From affb18207e58d157feb3c9b0d2222381c81c2103 Mon Sep 17 00:00:00 2001 From: "wangiegie@gmail.com" Date: Sun, 14 Jan 2018 20:38:42 +0800 Subject: [PATCH] =?UTF-8?q?=E6=89=8B=E6=9C=BA=E5=8F=B7=E7=99=BB=E5=BD=95?= =?UTF-8?q?=E8=B0=83=E6=95=B4?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../mobile/MobileAuthenticationFilter.java | 76 ++++++++++++ .../mobile/MobileAuthenticationProvider.java | 50 ++++++++ .../mobile/MobileAuthenticationToken.java | 56 +++++++++ .../mobile/MobileLoginSuccessHandler.java | 113 ++++++++++++++++++ .../mobile/MobileSecurityConfigurer.java | 35 ++++++ 5 files changed, 330 insertions(+) create mode 100644 pig-auth-service/src/main/java/com/github/pig/auth/component/mobile/MobileAuthenticationFilter.java create mode 100644 pig-auth-service/src/main/java/com/github/pig/auth/component/mobile/MobileAuthenticationProvider.java create mode 100644 pig-auth-service/src/main/java/com/github/pig/auth/component/mobile/MobileAuthenticationToken.java create mode 100644 pig-auth-service/src/main/java/com/github/pig/auth/component/mobile/MobileLoginSuccessHandler.java create mode 100644 pig-auth-service/src/main/java/com/github/pig/auth/component/mobile/MobileSecurityConfigurer.java diff --git a/pig-auth-service/src/main/java/com/github/pig/auth/component/mobile/MobileAuthenticationFilter.java b/pig-auth-service/src/main/java/com/github/pig/auth/component/mobile/MobileAuthenticationFilter.java new file mode 100644 index 00000000..0608fe14 --- /dev/null +++ b/pig-auth-service/src/main/java/com/github/pig/auth/component/mobile/MobileAuthenticationFilter.java @@ -0,0 +1,76 @@ +package com.github.pig.auth.component.mobile; + +import com.github.pig.common.constant.SecurityConstants; +import org.springframework.http.HttpMethod; +import org.springframework.security.authentication.AuthenticationServiceException; +import org.springframework.security.core.Authentication; +import org.springframework.security.core.AuthenticationException; +import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter; +import org.springframework.security.web.util.matcher.AntPathRequestMatcher; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +/** + * @author lengleng + * @date 2018/1/9 + * 手机号登录验证filter + */ +public class MobileAuthenticationFilter extends AbstractAuthenticationProcessingFilter { + public static final String SPRING_SECURITY_FORM_MOBILE_KEY = "mobile"; + + private String mobileParameter = SPRING_SECURITY_FORM_MOBILE_KEY; + private boolean postOnly = true; + + public MobileAuthenticationFilter() { + super(new AntPathRequestMatcher(SecurityConstants.MOBILE_TOKEN_URL, "POST")); + } + + public Authentication attemptAuthentication(HttpServletRequest request, + HttpServletResponse response) throws AuthenticationException { + if (postOnly && !request.getMethod().equals(HttpMethod.POST.name())) { + throw new AuthenticationServiceException( + "Authentication method not supported: " + request.getMethod()); + } + + String mobile = obtainMobile(request); + + if (mobile == null) { + mobile = ""; + } + + mobile = mobile.trim(); + + MobileAuthenticationToken mobileAuthenticationToken = new MobileAuthenticationToken(mobile); + + setDetails(request, mobileAuthenticationToken); + + return this.getAuthenticationManager().authenticate(mobileAuthenticationToken); + } + + protected String obtainMobile(HttpServletRequest request) { + return request.getParameter(mobileParameter); + } + + protected void setDetails(HttpServletRequest request, + MobileAuthenticationToken authRequest) { + authRequest.setDetails(authenticationDetailsSource.buildDetails(request)); + } + + public void setPostOnly(boolean postOnly) { + this.postOnly = postOnly; + } + + public String getMobileParameter() { + return mobileParameter; + } + + public void setMobileParameter(String mobileParameter) { + this.mobileParameter = mobileParameter; + } + + public boolean isPostOnly() { + return postOnly; + } +} + diff --git a/pig-auth-service/src/main/java/com/github/pig/auth/component/mobile/MobileAuthenticationProvider.java b/pig-auth-service/src/main/java/com/github/pig/auth/component/mobile/MobileAuthenticationProvider.java new file mode 100644 index 00000000..3f52d8d1 --- /dev/null +++ b/pig-auth-service/src/main/java/com/github/pig/auth/component/mobile/MobileAuthenticationProvider.java @@ -0,0 +1,50 @@ +package com.github.pig.auth.component.mobile; + +import com.github.pig.auth.feign.UserService; +import com.github.pig.auth.util.UserDetailsImpl; +import com.github.pig.common.vo.UserVo; +import org.springframework.security.authentication.AuthenticationProvider; +import org.springframework.security.authentication.InternalAuthenticationServiceException; +import org.springframework.security.core.Authentication; +import