From 1dd70f173c829cd97017fbb3da53cbda1c370c6f Mon Sep 17 00:00:00 2001 From: Tang Cheng Date: Thu, 18 Apr 2019 08:38:35 +0800 Subject: [PATCH] =?utf8?q?=E6=B5=8B=E8=AF=95=20spring=20security=20?= =?utf8?q?=E6=9C=BA=E5=88=B6?= MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit --- build.gradle | 1 + .../com/supwisdom/dlpay/ServletInitializer.kt | 2 +- .../dlpay/framework/core/JwtTokenUtil.java | 9 +++++-- ...ppClientRedis.java => ApiClientRedis.java} | 2 +- .../dlpay/framework/domain/TApiClient.java | 2 +- ...pository.java => ApiClientRepository.java} | 4 +-- ...payApplication.kt => PayApiApplication.kt} | 25 +++++++++++++------ .../controller/security_controller.kt | 12 +++++---- 8 files changed, 38 insertions(+), 19 deletions(-) rename src/main/java/com/supwisdom/dlpay/framework/domain/{AppClientRedis.java => ApiClientRedis.java} (95%) rename src/main/java/com/supwisdom/dlpay/framework/redisrepo/{AppClientRepository.java => ApiClientRepository.java} (51%) rename src/main/kotlin/com/supwisdom/dlpay/{DlpayApplication.kt => PayApiApplication.kt} (89%) diff --git a/build.gradle b/build.gradle index c2dbbbc8..d0275920 100644 --- a/build.gradle +++ b/build.gradle @@ -33,6 +33,7 @@ dependencies { implementation 'org.springframework.security:spring-security-oauth2-jose' implementation 'com.fasterxml.jackson.module:jackson-module-kotlin' implementation 'org.springframework.boot:spring-boot-starter-thymeleaf' + implementation 'org.springframework.session:spring-session-data-redis:2.0.10.RELEASE' implementation 'org.jetbrains.kotlin:kotlin-reflect' implementation 'org.jetbrains.kotlin:kotlin-stdlib-jdk8' diff --git a/src/main/java/com/supwisdom/dlpay/ServletInitializer.kt b/src/main/java/com/supwisdom/dlpay/ServletInitializer.kt index 65545c75..b03a1dc0 100644 --- a/src/main/java/com/supwisdom/dlpay/ServletInitializer.kt +++ b/src/main/java/com/supwisdom/dlpay/ServletInitializer.kt @@ -6,7 +6,7 @@ import org.springframework.boot.web.servlet.support.SpringBootServletInitializer class ServletInitializer : SpringBootServletInitializer() { override fun configure(application: SpringApplicationBuilder): SpringApplicationBuilder { - return application.sources(DlpayApplication::class.java) + return application.sources(PayApiApplication::class.java) } } diff --git a/src/main/java/com/supwisdom/dlpay/framework/core/JwtTokenUtil.java b/src/main/java/com/supwisdom/dlpay/framework/core/JwtTokenUtil.java index e43e4117..86060cf7 100644 --- a/src/main/java/com/supwisdom/dlpay/framework/core/JwtTokenUtil.java +++ b/src/main/java/com/supwisdom/dlpay/framework/core/JwtTokenUtil.java @@ -28,11 +28,16 @@ public class JwtTokenUtil { public String generateToken(Map params) throws JoseException { JwtClaims claims = new JwtClaims(); claims.setIssuer(params.get("issuer").toString()); // who creates the token and signs it + if (params.get("audience") != null) { + claims.setAudience(params.get("audience").toString()); + } claims.setExpirationTimeMinutesInTheFuture(expiration / 60); // time when the token will expire (10 minutes from now) - claims.setGeneratedJwtId(); // a unique identifier for the token + claims.setGeneratedJwtId(); claims.setIssuedAtToNow(); // when the token was issued/created (now) claims.setNotBeforeMinutesInThePast(2); // time before which the token is not yet valid (2 minutes ago) - claims.setSubject(params.get("subject").toString()); // the subject/principal is whom the token is about + if (params.get("subject") != null) { + claims.setSubject(params.get("subject").toString()); // the subject/principal is whom the token is about + } /* claims.setClaim("email", "mail@example.com"); // additional claims/attributes about the subject can be added List groups = Arrays.asList("group-one", "other-group", "group-three"); diff --git a/src/main/java/com/supwisdom/dlpay/framework/domain/AppClientRedis.java b/src/main/java/com/supwisdom/dlpay/framework/domain/ApiClientRedis.java similarity index 95% rename from src/main/java/com/supwisdom/dlpay/framework/domain/AppClientRedis.java rename to src/main/java/com/supwisdom/dlpay/framework/domain/ApiClientRedis.java index a45f9f38..faee9012 100644 --- a/src/main/java/com/supwisdom/dlpay/framework/domain/AppClientRedis.java +++ b/src/main/java/com/supwisdom/dlpay/framework/domain/ApiClientRedis.java @@ -5,7 +5,7 @@ import org.springframework.data.redis.core.RedisHash; import javax.persistence.Id; @RedisHash("app_client") -public class AppClientRedis { +public class ApiClientRedis { private @Id String id; diff --git a/src/main/java/com/supwisdom/dlpay/framework/domain/TApiClient.java b/src/main/java/com/supwisdom/dlpay/framework/domain/TApiClient.java index 5f194652..35f2610f 100644 --- a/src/main/java/com/supwisdom/dlpay/framework/domain/TApiClient.java +++ b/src/main/java/com/supwisdom/dlpay/framework/domain/TApiClient.java @@ -6,7 +6,7 @@ import javax.persistence.Id; import javax.persistence.Table; @Entity -@Table(name = "TT_APICLIENT") +@Table(name = "TB_APICLIENT") public class TApiClient { @Id @Column(name = "appid", nullable = false, length = 20) diff --git a/src/main/java/com/supwisdom/dlpay/framework/redisrepo/AppClientRepository.java b/src/main/java/com/supwisdom/dlpay/framework/redisrepo/ApiClientRepository.java similarity index 51% rename from src/main/java/com/supwisdom/dlpay/framework/redisrepo/AppClientRepository.java rename to src/main/java/com/supwisdom/dlpay/framework/redisrepo/ApiClientRepository.java index 495a122d..1d48dd16 100644 --- a/src/main/java/com/supwisdom/dlpay/framework/redisrepo/AppClientRepository.java +++ b/src/main/java/com/supwisdom/dlpay/framework/redisrepo/ApiClientRepository.java @@ -1,7 +1,7 @@ package com.supwisdom.dlpay.framework.redisrepo; -import com.supwisdom.dlpay.framework.domain.AppClientRedis; +import com.supwisdom.dlpay.framework.domain.ApiClientRedis; import org.springframework.data.repository.CrudRepository; -public interface AppClientRepository extends CrudRepository { +public interface ApiClientRepository extends CrudRepository { } diff --git a/src/main/kotlin/com/supwisdom/dlpay/DlpayApplication.kt b/src/main/kotlin/com/supwisdom/dlpay/PayApiApplication.kt similarity index 89% rename from src/main/kotlin/com/supwisdom/dlpay/DlpayApplication.kt rename to src/main/kotlin/com/supwisdom/dlpay/PayApiApplication.kt index c13dae9c..b5dd0e51 100644 --- a/src/main/kotlin/com/supwisdom/dlpay/DlpayApplication.kt +++ b/src/main/kotlin/com/supwisdom/dlpay/PayApiApplication.kt @@ -16,9 +16,9 @@ import org.springframework.data.redis.connection.RedisPassword import org.springframework.data.redis.connection.RedisStandaloneConfiguration import org.springframework.data.redis.connection.lettuce.LettuceClientConfiguration import org.springframework.data.redis.connection.lettuce.LettuceConnectionFactory -import org.springframework.data.redis.core.RedisKeyValueTemplate -import org.springframework.data.redis.core.RedisTemplate import org.springframework.data.redis.repository.configuration.EnableRedisRepositories +import org.springframework.security.authentication.ProviderManager +import org.springframework.security.authentication.dao.DaoAuthenticationProvider import org.springframework.security.config.annotation.web.builders.HttpSecurity import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter @@ -53,7 +53,7 @@ class AppConfig { .readFrom(ReadFrom.SLAVE_PREFERRED) .build() val serverConfig = RedisStandaloneConfiguration(server, port) - if (!password.isNullOrEmpty()) { + if (password.isNotEmpty()) { serverConfig.password = RedisPassword.of(password) } serverConfig.database = database @@ -74,12 +74,23 @@ class WebSecurityConfig { return manager } + @Bean + fun daoProvider(detailsService: UserDetailsService): DaoAuthenticationProvider { + return DaoAuthenticationProvider().also { + it.setUserDetailsService(detailsService) + } + } + + @Bean + fun providerManager(daoProvider: DaoAuthenticationProvider): ProviderManager { + return ProviderManager(listOf(daoProvider)) + } + + companion object { @Configuration @Order(1) class ApiWebSecurityConfigurationAdapter : WebSecurityConfigurerAdapter() { -// @Autowired -// private lateinit var clientRegistrationRepository: ClientRegistrationRepository override fun configure(http: HttpSecurity) { http.authorizeRequests() @@ -125,8 +136,8 @@ class WebSecurityConfig { @SpringBootApplication -class DlpayApplication +class PayApiApplication fun main(args: Array) { - runApplication(*args) + runApplication(*args) } diff --git a/src/main/kotlin/com/supwisdom/dlpay/framework/controller/security_controller.kt b/src/main/kotlin/com/supwisdom/dlpay/framework/controller/security_controller.kt index e776623e..fe3c2790 100644 --- a/src/main/kotlin/com/supwisdom/dlpay/framework/controller/security_controller.kt +++ b/src/main/kotlin/com/supwisdom/dlpay/framework/controller/security_controller.kt @@ -7,6 +7,8 @@ import com.supwisdom.dlpay.framework.domain.AppClientRedis import com.supwisdom.dlpay.framework.redisrepo.AppClientRepository import com.supwisdom.dlpay.framework.security.validate.ImageCodeUtil import com.supwisdom.dlpay.framework.security.validate.VerifyCode +import com.supwisdom.dlpay.framework.domain.ApiClientRedis +import com.supwisdom.dlpay.framework.redisrepo.ApiClientRepository import com.supwisdom.dlpay.framework.service.SystemUtilService import com.supwisdom.dlpay.framework.util.HmacUtil import org.springframework.beans.factory.annotation.Autowired @@ -27,7 +29,7 @@ import javax.servlet.http.HttpServletResponse class ApiAuthController { @Autowired - lateinit var repo: AppClientRepository + lateinit var repo: ApiClientRepository @Autowired lateinit var apiClient: ApiClientDao @@ -52,7 +54,7 @@ class ApiAuthController { }.let { val token = generateRandomToken() val now = systemUtil.sysdatetime.hostdatetime - AppClientRedis().apply { + ApiClientRedis().apply { id = appid loginTimestamp = now this.token = HmacUtil.HMACSHA256(token, it.secret) @@ -72,8 +74,8 @@ class ApiAuthController { return Base64.getEncoder().encode(random).toString(Charsets.UTF_8) } - private fun checkSecretToken(app: AppClientRedis, secret: String): Boolean { - return (app.token == secret) + private fun checkSecretToken(api: ApiClientRedis, secret: String): Boolean { + return (api.token == secret) } @GetMapping("/authentication") @@ -117,4 +119,4 @@ class WebHomeController { @GetMapping("/login") fun loginView() = "login" -} \ No newline at end of file +} -- 2.17.1