支持SSO单点登录

README.md

@@ -12,6 +12,7 @@ pig
 ├── pig-gateway -- ZUUL网关[9999]
 ├── pig-modules -- 微服务模块
 ├    ├── pig-mc-service -- 消息中心[4050]
+├    ├── pig-sso-client-demo -- 单点登录客户端示例[4040]
 ├    └── pig-upms-service -- 权限管理提供[4000]
 └── pig-visual  -- 图形化模块 
      ├── pig-monitor -- 服务状态监控、turbine [5001]
@@ -20,6 +21,7 @@ pig
 ```
 ###  已完成功能
 - 完善登录：账号密码模式、短信验证码模式、社交账号模式均整合Spring security oAuth
+- 单点登录：基于Srping security oAuth 提供单点登录接口，方便其他系统对接
 - 用户管理：用户是系统操作者，该功能主要完成系统用户配置。
 - 机构管理：配置系统组织机构（公司、部门、小组），树结构展现，可随意调整上下级。
 - 菜单管理：配置系统菜单，操作权限，按钮权限标识等。

pig-auth/src/main/java/com/github/pig/auth/config/PigAuthorizationConfig.java

@@ -51,7 +51,7 @@ public class PigAuthorizationConfig extends AuthorizationServerConfigurerAdapter
         clients.inMemory()
                 .withClient(authServerConfig.getClientId())
                 .secret(authServerConfig.getClientSecret())
-                .authorizedGrantTypes(SecurityConstants.REFRESH_TOKEN, SecurityConstants.PASSWORD)
+                .authorizedGrantTypes(SecurityConstants.REFRESH_TOKEN, SecurityConstants.PASSWORD,SecurityConstants.AUTHORIZATION_CODE)
                 .scopes(authServerConfig.getScope());
     }
 
@@ -70,7 +70,7 @@ public class PigAuthorizationConfig extends AuthorizationServerConfigurerAdapter
     public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
         security
                 .allowFormAuthenticationForClients()
-                .tokenKeyAccess("permitAll()")
+                .tokenKeyAccess("isAuthenticated()")
                 .checkTokenAccess("permitAll()");
     }
 

pig-auth/src/main/java/com/github/pig/auth/util/UserDetailsImpl.java

@@ -37,6 +37,7 @@ public class UserDetailsImpl implements UserDetails {
         for (SysRole role : roleList) {
             authorityList.add(new SimpleGrantedAuthority(role.getRoleCode()));
         }
+        authorityList.add(new SimpleGrantedAuthority("ROLE_USER"));
         return authorityList;
     }
 

pig-common/src/main/java/com/github/pig/common/constant/SecurityConstants.java

@@ -5,6 +5,10 @@ package com.github.pig.common.constant;
  * @date 2017-12-18
  */
 public interface SecurityConstants {
+    /**
+     * 授权码模式
+     */
+    String AUTHORIZATION_CODE = "authorization_code";
     /**
      * 密码模式
      */

pig-gateway/src/main/java/com/github/pig/gateway/componet/fallback/AuthFallbackProvider.java

@@ -1,4 +1,4 @@
-package com.github.pig.gateway.componet;
+package com.github.pig.gateway.componet.fallback;
 
 import com.github.pig.common.constant.ServiceNameConstant;
 import lombok.extern.slf4j.Slf4j;
@@ -63,7 +63,7 @@ public class AuthFallbackProvider implements FallbackProvider {
 
     @Override
     public String getRoute() {
-        return ServiceNameConstant.UMPS_SERVICE;
+        return ServiceNameConstant.AUTH_SERVICE;
     }
 
     @Override

pig-gateway/src/main/java/com/github/pig/gateway/componet/fallback/RegistrySwaggerResourcesProvider.java

@@ -1,4 +1,4 @@
-package com.github.pig.gateway.componet;
+package com.github.pig.gateway.componet.fallback;
 
 import com.github.pig.common.constant.ServiceNameConstant;
 import org.apache.commons.lang.StringUtils;

pig-gateway/src/main/java/com/github/pig/gateway/componet/fallback/UpmsFallbackProvider.java

@@ -1,4 +1,4 @@
-package com.github.pig.gateway.componet;
+package com.github.pig.gateway.componet.fallback;
 
 import com.github.pig.common.constant.ServiceNameConstant;
 import lombok.extern.slf4j.Slf4j;

pig-gateway/src/main/java/com/github/pig/gateway/componet/handler/PigAccessDeniedHandler.java