org.springframework.security.core.AuthenticationException; + +/** + * @author lengleng + * @date 2018/1/9 + * 手机号登录校验逻辑 + */ +public class MobileAuthenticationProvider implements AuthenticationProvider { + private UserService userService; + + @Override + public Authentication authenticate(Authentication authentication) throws AuthenticationException { + MobileAuthenticationToken mobileAuthenticationToken = (MobileAuthenticationToken) authentication; + UserVo userVo = userService.findUserByMobile((String) mobileAuthenticationToken.getPrincipal()); + + UserDetailsImpl userDetails = buildUserDeatils(userVo); + if (userDetails == null) { + throw new InternalAuthenticationServiceException("手机号不存在:" + mobileAuthenticationToken.getPrincipal()); + } + + MobileAuthenticationToken authenticationToken = new MobileAuthenticationToken(userDetails, userDetails.getAuthorities()); + authenticationToken.setDetails(mobileAuthenticationToken.getDetails()); + return authenticationToken; + } + + private UserDetailsImpl buildUserDeatils(UserVo userVo) { + return new UserDetailsImpl(userVo); + } + + @Override + public boolean supports(Class authentication) { + return MobileAuthenticationToken.class.isAssignableFrom(authentication); + } + + public UserService getUserService() { + return userService; + } + + public void setUserService(UserService userService) { + this.userService = userService; + } +} diff --git a/pig-auth-service/src/main/java/com/github/pig/auth/component/mobile/MobileAuthenticationToken.java b/pig-auth-service/src/main/java/com/github/pig/auth/component/mobile/MobileAuthenticationToken.java new file mode 100644 index 00000000..860cc068 --- /dev/null +++ b/pig-auth-service/src/main/java/com/github/pig/auth/component/mobile/MobileAuthenticationToken.java @@ -0,0 +1,56 @@ +package com.github.pig.auth.component.mobile; + +import org.springframework.security.authentication.AbstractAuthenticationToken; +import org.springframework.security.core.GrantedAuthority; +import org.springframework.security.core.SpringSecurityCoreVersion; + +import java.util.Collection; + +/** + * @author lengleng + * @date 2018/1/9 + * 手机号登录令牌 + */ +public class MobileAuthenticationToken extends AbstractAuthenticationToken { + + private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID; + + private final Object principal; + + public MobileAuthenticationToken(String mobile) { + super(null); + this.principal = mobile; + setAuthenticated(false); + } + + public MobileAuthenticationToken(Object principal, + Collection authorities) { + super(authorities); + this.principal = principal; + super.setAuthenticated(true); + } + + public Object getPrincipal() { + return this.principal; + } + + @Override + public Object getCredentials() { + return null; + } + + public void setAuthenticated(boolean isAuthenticated) throws IllegalArgumentException { + if (isAuthenticated) { + throw new IllegalArgumentException( + "Cannot set this token to trusted - use constructor which takes a GrantedAuthority list instead"); + } + + super.setAuthenticated(false); + } + + @Override + public void eraseCredentials() { + super.eraseCredentials(); + } +} + diff --git a/pig-auth-service/src/main/java/com/github/pig/auth/component/mobile/MobileLoginSuccessHandler.java b/pig-auth-service/src/main/java/com/github/pig/auth/component/mobile/MobileLoginSuccessHandler.java new file mode 100644 index 00000000..125bb679 --- /dev/null +++ b/pig-auth-service/src/main/java/com/github/pig/auth/component/mobile/MobileLoginSuccessHandler.java @@ -0,0 +1,113 @@ +package com.github.pig.auth.component.mobile; + +import com.alibaba.fastjson.JSONObject; +import com.fasterxml.jackson.databind.ObjectMapper; +import com.github.pig.common.constant.CommonConstant; +import com.xiaoleilu.hutool.util.MapUtil; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.security.authentication.BadCredentialsException; +import org.springframework.security.core.Authentication; +import org.springframework.security.crypto.codec.Base64; +import org.springframework.security.oauth2.common.OAuth2AccessToken; +import org.springframework.security.oauth2.common.exceptions.UnapprovedClientAuthenticationException; +import org.springframework.security.oauth2.provider.*; +import org.springframework.security.oauth2.provider.token.AuthorizationServerTokenServices; +import org.springframework.stereotype.Component; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import java.io.IOException; +import java.io.PrintWriter; + +/** + * @author lengleng + * @date 2018/1/8 + * 手机号登录成功,返回oauth token + */ +@Component +public class MobileLoginSuccessHandler implements org.springframework.security.web.authentication.AuthenticationSuccessHandler { + private Logger logger = LoggerFactory.getLogger(getClass()); + @Autowired + private ObjectMapper objectMapper; + @Autowired + private ClientDetailsService clientDetailsService; + @Autowired + private AuthorizationServerTokenServices authorizationServerTokenServices; + + /** + * Called when a user has been successfully authenticated. + * 调用spring security oauth API 生成 oAuth2AccessToken + * + * @param request the request which caused the successful authentication + * @param response the response + * @param authentication the Authentication object which was created during + */ + @Override + public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) { + String header = request.getHeader("Authorization"); + + if (header == null || !header.startsWith("Basic ")) { + throw new UnapprovedClientAuthenticationException("请求头中client信息为空"); + } + + try { + String[] tokens = extractAndDecodeHeader(header); + assert tokens.length == 2; + String clientId = tokens[0]; + String clientSecret = tokens[1]; + + JSONObject params = new JSONObject(); + params.put("clientId", clientId); + params.put("clientSecret", clientSecret); + params.put("authentication", authentication); + + ClientDetails clientDetails = clientDetailsService.loadClientByClientId(clientId); + TokenRequest tokenRequest = new TokenRequest(MapUtil.newHashMap(), clientId, clientDetails.getScope(), "mobile"); + OAuth2Request oAuth2Request = tokenRequest.createOAuth2Request(clientDetails); + + OAuth2Authentication oAuth2Authentication = new OAuth2Authentication(oAuth2Request, authentication); + OAuth2AccessToken oAuth2AccessToken = authorizationServerTokenServices.createAccessToken(oAuth2Authentication); + logger.info("获取token 成功:{}", oAuth2AccessToken.getValue()); + + response.setCharacterEncoding(CommonConstant.UTF8); + response.setContentType(CommonConstant.CONTENT_TYPE); + PrintWriter printWriter = response.getWriter(); + printWriter.append(objectMapper.writeValueAsString(oAuth2AccessToken)); + } catch (IOException e) { + throw new BadCredentialsException( + "Failed to decode basic authentication token"); + } + } + + /** + * Decodes the header into a username and password. + * + * @throws BadCredentialsException if the Basic header is not present or is not valid + * Base64 + */ + private String[] extractAndDecodeHeader(String header) + throws IOException { + + byte[] base64Token = header.substring(6).getBytes("UTF-8"); + byte[] decoded; + try { + decoded = Base64.decode(base64Token); + } catch (IllegalArgumentException e) { + throw new BadCredentialsException( + "Failed to decode basic authentication token"); + } + + String token = new String(decoded, CommonConstant.UTF8); + + int delim = token.indexOf(":"); + + if (delim == -1) { + throw new BadCredentialsException("Invalid basic authentication token"); + } + return new String[]{token.substring(0, delim), token.substring(delim + 1)}; + } + + +} diff --git a/pig-auth-service/src/main/java/com/github/pig/auth/component/mobile/MobileSecurityConfigurer.java b/pig-auth-service/src/main/java/com/github/pig/auth/component/mobile/MobileSecurityConfigurer.java new file mode 100644 index 00000000..2a60dfe6 --- /dev/null +++ b/pig-auth-service/src/main/java/com/github/pig/auth/component/mobile/MobileSecurityConfigurer.java @@ -0,0 +1,35 @@ +package com.github.pig.auth.component.mobile; + +import com.github.pig.auth.feign.UserService; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.security.authentication.AuthenticationManager; +import org.springframework.security.config.annotation.SecurityConfigurerAdapter; +import org.springframework.security.config.annotation.web.builders.HttpSecurity; +import org.springframework.security.web.DefaultSecurityFilterChain; +import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; +import org.springframework.stereotype.Component; + +/** + * @author lengleng + * @date 2018/1/9 + * 手机号登录配置入口 + */ +@Component +public class MobileSecurityConfigurer extends SecurityConfigurerAdapter { + @Autowired + private MobileLoginSuccessHandler mobileLoginSuccessHandler; + @Autowired + private UserService userService; + + @Override + public void configure(HttpSecurity http) throws Exception { + MobileAuthenticationFilter mobileAuthenticationFilter = new MobileAuthenticationFilter(); + mobileAuthenticationFilter.setAuthenticationManager(http.getSharedObject(AuthenticationManager.class)); + mobileAuthenticationFilter.setAuthenticationSuccessHandler(mobileLoginSuccessHandler); + + MobileAuthenticationProvider mobileAuthenticationProvider = new MobileAuthenticationProvider(); + mobileAuthenticationProvider.setUserService(userService); + http.authenticationProvider(mobileAuthenticationProvider) + .addFilterAfter(mobileAuthenticationFilter, UsernamePasswordAuthenticationFilter.class); + } +}