mirror of https://gitee.com/maxjhandsome/pig
自定义oauth 支持短信登录
This commit is contained in:
parent
4b48de292e
commit
a3c66b7ebf
pig-admin-service/src/main
java/com/github/pig/admin
controller
mapper
service
resources/mapper
pig-auth-service/src/main/java/com/github/pig/auth
component
MobileAuthenticationFilter.javaMobileAuthenticationProvider.javaMobileAuthenticationToken.javaMobileLoginSuccessHandler.javaMobileSecurityConfigurer.java
config
controller
feign
util
pig-common/src/main/java/com/github/pig/common/constant
pig-gateway/src/main/java/com/github/pig/gateway
config
feign
filter
service/impl
|
@ -47,7 +47,6 @@ public class LogController extends BaseController {
|
|||
*/
|
||||
@DeleteMapping("/{id}")
|
||||
public R<Boolean> delete(@PathVariable Integer id) {
|
||||
int o = 11 / 0;
|
||||
return new R<>(sysLogService.updateByLogId(id));
|
||||
}
|
||||
}
|
||||
|
|
|
@ -104,7 +104,7 @@ public class UserController extends BaseController {
|
|||
* @param userDto 用户信息
|
||||
* @return R
|
||||
*/
|
||||
@ApiOperation(value="更新用户详细信息", notes="根据传过来的UserDto信息来更新用户详细信息")
|
||||
@ApiOperation(value = "更新用户详细信息", notes = "根据传过来的UserDto信息来更新用户详细信息")
|
||||
@ApiImplicitParams({
|
||||
@ApiImplicitParam(name = "userDto", value = "用户详细实体user", required = true, dataType = "UserDto")
|
||||
})
|
||||
|
@ -125,6 +125,17 @@ public class UserController extends BaseController {
|
|||
return userService.findUserByUsername(username);
|
||||
}
|
||||
|
||||
/**
|
||||
* 通过手机号查询用户及其角色信息
|
||||
*
|
||||
* @param mobile 手机号
|
||||
* @return UseVo 对象
|
||||
*/
|
||||
@GetMapping("/findUserByMobile/{mobile}")
|
||||
public UserVo findUserByMobile(@PathVariable String mobile) {
|
||||
return userService.findUserByMobile(mobile);
|
||||
}
|
||||
|
||||
/**
|
||||
* 分页查询用户
|
||||
*
|
||||
|
|
|
@ -2,12 +2,15 @@ package com.github.pig.admin.controller;
|
|||
|
||||
import com.github.pig.admin.service.UserService;
|
||||
import com.github.pig.common.constant.SecurityConstants;
|
||||
import com.github.pig.common.util.Assert;
|
||||
import com.github.pig.common.util.R;
|
||||
import com.google.code.kaptcha.Producer;
|
||||
import org.apache.commons.io.IOUtils;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.stereotype.Controller;
|
||||
import org.springframework.web.bind.annotation.GetMapping;
|
||||
import org.springframework.web.bind.annotation.PathVariable;
|
||||
import org.springframework.web.bind.annotation.ResponseBody;
|
||||
|
||||
import javax.imageio.ImageIO;
|
||||
import javax.servlet.ServletOutputStream;
|
||||
|
@ -18,9 +21,10 @@ import java.awt.image.BufferedImage;
|
|||
/**
|
||||
* @author lengleng
|
||||
* @date 2017/12/18
|
||||
* 验证码提供
|
||||
*/
|
||||
@Controller
|
||||
public class ImageCodeController {
|
||||
public class ValidateCodeController {
|
||||
@Autowired
|
||||
private Producer producer;
|
||||
@Autowired
|
||||
|
@ -35,15 +39,30 @@ public class ImageCodeController {
|
|||
@GetMapping(SecurityConstants.DEFAULT_VALIDATE_CODE_URL_PREFIX + "/{randomStr}")
|
||||
public void createCode(@PathVariable String randomStr, HttpServletRequest request, HttpServletResponse response)
|
||||
throws Exception {
|
||||
Assert.isBlank(randomStr, "机器码不能为空");
|
||||
response.setHeader("Cache-Control", "no-store, no-cache");
|
||||
response.setContentType("image/jpeg");
|
||||
//生成文字验证码
|
||||
String text = producer.createText();
|
||||
//生成图片验证码
|
||||
BufferedImage image = producer.createImage(text);
|
||||
userService.save(randomStr, text);
|
||||
userService.saveImageCode(randomStr, text);
|
||||
ServletOutputStream out = response.getOutputStream();
|
||||
ImageIO.write(image, "JPEG", out);
|
||||
IOUtils.closeQuietly(out);
|
||||
}
|
||||
|
||||
/**
|
||||
* 发送手机验证码
|
||||
* 后期要加接口限制
|
||||
*
|
||||
* @param mobile 手机号
|
||||
* @return R
|
||||
*/
|
||||
@ResponseBody
|
||||
@GetMapping(SecurityConstants.MOBILE_VALIDATE_CODE_URL_PREFIX + "/{mobile}")
|
||||
public R<Boolean> createCode(@PathVariable String mobile) {
|
||||
Assert.isBlank(mobile, "手机号不能为空");
|
||||
return new R<>(userService.sendSmsCode(mobile));
|
||||
}
|
||||
}
|
|
@ -33,4 +33,12 @@ public interface SysUserMapper extends BaseMapper<SysUser> {
|
|||
* @return list
|
||||
*/
|
||||
List selectUserVoPage(Query query, Map<String, Object> params);
|
||||
|
||||
/**
|
||||
* 通过手机号查询用户信息(含有角色信息)
|
||||
*
|
||||
* @param mobile 用户名
|
||||
* @return userVo
|
||||
*/
|
||||
UserVo selectUserVoByMobile(String mobile);
|
||||
}
|
|
@ -41,7 +41,7 @@ public interface UserService extends IService<SysUser> {
