.yihu.jw.feign.fallbackfactory.base.user.EmployeeFeignFallbackFactory;
import com.yihu.jw.restmodel.CommonContants;
import com.yihu.jw.restmodel.common.Envelop;
import com.yihu.jw.rm.base.BaseRequestMapping;
import org.springframework.cloud.netflix.feign.FeignClient;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam;
/**
 * Created by chenweida on 2017/11/29.
@@ -17,4 +19,7 @@ import org.springframework.web.bind.annotation.RequestMapping;
@RequestMapping(value = BaseRequestMapping.api_base_common)
public interface EmployeeFeign {
    @RequestMapping(value = BaseRequestMapping.Employee.api_getEmployeeByAccount, method = RequestMethod.GET)
    Envelop getEmployeeByAccount(@RequestParam(value = "userAccount",required = true)String userAccount);
}