Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
L
long-tern-care-service
Project
Project
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
hubin
long-tern-care-service
Commits
8c35e106
Commit
8c35e106
authored
Feb 10, 2023
by
maqing
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
RSA密码加密
parent
0ff5381a
Show whitespace changes
Inline
Side-by-side
Showing
6 changed files
with
286 additions
and
16 deletions
+286
-16
AuthController.java
...main/java/com/hungraim/ltc/controller/AuthController.java
+12
-8
AuthorizationServerConfiguration.java
.../ltc/gateway/config/AuthorizationServerConfiguration.java
+10
-0
WebSecurityConfig.java
...va/com/hungraim/ltc/gateway/config/WebSecurityConfig.java
+10
-7
RedisCache.java
...edis/src/main/java/com/hungraim/ltc/redis/RedisCache.java
+242
-0
ResourceServerConfig.java
...com/hungraim/ltc/gateway/config/ResourceServerConfig.java
+2
-1
AuthorizationManager.java
...m/hungraim/ltc/gateway/security/AuthorizationManager.java
+10
-0
No files found.
auth-service/src/main/java/com/hungraim/ltc/controller/AuthController.java
View file @
8c35e106
package
com
.
hungraim
.
ltc
.
controller
;
package
com
.
hungraim
.
ltc
.
controller
;
import
com.hungraim.ltc.redis.RedisCache
;
import
com.hungraim.ltc.util.CsoftSecurityUtil
;
import
com.hungraim.ltc.util.CsoftSecurityUtil
;
import
com.hungraim.ltc.util.Result
;
import
com.hungraim.ltc.util.Result
;
import
lombok.AllArgsConstructor
;
import
lombok.AllArgsConstructor
;
import
lombok.SneakyThrows
;
import
lombok.SneakyThrows
;
import
org.springframework.data.redis.core.RedisTemplate
;
import
org.springframework.security.core.Authentication
;
import
org.springframework.security.core.Authentication
;
import
org.springframework.security.core.context.SecurityContextHolder
;
import
org.springframework.security.core.context.SecurityContextHolder
;
import
org.springframework.security.oauth2.common.OAuth2AccessToken
;
import
org.springframework.security.oauth2.common.OAuth2AccessToken
;
import
org.springframework.security.oauth2.provider.endpoint.TokenEndpoint
;
import
org.springframework.security.oauth2.provider.endpoint.TokenEndpoint
;
import
org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler
;
import
org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler
;
import
org.springframework.web.HttpRequestMethodNotSupportedException
;
import
org.springframework.web.bind.annotation.*
;
import
org.springframework.web.bind.annotation.*
;
import
javax.servlet.http.HttpServletRequest
;
import
javax.servlet.http.HttpServletRequest
;
import
javax.servlet.http.HttpServletResponse
;
import
javax.servlet.http.HttpServletResponse
;
import
java.io.IOException
;
import
java.security.Principal
;
import
java.security.Principal
;
import
java.util.HashMap
;
import
java.util.Map
;
import
java.util.Map
;
import
java.util.concurrent.TimeUnit
;
/**
/**
* 认证中心
* 认证中心
...
@@ -26,6 +32,8 @@ import java.util.Map;
...
@@ -26,6 +32,8 @@ import java.util.Map;
@AllArgsConstructor
@AllArgsConstructor
public
class
AuthController
{
public
class
AuthController
{
private
final
RedisCache
redisCache
;
private
final
TokenEndpoint
tokenEndpoint
;
private
final
TokenEndpoint
tokenEndpoint
;
@PostMapping
(
"/token"
)
@PostMapping
(
"/token"
)
...
@@ -35,6 +43,8 @@ public class AuthController {
...
@@ -35,6 +43,8 @@ public class AuthController {
String
decrypt
=
CsoftSecurityUtil
.
decryptRSADefault
(
password
);
String
decrypt
=
CsoftSecurityUtil
.
decryptRSADefault
(
password
);
parameters
.
put
(
"password"
,
decrypt
);
parameters
.
put
(
"password"
,
decrypt
);
OAuth2AccessToken
oAuth2AccessToken
=
tokenEndpoint
.
postAccessToken
(
principal
,
parameters
).
getBody
();
OAuth2AccessToken
oAuth2AccessToken
=
tokenEndpoint
.
postAccessToken
(
principal
,
parameters
).
getBody
();
// redisCache.setCacheObject("token", oAuth2AccessToken.getValue());
return
Result
.
success
(
oAuth2AccessToken
);
return
Result
.
success
(
oAuth2AccessToken
);
}
}
...
