RSA密码加密

9da726ae · maqing · 8295dd07 · 9da726ae · 9da726ae · 9da726ae
Commit 9da726ae authored Feb 08, 2023 by maqing
4 changed files
--- a/auth-service/src/main/java/com/hungraim/ltc/controller/AuthController.java
+++ b/auth-service/src/main/java/com/hungraim/ltc/controller/AuthController.java
@@ -25,9 +25,9 @@ public class AuthController {
  @PostMapping("/token")
  @SneakyThrows
  public Result<OAuth2AccessToken> postAccessToken(Principal principal, @RequestParam Map<String, String> parameters)  {
-    String password = parameters.get("password");
-    String decrypt = CsoftSecurityUtil.decrypt(password);
-    parameters.put("password", decrypt);
+//    String password = parameters.get("password");
+//    String decrypt = CsoftSecurityUtil.decrypt(password);
+//    parameters.put("password", decrypt);
    OAuth2AccessToken oAuth2AccessToken = tokenEndpoint.postAccessToken(principal, parameters).getBody();
    return Result.success(oAuth2AccessToken);
  }

--- a/auth-service/src/main/java/com/hungraim/ltc/gateway/config/AuthorizationServerConfiguration.java
+++ b/auth-service/src/main/java/com/hungraim/ltc/gateway/config/AuthorizationServerConfiguration.java
@@ -58,7 +58,11 @@ public class AuthorizationServerConfiguration extends AuthorizationServerConfigu
        this.userDetailsService = userDetailsService;
    }

-
+    /**
+     * 配置客户信息(jdbc方式获取用户信息)
+     * @param clients
+     * @throws Exception
+     */
    @Override
    public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
        clients.withClientDetails(clientDetails());
@@ -78,6 +82,7 @@ public class AuthorizationServerConfiguration extends AuthorizationServerConfigu
     */
    @Override
    public void configure(AuthorizationServerEndpointsConfigurer endpoints) {
+        //令牌增强器
        TokenEnhancerChain tokenEnhancerChain = new TokenEnhancerChain();
        List<TokenEnhancer> tokenEnhancers = new ArrayList<>();
        tokenEnhancers.add(tokenEnhancer());
@@ -85,22 +90,26 @@ public class AuthorizationServerConfiguration extends AuthorizationServerConfigu
        tokenEnhancerChain.setTokenEnhancers(tokenEnhancers);

        endpoints
-            .authenticationManager(authenticationManager)
+            .authenticationManager(authenticationManager) //认证管理器(认证账号密码是否正确)
            .accessTokenConverter(jwtAccessTokenConverter())
            .tokenEnhancer(tokenEnhancerChain)
-            .userDetailsService(userDetailsService)
+            .userDetailsService(userDetailsService)//密码模式的用户信息管理
            // refresh token有两种使用方式：重复使用(true)、非重复使用(false)，默认为true
            //      1 重复使用：access token过期刷新时， refresh token过期时间未改变，仍以初次生成的时间为准
            //      2 非重复使用：access token过期刷新时， refresh token过期时间延续，在refresh token有效期内刷新便永不失效达到无需再次登录的目的
            .reuseRefreshTokens(true);
    }

+    /**
+     * 令牌端点的安全约束
+     * @param security
+     */
    @Override
    public void configure(AuthorizationServerSecurityConfigurer security) {
        security.authenticationEntryPoint(authenticationEntryPoint()).passwordEncoder(new BCryptPasswordEncoder())
-            .tokenKeyAccess("isAuthenticated()")
+            .tokenKeyAccess("isAuthenticated()") //
            .checkTokenAccess("permitAll()")
-            .allowFormAuthenticationForClients();
+            .allowFormAuthenticationForClients();//表达认证,申请令牌
    }



--- a/auth-service/src/main/java/com/hungraim/ltc/gateway/config/WebSecurityConfig.java
+++ b/auth-service/src/main/java/com/hungraim/ltc/gateway/config/WebSecurityConfig.java
@@ -5,6 +5,7 @@ import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.core.annotation.Order;
 import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
@@ -17,10 +18,15 @@ import org.springframework.security.crypto.password.PasswordEncoder;
 */
 @Configuration
 @EnableWebSecurity
+@EnableGlobalMethodSecurity(prePostEnabled = true,securedEnabled = true)
 @Order(1)
 public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

