自定义oauth 支持短信登录

This commit is contained in:
wangiegie@gmail.com 2018-01-10 22:52:26 +08:00
parent 4b48de292e
commit a3c66b7ebf
23 changed files with 490 additions and 109 deletions

View File

@ -47,7 +47,6 @@ public class LogController extends BaseController {
*/ */
@DeleteMapping("/{id}") @DeleteMapping("/{id}")
public R<Boolean> delete(@PathVariable Integer id) { public R<Boolean> delete(@PathVariable Integer id) {
int o = 11 / 0;
return new R<>(sysLogService.updateByLogId(id)); return new R<>(sysLogService.updateByLogId(id));
} }
} }

View File

@ -104,7 +104,7 @@ public class UserController extends BaseController {
* @param userDto 用户信息 * @param userDto 用户信息
* @return R * @return R
*/ */
@ApiOperation(value="更新用户详细信息", notes="根据传过来的UserDto信息来更新用户详细信息") @ApiOperation(value = "更新用户详细信息", notes = "根据传过来的UserDto信息来更新用户详细信息")
@ApiImplicitParams({ @ApiImplicitParams({
@ApiImplicitParam(name = "userDto", value = "用户详细实体user", required = true, dataType = "UserDto") @ApiImplicitParam(name = "userDto", value = "用户详细实体user", required = true, dataType = "UserDto")
}) })
@ -125,6 +125,17 @@ public class UserController extends BaseController {
return userService.findUserByUsername(username); return userService.findUserByUsername(username);
} }
/**
* 通过手机号查询用户及其角色信息
*
* @param mobile 手机号
* @return UseVo 对象
*/
@GetMapping("/findUserByMobile/{mobile}")
public UserVo findUserByMobile(@PathVariable String mobile) {
return userService.findUserByMobile(mobile);
}
/** /**
* 分页查询用户 * 分页查询用户
* *

View File

@ -2,12 +2,15 @@ package com.github.pig.admin.controller;
import com.github.pig.admin.service.UserService; import com.github.pig.admin.service.UserService;
import com.github.pig.common.constant.SecurityConstants; import com.github.pig.common.constant.SecurityConstants;
import com.github.pig.common.util.Assert;
import com.github.pig.common.util.R;
import com.google.code.kaptcha.Producer; import com.google.code.kaptcha.Producer;
import org.apache.commons.io.IOUtils; import org.apache.commons.io.IOUtils;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller; import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PathVariable; import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.ResponseBody;
import javax.imageio.ImageIO; import javax.imageio.ImageIO;
import javax.servlet.ServletOutputStream; import javax.servlet.ServletOutputStream;
@ -18,9 +21,10 @@ import java.awt.image.BufferedImage;
/** /**
* @author lengleng * @author lengleng
* @date 2017/12/18 * @date 2017/12/18
* 验证码提供
*/ */
@Controller @Controller
public class ImageCodeController { public class ValidateCodeController {
@Autowired @Autowired
private Producer producer; private Producer producer;
@Autowired @Autowired
@ -35,15 +39,30 @@ public class ImageCodeController {
@GetMapping(SecurityConstants.DEFAULT_VALIDATE_CODE_URL_PREFIX + "/{randomStr}") @GetMapping(SecurityConstants.DEFAULT_VALIDATE_CODE_URL_PREFIX + "/{randomStr}")
public void createCode(@PathVariable String randomStr, HttpServletRequest request, HttpServletResponse response) public void createCode(@PathVariable String randomStr, HttpServletRequest request, HttpServletResponse response)
throws Exception { throws Exception {
Assert.isBlank(randomStr, "机器码不能为空");
response.setHeader("Cache-Control", "no-store, no-cache"); response.setHeader("Cache-Control", "no-store, no-cache");
response.setContentType("image/jpeg"); response.setContentType("image/jpeg");
//生成文字验证码 //生成文字验证码
String text = producer.createText(); String text = producer.createText();
//生成图片验证码 //生成图片验证码
BufferedImage image = producer.createImage(text); BufferedImage image = producer.createImage(text);
userService.save(randomStr, text); userService.saveImageCode(randomStr, text);
ServletOutputStream out = response.getOutputStream(); ServletOutputStream out = response.getOutputStream();
ImageIO.write(image, "JPEG", out); ImageIO.write(image, "JPEG", out);
IOUtils.closeQuietly(out); IOUtils.closeQuietly(out);
} }
/**
* 发送手机验证码
* 后期要加接口限制
*
* @param mobile 手机号
* @return R
*/
@ResponseBody
@GetMapping(SecurityConstants.MOBILE_VALIDATE_CODE_URL_PREFIX + "/{mobile}")
public R<Boolean> createCode(@PathVariable String mobile) {
Assert.isBlank(mobile, "手机号不能为空");
return new R<>(userService.sendSmsCode(mobile));
}
} }