@@ -48,15 +58,9 @@ public class AuthController {
...
@@ -48,15 +58,9 @@ public class AuthController {
return
Result
.
success
(
keyMap
.
get
(
0
).
toString
());
return
Result
.
success
(
keyMap
.
get
(
0
).
toString
());
}
}
@GetMapping
(
"/authLogout"
)
@GetMapping
(
"/logout"
)
public
Result
authLogout
(
HttpServletRequest
request
,
HttpServletResponse
response
)
{
public
Result
doLogout
(){
Authentication
auth
=
SecurityContextHolder
.
getContext
().
getAuthentication
();
//清除认证
if
(
auth
!=
null
)
{
new
SecurityContextLogoutHandler
().
logout
(
request
,
response
,
auth
);
}
return
Result
.
success
();
return
Result
.
success
();
}
}
}
}
auth-service/src/main/java/com/hungraim/ltc/gateway/config/AuthorizationServerConfiguration.java
View file @
8c35e106
...
@@ -66,6 +66,16 @@ public class AuthorizationServerConfiguration extends AuthorizationServerConfigu
...
@@ -66,6 +66,16 @@ public class AuthorizationServerConfiguration extends AuthorizationServerConfigu
@Override
@Override
public
void
configure
(
ClientDetailsServiceConfigurer
clients
)
throws
Exception
{
public
void
configure
(
ClientDetailsServiceConfigurer
clients
)
throws
Exception
{
clients
.
withClientDetails
(
clientDetails
());
clients
.
withClientDetails
(
clientDetails
());
clients
.
inMemory
()
.
withClient
(
"password"
)
/*
* 表示OAuth 2中的授权模式为“password”和“refresh_token”两种
* 在标准的OAuth 2协议中,授权模式并不包括“refresh_token”,但是在Spring Security的实现中将其归为一种,
* 因此如果要实现access_token的刷新,就需要添加这样一种授权模式
*/
.
authorizedGrantTypes
(
"password"
,
"refresh_token"
)
.
accessTokenValiditySeconds
(
1800
);
// 配置了access_token的过期时间
}
}
/**
/**
...
...
auth-service/src/main/java/com/hungraim/ltc/gateway/config/WebSecurityConfig.java
View file @
8c35e106
...
@@ -12,6 +12,7 @@ import org.springframework.security.config.annotation.web.configuration.WebSecur
...
@@ -12,6 +12,7 @@ import org.springframework.security.config.annotation.web.configuration.WebSecur
import
org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder
;
import
org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder
;
import
org.springframework.security.crypto.password.PasswordEncoder
;
import
org.springframework.security.crypto.password.PasswordEncoder
;
import
org.springframework.security.web.authentication.logout.LogoutHandler
;
import
org.springframework.security.web.authentication.logout.LogoutHandler
;
import
org.springframework.security.web.authentication.logout.LogoutSuccessHandler
;
import
org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler
;
import
org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler
;
...
@@ -23,6 +24,7 @@ import org.springframework.security.web.authentication.logout.SecurityContextLog
...
@@ -23,6 +24,7 @@ import org.springframework.security.web.authentication.logout.SecurityContextLog
@EnableGlobalMethodSecurity
(
prePostEnabled
=
true
,
securedEnabled
=
true
)
@EnableGlobalMethodSecurity
(
prePostEnabled
=
true
,
securedEnabled
=
true
)
@Order
(
1
)
@Order
(
1
)
public
class
WebSecurityConfig
extends
WebSecurityConfigurerAdapter
{
public
class
WebSecurityConfig
extends
WebSecurityConfigurerAdapter
{
LogoutSuccessHandler
logoutSuccessHandlerl
;
/**
/**
* 配置用户的安全拦截策略
* 配置用户的安全拦截策略
...
@@ -35,13 +37,14 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
...