|
|||
* 保存验证码
|
||||
* @param randomStr 随机串
|
||||
* @param imageCode 验证码*/
|
||||
void save(String randomStr, String imageCode);
|
||||
void saveImageCode(String randomStr, String imageCode);
|
||||
|
||||
/**
|
||||
* 删除用户
|
||||
|
@ -65,4 +65,18 @@ public interface UserService extends IService<SysUser> {
|
|||
* @return
|
||||
*/
|
||||
Boolean updateUser(UserDto userDto, String username);
|
||||
|
||||
/**
|
||||
* 通过手机号查询用户信息
|
||||
* @param mobile 手机号
|
||||
* @return 用户信息
|
||||
*/
|
||||
UserVo findUserByMobile(String mobile);
|
||||
|
||||
/**
|
||||
* 发送验证码
|
||||
* @param mobile 手机号
|
||||
* @return true、false
|
||||
*/
|
||||
Boolean sendSmsCode(String mobile);
|
||||
}
|
||||
|
|
|
@ -15,6 +15,9 @@ import com.github.pig.common.constant.SecurityConstants;
|
|||
import com.github.pig.common.util.Query;
|
||||
import com.github.pig.common.vo.SysRole;
|
||||
import com.github.pig.common.vo.UserVo;
|
||||
import com.xiaoleilu.hutool.util.RandomUtil;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
import org.springframework.beans.BeanUtils;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.cache.annotation.CacheEvict;
|
||||
|
@ -35,6 +38,7 @@ import java.util.concurrent.TimeUnit;
|
|||
*/
|
||||
@Service
|
||||
public class UserServiceImpl extends ServiceImpl<SysUserMapper, SysUser> implements UserService {
|
||||
private static final Logger logger = LoggerFactory.getLogger(UserServiceImpl.class);
|
||||
private static final PasswordEncoder ENCODER = new BCryptPasswordEncoder();
|
||||
@Autowired
|
||||
private SysMenuService sysMenuService;
|
||||
|
@ -56,7 +60,7 @@ public class UserServiceImpl extends ServiceImpl<SysUserMapper, SysUser> impleme
|
|||
//设置角色列表
|
||||
List<SysRole> roleList = userVo.getRoleList();
|
||||
List<String> roleNames = new ArrayList<>();
|
||||
for (SysRole sysRole:roleList){
|
||||
for (SysRole sysRole : roleList) {
|
||||
roleNames.add(sysRole.getRoleName());
|
||||
}
|
||||
String[] roles = roleNames.toArray(new String[roleNames.size()]);
|
||||
|
@ -73,6 +77,18 @@ public class UserServiceImpl extends ServiceImpl<SysUserMapper, SysUser> impleme
|
|||
return sysUserMapper.selectUserVoByUsername(username);
|
||||
}
|
||||
|
||||
/**
|
||||
* 通过手机号查询用户信息
|
||||
*
|
||||
* @param mobile 手机号
|
||||
* @return 用户信息
|
||||
*/
|
||||
@Override
|
||||
@Cacheable(value = "user_details_mobile", key = "#mobile")
|
||||
public UserVo findUserByMobile(String mobile) {
|
||||
return sysUserMapper.selectUserVoByMobile(mobile);
|
||||
}
|
||||
|
||||
@Override
|
||||
public Page selectWithRolePage(Query query) {
|
||||
query.setRecords(sysUserMapper.selectUserVoPage(query, query.getCondition()));
|
||||
|
@ -86,10 +102,34 @@ public class UserServiceImpl extends ServiceImpl<SysUserMapper, SysUser> impleme
|
|||
* @param imageCode 验证码信息
|
||||
*/
|
||||
@Override
|
||||
public void save(String randomStr, String imageCode) {
|
||||
public void saveImageCode(String randomStr, String imageCode) {
|
||||
redisTemplate.opsForValue().set(SecurityConstants.DEFAULT_CODE_KEY + randomStr, imageCode, SecurityConstants.DEFAULT_IMAGE_EXPIRE, TimeUnit.SECONDS);
|
||||
}
|
||||
|
||||
/**
|
||||
* 发送验证码
|
||||
* <p>
|
||||
* 1. 先去redis 查询是否 60S内已经发送
|
||||
* 2. 未发送: 产生4位数字 手机号-验证码
|
||||
* 3. 调用短信网关发送信息
|
||||
* 4. 保存redis
|
||||
*
|
||||
* @param mobile 手机号
|
||||
* @return true、false
|
||||
*/
|
||||
@Override
|
||||
public Boolean sendSmsCode(String mobile) {
|
||||
Object tempCode = redisTemplate.opsForValue().get(SecurityConstants.DEFAULT_CODE_KEY + mobile);
|
||||
boolean result = false;
|
||||
if (tempCode == null) {
|
||||
String code = RandomUtil.randomNumbers(4);
|
||||
logger.info("短信发送成功 -> 手机号:{} -> 验证码:{}", mobile, code);
|
||||
redisTemplate.opsForValue().set(SecurityConstants.DEFAULT_CODE_KEY + mobile, code, SecurityConstants.DEFAULT_IMAGE_EXPIRE, TimeUnit.SECONDS);
|
||||
result = true;
|
||||
}
|
||||
return result;
|
||||
}
|
||||
|
||||
/**
|
||||
* 删除用户
|
||||
*
|
||||
|
|
|
@ -58,6 +58,32 @@
|
|||
WHERE
|
||||
`user`.username = #{username}
|
||||
</select>
|
||||
|
||||
<select id="selectUserVoByMobile" resultMap="userVoResultMap">
|
||||
SELECT
|
||||
`user`.user_id,
|
||||
`user`.username,
|
||||
`user`.`password`,
|
||||
`user`.salt,
|
||||
`user`.introduction,
|
||||
`user`.avatar,
|
||||
`user`.create_time AS ucreate_time,
|
||||
`user`.update_time AS uupdate_time,
|
||||
`user`.del_flag AS udel_flag,
|
||||
r.role_id,
|
||||
r.role_name,
|
||||
r.role_code,
|
||||
r.role_desc,
|
||||
r.create_time AS rcreate_time,
|
||||
r.update_time AS rupdate_time
|
||||
FROM
|
||||
sys_user AS `user`
|
||||
LEFT JOIN sys_user_role AS ur ON ur.user_id = `user`.user_id
|
||||
LEFT JOIN sys_role AS r ON r.role_id = ur.role_id
|
||||
WHERE
|
||||
`user`.salt = #{mobile}
|
||||
</select>
|
||||
|
||||
<select id="selectUserVoPage" resultMap="userVoResultMap" >
|
||||
SELECT
|
||||
`user`.user_id,
|
||||
|
|
|
@ -0,0 +1,76 @@
|
|||
package com.github.pig.auth.component;
|
||||
|
||||
import com.github.pig.common.constant.SecurityConstants;
|
||||
import org.springframework.http.HttpMethod;
|
||||
import org.springframework.security.authentication.AuthenticationServiceException;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.core.AuthenticationException;
|
||||
import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;
|
||||
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
|
||||
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
|
||||
/**
|
||||
* @author lengleng
|
||||
* @date 2018/1/9
|
||||
* 手机号登录验证filter
|
||||
*/
|
||||
public class MobileAuthenticationFilter extends AbstractAuthenticationProcessingFilter {
|
||||
public static final String SPRING_SECURITY_FORM_MOBILE_KEY = "mobile";
|
||||
|
||||
private String mobileParameter = SPRING_SECURITY_FORM_MOBILE_KEY;
|
||||
private boolean postOnly = true;
|
||||
|
||||
public MobileAuthenticationFilter() {
|
||||
super(new AntPathRequestMatcher(SecurityConstants.MOBILE_TOKEN_URL, "POST"));
|
||||
}
|
||||
|
||||
public Authentication attemptAuthentication(HttpServletRequest request,
|
||||
HttpServletResponse response) throws AuthenticationException {
|
||||
if (postOnly && !request.getMethod().equals(HttpMethod.POST.name())) {
|
||||
throw new AuthenticationServiceException(
|
||||
"Authentication method not supported: " + request.getMethod());
|
||||
}
|
||||
|
||||
String mobile = obtainMobile(request);
|
||||
|
||||
if (mobile == null) {
|
||||
mobile = "";
|
||||
}
|
||||
|
||||
mobile = mobile.trim();
|
||||
|
||||
MobileAuthenticationToken mobileAuthenticationToken = new MobileAuthenticationToken(mobile);
|
||||
|
||||
setDetails(request, mobileAuthenticationToken);
|
||||
|
||||
return this.getAuthenticationManager().authenticate(mobileAuthenticationToken);
|
||||
}
|
||||
|
||||
protected String obtainMobile(HttpServletRequest request) {
|
||||
return request.getParameter(mobileParameter);
|
||||
}
|
||||
|
||||
protected void setDetails(HttpServletRequest request,
|
||||
MobileAuthenticationToken authRequest) {
|
||||
authRequest.setDetails(authenticationDetailsSource.buildDetails(request));
|
||||
}
|
||||
|
||||
public void setPostOnly(boolean postOnly) {
|
||||
this.postOnly = postOnly;
|
||||
}
|
||||
|
||||
public String getMobileParameter() {
|
||||
return mobileParameter;
|
||||
}
|
||||
|
||||
public void setMobileParameter(String mobileParameter) {
|
||||
this.mobileParameter = mobileParameter;
|
||||
}
|
||||
|
||||
public boolean isPostOnly() {
|
||||
return postOnly;
|
||||
}
|
||||
}
|
||||
|
|
@ -0,0 +1,60 @@
|
|||
package com.github.pig.auth.component;
|
||||
|
||||
import com.github.pig.auth.feign.UserService;
|
||||
import com.github.pig.auth.util.UserDetailsImpl;
|
||||
import com.github.pig.common.constant.CommonConstant;
|
||||
import com.github.pig.common.vo.SysRole;
|
||||
import com.github.pig.common.vo.UserVo;
|
||||
import org.apache.commons.lang.StringUtils;
|
||||
import org.springframework.security.authentication.AuthenticationProvider;
|
||||
import org.springframework.security.authentication.InternalAuthenticationServiceException;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.core.AuthenticationException;
|
||||
import org.springframework.security.core.GrantedAuthority;
|
||||
import org.springframework.security.core.authority.SimpleGrantedAuthority;
|
||||
import org.springframework.security.core.userdetails.UserDetails;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.Collection;
|
||||
import java.util.List;
|
||||
|
||||
/**
|
||||
* @author lengleng
|
||||
* @date 2018/1/9
|
||||
* 手机号登录校验逻辑
|
||||
*/
|
||||
public class MobileAuthenticationProvider implements AuthenticationProvider {
|
||||
private UserService userService;
|
||||
|
||||
@Override
|
||||
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
|
||||
MobileAuthenticationToken mobileAuthenticationToken = (MobileAuthenticationToken) authentication;
|
||||
