From 6a5583b5f280b99c9f05fc18589d9a951b1f9248 Mon Sep 17 00:00:00 2001 From: lh <2230001567@qq.com> Date: Sun, 20 Feb 2022 15:01:58 +0800 Subject: [PATCH 1/2] =?UTF-8?q?=E6=95=B0=E6=8D=AE=E5=BA=93=E6=9F=A5?= =?UTF-8?q?=E8=AF=A2?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- sso-auth-server/pom.xml | 11 ++++ .../authserver/SsoAuthServerApplication.java | 2 + .../AuthorizationServerConfiguration.java | 19 ++++-- .../confg/WebSecurityConfiguration.java | 28 ++------- .../sso/authserver/mapper/UserInfoMapper.java | 26 ++++++++ .../sample/sso/authserver/model/Menu.java | 32 ++++++++++ .../sample/sso/authserver/model/Role.java | 22 +++++++ .../sample/sso/authserver/model/Users.java | 31 ++++++++++ .../service/MyUserDetailsService.java | 61 +++++++++++++++++++ .../src/main/resources/application.yml | 8 +++ .../main/resources/mapper/UserInfoMapper.xml | 20 ++++++ 11 files changed, 231 insertions(+), 29 deletions(-) create mode 100644 sso-auth-server/src/main/java/org/xbdframework/sample/sso/authserver/mapper/UserInfoMapper.java create mode 100644 sso-auth-server/src/main/java/org/xbdframework/sample/sso/authserver/model/Menu.java create mode 100644 sso-auth-server/src/main/java/org/xbdframework/sample/sso/authserver/model/Role.java create mode 100644 sso-auth-server/src/main/java/org/xbdframework/sample/sso/authserver/model/Users.java create mode 100644 sso-auth-server/src/main/java/org/xbdframework/sample/sso/authserver/service/MyUserDetailsService.java create mode 100644 sso-auth-server/src/main/resources/mapper/UserInfoMapper.xml diff --git a/sso-auth-server/pom.xml b/sso-auth-server/pom.xml index 19cbb68..70a415c 100644 --- a/sso-auth-server/pom.xml +++ b/sso-auth-server/pom.xml @@ -35,6 +35,17 @@ spring-boot-starter-security + + mysql + mysql-connector-java + + + + com.baomidou + mybatis-plus-boot-starter + 3.4.0 + + org.springframework.security.oauth.boot spring-security-oauth2-autoconfigure diff --git a/sso-auth-server/src/main/java/org/xbdframework/sample/sso/authserver/SsoAuthServerApplication.java b/sso-auth-server/src/main/java/org/xbdframework/sample/sso/authserver/SsoAuthServerApplication.java index 7c4560f..4673441 100644 --- a/sso-auth-server/src/main/java/org/xbdframework/sample/sso/authserver/SsoAuthServerApplication.java +++ b/sso-auth-server/src/main/java/org/xbdframework/sample/sso/authserver/SsoAuthServerApplication.java @@ -1,11 +1,13 @@ package org.xbdframework.sample.sso.authserver; +import org.mybatis.spring.annotation.MapperScan; import org.springframework.boot.SpringApplication; import org.springframework.boot.autoconfigure.SpringBootApplication; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; @EnableWebSecurity @SpringBootApplication +@MapperScan("org.xbdframework.sample.sso.authserver.mapper") public class SsoAuthServerApplication { public static void main(String[] args) { diff --git a/sso-auth-server/src/main/java/org/xbdframework/sample/sso/authserver/confg/AuthorizationServerConfiguration.java b/sso-auth-server/src/main/java/org/xbdframework/sample/sso/authserver/confg/AuthorizationServerConfiguration.java index a4adaee..b665268 100644 --- a/sso-auth-server/src/main/java/org/xbdframework/sample/sso/authserver/confg/AuthorizationServerConfiguration.java +++ b/sso-auth-server/src/main/java/org/xbdframework/sample/sso/authserver/confg/AuthorizationServerConfiguration.java @@ -22,27 +22,33 @@ public class AuthorizationServerConfiguration extends AuthorizationServerConfigu @Autowired private PasswordEncoder passwordEncoder; + //用来配置令牌端点的安全约束 @Override public void configure(AuthorizationServerSecurityConfigurer security) throws Exception { - security.allowFormAuthenticationForClients() - .tokenKeyAccess("isAuthenticated()"); + security + .tokenKeyAccess("permitAll()") //oauth/token_key是公开 + .checkTokenAccess("permitAll()") //oauth/check_token公开 + .allowFormAuthenticationForClients();//表单认证(申请令牌) } + //客户端详情服务 @Override public void configure(ClientDetailsServiceConfigurer clients) throws Exception { clients.withClientDetails(inMemoryClientDetailsService()); } + /// 使用in-memory存储 @Bean public ClientDetailsService inMemoryClientDetailsService() throws Exception { return new InMemoryClientDetailsServiceBuilder() // client oa application - .withClient("oa") - .secret(passwordEncoder.encode("oa_secret")) - .scopes("all") + .withClient("oa")// client_id 客户端标识 + .secret(passwordEncoder.encode("oa_secret"))////客户端密钥 + .scopes("all")// 允许的授权范围 + // 该client允许的授权类型authorization_code,password,refresh_token,implicit,client_credentials .authorizedGrantTypes("authorization_code", "refresh_token") - .redirectUris("http://localhost:8080/oa/login", "http://www.baidu.com") + .redirectUris("http://localhost:8080/oa/login", "http://www.baidu.com")//加上验证回调地址 .accessTokenValiditySeconds(7200) .autoApprove(true) @@ -61,6 +67,7 @@ public class AuthorizationServerConfiguration extends AuthorizationServerConfigu .build(); } + //令牌访问端点:用来配置令牌(token)的访问端点和令牌服务(token services) @Override public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception { endpoints.accessTokenConverter(jwtAccessTokenConverter()) diff --git a/sso-auth-server/src/main/java/org/xbdframework/sample/sso/authserver/confg/WebSecurityConfiguration.java b/sso-auth-server/src/main/java/org/xbdframework/sample/sso/authserver/confg/WebSecurityConfiguration.java index b715ff1..f698bef 100644 --- a/sso-auth-server/src/main/java/org/xbdframework/sample/sso/authserver/confg/WebSecurityConfiguration.java +++ b/sso-auth-server/src/main/java/org/xbdframework/sample/sso/authserver/confg/WebSecurityConfiguration.java @@ -14,6 +14,7 @@ import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import org.springframework.security.crypto.password.PasswordEncoder; import org.springframework.security.provisioning.InMemoryUserDetailsManager; +import javax.annotation.Resource; import java.util.ArrayList; import java.util.Collection; import java.util.List; @@ -21,9 +22,12 @@ import java.util.List; @Configuration public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter { + @Resource + private UserDetailsService userDetailsService; + @Override protected void configure(AuthenticationManagerBuilder auth) throws Exception { - auth.userDetailsService(userDetailsServiceBean()).passwordEncoder(passwordEncoder()); + auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder()); } @Override @@ -43,28 +47,6 @@ public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter { .and().csrf().disable().cors(); } - @Bean - @Override - public UserDetailsService userDetailsServiceBean() { - Collection users = buildUsers(); - - return new InMemoryUserDetailsManager(users); - } - - private Collection buildUsers() { - String password = passwordEncoder().encode("123456"); - - List users = new ArrayList<>(); - - UserDetails user_admin = User.withUsername("admin").password(password).authorities("ADMIN", "USER").build(); - UserDetails user_user1 = User.withUsername("user 1").password(password).authorities("USER").build(); - - users.add(user_admin); - users.add(user_user1); - - return users; - } - @Bean public PasswordEncoder passwordEncoder() { return new BCryptPasswordEncoder(); diff --git a/sso-auth-server/src/main/java/org/xbdframework/sample/sso/authserver/mapper/UserInfoMapper.java b/sso-auth-server/src/main/java/org/xbdframework/sample/sso/authserver/mapper/UserInfoMapper.java new file mode 100644 index 0000000..5f32077 --- /dev/null +++ b/sso-auth-server/src/main/java/org/xbdframework/sample/sso/authserver/mapper/UserInfoMapper.java @@ -0,0 +1,26 @@ +package org.xbdframework.sample.sso.authserver.mapper; + + + +import