@@ -35,13 +37,14 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
.
authorizeRequests
().
requestMatchers
(
EndpointRequest
.
toAnyEndpoint
()).
permitAll
()
.
authorizeRequests
().
requestMatchers
(
EndpointRequest
.
toAnyEndpoint
()).
permitAll
()
.
and
()
.
and
()
.
authorizeRequests
()
.
authorizeRequests
()
.
antMatchers
(
"/getPublicKey"
,
"/oauth/*"
).
permitAll
()
.
antMatchers
(
"/getPublicKey"
,
"/oauth/*"
,
"/logout"
).
permitAll
()
.
anyRequest
().
authenticated
()
.
anyRequest
().
authenticated
();
.
and
()
http
.
logout
()
.
logout
()
.
logoutSuccessUrl
(
"http://localhost:8000/oauth/logout"
)
.
logoutUrl
(
"/oauth/logout"
)
.
invalidateHttpSession
(
true
)
.
invalidateHttpSession
(
true
);
.
clearAuthentication
(
true
)
.
permitAll
();
http
.
formLogin
();
}
}
/**
/**
...
...
common/common-redis/src/main/java/com/hungraim/ltc/redis/RedisCache.java
0 → 100644
View file @
8c35e106
package
com
.
hungraim
.
ltc
.
redis
;
import
org.springframework.beans.factory.annotation.Autowired
;
import
org.springframework.data.redis.core.BoundSetOperations
;
import
org.springframework.data.redis.core.HashOperations
;
import
org.springframework.data.redis.core.RedisTemplate
;
import
org.springframework.data.redis.core.ValueOperations
;
import
org.springframework.stereotype.Component
;
import
java.util.*
;
import
java.util.concurrent.TimeUnit
;
/**
* @author mq
*/
@SuppressWarnings
(
value
=
{
"unchecked"
,
"rawtypes"
})
@Component
public
class
RedisCache
{
@Autowired
public
RedisTemplate
redisTemplate
;
/**
* 缓存基本的对象,Integer、String、实体类等
*
* @param key 缓存的键值
* @param value 缓存的值
*/
public
<
T
>
void
setCacheObject
(
final
String
key
,
final
T
value
)
{
redisTemplate
.
opsForValue
().
set
(
key
,
value
);
}
/**
* 缓存基本的对象,Integer、String、实体类等
*
* @param key 缓存的键值
* @param value 缓存的值
* @param timeout 时间
* @param timeUnit 时间颗粒度
*/
public
<
T
>
void
setCacheObject
(
final
String
key
,
final
T
value
,
final
Integer
timeout
,
final
TimeUnit
timeUnit
)
{
redisTemplate
.
opsForValue
().
set
(
key
,
value
,
timeout
,
timeUnit
);
}
/**
* 设置有效时间
*
* @param key Redis键
* @param timeout 超时时间
* @return true=设置成功;false=设置失败
*/
public
boolean
expire
(
final
String
key
,
final
long
timeout
)
{
return
expire
(
key
,
timeout
,
TimeUnit
.
SECONDS
);
}
/**
* 设置有效时间
*
* @param key Redis键
* @param timeout 超时时间
* @param unit 时间单位
* @return true=设置成功;false=设置失败
*/
public
boolean
expire
(
final
String
key
,
final
long
timeout
,
final
TimeUnit
unit
)
{
return
redisTemplate
.
expire
(
key
,
timeout
,
unit
);
}
/**
* 获得缓存的基本对象。
*
* @param key 缓存键值
* @return 缓存键值对应的数据
*/
public
<
T
>
T
getCacheObject
(
final
String
key
)
{
ValueOperations
<
String
,
T
>
operation
=
redisTemplate
.
opsForValue
();
return
operation
.
get
(
key
);
}
/**
* 删除单个对象
*
* @param key
*/
public
boolean
deleteObject
(
final
String
key
)
{
return
redisTemplate
.
delete
(
key
);
}
/**
* 删除集合对象
*
* @param collection 多个对象
* @return
*/
public
long
deleteObject
(
final
Collection
collection
)
{
return
redisTemplate
.
delete
(
collection
);
}
/**
* 缓存List数据
*
* @param key 缓存的键值
* @param dataList 待缓存的List数据
* @return 缓存的对象
*/
public
<
T
>
long
setCacheList
(
final
String
key
,
final
List
<
T
>
dataList
)
{
Long
count
=
redisTemplate
.
opsForList
().
rightPushAll
(
key
,
dataList
);
return
count
==
null
?