UserVo userVo = userService.findUserByMobile((String) mobileAuthenticationToken.getPrincipal());
|
||||
|
||||
UserDetailsImpl userDetails = buildUserDeatils(userVo);
|
||||
if (userDetails == null) {
|
||||
throw new InternalAuthenticationServiceException("手机号不存在:" + mobileAuthenticationToken.getPrincipal());
|
||||
}
|
||||
|
||||
MobileAuthenticationToken authenticationToken = new MobileAuthenticationToken(userDetails, userDetails.getAuthorities());
|
||||
authenticationToken.setDetails(mobileAuthenticationToken.getDetails());
|
||||
return authenticationToken;
|
||||
}
|
||||
|
||||
private UserDetailsImpl buildUserDeatils(UserVo userVo) {
|
||||
return new UserDetailsImpl(userVo);
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean supports(Class<?> authentication) {
|
||||
return MobileAuthenticationToken.class.isAssignableFrom(authentication);
|
||||
}
|
||||
|
||||
public UserService getUserService() {
|
||||
return userService;
|
||||
}
|
||||
|
||||
public void setUserService(UserService userService) {
|
||||
this.userService = userService;
|
||||
}
|
||||
}
|
|
@ -0,0 +1,56 @@
|
|||
package com.github.pig.auth.component;
|
||||
|
||||
import org.springframework.security.authentication.AbstractAuthenticationToken;
|
||||
import org.springframework.security.core.GrantedAuthority;
|
||||
import org.springframework.security.core.SpringSecurityCoreVersion;
|
||||
|
||||
import java.util.Collection;
|
||||
|
||||
/**
|
||||
* @author lengleng
|
||||
* @date 2018/1/9
|
||||
* 手机号登录令牌
|
||||
*/
|
||||
public class MobileAuthenticationToken extends AbstractAuthenticationToken {
|
||||
|
||||
private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID;
|
||||
|
||||
private final Object principal;
|
||||
|
||||
public MobileAuthenticationToken(String mobile) {
|
||||
super(null);
|
||||
this.principal = mobile;
|
||||
setAuthenticated(false);
|
||||
}
|
||||
|
||||
public MobileAuthenticationToken(Object principal,
|
||||
Collection<? extends GrantedAuthority> authorities) {
|
||||
super(authorities);
|
||||
this.principal = principal;
|
||||
super.setAuthenticated(true);
|
||||
}
|
||||
|
||||
public Object getPrincipal() {
|
||||
return this.principal;
|
||||
}
|
||||
|
||||
@Override
|
||||
public Object getCredentials() {
|
||||
return null;
|
||||
}
|
||||
|
||||
public void setAuthenticated(boolean isAuthenticated) throws IllegalArgumentException {
|
||||
if (isAuthenticated) {
|
||||
throw new IllegalArgumentException(
|
||||
"Cannot set this token to trusted - use constructor which takes a GrantedAuthority list instead");
|
||||
}
|
||||
|
||||
super.setAuthenticated(false);
|
||||
}
|
||||
|
||||
@Override
|
||||
public void eraseCredentials() {
|
||||
super.eraseCredentials();
|
||||
}
|
||||
}
|
||||
|
|
@ -1,18 +1,25 @@
|
|||
package com.github.pig.gateway.componet;
|
||||
package com.github.pig.auth.component;
|
||||
|
||||
import com.alibaba.fastjson.JSONObject;
|
||||
import com.fasterxml.jackson.databind.ObjectMapper;
|
||||
import com.github.pig.common.constant.CommonConstant;
|
||||
import com.github.pig.gateway.feign.AuthSerivce;
|
||||
import com.xiaoleilu.hutool.util.MapUtil;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.security.authentication.BadCredentialsException;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.crypto.codec.Base64;
|
||||
import org.springframework.security.oauth2.common.OAuth2AccessToken;
|
||||
import org.springframework.security.oauth2.common.exceptions.UnapprovedClientAuthenticationException;
|
||||
import org.springframework.security.oauth2.provider.*;
|
||||
import org.springframework.security.oauth2.provider.token.AuthorizationServerTokenServices;
|
||||
import org.springframework.stereotype.Component;
|
||||
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
import java.io.IOException;
|
||||
import java.io.PrintWriter;
|
||||
|
||||
/**
|
||||
* @author lengleng
|
||||
|
@ -21,8 +28,13 @@ import java.io.IOException;
|
|||
*/
|
||||
@Component
|
||||
public class MobileLoginSuccessHandler implements org.springframework.security.web.authentication.AuthenticationSuccessHandler {
|
||||
private Logger logger = LoggerFactory.getLogger(getClass());
|
||||
@Autowired
|
||||
private AuthSerivce authSerivce;
|
||||
private ObjectMapper objectMapper;
|
||||
@Autowired
|
||||
private ClientDetailsService clientDetailsService;
|
||||
@Autowired
|
||||
private AuthorizationServerTokenServices authorizationServerTokenServices;
|
||||
|
||||
/**
|
||||
* Called when a user has been successfully authenticated.