com.baomidou.mybatisplus.core.mapper.BaseMapper; +import org.xbdframework.sample.sso.authserver.model.Menu; +import org.xbdframework.sample.sso.authserver.model.Role; +import org.xbdframework.sample.sso.authserver.model.Users; + +import java.util.List; + +public interface UserInfoMapper extends BaseMapper { + /** + * 根据用户 Id 查询用户角色 + * @param id + * @return + */ + List selectRoleByUserId(Integer id); + /** + * 根据用户 Id 查询菜单 + * @param id + * @return + */ + List selectMenuByUserId(Integer id); + +} diff --git a/sso-auth-server/src/main/java/org/xbdframework/sample/sso/authserver/model/Menu.java b/sso-auth-server/src/main/java/org/xbdframework/sample/sso/authserver/model/Menu.java new file mode 100644 index 0000000..367f80c --- /dev/null +++ b/sso-auth-server/src/main/java/org/xbdframework/sample/sso/authserver/model/Menu.java @@ -0,0 +1,32 @@ +package org.xbdframework.sample.sso.authserver.model; + +public class Menu { + private Integer id; + private String name; + private String permission; + + public Integer getId() { + return id; + } + + public void setId(Integer id) { + this.id = id; + } + + public String getName() { + return name; + } + + public void setName(String name) { + this.name = name; + } + + public String getPermission() { + return permission; + } + + public void setPermission(String permission) { + this.permission = permission; + } +} + diff --git a/sso-auth-server/src/main/java/org/xbdframework/sample/sso/authserver/model/Role.java b/sso-auth-server/src/main/java/org/xbdframework/sample/sso/authserver/model/Role.java new file mode 100644 index 0000000..0969db1 --- /dev/null +++ b/sso-auth-server/src/main/java/org/xbdframework/sample/sso/authserver/model/Role.java @@ -0,0 +1,22 @@ +package org.xbdframework.sample.sso.authserver.model; + +public class Role { + private Integer id; + private String name; + + public String getName() { + return name; + } + + public void setName(String name) { + this.name = name; + } + + public Integer getId() { + return id; + } + + public void setId(Integer id) { + this.id = id; + } +} diff --git a/sso-auth-server/src/main/java/org/xbdframework/sample/sso/authserver/model/Users.java b/sso-auth-server/src/main/java/org/xbdframework/sample/sso/authserver/model/Users.java new file mode 100644 index 0000000..d955313 --- /dev/null +++ b/sso-auth-server/src/main/java/org/xbdframework/sample/sso/authserver/model/Users.java @@ -0,0 +1,31 @@ +package org.xbdframework.sample.sso.authserver.model; + +public class Users { + private Integer id; + private String username; + private String password; + + public Integer getId() { + return id; + } + + public void setId(Integer id) { + this.id = id; + } + + public String getUsername() { + return username; + } + + public void setUsername(String username) { + this.username = username; + } + + public String getPassword() { + return password; + } + + public void setPassword(String password) { + this.password = password; + } +} diff --git a/sso-auth-server/src/main/java/org/xbdframework/sample/sso/authserver/service/MyUserDetailsService.java b/sso-auth-server/src/main/java/org/xbdframework/sample/sso/authserver/service/MyUserDetailsService.java new file mode 100644 index 0000000..5c036bf --- /dev/null +++ b/sso-auth-server/src/main/java/org/xbdframework/sample/sso/authserver/service/MyUserDetailsService.java @@ -0,0 +1,61 @@ +package org.xbdframework.sample.sso.authserver.service; + + +import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper; +import org.springframework.security.core.GrantedAuthority; +import org.springframework.security.core.authority.SimpleGrantedAuthority; +import org.springframework.security.core.userdetails.User; +import org.springframework.security.core.userdetails.UserDetails; +import org.springframework.security.core.userdetails.UserDetailsService; +import