diff --git a/build.gradle b/build.gradle index 0d028c9..977a6ba 100644 --- a/build.gradle +++ b/build.gradle @@ -23,6 +23,9 @@ repositories { dependencies { implementation 'org.springframework.boot:spring-boot-starter-data-jpa' implementation 'org.springframework.boot:spring-boot-starter-security' + implementation 'org.springframework.security.oauth:spring-security-oauth2:2.4.0.RELEASE' + compile group: 'org.springframework.security', name: 'spring-security-jwt', version: '1.1.0.RELEASE' + implementation 'org.springframework.boot:spring-boot-starter-web' implementation 'org.springframework.boot:spring-boot-starter-data-redis' implementation 'org.springframework.boot:spring-boot-starter-thymeleaf' diff --git a/src/main/java/com/aiprose/scauth/conf/AuthcServerConfig.java b/src/main/java/com/aiprose/scauth/conf/AuthcServerConfig.java new file mode 100644 index 0000000..44db87c --- /dev/null +++ b/src/main/java/com/aiprose/scauth/conf/AuthcServerConfig.java @@ -0,0 +1,70 @@ +package com.aiprose.scauth.conf; + +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; +import org.springframework.security.authentication.AuthenticationManager; +import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer; +import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter; +import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer; +import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer; +import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer; +import org.springframework.security.oauth2.provider.token.store.InMemoryTokenStore; +import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter; + +/** + * @author nelson + * @desc TODO + * @company 北京中经网软件有限公司 + * @date 2020/11/30 11:10 + * @since 1.0 + */ +@Configuration +@EnableAuthorizationServer +public class AuthcServerConfig extends AuthorizationServerConfigurerAdapter { + + @Autowired + private AuthenticationManager authenticationManager; + + + /** + * 配置一个客户端 + * + * 既可以通过授权码方式获取令牌,也可以通过密码方式获取令牌 + */ + @Override + public void configure(ClientDetailsServiceConfigurer clients) throws Exception { + clients.inMemory() + .withClient("clientId") + .secret("secret") + .authorizedGrantTypes("authorization_code","password","refresh_token") + .scopes("all") + .redirectUris("http://localhost:8015/"); + } + + /** 配置token管理 */ + @Override + public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception { + endpoints.tokenStore(new InMemoryTokenStore()) + .accessTokenConverter(accessTokenConverter()) + .authenticationManager(authenticationManager) + .reuseRefreshTokens(false); + } + + /** 配置jwt转换器 */ + @Bean + public JwtAccessTokenConverter accessTokenConverter() { + JwtAccessTokenConverter converter = new JwtAccessTokenConverter(); + converter.setSigningKey("secret"); + return converter; + } + + + + @Override + public void configure(AuthorizationServerSecurityConfigurer security) throws Exception { + security.tokenKeyAccess("permitAll()") //允许所有人请求令牌 + .checkTokenAccess("isAuthenticated()") //已验证的客户端才能请求check_token端点 + .allowFormAuthenticationForClients(); + } +} diff --git a/src/main/java/com/aiprose/scauth/conf/WebAuthcSecurityConfig.java b/src/main/java/com/aiprose/scauth/conf/WebAuthcSecurityConfig.java new file mode 100644 index 0000000..8a21301 --- /dev/null +++ b/src/main/java/com/aiprose/scauth/conf/WebAuthcSecurityConfig.java @@ -0,0 +1,89 @@ +package com.aiprose.scauth.conf; + +import com.aiprose.scauth.entity.User; +import com.aiprose.scauth.filter.JWTAuthenticationFilter; +import com.aiprose.scauth.handler.*; +import com.aiprose.scauth.service.IUserService; +import org.apache.commons.lang3.StringUtils; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; +import org.springframework.security.authentication.AuthenticationManager; +import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; +import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity; +import org.springframework.security.config.annotation.web.builders.HttpSecurity; +import org.springframework.security.config.annotation.web.builders.WebSecurity; +import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; +import org.springframework.security.config.http.SessionCreationPolicy; +import org.springframework.security.core.userdetails.UserDetailsService; +import org.springframework.security.core.userdetails.UsernameNotFoundException; +import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; +import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; +import org.springframework.web.servlet.config.annotation.CorsRegistry; +import org.springframework.web.servlet.config.annotation.WebMvcConfigurer; + +/** + * @author nelson + * @desc script配置 + * @company 北京中经网软件有限公司 + * @date 2020/11/27 15:32 + * @since 1.0 + */ +@Configuration +@EnableGlobalMethodSecurity(securedEnabled = true, prePostEnabled = true, jsr250Enabled = true) +public class WebAuthcSecurityConfig extends WebSecurityConfigurerAdapter { + @Autowired + private IUserService userService; + + @Override + public void configure(WebSecurity web) throws Exception { + web.ignoring().antMatchers("/v3/api-docs/**", "/swagger-resources/**", "/swagger-ui/**","/swagger-ui/index.html"); + } + + @Override + protected void configure(HttpSecurity http) throws Exception { + http.cors().and().csrf().disable(); + + // 授权配置 + http.authorizeRequests().antMatchers("/oauth/**").permitAll().anyRequest().authenticated(); + // 配置登录 + http.formLogin().permitAll(); + + //登录过期、 未登录 + http.exceptionHandling().authenticationEntryPoint(new LoginExpireHandler()); + // 配置登录失败后的操作 + http.formLogin().failureHandler(new LoginFailureHandler()); + // 配置登录成功后的操作 + http.formLogin().successHandler(new LoginSuccessHandler()); + + //权限不足 + http.exceptionHandling().accessDeniedHandler(new AuthLimitHandler()); + + // 登出授权 +// http.logout().permitAll(); + http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS); + /* 配置token验证过滤器 */ +// http.addFilterBefore(new JWTAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class); + } + + @Override + protected void configure(AuthenticationManagerBuilder auth) throws Exception { + auth.userDetailsService(userDetailsService()).passwordEncoder(new BCryptPasswordEncoder()); + } + + @Bean + public WebMvcConfigurer corsConfigurer() { + return new WebMvcConfigurer() { + @Override + public void addCorsMappings(CorsRegistry registry) { + registry.addMapping("/**"); + } + }; + } + + @Bean + @Override + public AuthenticationManager authenticationManagerBean() throws Exception { + return super.authenticationManagerBean(); + } +} diff --git a/src/main/java/com/aiprose/scauth/conf/WebSecurityConfig.java b/src/main/java/com/aiprose/scauth/conf/WebSecurityConfig.java index aaa7c00..f22b8f6 100644 --- a/src/main/java/com/aiprose/scauth/conf/WebSecurityConfig.java +++ b/src/main/java/com/aiprose/scauth/conf/WebSecurityConfig.java @@ -39,8 +39,8 @@ import java.util.List; * @date 2020/11/27 15:32 * @since 1.0 */ -@Configuration -@EnableGlobalMethodSecurity(securedEnabled = true, prePostEnabled = true, jsr250Enabled = true) +//@Configuration +//@EnableGlobalMethodSecurity(securedEnabled = true, prePostEnabled = true, jsr250Enabled = true) public class WebSecurityConfig extends WebSecurityConfigurerAdapter { @Autowired private IUserService userService;