|
||||
|
@ -45,7 +57,24 @@ public class MobileLoginSuccessHandler implements org.springframework.security.w
|
|||
assert tokens.length == 2;
|
||||
String clientId = tokens[0];
|
||||
String clientSecret = tokens[1];
|
||||
OAuth2AccessToken oAuth2AccessToken = authSerivce.createToken(clientId);
|
||||
|
||||
JSONObject params = new JSONObject();
|
||||
params.put("clientId", clientId);
|
||||
params.put("clientSecret", clientSecret);
|
||||
params.put("authentication", authentication);
|
||||
|
||||
ClientDetails clientDetails = clientDetailsService.loadClientByClientId(clientId);
|
||||
TokenRequest tokenRequest = new TokenRequest(MapUtil.newHashMap(), clientId, clientDetails.getScope(), "mobile");
|
||||
OAuth2Request oAuth2Request = tokenRequest.createOAuth2Request(clientDetails);
|
||||
|
||||
OAuth2Authentication oAuth2Authentication = new OAuth2Authentication(oAuth2Request, authentication);
|
||||
OAuth2AccessToken oAuth2AccessToken = authorizationServerTokenServices.createAccessToken(oAuth2Authentication);
|
||||
logger.info("获取token 成功:{}", oAuth2AccessToken.getValue());
|
||||
|
||||
response.setCharacterEncoding(CommonConstant.UTF8);
|
||||
response.setContentType(CommonConstant.CONTENT_TYPE);
|
||||
PrintWriter printWriter = response.getWriter();
|
||||
printWriter.append(objectMapper.writeValueAsString(oAuth2AccessToken));
|
||||
} catch (IOException e) {
|
||||
throw new BadCredentialsException(
|
||||
"Failed to decode basic authentication token");
|
|
@ -0,0 +1,35 @@
|
|||
package com.github.pig.auth.component;
|
||||
|
||||
import com.github.pig.auth.feign.UserService;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.security.authentication.AuthenticationManager;
|
||||
import org.springframework.security.config.annotation.SecurityConfigurerAdapter;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.web.DefaultSecurityFilterChain;
|
||||
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
|
||||
import org.springframework.stereotype.Component;
|
||||
|
||||
/**
|
||||
* @author lengleng
|
||||
* @date 2018/1/9
|
||||
* 手机号登录配置入口
|
||||
*/
|
||||
@Component
|
||||
public class MobileSecurityConfigurer extends SecurityConfigurerAdapter<DefaultSecurityFilterChain, HttpSecurity> {
|
||||
@Autowired
|
||||
private MobileLoginSuccessHandler mobileLoginSuccessHandler;
|
||||
@Autowired
|
||||
private UserService userService;
|
||||
|
||||
@Override
|
||||
public void configure(HttpSecurity http) throws Exception {
|
||||
MobileAuthenticationFilter mobileAuthenticationFilter = new MobileAuthenticationFilter();
|
||||
mobileAuthenticationFilter.setAuthenticationManager(http.getSharedObject(AuthenticationManager.class));
|
||||
mobileAuthenticationFilter.setAuthenticationSuccessHandler(mobileLoginSuccessHandler);
|
||||
|
||||
MobileAuthenticationProvider mobileAuthenticationProvider = new MobileAuthenticationProvider();
|
||||
mobileAuthenticationProvider.setUserService(userService);
|
||||
http.authenticationProvider(mobileAuthenticationProvider)
|
||||
.addFilterAfter(mobileAuthenticationFilter, UsernamePasswordAuthenticationFilter.class);
|
||||
}
|
||||
}
|
|
@ -1,5 +1,7 @@
|
|||
package com.github.pig.auth.config;
|
||||
|
||||
import com.github.pig.auth.component.MobileAuthenticationFilter;
|
||||
import com.github.pig.auth.component.MobileSecurityConfigurer;
|
||||
import com.github.pig.common.bean.config.FilterUrlsPropertiesConifg;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
|
@ -18,6 +20,8 @@ import org.springframework.security.oauth2.config.annotation.web.configuration.R
|
|||
public class ResourceServerConfiguration extends ResourceServerConfigurerAdapter {
|
||||
@Autowired
|
||||
private FilterUrlsPropertiesConifg filterUrlsPropertiesConifg;
|
||||
@Autowired
|
||||
private MobileSecurityConfigurer mobileSecurityConfigurer;
|
||||
|
||||
@Override
|
||||
public void configure(HttpSecurity http) throws Exception {
|
||||
|
@ -29,6 +33,7 @@ public class ResourceServerConfiguration extends ResourceServerConfigurerAdapter
|
|||