org.springframework.security.core.userdetails.UsernameNotFoundException; +import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; +import org.springframework.stereotype.Service; +import org.xbdframework.sample.sso.authserver.mapper.UserInfoMapper; +import org.xbdframework.sample.sso.authserver.model.Menu; +import org.xbdframework.sample.sso.authserver.model.Role; +import org.xbdframework.sample.sso.authserver.model.Users; + +import javax.annotation.Resource; +import java.util.ArrayList; +import java.util.List; + +@Service("userDetailsService") +public class MyUserDetailsService implements UserDetailsService { + + @Resource + private UserInfoMapper userInfoMapper; + + @Override + public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException { + //根据用户名查询数据库 + QueryWrapper wrapper = new QueryWrapper<>(); + wrapper.eq("username",username); + Users users = userInfoMapper.selectOne(wrapper); + if (users == null){ + throw new UsernameNotFoundException("用户不存在!"); + } + + //获得用户角色,菜单列表 + List roles = userInfoMapper.selectRoleByUserId(users.getId()); + List menus = userInfoMapper.selectMenuByUserId(users.getId()); + + //声明一个权限集合List + List authorityList = new ArrayList<>(); + //加入角色 + for (Role role : roles) { + SimpleGrantedAuthority simpleGrantedAuthority = new SimpleGrantedAuthority("ROLE_" + role.getName()); + authorityList.add(simpleGrantedAuthority); + } + //加入权限 + for (Menu menu : menus) { + SimpleGrantedAuthority simpleGrantedAuthority = new SimpleGrantedAuthority(menu.getPermission()); + authorityList.add(simpleGrantedAuthority); + } + /* + * 参数一 用户名 + * 参数二 加密后的密码 + * 参数三 权限集合 + * */ + return new User(users.getUsername(),new BCryptPasswordEncoder().encode(users.getPassword()),authorityList); + } +} diff --git a/sso-auth-server/src/main/resources/application.yml b/sso-auth-server/src/main/resources/application.yml index bd653a8..2758ab0 100644 --- a/sso-auth-server/src/main/resources/application.yml +++ b/sso-auth-server/src/main/resources/application.yml @@ -5,6 +5,12 @@ spring: application: name: auth server application version: 1.0 + datasource: + username: root + password: 7357 + url: jdbc:mysql://localhost:3306/java?serverTimezone=GMT%2B8 + driver-class-name: com.mysql.cj.jdbc.Driver + oa: profile-uri: http://localhost:8080/oa/system/profile @@ -12,5 +18,7 @@ oa: crm: profile-uri: http://localhost:8090/crm/system/profile +mybatis-plus: + config-location:mapper/*.xml diff --git a/sso-auth-server/src/main/resources/mapper/UserInfoMapper.xml b/sso-auth-server/src/main/resources/mapper/UserInfoMapper.xml new file mode 100644 index 0000000..6c2182c --- /dev/null +++ b/sso-auth-server/src/main/resources/mapper/UserInfoMapper.xml @@ -0,0 +1,20 @@ + + + + + + + + + + + -- Gitee From 54241f64e9eea47f18d43dbd5344f684eb85adac Mon Sep 17 00:00:00 2001 From: lh <2230001567@qq.com> Date: Sun, 20 Feb 2022 15:21:21 +0800 Subject: [PATCH 2/2] =?UTF-8?q?=E6=95=B0=E6=8D=AE=E5=BA=93=E6=9F=A5?= =?UTF-8?q?=E8=AF=A2?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../sample/sso/authserver/SsoAuthServerApplication.java | 1 + 1 file changed, 1 insertion(+) diff --git a/sso-auth-server/src/main/java/org/xbdframework/sample/sso/authserver/SsoAuthServerApplication.java b/sso-auth-server/src/main/java/org/xbdframework/sample/sso/authserver/SsoAuthServerApplication.java index 4673441..c84835c 100644 --- a/sso-auth-server/src/main/java/org/xbdframework/sample/sso/authserver/SsoAuthServerApplication.java +++ b/sso-auth-server/src/main/java/org/xbdframework/sample/sso/authserver/SsoAuthServerApplication.java @@ -7,6 +7,7 @@ import org.springframework.security.config.annotation.web.configuration.EnableWe @EnableWebSecurity @SpringBootApplication + @MapperScan("org.xbdframework.sample.sso.authserver.mapper") public class SsoAuthServerApplication { -- Gitee