View File

@ -33,4 +33,12 @@ public interface SysUserMapper extends BaseMapper<SysUser> {
* @return list * @return list
*/ */
List selectUserVoPage(Query query, Map<String, Object> params); List selectUserVoPage(Query query, Map<String, Object> params);
/**
* 通过手机号查询用户信息含有角色信息
*
* @param mobile 用户名
* @return userVo
*/
UserVo selectUserVoByMobile(String mobile);
} }

View File

@ -41,7 +41,7 @@ public interface UserService extends IService<SysUser> {
* 保存验证码 * 保存验证码
* @param randomStr 随机串 * @param randomStr 随机串
* @param imageCode 验证码*/ * @param imageCode 验证码*/
void save(String randomStr, String imageCode); void saveImageCode(String randomStr, String imageCode);
/** /**
* 删除用户 * 删除用户
@ -65,4 +65,18 @@ public interface UserService extends IService<SysUser> {
* @return * @return
*/ */
Boolean updateUser(UserDto userDto, String username); Boolean updateUser(UserDto userDto, String username);
/**
* 通过手机号查询用户信息
* @param mobile 手机号
* @return 用户信息
*/
UserVo findUserByMobile(String mobile);
/**
* 发送验证码
* @param mobile 手机号
* @return truefalse
*/
Boolean sendSmsCode(String mobile);
} }

View File

@ -15,6 +15,9 @@ import com.github.pig.common.constant.SecurityConstants;
import com.github.pig.common.util.Query; import com.github.pig.common.util.Query;
import com.github.pig.common.vo.SysRole; import com.github.pig.common.vo.SysRole;
import com.github.pig.common.vo.UserVo; import com.github.pig.common.vo.UserVo;
import com.xiaoleilu.hutool.util.RandomUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.BeanUtils; import org.springframework.beans.BeanUtils;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.cache.annotation.CacheEvict; import org.springframework.cache.annotation.CacheEvict;
@ -35,6 +38,7 @@ import java.util.concurrent.TimeUnit;
*/ */
@Service @Service
public class UserServiceImpl extends ServiceImpl<SysUserMapper, SysUser> implements UserService { public class UserServiceImpl extends ServiceImpl<SysUserMapper, SysUser> implements UserService {
private static final Logger logger = LoggerFactory.getLogger(UserServiceImpl.class);
private static final PasswordEncoder ENCODER = new BCryptPasswordEncoder(); private static final PasswordEncoder ENCODER = new BCryptPasswordEncoder();
@Autowired @Autowired
private SysMenuService sysMenuService; private SysMenuService sysMenuService;
@ -56,7 +60,7 @@ public class UserServiceImpl extends ServiceImpl<SysUserMapper, SysUser> impleme
//设置角色列表 //设置角色列表
List<SysRole> roleList = userVo.getRoleList(); List<SysRole> roleList = userVo.getRoleList();
List<String> roleNames = new ArrayList<>(); List<String> roleNames = new ArrayList<>();
for (SysRole sysRole:roleList){ for (SysRole sysRole : roleList) {
roleNames.add(sysRole.getRoleName()); roleNames.add(sysRole.getRoleName());
} }
String[] roles = roleNames.toArray(new String[roleNames.size()]); String[] roles = roleNames.toArray(new String[roleNames.size()]);
@ -73,6 +77,18 @@ public class UserServiceImpl extends ServiceImpl<SysUserMapper, SysUser> impleme
return sysUserMapper.selectUserVoByUsername(username); return sysUserMapper.selectUserVoByUsername(username);
} }
/**
* 通过手机号查询用户信息
*
* @param mobile 手机号
* @return 用户信息
*/
@Override
@Cacheable(value = "user_details_mobile", key = "#mobile")
public UserVo findUserByMobile(String mobile) {
return sysUserMapper.selectUserVoByMobile(mobile);
}
@Override @Override
public Page selectWithRolePage(Query query) { public Page selectWithRolePage(Query query) {
query.setRecords(sysUserMapper.selectUserVoPage(query, query.getCondition())); query.setRecords(sysUserMapper.selectUserVoPage(query, query.getCondition()));
@ -86,10 +102,34 @@ public class UserServiceImpl extends ServiceImpl<SysUserMapper, SysUser> impleme
* @param imageCode 验证码信息 * @param imageCode 验证码信息
*/ */
@Override @Override
public void save(String randomStr, String imageCode) { public void saveImageCode(String randomStr, String imageCode) {
redisTemplate.opsForValue().set(SecurityConstants.DEFAULT_CODE_KEY + randomStr, imageCode, SecurityConstants.DEFAULT_IMAGE_EXPIRE, TimeUnit.SECONDS); redisTemplate.opsForValue().set(SecurityConstants.DEFAULT_CODE_KEY + randomStr, imageCode, SecurityConstants.DEFAULT_IMAGE_EXPIRE, TimeUnit.SECONDS);
} }
/**
* 发送验证码
* <p>
* 1. 先去redis 查询是否 60S内已经发送
* 2. 未发送 产生4位数字 手机号-验证码
* 3. 调用短信网关发送信息
* 4. 保存redis
*
* @param mobile 手机号
* @return truefalse
*/
@Override
public Boolean sendSmsCode(String mobile) {
Object tempCode = redisTemplate.opsForValue().get(SecurityConstants.DEFAULT_CODE_KEY + mobile);
boolean result = false;
if (tempCode == null) {
String code = RandomUtil.randomNumbers(4);
logger.info("短信发送成功 -> 手机号:{} -> 验证码:{}", mobile, code);
redisTemplate.opsForValue().set(SecurityConstants.DEFAULT_CODE_KEY + mobile, code, SecurityConstants.DEFAULT_IMAGE_EXPIRE, TimeUnit.SECONDS);
result = true;
}
return result;
}
/** /**
* 删除用户 * 删除用户
* *

View File

@ -58,6 +58,32 @@
WHERE WHERE
`user`.username = #{username} `user`.username = #{username}
</select> </select>
<select id="selectUserVoByMobile" resultMap="userVoResultMap">
SELECT
`user`.user_id,
`user`.username,
`user`.`password`,
`user`.salt,
`user`.introduction,
`user`.avatar,
`user`.create_time AS ucreate_time,
`user`.update_time AS uupdate_time,
`user`.del_flag AS udel_flag,
r.role_id,
r.role_name,
r.role_code,
r.role_desc,
r.create_time AS rcreate_time,
r.update_time AS rupdate_time
FROM
sys_user AS `user`
LEFT JOIN sys_user_role AS ur ON ur.user_id = `user`.user_id
LEFT JOIN sys_role AS r ON r.role_id = ur.role_id
WHERE
`user`.salt = #{mobile}
</select>
<select id="selectUserVoPage" resultMap="userVoResultMap" > <select id="selectUserVoPage" resultMap="userVoResultMap" >
SELECT SELECT
`user`.user_id, `user`.user_id,

View File

@ -0,0 +1,76 @@
package com.github.pig.auth.component;
import com.github.pig.common.constant.SecurityConstants;
import org.springframework.http.HttpMethod;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
/**
* @author lengleng
* @date 2018/1/9
* 手机号登录验证filter
*/
public class MobileAuthenticationFilter extends AbstractAuthenticationProcessingFilter {
public static final String SPRING_SECURITY_FORM_MOBILE_KEY = "mobile";
private String mobileParameter = SPRING_SECURITY_FORM_MOBILE_KEY;
private boolean postOnly = true;
public MobileAuthenticationFilter() {
super(new AntPathRequestMatcher(SecurityConstants.MOBILE_TOKEN_URL, "POST"));
}
public Authentication attemptAuthentication(HttpServletRequest request,
HttpServletResponse response) throws AuthenticationException {
if (postOnly && !request.getMethod().equals(HttpMethod.POST.name())) {
throw new AuthenticationServiceException(
"Authentication method not supported: " + request.getMethod());
}
String mobile = obtainMobile(request);
if (mobile == null) {
mobile = "";
}
mobile = mobile.trim();
MobileAuthenticationToken mobileAuthenticationToken = new MobileAuthenticationToken(mobile);
setDetails(request, mobileAuthenticationToken);
return this.getAuthenticationManager().authenticate(mobileAuthenticationToken);
}
protected String obtainMobile(HttpServletRequest request) {
return request.getParameter(mobileParameter);
}
protected void setDetails(HttpServletRequest request,
MobileAuthenticationToken authRequest) {
authRequest.setDetails(authenticationDetailsSource.buildDetails(request));
}
public void setPostOnly(boolean postOnly) {
this.postOnly = postOnly;
}
public String getMobileParameter() {
return mobileParameter;
}
public void setMobileParameter(String mobileParameter) {
this.mobileParameter = mobileParameter;
}
public boolean isPostOnly() {
return postOnly;
}
}