0
:
count
;
}
/**
* 获得缓存的list对象
*
* @param key 缓存的键值
* @return 缓存键值对应的数据
*/
public
<
T
>
List
<
T
>
getCacheList
(
final
String
key
)
{
return
redisTemplate
.
opsForList
().
range
(
key
,
0
,
-
1
);
}
/**
* 缓存Set
*
* @param key 缓存键值
* @param dataSet 缓存的数据
* @return 缓存数据的对象
*/
public
<
T
>
BoundSetOperations
<
String
,
T
>
setCacheSet
(
final
String
key
,
final
Set
<
T
>
dataSet
)
{
BoundSetOperations
<
String
,
T
>
setOperation
=
redisTemplate
.
boundSetOps
(
key
);
Iterator
<
T
>
it
=
dataSet
.
iterator
();
while
(
it
.
hasNext
())
{
setOperation
.
add
(
it
.
next
());
}
return
setOperation
;
}
/**
* 获得缓存的set
*
* @param key
* @return
*/
public
<
T
>
Set
<
T
>
getCacheSet
(
final
String
key
)
{
return
redisTemplate
.
opsForSet
().
members
(
key
);
}
/**
* 缓存Map
*
* @param key
* @param dataMap
*/
public
<
T
>
void
setCacheMap
(
final
String
key
,
final
Map
<
String
,
T
>
dataMap
)
{
if
(
dataMap
!=
null
)
{
redisTemplate
.
opsForHash
().
putAll
(
key
,
dataMap
);
}
}
/**
* 获得缓存的Map
*
* @param key
* @return
*/
public
<
T
>
Map
<
String
,
T
>
getCacheMap
(
final
String
key
)
{
return
redisTemplate
.
opsForHash
().
entries
(
key
);
}
/**
* 往Hash中存入数据
*
* @param key Redis键
* @param hKey Hash键
* @param value 值
*/
public
<
T
>
void
setCacheMapValue
(
final
String
key
,
final
String
hKey
,
final
T
value
)
{
redisTemplate
.
opsForHash
().
put
(
key
,
hKey
,
value
);
}
/**
* 获取Hash中的数据
*
* @param key Redis键
* @param hKey Hash键
* @return Hash中的对象
*/
public
<
T
>
T
getCacheMapValue
(
final
String
key
,
final
String
hKey
)
{
HashOperations
<
String
,
String
,
T
>
opsForHash
=
redisTemplate
.
opsForHash
();
return
opsForHash
.
get
(
key
,
hKey
);
}
/**
* 删除Hash中的数据
*
* @param key
* @param hkey
*/
public
void
delCacheMapValue
(
final
String
key
,
final
String
hkey
)
{
HashOperations
hashOperations
=
redisTemplate
.
opsForHash
();
hashOperations
.
delete
(
key
,
hkey
);
}
/**
* 获取多个Hash中的数据
*
* @param key Redis键
* @param hKeys Hash键集合
* @return Hash对象集合
*/
public
<
T
>
List
<
T
>
getMultiCacheMapValue
(
final
String
key
,
final
Collection
<
Object
>
hKeys
)
{
return
redisTemplate
.
opsForHash
().
multiGet
(
key
,
hKeys
);
}
/**
* 获得缓存的基本对象列表
*
* @param pattern 字符串前缀
* @return 对象列表
*/
public
Collection
<
String
>
keys
(
final
String
pattern
)
{
return
redisTemplate
.
keys
(
pattern
);
}
}
\ No newline at end of file
gateway-service/src/main/java/com/hungraim/ltc/gateway/config/ResourceServerConfig.java
View file @
8c35e106
...
@@ -51,7 +51,7 @@ public class ResourceServerConfig {
...
@@ -51,7 +51,7 @@ public class ResourceServerConfig {
http
.
oauth2ResourceServer
().
jwt
()
http
.
oauth2ResourceServer
().
jwt
()
.
jwtAuthenticationConverter
(
jwtAuthenticationConverter
());
.
jwtAuthenticationConverter
(
jwtAuthenticationConverter
());
http
.
authorizeExchange
()
http
.
authorizeExchange
()
.
pathMatchers
(
"/api/oauth/token"
,
"/oauth/
*"
,
"/api/oauth/genKeyPair
"
).
permitAll
()
.
pathMatchers
(
"/api/oauth/token"
,
"/oauth/
token"
,
"/oauth/*"
,
"/api/oauth/genKeyPair"
,
"/logout
"
).
permitAll
()
.
anyExchange
().
access
(
authorizationManager
)
.
anyExchange
().
access
(
authorizationManager
)
.
and
()
.
and
()
.
exceptionHandling
()
.
exceptionHandling
()
...