registry.anyRequest().authenticated()
|
||||
.and()
|
||||
.csrf().disable();
|
||||
http.apply(mobileSecurityConfigurer);
|
||||
}
|
||||
|
||||
}
|
|
@ -2,18 +2,13 @@ package com.github.pig.auth.controller;
|
|||
|
||||
import com.github.pig.common.constant.SecurityConstants;
|
||||
import com.github.pig.common.util.R;
|
||||
import com.xiaoleilu.hutool.util.MapUtil;
|
||||
import org.apache.commons.lang.StringUtils;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.cache.annotation.CacheEvict;
|
||||
import org.springframework.data.redis.connection.RedisConnectionFactory;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.oauth2.common.OAuth2AccessToken;
|
||||
import org.springframework.security.oauth2.common.exceptions.UnapprovedClientAuthenticationException;
|
||||
import org.springframework.security.oauth2.provider.*;
|
||||
import org.springframework.security.oauth2.provider.token.AuthorizationServerTokenServices;
|
||||
import org.springframework.security.oauth2.provider.token.store.redis.RedisTokenStore;
|
||||
import org.springframework.web.bind.annotation.*;
|
||||
import org.springframework.web.bind.annotation.PostMapping;
|
||||
import org.springframework.web.bind.annotation.RequestMapping;
|
||||
import org.springframework.web.bind.annotation.RestController;
|
||||
|
||||
import java.security.Principal;
|
||||
|
||||
|
@ -25,10 +20,7 @@ import java.security.Principal;
|
|||
public class UserController {
|
||||
@Autowired
|
||||
private RedisConnectionFactory redisConnectionFactory;
|
||||
@Autowired
|
||||
private ClientDetailsService clientDetailsService;
|
||||
@Autowired
|
||||
private AuthorizationServerTokenServices authorizationServerTokenServices;
|
||||
|
||||
|
||||
@RequestMapping("/user")
|
||||
public Object user(Principal user) {
|
||||
|
@ -50,26 +42,4 @@ public class UserController {
|
|||
tokenStore.removeAccessToken(accesstoken);
|
||||
return new R<>(Boolean.TRUE);
|
||||
}
|
||||
|
||||
/**
|
||||
* 自定义token
|
||||
*
|
||||
* @param params 参数信息
|
||||
* @return OAuth2AccessToken
|
||||
*/
|
||||
@RequestMapping(value = "/oauth/token_key")
|
||||
public OAuth2AccessToken getKey(String params) {
|
||||
ClientDetails clientDetails = clientDetailsService.loadClientByClientId(params);
|
||||
// if (clientDetails == null) {
|
||||
// throw new UnapprovedClientAuthenticationException("请求头中client信息不存在 clientId:" + clientId);
|
||||
// } else if (!StringUtils.equals(clientDetails.getClientSecret(), clientSecret)) {
|
||||
// throw new UnapprovedClientAuthenticationException("请求头中client信息不合法 clientSecret:" + clientSecret);
|
||||
// }
|
||||
//
|
||||
// TokenRequest tokenRequest = new TokenRequest(MapUtil.newHashMap(), clientId, clientDetails.getScope(), "mobile");
|
||||
// OAuth2Request oAuth2Request = tokenRequest.createOAuth2Request(clientDetails);
|
||||
// OAuth2Authentication oAuth2Authentication = new OAuth2Authentication(oAuth2Request, authentication);
|
||||
// return authorizationServerTokenServices.createAccessToken(oAuth2Authentication);
|
||||
return null;
|
||||
}
|
||||
}
|
|
@ -20,4 +20,13 @@ public interface UserService {
|
|||
*/
|
||||
@GetMapping("/user/findUserByUsername/{username}")
|
||||
UserVo findUserByUsername(@PathVariable("username") String username);
|
||||
|
||||
/**
|
||||
* 通过手机号查询用户、角色信息
|
||||
*
|
||||
* @param mobile 手机号
|
||||
* @return UserVo
|
||||
*/
|
||||
@GetMapping("/user/findUserByMobile/{mobile}")
|
||||
UserVo findUserByMobile(@PathVariable("mobile") String mobile);
|
||||
}
|
||||
|
|
|
@ -20,4 +20,16 @@ public class UserServiceFallbackImpl implements UserService {
|
|||
logger.error("调用{}异常:{}", "findUserByUsername", username);
|
||||
return null;
|
||||
}
|
||||
|
||||
/**
|
||||
* 通过手机号查询用户、角色信息
|
||||
*
|
||||
* @param mobile 手机号
|
||||
* @return UserVo
|
||||
*/
|
||||
@Override
|
||||
public UserVo findUserByMobile(String mobile) {
|
||||
logger.error("调用{}异常:{}", "通过手机号查询用户", mobile);
|
||||
return null;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -0,0 +1,56 @@
|
|||
package com.github.pig.auth.util;
|
||||
|
||||
import org.springframework.security.authentication.AbstractAuthenticationToken;
|
||||
import org.springframework.security.core.GrantedAuthority;
|
||||
import org.springframework.security.core.SpringSecurityCoreVersion;
|
||||
|
||||
import java.util.Collection;
|
||||
|
||||
/**
|
||||
* @author lengleng
|
||||
* @date 2018/1/9
|
||||
* 手机号登录令牌
|
||||
*/
|
||||
public class MobileAuthenticationToken extends AbstractAuthenticationToken {
|
||||
|
||||
private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID;
|
||||
|
||||
private final Object principal;
|
||||
|
||||
public MobileAuthenticationToken(String mobile) {
|
||||
super(null);
|
||||
this.principal = mobile;
|
||||
setAuthenticated(false);
|
||||
}
|
||||
|
||||
public MobileAuthenticationToken(Object principal,
|
||||
Collection<? extends GrantedAuthority> authorities) {
|
||||
super(authorities);
|
||||
this.principal = principal;
|
||||
super.setAuthenticated(true);
|
||||
}
|
||||
|
||||
public Object getPrincipal() {
|
||||
return this.principal;
|
||||
}
|
||||
|
||||
@Override
|
||||
public Object getCredentials() {
|
||||
return null;
|
||||
}
|
||||
|
||||
public void setAuthenticated(boolean isAuthenticated) throws IllegalArgumentException {
|
||||
if (isAuthenticated) {
|
||||
throw new IllegalArgumentException(
|
||||
"Cannot set this token to trusted - use constructor which takes a GrantedAuthority list instead");
|
||||
}
|
||||
|
||||
super.setAuthenticated(false);
|
||||
}
|
||||
|
||||
@Override
|
||||
public void eraseCredentials() {
|
||||
super.eraseCredentials();
|
||||
}
|
||||
}
|
||||
|
|
@ -19,11 +19,21 @@ public interface SecurityConstants {
|
|||
*/
|
||||
String OAUTH_TOKEN_URL = "/oauth/token";
|
||||
|
||||
/**
|
||||
* 手机登录URL
|
||||
*/
|
||||
String MOBILE_TOKEN_URL = "/mobile/token";
|
||||
|
||||
/**
|
||||
* 默认的处理验证码的url前缀
|
||||
*/
|
||||
String DEFAULT_VALIDATE_CODE_URL_PREFIX = "/code";
|
||||
|
||||
/**
|
||||
* 手机号的处理验证码的url前缀
|
||||
*/
|
||||
String MOBILE_VALIDATE_CODE_URL_PREFIX = "/smsCode";
|
||||
|
||||
/**
|
||||
* 默认生成图形验证码宽度
|
||||
*/
|
||||
|
|
|
@ -1,7 +1,6 @@
|
|||
package com.github.pig.gateway.config;
|
||||
|
||||
import com.github.pig.common.bean.config.FilterUrlsPropertiesConifg;
|
||||
import com.github.pig.gateway.componet.MobileLoginSuccessHandler;
|
||||
import com.github.pig.gateway.componet.PigAccessDeniedHandler;
|
||||
import com.github.pig.gateway.filter.ValidateCodeFilter;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
|
@ -32,16 +31,11 @@ public class ResourceServerConfiguration extends ResourceServerConfigurerAdapter
|
|||
@Autowired
|
||||
private PigAccessDeniedHandler pigAccessDeniedHandler;
|
||||
@Autowired
|
||||
private MobileLoginSuccessHandler mobileLoginSuccessHandler;
|
||||
@Autowired
|
||||
private ValidateCodeFilter validateCodeFilter;
|
||||
|
||||
@Override
|
||||
public void configure(HttpSecurity http) throws Exception {
|
||||
http.addFilterBefore(validateCodeFilter, UsernamePasswordAuthenticationFilter.class);
|
||||
http.formLogin()
|
||||
.loginProcessingUrl("/mobile/login")
|
||||
.successHandler(mobileLoginSuccessHandler);
|
||||
ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry registry = http
|
||||
.authorizeRequests();
|
||||
for (String url : filterUrlsPropertiesConifg.getAnon()) {
|
||||
|
|
|
@ -1,26 +0,0 @@
|
|||
package com.github.pig.gateway.feign;
|
||||
|
||||
import com.github.pig.gateway.feign.fallback.AuthServiceFallbackImpl;
|
||||
import com.github.pig.gateway.feign.fallback.MenuServiceFallbackImpl;
|
||||
import org.springframework.cloud.netflix.feign.FeignClient;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.oauth2.common.OAuth2AccessToken;
|
||||
import org.springframework.web.bind.annotation.GetMapping;
|
||||
import org.springframework.web.bind.annotation.PostMapping;
|
||||
import org.springframework.web.bind.annotation.RequestParam;
|
||||
|
||||
/**
|
||||
* @author lengleng
|
||||
* @date 2018/1/8
|
||||
*/
|
||||
@FeignClient(name = "pig-auth-service", fallback = AuthServiceFallbackImpl.class)
|
||||
public interface AuthSerivce {
|
||||
/**
|
||||
* 获取 OAuth2AccessToken
|
||||
*
|
||||
* @param params 参数信息
|
||||
* @return OAuth2AccessToken
|
||||
*/
|
||||
@PostMapping(value = "/oauth/token_key")
|
||||
OAuth2AccessToken createToken(@RequestParam("params") String params);
|
||||
}
|
|
@ -1,28 +0,0 @@
|
|||
package com.github.pig.gateway.feign.fallback;
|
||||
|
||||
import com.github.pig.gateway.feign.AuthSerivce;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.oauth2.common.OAuth2AccessToken;
|
||||
import org.springframework.stereotype.Service;
|
||||
|
||||
/**
|
||||
* @author lengleng
|
||||
* @date 2018/1/9
|
||||
*/
|
||||
@Service
|
||||
public class AuthServiceFallbackImpl implements AuthSerivce {
|
||||
private Logger logger = LoggerFactory.getLogger(this.getClass());
|
||||
|
||||
/**
|
||||
* 获取 OAuth2AccessToken
|
||||
*
|
||||
* @param params 参数信息
|
||||
* @return OAuth2AccessToken
|
||||
*/
|
||||
@Override
|
||||
public OAuth2AccessToken createToken(String params) {
|
||||
return null;
|
||||
}
|
||||
}
|
|
@ -1,6 +1,5 @@
|
|||
package com.github.pig.gateway.filter;
|
||||
|
||||
import com.alibaba.fastjson.JSONObject;
|
||||
import com.fasterxml.jackson.databind.ObjectMapper;
|
||||
import com.github.pig.common.constant.CommonConstant;
|
||||
import com.github.pig.common.constant.SecurityConstants;
|
||||
|
@ -28,7 +27,6 @@ import java.io.PrintWriter;
|
|||
* @date 2017-12-18
|
||||
* 验证码校验,true开启,false关闭校验
|
||||
* 更细化可以 clientId 进行区分
|
||||
*
|
||||
*/
|
||||
@Component("validateCodeFilter")
|
||||
public class ValidateCodeFilter extends OncePerRequestFilter {
|
||||
|
@ -43,7 +41,8 @@ public class ValidateCodeFilter extends OncePerRequestFilter {
|
|||
@Override
|
||||
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
|
||||
if (isValidate && (StringUtils.contains(request.getRequestURI(), SecurityConstants.OAUTH_TOKEN_URL)
|
||||
|| StringUtils.contains(request.getRequestURI(), SecurityConstants.REFRESH_TOKEN))) {
|
||||
|| StringUtils.contains(request.getRequestURI(), SecurityConstants.REFRESH_TOKEN)
|
||||
|| StringUtils.contains(request.getRequestURI(), SecurityConstants.MOBILE_TOKEN_URL))) {
|
||||
PrintWriter printWriter = null;
|
||||
try {
|
||||
checkCode(request, response, filterChain);
|
||||
|
@ -66,10 +65,13 @@ public class ValidateCodeFilter extends OncePerRequestFilter {
|
|||
private void checkCode(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws IOException, ServletException {
|
||||
String code = httpServletRequest.getParameter("code");
|
||||
String randomStr = httpServletRequest.getParameter("randomStr");
|
||||
if (StringUtils.isBlank(randomStr)) {
|
||||
randomStr = httpServletRequest.getParameter("mobile");
|
||||
}
|
||||
Object codeObj = redisTemplate.opsForValue().get(SecurityConstants.DEFAULT_CODE_KEY + randomStr);
|
||||
|
||||
if (codeObj == null) {
|
||||
throw new ValidateCodeException("验证码已过期或已过期");
|
||||
throw new ValidateCodeException("验证码为空或已过期");
|
||||
}
|
||||
String saveCode = codeObj.toString();
|
||||
|
||||
|
|
|
@ -3,6 +3,7 @@ package com.github.pig.gateway.service.impl;
|
|||
import com.github.pig.common.vo.UserVo;
|
||||
import com.github.pig.gateway.feign.UserService;
|
||||
import com.github.pig.gateway.util.UserDetailsImpl;
|
||||
import org.apache.commons.lang.StringUtils;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.security.core.userdetails.UserDetailsService;
|
||||
import org.springframework.security.core.userdetails.UsernameNotFoundException;
|
||||
|
@ -22,6 +23,9 @@ public class UserDetailServiceImpl implements UserDetailsService, Serializable {
|
|||
|
||||
@Override
|
||||
public UserDetailsImpl loadUserByUsername(String username) throws UsernameNotFoundException {
|
||||
if (StringUtils.isBlank(username)) {
|
||||
throw new UsernameNotFoundException("用户不存在:" + username);
|
||||
}
|
||||
UserVo userVo = userService.findUserByUsername(username);
|
||||
return new UserDetailsImpl(userVo);
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue