测试 spring security 机制
diff --git a/build.gradle b/build.gradle
index c2dbbbc..d027592 100644
--- a/build.gradle
+++ b/build.gradle
@@ -33,6 +33,7 @@
implementation 'org.springframework.security:spring-security-oauth2-jose'
implementation 'com.fasterxml.jackson.module:jackson-module-kotlin'
implementation 'org.springframework.boot:spring-boot-starter-thymeleaf'
+ implementation 'org.springframework.session:spring-session-data-redis:2.0.10.RELEASE'
implementation 'org.jetbrains.kotlin:kotlin-reflect'
implementation 'org.jetbrains.kotlin:kotlin-stdlib-jdk8'
diff --git a/src/main/java/com/supwisdom/dlpay/ServletInitializer.kt b/src/main/java/com/supwisdom/dlpay/ServletInitializer.kt
index 65545c7..b03a1dc 100644
--- a/src/main/java/com/supwisdom/dlpay/ServletInitializer.kt
+++ b/src/main/java/com/supwisdom/dlpay/ServletInitializer.kt
@@ -6,7 +6,7 @@
class ServletInitializer : SpringBootServletInitializer() {
override fun configure(application: SpringApplicationBuilder): SpringApplicationBuilder {
- return application.sources(DlpayApplication::class.java)
+ return application.sources(PayApiApplication::class.java)
}
}
diff --git a/src/main/java/com/supwisdom/dlpay/framework/core/JwtTokenUtil.java b/src/main/java/com/supwisdom/dlpay/framework/core/JwtTokenUtil.java
index e43e411..86060cf 100644
--- a/src/main/java/com/supwisdom/dlpay/framework/core/JwtTokenUtil.java
+++ b/src/main/java/com/supwisdom/dlpay/framework/core/JwtTokenUtil.java
@@ -28,11 +28,16 @@
public String generateToken(Map<String, Object> params) throws JoseException {
JwtClaims claims = new JwtClaims();
claims.setIssuer(params.get("issuer").toString()); // who creates the token and signs it
+ if (params.get("audience") != null) {
+ claims.setAudience(params.get("audience").toString());
+ }
claims.setExpirationTimeMinutesInTheFuture(expiration / 60); // time when the token will expire (10 minutes from now)
- claims.setGeneratedJwtId(); // a unique identifier for the token
+ claims.setGeneratedJwtId();
claims.setIssuedAtToNow(); // when the token was issued/created (now)
claims.setNotBeforeMinutesInThePast(2); // time before which the token is not yet valid (2 minutes ago)
- claims.setSubject(params.get("subject").toString()); // the subject/principal is whom the token is about
+ if (params.get("subject") != null) {
+ claims.setSubject(params.get("subject").toString()); // the subject/principal is whom the token is about
+ }
/*
claims.setClaim("email", "mail@example.com"); // additional claims/attributes about the subject can be added
List<String> groups = Arrays.asList("group-one", "other-group", "group-three");
diff --git a/src/main/java/com/supwisdom/dlpay/framework/domain/AppClientRedis.java b/src/main/java/com/supwisdom/dlpay/framework/domain/ApiClientRedis.java
similarity index 95%
rename from src/main/java/com/supwisdom/dlpay/framework/domain/AppClientRedis.java
rename to src/main/java/com/supwisdom/dlpay/framework/domain/ApiClientRedis.java
index a45f9f3..faee901 100644
--- a/src/main/java/com/supwisdom/dlpay/framework/domain/AppClientRedis.java
+++ b/src/main/java/com/supwisdom/dlpay/framework/domain/ApiClientRedis.java
@@ -5,7 +5,7 @@
import javax.persistence.Id;
@RedisHash("app_client")
-public class AppClientRedis {
+public class ApiClientRedis {
private @Id
String id;
diff --git a/src/main/java/com/supwisdom/dlpay/framework/domain/TApiClient.java b/src/main/java/com/supwisdom/dlpay/framework/domain/TApiClient.java
index 5f19465..35f2610 100644
--- a/src/main/java/com/supwisdom/dlpay/framework/domain/TApiClient.java
+++ b/src/main/java/com/supwisdom/dlpay/framework/domain/TApiClient.java
@@ -6,7 +6,7 @@
import javax.persistence.Table;
@Entity
-@Table(name = "TT_APICLIENT")
+@Table(name = "TB_APICLIENT")
public class TApiClient {
@Id
@Column(name = "appid", nullable = false, length = 20)
diff --git a/src/main/java/com/supwisdom/dlpay/framework/redisrepo/ApiClientRepository.java b/src/main/java/com/supwisdom/dlpay/framework/redisrepo/ApiClientRepository.java
new file mode 100644
index 0000000..1d48dd1
--- /dev/null
+++ b/src/main/java/com/supwisdom/dlpay/framework/redisrepo/ApiClientRepository.java
@@ -0,0 +1,7 @@
+package com.supwisdom.dlpay.framework.redisrepo;
+
+import com.supwisdom.dlpay.framework.domain.ApiClientRedis;
+import org.springframework.data.repository.CrudRepository;
+
+public interface ApiClientRepository extends CrudRepository<ApiClientRedis, String> {
+}
diff --git a/src/main/java/com/supwisdom/dlpay/framework/redisrepo/AppClientRepository.java b/src/main/java/com/supwisdom/dlpay/framework/redisrepo/AppClientRepository.java