View File

@ -0,0 +1,60 @@
package com.github.pig.auth.component;
import com.github.pig.auth.feign.UserService;
import com.github.pig.auth.util.UserDetailsImpl;
import com.github.pig.common.constant.CommonConstant;
import com.github.pig.common.vo.SysRole;
import com.github.pig.common.vo.UserVo;
import org.apache.commons.lang.StringUtils;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.InternalAuthenticationServiceException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;
import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
/**
* @author lengleng
* @date 2018/1/9
* 手机号登录校验逻辑
*/
public class MobileAuthenticationProvider implements AuthenticationProvider {
private UserService userService;
@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
MobileAuthenticationToken mobileAuthenticationToken = (MobileAuthenticationToken) authentication;
UserVo userVo = userService.findUserByMobile((String) mobileAuthenticationToken.getPrincipal());
UserDetailsImpl userDetails = buildUserDeatils(userVo);
if (userDetails == null) {
throw new InternalAuthenticationServiceException("手机号不存在:" + mobileAuthenticationToken.getPrincipal());
}
MobileAuthenticationToken authenticationToken = new MobileAuthenticationToken(userDetails, userDetails.getAuthorities());
authenticationToken.setDetails(mobileAuthenticationToken.getDetails());
return authenticationToken;
}
private UserDetailsImpl buildUserDeatils(UserVo userVo) {
return new UserDetailsImpl(userVo);
}
@Override
public boolean supports(Class<?> authentication) {
return MobileAuthenticationToken.class.isAssignableFrom(authentication);
}
public UserService getUserService() {
return userService;
}
public void setUserService(UserService userService) {
this.userService = userService;
}
}

View File

@ -0,0 +1,56 @@
package com.github.pig.auth.component;
import org.springframework.security.authentication.AbstractAuthenticationToken;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.SpringSecurityCoreVersion;
import java.util.Collection;
/**
* @author lengleng
* @date 2018/1/9
* 手机号登录令牌
*/
public class MobileAuthenticationToken extends AbstractAuthenticationToken {
private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID;
private final Object principal;
public MobileAuthenticationToken(String mobile) {
super(null);
this.principal = mobile;
setAuthenticated(false);
}
public MobileAuthenticationToken(Object principal,
Collection<? extends GrantedAuthority> authorities) {
super(authorities);
this.principal = principal;
super.setAuthenticated(true);
}
public Object getPrincipal() {
return this.principal;
}
@Override
public Object getCredentials() {
return null;
}
public void setAuthenticated(boolean isAuthenticated) throws IllegalArgumentException {
if (isAuthenticated) {
throw new IllegalArgumentException(
"Cannot set this token to trusted - use constructor which takes a GrantedAuthority list instead");
}
super.setAuthenticated(false);
}
@Override
public void eraseCredentials() {
super.eraseCredentials();
}
}

View File

@ -1,18 +1,25 @@
package com.github.pig.gateway.componet; package com.github.pig.auth.component;
import com.alibaba.fastjson.JSONObject;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.github.pig.common.constant.CommonConstant; import com.github.pig.common.constant.CommonConstant;
import com.github.pig.gateway.feign.AuthSerivce; import com.xiaoleilu.hutool.util.MapUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.BadCredentialsException; import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.core.Authentication; import org.springframework.security.core.Authentication;
import org.springframework.security.crypto.codec.Base64; import org.springframework.security.crypto.codec.Base64;
import org.springframework.security.oauth2.common.OAuth2AccessToken; import org.springframework.security.oauth2.common.OAuth2AccessToken;
import org.springframework.security.oauth2.common.exceptions.UnapprovedClientAuthenticationException; import org.springframework.security.oauth2.common.exceptions.UnapprovedClientAuthenticationException;
import org.springframework.security.oauth2.provider.*;
import org.springframework.security.oauth2.provider.token.AuthorizationServerTokenServices;
import org.springframework.stereotype.Component; import org.springframework.stereotype.Component;
import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpServletResponse;
import java.io.IOException; import java.io.IOException;
import java.io.PrintWriter;
/** /**
* @author lengleng * @author lengleng
@ -21,8 +28,13 @@ import java.io.IOException;
*/ */
@Component @Component
public class MobileLoginSuccessHandler implements org.springframework.security.web.authentication.AuthenticationSuccessHandler { public class MobileLoginSuccessHandler implements org.springframework.security.web.authentication.AuthenticationSuccessHandler {
private Logger logger = LoggerFactory.getLogger(getClass());
@Autowired @Autowired
private AuthSerivce authSerivce; private ObjectMapper objectMapper;
@Autowired
private ClientDetailsService clientDetailsService;
@Autowired
private AuthorizationServerTokenServices authorizationServerTokenServices;
/** /**
* Called when a user has been successfully authenticated. * Called when a user has been successfully authenticated.
@ -45,7 +57,24 @@ public class MobileLoginSuccessHandler implements org.springframework.security.w
assert tokens.length == 2; assert tokens.length == 2;
String clientId = tokens[0]; String clientId = tokens[0];
String clientSecret = tokens[1]; String clientSecret = tokens[1];
OAuth2AccessToken oAuth2AccessToken = authSerivce.createToken(clientId);
JSONObject params = new JSONObject();
params.put("clientId", clientId);
params.put("clientSecret", clientSecret);
params.put("authentication", authentication);
ClientDetails clientDetails = clientDetailsService.loadClientByClientId(clientId);
TokenRequest tokenRequest = new TokenRequest(MapUtil.newHashMap(), clientId, clientDetails.getScope(), "mobile");
OAuth2Request oAuth2Request = tokenRequest.createOAuth2Request(clientDetails);
OAuth2Authentication oAuth2Authentication = new OAuth2Authentication(oAuth2Request, authentication);
OAuth2AccessToken oAuth2AccessToken = authorizationServerTokenServices.createAccessToken(oAuth2Authentication);
logger.info("获取token 成功:{}", oAuth2AccessToken.getValue());
response.setCharacterEncoding(CommonConstant.UTF8);
response.setContentType(CommonConstant.CONTENT_TYPE);
PrintWriter printWriter = response.getWriter();
printWriter.append(objectMapper.writeValueAsString(oAuth2AccessToken));
} catch (IOException e) { } catch (IOException e) {
throw new BadCredentialsException( throw new BadCredentialsException(
"Failed to decode basic authentication token"); "Failed to decode basic authentication token");

View File

@ -0,0 +1,35 @@
package com.github.pig.auth.component;
import com.github.pig.auth.feign.UserService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.SecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.web.DefaultSecurityFilterChain;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.stereotype.Component;
/**
* @author lengleng
* @date 2018/1/9
* 手机号登录配置入口
*/
@Component
public class MobileSecurityConfigurer extends SecurityConfigurerAdapter<DefaultSecurityFilterChain, HttpSecurity> {
@Autowired
private MobileLoginSuccessHandler mobileLoginSuccessHandler;
@Autowired
private UserService userService;
@Override
public void configure(HttpSecurity http) throws Exception {
MobileAuthenticationFilter mobileAuthenticationFilter = new MobileAuthenticationFilter();
mobileAuthenticationFilter.setAuthenticationManager(http.getSharedObject(AuthenticationManager.class));
mobileAuthenticationFilter.setAuthenticationSuccessHandler(mobileLoginSuccessHandler);
MobileAuthenticationProvider mobileAuthenticationProvider = new MobileAuthenticationProvider();
mobileAuthenticationProvider.setUserService(userService);
http.authenticationProvider(mobileAuthenticationProvider)
.addFilterAfter(mobileAuthenticationFilter, UsernamePasswordAuthenticationFilter.class);
}
}

View File

@ -1,5 +1,7 @@
package com.github.pig.auth.config; package com.github.pig.auth.config;
import com.github.pig.auth.component.MobileAuthenticationFilter;
import com.github.pig.auth.component.MobileSecurityConfigurer;
import com.github.pig.common.bean.config.FilterUrlsPropertiesConifg; import com.github.pig.common.bean.config.FilterUrlsPropertiesConifg;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Configuration;
@ -18,6 +20,8 @@ import org.springframework.security.oauth2.config.annotation.web.configuration.R
public class ResourceServerConfiguration extends ResourceServerConfigurerAdapter { public class ResourceServerConfiguration extends ResourceServerConfigurerAdapter {
@Autowired @Autowired
private FilterUrlsPropertiesConifg filterUrlsPropertiesConifg; private FilterUrlsPropertiesConifg filterUrlsPropertiesConifg;
@Autowired
private MobileSecurityConfigurer mobileSecurityConfigurer;
@Override @Override
public void configure(HttpSecurity http) throws Exception { public void configure(HttpSecurity http) throws Exception {
@ -29,6 +33,7 @@ public class ResourceServerConfiguration extends ResourceServerConfigurerAdapter
registry.anyRequest().authenticated() registry.anyRequest().authenticated()
.and() .and()
.csrf().disable(); .csrf().disable();
http.apply(mobileSecurityConfigurer);
} }
} }