@@ -61,6 +61,7 @@ public class ResourceServerConfig {
...
@@ -61,6 +61,7 @@ public class ResourceServerConfig {
.
authenticationEntryPoint
(
authenticationEntryPoint
())
.
authenticationEntryPoint
(
authenticationEntryPoint
())
.
and
().
csrf
().
disable
();
.
and
().
csrf
().
disable
();
return
http
.
build
();
return
http
.
build
();
}
}
...
...
gateway-service/src/main/java/com/hungraim/ltc/gateway/security/AuthorizationManager.java
View file @
8c35e106
...
@@ -4,6 +4,7 @@ package com.hungraim.ltc.gateway.security;
...
@@ -4,6 +4,7 @@ package com.hungraim.ltc.gateway.security;
import
cn.hutool.core.convert.Convert
;
import
cn.hutool.core.convert.Convert
;
import
cn.hutool.core.util.StrUtil
;
import
cn.hutool.core.util.StrUtil
;
import
com.hungraim.ltc.constant.AuthConstants
;
import
com.hungraim.ltc.constant.AuthConstants
;
import
com.hungraim.ltc.redis.RedisCache
;
import
lombok.extern.slf4j.Slf4j
;
import
lombok.extern.slf4j.Slf4j
;
import
org.springframework.beans.factory.annotation.Autowired
;
import
org.springframework.beans.factory.annotation.Autowired
;
import
org.springframework.data.redis.core.RedisTemplate
;
import
org.springframework.data.redis.core.RedisTemplate
;
...
@@ -35,6 +36,8 @@ public class AuthorizationManager implements ReactiveAuthorizationManager<Author
...
@@ -35,6 +36,8 @@ public class AuthorizationManager implements ReactiveAuthorizationManager<Author
private
final
RedisTemplate
redisTemplate
;
private
final
RedisTemplate
redisTemplate
;
private
RedisCache
redisCache
;
@Autowired
@Autowired
public
AuthorizationManager
(
RedisTemplate
redisTemplate
)
{
public
AuthorizationManager
(
RedisTemplate
redisTemplate
)
{
this
.
redisTemplate
=
redisTemplate
;
this
.
redisTemplate
=
redisTemplate
;
...
@@ -45,6 +48,7 @@ public class AuthorizationManager implements ReactiveAuthorizationManager<Author
...
@@ -45,6 +48,7 @@ public class AuthorizationManager implements ReactiveAuthorizationManager<Author
public
Mono
<
AuthorizationDecision
>
check
(
Mono
<
Authentication
>
mono
,
AuthorizationContext
authorizationContext
)
{
public
Mono
<
AuthorizationDecision
>
check
(
Mono
<
Authentication
>
mono
,
AuthorizationContext
authorizationContext
)
{
ServerHttpRequest
request
=
authorizationContext
.
getExchange
().
getRequest
();
ServerHttpRequest
request
=
authorizationContext
.
getExchange
().
getRequest
();
String
path
=
request
.
getMethodValue
()
+
"_"
+
request
.
getURI
().
getPath
();
String
path
=
request
.
getMethodValue
()
+
"_"
+
request
.
getURI
().
getPath
();
log
.
info
(
"请求,path={}"
,
path
);
log
.
info
(
"请求,path={}"
,
path
);
...
@@ -63,6 +67,12 @@ public class AuthorizationManager implements ReactiveAuthorizationManager<Author
...
@@ -63,6 +67,12 @@ public class AuthorizationManager implements ReactiveAuthorizationManager<Author
return
Mono
.
just
(
new
AuthorizationDecision
(
false
));
return
Mono
.
just
(
new
AuthorizationDecision
(
false
));
}
}
// String tokenRedis = redisCache.getCacheObject("token");
// if (StrUtil.isBlank(tokenRedis)) {
// log.info("请求token为空拒绝访问,path={}", path);
// return Mono.just(new AuthorizationDecision(false));
// }
// 从缓存取资源权限角色关系列表
// 从缓存取资源权限角色关系列表
Map
<
Object
,
Object
>
permissionRoles
=
redisTemplate
.
opsForHash
().
entries
(
AuthConstants
.
PERMISSION_ROLES_KEY
);
Map
<
Object
,
Object
>
permissionRoles
=
redisTemplate
.
opsForHash
().
entries
(
AuthConstants
.
PERMISSION_ROLES_KEY
);
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment