Bu işlem " common-security使用说明"
sayfasını silecektir. Lütfen emin olun.
spring-cloud-starter-oauth2 1.2.0
spring-security 4.2.3
spring-boot-starter-data-redis 4.5.3
相关资料:
https://docs.spring.io/spring-security/site/docs/current/reference/htmlsingle/
<dependency>
<groupId>com.yihu.base</groupId>
<artifactId>common-security</artifactId>
<version>${版本以项目中最新的版本为主}</version>
</dependency>
spring:
redis:
host: 172.19.103.88 # Redis server host.
port: 6379 # Redis server port.
database: 1
aop:
proxy-target-class: true
security:
oauth2:
token:
accessTokenValidityHours: 2 # 2小时
refreshTokenValidityHours: 2 # 2小时
tokenType: accessToken
sms:
expireIn: 1 ##1分钟过期
length: 6 #验证码长度
例 实现接口 com.yihu.base.security.rbas.ClientServiceProvider
@Component("baseClientDetailsService")
public class ClientService implements ClientServiceProvider {
/**
* 根据自己的业务查询表 返回相关的平台用户信息
* @param clientId
* @return
* @throws ClientRegistrationException
*/
@Override
public ClientDetails loadClientByClientId(String clientId) throws ClientRegistrationException {
// SaasDO saasDO = saasDao.findByAppId(clientId);
// if (saasDO == null) {
// throw new ClientRegistrationException("用户没有注册");
// }
SaasDO baseClientDetails = new SaasDO();
baseClientDetails.setAppId("cwd");
baseClientDetails.setAppSecret("cwd");
baseClientDetails.getAuthorizedGrantTypes();
return baseClientDetails;
}
}
例 实现接口 org.springframework.security.core.userdetails.UserDetailsService
@Component
public class UserService implements UserDetailsService {
@Autowired
private PasswordEncoder passwordEncoder;
/**
* 我们只需要把用户返回给spring-security 密码框架自己帮我们校验
*
* @param userName
* @return
* @throws UsernameNotFoundException
*/
@Override
public UserDetails loadUserByUsername(String userName) throws UsernameNotFoundException {
if ("admin".equals(userName)) {
System.out.printf("password:" + passwordEncoder.encode("123456"));
return new User("admin",
passwordEncoder.encode("123456"),
true,
true,
true,
true
, AuthorityUtils.commaSeparatedStringToAuthorityList("admin,ROLE_USER") //权限
);
} else if ((!StringUtils.isEmpty(userName))&&userName.length() == 11) {
System.out.printf("password:" + passwordEncoder.encode("123456"));
return new User("admin",
passwordEncoder.encode("123456"),
true,
true,
true,
true
, AuthorityUtils.commaSeparatedStringToAuthorityList("admin,ROLE_USER") //权限
);
} else {
throw new UsernameNotFoundException("用户不存在");
}
}
}
例 实现接口 com.yihu.base.security.rbas.IRbasService
@Primary
@Service("rbasService")
public class RbasService implements IRbasService {
private AntPathMatcher antPathMatcher = new AntPathMatcher();
@Override
public Boolean hasPerssion(HttpServletRequest request, Authentication authentication) {
Object principal = authentication.getPrincipal();
boolean hasPerssion = false;
if (principal instanceof UserDetails) {
//获取用户名字
String username = ((UserDetails) principal).getUsername();
//获取用户全部权限
Set<String> uris = new HashSet<>();
for (String uri : uris) {
if (antPathMatcher.match(uri, request.getRequestURI())) {
hasPerssion = true;
break;
}
}
}
return hasPerssion;
}
}
例 实现接口 com.yihu.base.security.sms.sender.SmsCodeSender
@Service
@Primary
public class MySmsCodeSender implements SmsCodeSender {
@Override
public void send(String mobile, String code) {
System.out.println("发送号码:"+mobile);
System.out.println("发送验证码:"+code);
}
}
例如
@Component
@Order(Integer.MIN_VALUE)
public class PerssionAllAuthorizeConfigProvider implements AuthorizeConfigProvider {
@Override
public void config(ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry expressionInterceptUrlRegistry) {
expressionInterceptUrlRegistry
.antMatchers(
SecurityProperties.formLogin,
SecurityProperties.formLoginPage,
SecurityProperties.mobileLogin,
SecurityProperties.mobileSendSms
).permitAll();
}
}
注:
1. 获取客户端的实现逻辑结合自己的客户端用户体系实现 (com.yihu.base.security.rbas.ClientServiceProvider)
获取code
GET http://localhost:8060/oauth/authorize?response_type=code&client_id=cwd&redirect_uri=http://example.com&scope=app
参数说明:
response_type=code 固定
client_id=cwd 根据用户表中自己定义的填写
redirect_uri=http://example.com 根据用户表中自己定义的填写
scope=app 固定
获取token
PSOT http://localhost:8060/oauth/token
header: Basic {appid}:{appsecuri} 加密 例如 Basic Y3dkOmN3ZA==
{
"grant_type":"authorization_code", 授权模式固定
"client_id":"cwd",
"code":"第一步请求获取的code",
"redirect_uri":"http://example.com",
"scope":"app"
}
返回值
{
"access_token":"bd677e24-2de5-4862-a5e1-8f90a074db42", 默认2小时过期时间 可以配置 ,由于每次请求都需要验证access_token,所以access_token存储在redis
"token_type":"bearer",
"refresh_token":"1427b997-ef94-4061-8940-c71da6549acd", 默认2小时过期时间 可以配置
"expires_in":43199,
"scope":"all"
}
POST http://localhost:8060/oauth/token
header: Basic {appid}:{appsecuri} 加密 例如 Basic Y3dkOmN3ZA==
{
"grant_type":"refresh_token",
"refresh_token":"bbb36b54-61b2-4d86-aed3-91c5135174c3"
}
返回值
{
"access_token":"630e2ccc-a5ce-4486-a855-ba755eb3d0d2",
"token_type":"bearer",
"refresh_token":"bbb36b54-61b2-4d86-aed3-91c5135174c3",
"expires_in":43199,
"scope":"app"
}
注:
1. 获取用户的实现逻辑结合自己的用户体系实现 (org.springframework.security.core.userdetails.UserDetailsService)
POST http://localhost:8060/authentication/form
header: Basic {appid}:{appsecuri} 加密 例如 Basic Y3dkOmN3ZA==
body
{
"username":"test",
"password":"123456"
}
返回值
{
"access_token":"630e2ccc-a5ce-4486-a855-ba755eb3d0d2",
"token_type":"bearer",
"refresh_token":"bbb36b54-61b2-4d86-aed3-91c5135174c3",
"expires_in":43199,
"scope":"app"
}
获取短信 注
GET http://localhost:8060/code/sms
body
{
"mobile":"13612345678"
}
POST http://localhost:8060/authentication/mobile 1. 短信登陆成功验证码会从redis删除
header: Basic {appid}:{appsecuri} 加密 例如 Basic Y3dkOmN3ZA==
body
{
"mobile":"test",
"sms":"246053"
}
返回值
{
"access_token":"630e2ccc-a5ce-4486-a855-ba755eb3d0d2",
"token_type":"bearer",
"refresh_token":"bbb36b54-61b2-4d86-aed3-91c5135174c3",
"expires_in":43199,
"scope":"app"
}
header
{
"Authorization":"bearer 5fe6b2c3-f69c-4ddc-a36a-367cdf9479a3" 即 bearer accesstoken
}
Bu işlem " common-security使用说明"
sayfasını silecektir. Lütfen emin olun.