View File

@ -2,18 +2,13 @@ package com.github.pig.auth.controller;
import com.github.pig.common.constant.SecurityConstants; import com.github.pig.common.constant.SecurityConstants;
import com.github.pig.common.util.R; import com.github.pig.common.util.R;
import com.xiaoleilu.hutool.util.MapUtil;
import org.apache.commons.lang.StringUtils;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.cache.annotation.CacheEvict; import org.springframework.cache.annotation.CacheEvict;
import org.springframework.data.redis.connection.RedisConnectionFactory; import org.springframework.data.redis.connection.RedisConnectionFactory;
import org.springframework.security.core.Authentication;
import org.springframework.security.oauth2.common.OAuth2AccessToken;
import org.springframework.security.oauth2.common.exceptions.UnapprovedClientAuthenticationException;
import org.springframework.security.oauth2.provider.*;
import org.springframework.security.oauth2.provider.token.AuthorizationServerTokenServices;
import org.springframework.security.oauth2.provider.token.store.redis.RedisTokenStore; import org.springframework.security.oauth2.provider.token.store.redis.RedisTokenStore;
import org.springframework.web.bind.annotation.*; import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
import java.security.Principal; import java.security.Principal;
@ -25,10 +20,7 @@ import java.security.Principal;
public class UserController { public class UserController {
@Autowired @Autowired
private RedisConnectionFactory redisConnectionFactory; private RedisConnectionFactory redisConnectionFactory;
@Autowired
private ClientDetailsService clientDetailsService;
@Autowired
private AuthorizationServerTokenServices authorizationServerTokenServices;
@RequestMapping("/user") @RequestMapping("/user")
public Object user(Principal user) { public Object user(Principal user) {
@ -50,26 +42,4 @@ public class UserController {
tokenStore.removeAccessToken(accesstoken); tokenStore.removeAccessToken(accesstoken);
return new R<>(Boolean.TRUE); return new R<>(Boolean.TRUE);
} }
/**
* 自定义token
*
* @param params 参数信息
* @return OAuth2AccessToken
*/
@RequestMapping(value = "/oauth/token_key")
public OAuth2AccessToken getKey(String params) {
ClientDetails clientDetails = clientDetailsService.loadClientByClientId(params);
// if (clientDetails == null) {
// throw new UnapprovedClientAuthenticationException("请求头中client信息不存在 clientId:" + clientId);
// } else if (!StringUtils.equals(clientDetails.getClientSecret(), clientSecret)) {
// throw new UnapprovedClientAuthenticationException("请求头中client信息不合法 clientSecret:" + clientSecret);
// }
//
// TokenRequest tokenRequest = new TokenRequest(MapUtil.newHashMap(), clientId, clientDetails.getScope(), "mobile");
// OAuth2Request oAuth2Request = tokenRequest.createOAuth2Request(clientDetails);
// OAuth2Authentication oAuth2Authentication = new OAuth2Authentication(oAuth2Request, authentication);
// return authorizationServerTokenServices.createAccessToken(oAuth2Authentication);
return null;
}
} }

View File

@ -20,4 +20,13 @@ public interface UserService {
*/ */
@GetMapping("/user/findUserByUsername/{username}") @GetMapping("/user/findUserByUsername/{username}")
UserVo findUserByUsername(@PathVariable("username") String username); UserVo findUserByUsername(@PathVariable("username") String username);
/**
* 通过手机号查询用户角色信息
*
* @param mobile 手机号
* @return UserVo
*/
@GetMapping("/user/findUserByMobile/{mobile}")
UserVo findUserByMobile(@PathVariable("mobile") String mobile);
} }

View File

@ -20,4 +20,16 @@ public class UserServiceFallbackImpl implements UserService {
logger.error("调用{}异常:{}", "findUserByUsername", username); logger.error("调用{}异常:{}", "findUserByUsername", username);
return null; return null;
} }
/**
* 通过手机号查询用户角色信息
*
* @param mobile 手机号
* @return UserVo
*/
@Override
public UserVo findUserByMobile(String mobile) {
logger.error("调用{}异常:{}", "通过手机号查询用户", mobile);
return null;
}
} }

View File

@ -0,0 +1,56 @@
package com.github.pig.auth.util;
import org.springframework.security.authentication.AbstractAuthenticationToken;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.SpringSecurityCoreVersion;
import java.util.Collection;
/**
* @author lengleng
* @date 2018/1/9
* 手机号登录令牌
*/
public class MobileAuthenticationToken extends AbstractAuthenticationToken {
private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID;
private final Object principal;
public MobileAuthenticationToken(String mobile) {
super(null);
this.principal = mobile;
setAuthenticated(false);
}
public MobileAuthenticationToken(Object principal,
Collection<? extends GrantedAuthority> authorities) {
super(authorities);
this.principal = principal;
super.setAuthenticated(true);
}
public Object getPrincipal() {
return this.principal;
}
@Override
public Object getCredentials() {
return null;
}
public void setAuthenticated(boolean isAuthenticated) throws IllegalArgumentException {
if (isAuthenticated) {
throw new IllegalArgumentException(
"Cannot set this token to trusted - use constructor which takes a GrantedAuthority list instead");
}
super.setAuthenticated(false);
}
@Override
public void eraseCredentials() {
super.eraseCredentials();
}
}

View File

@ -19,11 +19,21 @@ public interface SecurityConstants {
*/ */
String OAUTH_TOKEN_URL = "/oauth/token"; String OAUTH_TOKEN_URL = "/oauth/token";
/**
* 手机登录URL
*/
String MOBILE_TOKEN_URL = "/mobile/token";
/** /**
* 默认的处理验证码的url前缀 * 默认的处理验证码的url前缀
*/ */
String DEFAULT_VALIDATE_CODE_URL_PREFIX = "/code"; String DEFAULT_VALIDATE_CODE_URL_PREFIX = "/code";
/**
* 手机号的处理验证码的url前缀
*/
String MOBILE_VALIDATE_CODE_URL_PREFIX = "/smsCode";
/** /**
* 默认生成图形验证码宽度 * 默认生成图形验证码宽度
*/ */

View File

@ -1,7 +1,6 @@
package com.github.pig.gateway.config; package com.github.pig.gateway.config;
import com.github.pig.common.bean.config.FilterUrlsPropertiesConifg; import com.github.pig.common.bean.config.FilterUrlsPropertiesConifg;
import com.github.pig.gateway.componet.MobileLoginSuccessHandler;
import com.github.pig.gateway.componet.PigAccessDeniedHandler; import com.github.pig.gateway.componet.PigAccessDeniedHandler;
import com.github.pig.gateway.filter.ValidateCodeFilter; import com.github.pig.gateway.filter.ValidateCodeFilter;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
@ -32,16 +31,11 @@ public class ResourceServerConfiguration extends ResourceServerConfigurerAdapter
@Autowired @Autowired
private PigAccessDeniedHandler pigAccessDeniedHandler; private PigAccessDeniedHandler pigAccessDeniedHandler;
@Autowired @Autowired
private MobileLoginSuccessHandler mobileLoginSuccessHandler;
@Autowired
private ValidateCodeFilter validateCodeFilter; private ValidateCodeFilter validateCodeFilter;
@Override @Override
public void configure(HttpSecurity http) throws Exception { public void configure(HttpSecurity http) throws Exception {
http.addFilterBefore(validateCodeFilter, UsernamePasswordAuthenticationFilter.class); http.addFilterBefore(validateCodeFilter, UsernamePasswordAuthenticationFilter.class);
http.formLogin()
.loginProcessingUrl("/mobile/login")
.successHandler(mobileLoginSuccessHandler);
ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry registry = http ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry registry = http
.authorizeRequests(); .authorizeRequests();
for (String url : filterUrlsPropertiesConifg.getAnon()) { for (String url : filterUrlsPropertiesConifg.getAnon()) {

View File

@ -1,26 +0,0 @@
package com.github.pig.gateway.feign;
import com.github.pig.gateway.feign.fallback.AuthServiceFallbackImpl;
import com.github.pig.gateway.feign.fallback.MenuServiceFallbackImpl;
import org.springframework.cloud.netflix.feign.FeignClient;
import org.springframework.security.core.Authentication;
import org.springframework.security.oauth2.common.OAuth2AccessToken;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestParam;
/**
* @author lengleng
* @date 2018/1/8
*/
@FeignClient(name = "pig-auth-service", fallback = AuthServiceFallbackImpl.class)
public interface AuthSerivce {
/**
* 获取 OAuth2AccessToken
*
* @param params 参数信息
* @return OAuth2AccessToken
*/
@PostMapping(value = "/oauth/token_key")
OAuth2AccessToken createToken(@RequestParam("params") String params);
}

View File

@ -1,28 +0,0 @@
package com.github.pig.gateway.feign.fallback;
import com.github.pig.gateway.feign.AuthSerivce;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.core.Authentication;
import org.springframework.security.oauth2.common.OAuth2AccessToken;
import org.springframework.stereotype.Service;
/**
* @author lengleng
* @date 2018/1/9
*/
@Service
public class AuthServiceFallbackImpl implements AuthSerivce {
private Logger logger = LoggerFactory.getLogger(this.getClass());
/**
* 获取 OAuth2AccessToken
*
* @param params 参数信息
* @return OAuth2AccessToken
*/
@Override
public OAuth2AccessToken createToken(String params) {
return null;
}
}

View File

@ -1,6 +1,5 @@
package com.github.pig.gateway.filter; package com.github.pig.gateway.filter;
import com.alibaba.fastjson.JSONObject;
import com.fasterxml.jackson.databind.ObjectMapper; import com.fasterxml.jackson.databind.ObjectMapper;
import com.github.pig.common.constant.CommonConstant; import com.github.pig.common.constant.CommonConstant;
import com.github.pig.common.constant.SecurityConstants; import com.github.pig.common.constant.SecurityConstants;
@ -28,7 +27,6 @@ import java.io.PrintWriter;
* @date 2017-12-18 * @date 2017-12-18
* 验证码校验true开启false关闭校验 * 验证码校验true开启false关闭校验
* 更细化可以 clientId 进行区分 * 更细化可以 clientId 进行区分
*
*/ */
@Component("validateCodeFilter") @Component("validateCodeFilter")
public class ValidateCodeFilter extends OncePerRequestFilter { public class ValidateCodeFilter extends OncePerRequestFilter {
@ -43,7 +41,8 @@ public class ValidateCodeFilter extends OncePerRequestFilter {
@Override @Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException { protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
if (isValidate && (StringUtils.contains(request.getRequestURI(), SecurityConstants.OAUTH_TOKEN_URL) if (isValidate && (StringUtils.contains(request.getRequestURI(), SecurityConstants.OAUTH_TOKEN_URL)
|| StringUtils.contains(request.getRequestURI(), SecurityConstants.REFRESH_TOKEN))) { || StringUtils.contains(request.getRequestURI(), SecurityConstants.REFRESH_TOKEN)
|| StringUtils.contains(request.getRequestURI(), SecurityConstants.MOBILE_TOKEN_URL))) {
PrintWriter printWriter = null; PrintWriter printWriter = null;
try { try {
checkCode(request, response, filterChain); checkCode(request, response, filterChain);
@ -66,10 +65,13 @@ public class ValidateCodeFilter extends OncePerRequestFilter {
private void checkCode(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws IOException, ServletException { private void checkCode(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws IOException, ServletException {
String code = httpServletRequest.getParameter("code"); String code = httpServletRequest.getParameter("code");
String randomStr = httpServletRequest.getParameter("randomStr"); String randomStr = httpServletRequest.getParameter("randomStr");
if (StringUtils.isBlank(randomStr)) {
randomStr = httpServletRequest.getParameter("mobile");
}
Object codeObj = redisTemplate.opsForValue().get(SecurityConstants.DEFAULT_CODE_KEY + randomStr); Object codeObj = redisTemplate.opsForValue().get(SecurityConstants.DEFAULT_CODE_KEY + randomStr);
if (codeObj == null) { if (codeObj == null) {
throw new ValidateCodeException("验证码已过期或已过期"); throw new ValidateCodeException("验证码为空或已过期");
} }
String saveCode = codeObj.toString(); String saveCode = codeObj.toString();

View File

@ -3,6 +3,7 @@ package com.github.pig.gateway.service.impl;
import com.github.pig.common.vo.UserVo; import com.github.pig.common.vo.UserVo;
import com.github.pig.gateway.feign.UserService; import com.github.pig.gateway.feign.UserService;
import com.github.pig.gateway.util.UserDetailsImpl; import com.github.pig.gateway.util.UserDetailsImpl;
import org.apache.commons.lang.StringUtils;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException; import org.springframework.security.core.userdetails.UsernameNotFoundException;
@ -22,6 +23,9 @@ public class UserDetailServiceImpl implements UserDetailsService, Serializable {
@Override @Override
public UserDetailsImpl loadUserByUsername(String username) throws UsernameNotFoundException { public UserDetailsImpl loadUserByUsername(String username) throws UsernameNotFoundException {
if (StringUtils.isBlank(username)) {
throw new UsernameNotFoundException("用户不存在:" + username);
}
UserVo userVo = userService.findUserByUsername(username); UserVo userVo = userService.findUserByUsername(username);
return new UserDetailsImpl(userVo); return new UserDetailsImpl(userVo);
} }