@@ -1,4 +1,4 @@
-package com.github.pig.gateway.componet;
+package com.github.pig.gateway.componet.handler;
 
 import com.fasterxml.jackson.databind.ObjectMapper;
 import com.github.pig.common.constant.CommonConstant;

pig-gateway/src/main/java/com/github/pig/gateway/util/UserDetailsImpl.java

@@ -37,6 +37,7 @@ public class UserDetailsImpl implements UserDetails {
         for (SysRole role : roleList) {
             authorityList.add(new SimpleGrantedAuthority(role.getRoleCode()));
         }
+        authorityList.add(new SimpleGrantedAuthority("ROLE_USER"));
         return authorityList;
     }
 

pig-modules/pig-mc-service/pom.xml

@@ -33,8 +33,8 @@
             <groupId>com.aliyun.taobao</groupId>
             <artifactId>alidayu-sms</artifactId>
             <version>1.0</version>
-            <!--<scope>system</scope>-->
-            <!--<systemPath>${basedir}/src/main/resources/lib/alidayu-sms-1.0.jar</systemPath>-->
+            <scope>system</scope>
+            <systemPath>${basedir}/src/main/resources/lib/alidayu-sms-1.0.jar</systemPath>
         </dependency>
     </dependencies>
 

pig-modules/pig-sso-client-demo/pom.xml

@@ -0,0 +1,47 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+
+    <groupId>com.github.pig</groupId>
+    <artifactId>pig-sso-client-demo</artifactId>
+    <version>${pig.version}</version>
+    <packaging>jar</packaging>
+
+    <name>pig-sso-client-demo</name>
+    <description>单点登录客户端</description>
+
+    <parent>
+        <groupId>com.github.pig</groupId>
+        <artifactId>pig-modules</artifactId>
+        <version>${pig.version}</version>
+    </parent>
+
+    <dependencies>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-security</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.security.oauth</groupId>
+            <artifactId>spring-security-oauth2</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.security</groupId>
+            <artifactId>spring-security-jwt</artifactId>
+        </dependency>
+    </dependencies>
+
+    <build>
+        <plugins>
+            <plugin>
+                <groupId>org.springframework.boot</groupId>
+                <artifactId>spring-boot-maven-plugin</artifactId>
+                <configuration>
+                    <finalName>${project.name}</finalName>
+                </configuration>
+            </plugin>
+        </plugins>
+    </build>
+
+</project>

pig-modules/pig-sso-client-demo/src/main/java/com/github/pig/sso/DemoController.java

@@ -0,0 +1,18 @@
+package com.github.pig.sso.controller;
+
+import org.springframework.security.core.Authentication;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+/**
+ * @author lengleng
+ * @date 2018/1/27
+ * demo controller
+ */
+@RestController
+public class DemoController {
+    @GetMapping("/user")
+    public Authentication user(Authentication authentication) {
+        return authentication;
+    }
+}

pig-modules/pig-sso-client-demo/src/main/java/com/github/pig/sso/PigSsoClientDemoApplication.java

@@ -0,0 +1,21 @@
+package com.github.pig.sso;
+
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.boot.autoconfigure.security.oauth2.client.EnableOAuth2Sso;
+import org.springframework.cloud.client.discovery.EnableDiscoveryClient;
+
+/**
+ * @author lengleng
+ * @date 2018年01月27日13:00:09
+ * 单点登录客户端
+ */
+@EnableOAuth2Sso
+@SpringBootApplication
+public class PigSsoClientDemoApplication {
+
+    public static void main(String[] args) {
+        SpringApplication.run(PigSsoClientDemoApplication.class, args);
+    }
+
+}

pig-modules/pig-sso-client-demo/src/main/resources/application.yml

@@ -0,0 +1,48 @@
+server:
+  port: 4040
+
+security:
+  oauth2:
+    client:
+      client-id: pig
+      client-secret: pig
+      user-authorization-uri: http://localhost:3000/oauth/authorize
+      access-token-uri: http://localhost:3000/oauth/token
+      scope: server
+    resource:
+      jwt:
+        key-uri: http://localhost:3000/oauth/token_key
+  sessions: never
+
+spring:
+  application:
+    name: pig-sso-client-demo
+  profiles:
+    active: dev
+  redis:
+    remote: true        #是否是cachecloud 获取
+    host: 106.14.69.75
+    port: 6381
+    password:
+logging:
+  config: classpath:logback.xml
+
+---
+spring:
+  profiles: dev
+eureka:
+  instance:
+    prefer-ip-address: true
+  client:
+    serviceUrl:
+      defaultZone: http://pig:gip6666@localhost:1025/eureka
+
+---
+spring:
+  profiles: prd
+eureka:
+  instance:
+    prefer-ip-address: true
+  client:
+    serviceUrl:
+      defaultZone: http://pig:gip6666@pig-eureka:1025/eureka

pig-modules/pig-sso-client-demo/src/main/resources/logback.xml

@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<configuration scan="true" scanPeriod="30 seconds">
+
+    <contextListener class="ch.qos.logback.classic.jul.LevelChangePropagator">
+        <resetJUL>true</resetJUL>
+    </contextListener>
+
+    <property name="appname" value="pig"/>
+
+    <!--定义日志文件的存储地址 勿在 LogBack 的配置中使用相对路径 -->
+    <property name="LOG_HOME" value="logs/ev_cmdb"/>
+
+    <!-- 按照每天生成日志文件 -->
+    <appender name="file"
+              class="ch.qos.logback.core.rolling.RollingFileAppender">
+        <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+            <!--日志文件输出的文件名 -->
+            <FileNamePattern>${LOG_HOME}/${appname}.log.%d{yyyy-MM-dd}.log
+            </FileNamePattern>
+            <MaxHistory>30</MaxHistory>
+        </rollingPolicy>
+        <layout class="ch.qos.logback.classic.PatternLayout">
+            <!--格式化输出：%d表示日期，%thread表示线程名，%-5level：级别从左显示5个字符宽度%msg：日志消息，%n是换行符 -->
+            <pattern>%d{yyyy-MM-dd HH:mm:ss.SSS}  【%X{user}】[%thread] %-5level %logger{50} -%msg%n
+            </pattern>
+        </layout>
+        <!--日志文件最大的大小 -->
+        <triggeringPolicy
+                class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
+            <MaxFileSize>10MB</MaxFileSize>
+        </triggeringPolicy>
+    </appender>
+
+    <!-- To enable JMX Management -->
+    <jmxConfigurator/>
+
+    <appender name="console" class="ch.qos.logback.core.ConsoleAppender">
+        <encoder>
+            <pattern>%d{yyyy-MM-dd HH:mm:ss.SSS} 【%X{user}】 [%thread] %-5level %logger{36} -%msg%n</pattern>
+        </encoder>
+    </appender>
+
+    <logger name="com.github.pig" level="debug">
+        <!-- wenjie delete <appender-ref ref="file" /> <appender-ref ref="console"
+            /> -->
+    </logger>
+    <root level="DEBUG">
+        <!--
+        <appender-ref ref="file" />
+         -->
+        <appender-ref ref="console"/>
+    </root>
+</configuration>

pig-modules/pig-sso-client-demo/src/main/resources/static/index.html

@@ -0,0 +1,10 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <title>Title</title>
+</head>
+<body>
+    <a href="http://localhost:4040/user">hhhhhh</a>
+</body>
+</html>

pig-modules/pom.xml

@@ -21,6 +21,7 @@
 
     <modules>
         <module>pig-mc-service</module>
+        <module>pig-sso-client-demo</module>
         <module>pig-upms-service</module>
     </modules>