deleted file mode 100644
index 495a122..0000000
--- a/src/main/java/com/supwisdom/dlpay/framework/redisrepo/AppClientRepository.java
+++ /dev/null
@@ -1,7 +0,0 @@
-package com.supwisdom.dlpay.framework.redisrepo;
-
-import com.supwisdom.dlpay.framework.domain.AppClientRedis;
-import org.springframework.data.repository.CrudRepository;
-
-public interface AppClientRepository extends CrudRepository<AppClientRedis, String> {
-}
diff --git a/src/main/kotlin/com/supwisdom/dlpay/DlpayApplication.kt b/src/main/kotlin/com/supwisdom/dlpay/PayApiApplication.kt
similarity index 89%
rename from src/main/kotlin/com/supwisdom/dlpay/DlpayApplication.kt
rename to src/main/kotlin/com/supwisdom/dlpay/PayApiApplication.kt
index c13dae9..b5dd0e5 100644
--- a/src/main/kotlin/com/supwisdom/dlpay/DlpayApplication.kt
+++ b/src/main/kotlin/com/supwisdom/dlpay/PayApiApplication.kt
@@ -16,9 +16,9 @@
import org.springframework.data.redis.connection.RedisStandaloneConfiguration
import org.springframework.data.redis.connection.lettuce.LettuceClientConfiguration
import org.springframework.data.redis.connection.lettuce.LettuceConnectionFactory
-import org.springframework.data.redis.core.RedisKeyValueTemplate
-import org.springframework.data.redis.core.RedisTemplate
import org.springframework.data.redis.repository.configuration.EnableRedisRepositories
+import org.springframework.security.authentication.ProviderManager
+import org.springframework.security.authentication.dao.DaoAuthenticationProvider
import org.springframework.security.config.annotation.web.builders.HttpSecurity
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
@@ -53,7 +53,7 @@
.readFrom(ReadFrom.SLAVE_PREFERRED)
.build()
val serverConfig = RedisStandaloneConfiguration(server, port)
- if (!password.isNullOrEmpty()) {
+ if (password.isNotEmpty()) {
serverConfig.password = RedisPassword.of(password)
}
serverConfig.database = database
@@ -74,12 +74,23 @@
return manager
}
+ @Bean
+ fun daoProvider(detailsService: UserDetailsService): DaoAuthenticationProvider {
+ return DaoAuthenticationProvider().also {
+ it.setUserDetailsService(detailsService)
+ }
+ }
+
+ @Bean
+ fun providerManager(daoProvider: DaoAuthenticationProvider): ProviderManager {
+ return ProviderManager(listOf(daoProvider))
+ }
+
+
companion object {
@Configuration
@Order(1)
class ApiWebSecurityConfigurationAdapter : WebSecurityConfigurerAdapter() {
-// @Autowired
-// private lateinit var clientRegistrationRepository: ClientRegistrationRepository
override fun configure(http: HttpSecurity) {
http.authorizeRequests()
@@ -125,8 +136,8 @@
@SpringBootApplication
-class DlpayApplication
+class PayApiApplication
fun main(args: Array<String>) {
- runApplication<DlpayApplication>(*args)
+ runApplication<PayApiApplication>(*args)
}
diff --git a/src/main/kotlin/com/supwisdom/dlpay/framework/controller/security_controller.kt b/src/main/kotlin/com/supwisdom/dlpay/framework/controller/security_controller.kt
index e776623..fe3c279 100644
--- a/src/main/kotlin/com/supwisdom/dlpay/framework/controller/security_controller.kt
+++ b/src/main/kotlin/com/supwisdom/dlpay/framework/controller/security_controller.kt
@@ -7,6 +7,8 @@
import com.supwisdom.dlpay.framework.redisrepo.AppClientRepository
import com.supwisdom.dlpay.framework.security.validate.ImageCodeUtil
import com.supwisdom.dlpay.framework.security.validate.VerifyCode
+import com.supwisdom.dlpay.framework.domain.ApiClientRedis
+import com.supwisdom.dlpay.framework.redisrepo.ApiClientRepository
import com.supwisdom.dlpay.framework.service.SystemUtilService
import com.supwisdom.dlpay.framework.util.HmacUtil
import org.springframework.beans.factory.annotation.Autowired
@@ -27,7 +29,7 @@
class ApiAuthController {
@Autowired
- lateinit var repo: AppClientRepository
+ lateinit var repo: ApiClientRepository
@Autowired
lateinit var apiClient: ApiClientDao
@@ -52,7 +54,7 @@
}.let {
val token = generateRandomToken()
val now = systemUtil.sysdatetime.hostdatetime
- AppClientRedis().apply {
+ ApiClientRedis().apply {
id = appid
loginTimestamp = now
this.token = HmacUtil.HMACSHA256(token, it.secret)
@@ -72,8 +74,8 @@
return Base64.getEncoder().encode(random).toString(Charsets.UTF_8)
}
- private fun checkSecretToken(app: AppClientRedis, secret: String): Boolean {
- return (app.token == secret)
+ private fun checkSecretToken(api: ApiClientRedis, secret: String): Boolean {
+ return (api.token == secret)
}
@GetMapping("/authentication")
@@ -117,4 +119,4 @@
@GetMapping("/login")
fun loginView() = "login"
-}
\ No newline at end of file
+}