-
+  /**
+   * 配置用户的安全拦截策略
+   * @param http
+   * @throws Exception
+   */
  @Override
  protected void configure(HttpSecurity http) throws Exception {
    http.csrf().disable() //关闭csrf保护
@@ -40,6 +46,10 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
    return super.authenticationManagerBean();
  }

+  /**
+   * 密码加密器
+   * @return
+   */
  @Bean
  public PasswordEncoder passwordEncoder() {
    return new BCryptPasswordEncoder();

--- a/gateway-service/src/main/java/com/hungraim/ltc/gateway/security/AuthorizationManager.java
+++ b/gateway-service/src/main/java/com/hungraim/ltc/gateway/security/AuthorizationManager.java
@@ -64,40 +64,40 @@ public class AuthorizationManager implements ReactiveAuthorizationManager<Author
        }


-//        // 从缓存取资源权限角色关系列表
-//        Map<Object, Object> permissionRoles = redisTemplate.opsForHash().entries(AuthConstants.PERMISSION_ROLES_KEY);
-//        Iterator<Object> iterator = permissionRoles.keySet().iterator();
-//        // 请求路径匹配到的资源需要的角色权限集合authorities统计
-//        Set<String> authorities = new HashSet<>();
-//        while (iterator.hasNext()) {
-//            String pattern = (String) iterator.next();
-//            if (pathMatcher.match(pattern, path)) {
-//                authorities.addAll(Convert.toList(String.class, permissionRoles.get(pattern)));
-//            }
-//        }
-//        log.info("require authorities:{}", authorities);
+        // 从缓存取资源权限角色关系列表
+        Map<Object, Object> permissionRoles = redisTemplate.opsForHash().entries(AuthConstants.PERMISSION_ROLES_KEY);
+        Iterator<Object> iterator = permissionRoles.keySet().iterator();
+        // 请求路径匹配到的资源需要的角色权限集合authorities统计
+        Set<String> authorities = new HashSet<>();
+        while (iterator.hasNext()) {
+            String pattern = (String) iterator.next();
+            if (pathMatcher.match(pattern, path)) {
+                authorities.addAll(Convert.toList(String.class, permissionRoles.get(pattern)));
+            }
+        }
+        log.info("require authorities:{}", authorities);

        //认证通过且角色匹配的用户可访问当前路径
-        return mono.map(auth -> {
-            return new AuthorizationDecision(true);
-        }).defaultIfEmpty(new AuthorizationDecision(false));
+//        return mono.map(auth -> {
+//            return new AuthorizationDecision(true);
+//        }).defaultIfEmpty(new AuthorizationDecision(false));

-//        return mono
-//            .filter(Authentication::isAuthenticated)
-//            .flatMapIterable(Authentication::getAuthorities)
-//            .map(GrantedAuthority::getAuthority)
-//            .any(roleId -> {
-//                // roleId是请求用户的角色(格式:ROLE_{roleId})，authorities是请求资源所需要角色的集合
-//                log.info("访问路径：{}", path);
-//                log.info("用户角色信息：{}", roleId);
-//                log.info("资源需要权限authorities：{}", authorities);
-//                //如果是管理员 直接放行
-//                if ("ROLE_0".equals(roleId)) {
-//                    return true;
-//                }
-//                return authorities.contains(roleId);
-//            })
-//            .map(AuthorizationDecision::new)
-//            .defaultIfEmpty(new AuthorizationDecision(false));
+        return mono
+            .filter(Authentication::isAuthenticated)
+            .flatMapIterable(Authentication::getAuthorities)
+            .map(GrantedAuthority::getAuthority)
+            .any(roleId -> {
+                // roleId是请求用户的角色(格式:ROLE_{roleId})，authorities是请求资源所需要角色的集合
+                log.info("访问路径：{}", path);
+                log.info("用户角色信息：{}", roleId);
+                log.info("资源需要权限authorities：{}", authorities);
+                //如果是管理员 直接放行
+                if ("ROLE_0".equals(roleId)) {
+                    return true;
+                }
+                return authorities.contains(roleId);
+            })
+            .map(AuthorizationDecision::new)
+            .defaultIfEmpty(new AuthorizationDecision(false));
    }
 }