Merge branch 'dev_20230205_mq'

b2f71862 · 董天德 · c5e36455 · f8f1a058 · b2f71862 · b2f71862
Commit b2f71862 authored Feb 14, 2023 by 董天德
5 changed files
--- a/auth-service/src/main/java/com/hungraim/ltc/controller/AuthController.java
+++ b/auth-service/src/main/java/com/hungraim/ltc/controller/AuthController.java
 package com.hungraim.ltc.controller;

+import com.alibaba.fastjson.JSONObject;
 import com.hungraim.ltc.util.CsoftSecurityUtil;
 import com.hungraim.ltc.util.Result;
 import lombok.AllArgsConstructor;
 import lombok.SneakyThrows;
-import org.springframework.security.core.Authentication;
-import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.data.redis.core.RedisTemplate;
+import org.springframework.security.jwt.JwtHelper;
 import org.springframework.security.oauth2.common.OAuth2AccessToken;
 import org.springframework.security.oauth2.provider.endpoint.TokenEndpoint;
-import org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler;
 import org.springframework.web.bind.annotation.*;

-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
 import java.security.Principal;
 import java.util.Map;

@@ -26,6 +24,7 @@ import java.util.Map;
 @AllArgsConstructor
 public class AuthController {

+  private final RedisTemplate redisTemplate;
  private final TokenEndpoint tokenEndpoint;

  @PostMapping("/token")
@@ -48,15 +47,12 @@ public class AuthController {
    return Result.success(keyMap.get(0).toString());
  }

-  @GetMapping("/authLogout")
-  public Result authLogout(HttpServletRequest request, HttpServletResponse response) {
-    Authentication auth = SecurityContextHolder.getContext().getAuthentication();
-    //清除认证
-    if (auth != null) {
-      new SecurityContextLogoutHandler().logout(request, response, auth);
-    }
+  @PostMapping("/logout")
+  public Result doLogout(String access_token){
+    String claims = JwtHelper.decode(access_token).getClaims();
+    String jti = (String)JSONObject.parseObject(claims).get("jti");
+    redisTemplate.opsForValue().set(jti,access_token);
    return Result.success();
-
  }

 }
--- a/auth-service/src/main/java/com/hungraim/ltc/gateway/config/WebSecurityConfig.java
+++ b/auth-service/src/main/java/com/hungraim/ltc/gateway/config/WebSecurityConfig.java
@@ -12,6 +12,7 @@ import org.springframework.security.config.annotation.web.configuration.WebSecur
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.security.web.authentication.logout.LogoutHandler;
+import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;
 import org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler;


@@ -20,7 +21,6 @@ import org.springframework.security.web.authentication.logout.SecurityContextLog
 */
 @Configuration
 @EnableWebSecurity
-@EnableGlobalMethodSecurity(prePostEnabled = true,securedEnabled = true)
 @Order(1)
 public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

@@ -35,13 +35,8 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
      .authorizeRequests().requestMatchers(EndpointRequest.toAnyEndpoint()).permitAll()
      .and()
      .authorizeRequests()
-      .antMatchers("/getPublicKey","/oauth/*").permitAll()
-      .anyRequest().authenticated()
-      .and()
-      .logout()
-      .logoutUrl("/oauth/logout")
-      .invalidateHttpSession(true);
-
+      .antMatchers("/getPublicKey","/oauth/**").permitAll()
+      .anyRequest().authenticated();
  }

  /**

--- a/gateway-service/pom.xml
+++ b/gateway-service/pom.xml
@@ -56,6 +56,13 @@
      <groupId>org.springframework.security</groupId>
      <artifactId>spring-security-oauth2-resource-server</artifactId>
    </dependency>
+      <!--jwt-->
+      <dependency>
+          <groupId>org.springframework.security</groupId>
+          <artifactId>spring-security-jwt</artifactId>
+          <version>1.0.9.RELEASE</version>
+          <scope>compile</scope>
+      </dependency>

  </dependencies>


--- a/gateway-service/src/main/java/com/hungraim/ltc/gateway/config/ResourceServerConfig.java
+++ b/gateway-service/src/main/java/com/hungraim/ltc/gateway/config/ResourceServerConfig.java
@@ -51,7 +51,7 @@ public class ResourceServerConfig {
        http.oauth2ResourceServer().jwt()
            .jwtAuthenticationConverter(jwtAuthenticationConverter());
        http.authorizeExchange()
-            .pathMatchers("/api/oauth/token","/oauth/*","/api/oauth/genKeyPair").permitAll()
+            .pathMatchers("/api/oauth/token","/oauth/**","/api/oauth/genKeyPair").permitAll()
            .anyExchange().access(authorizationManager)
            .and()
            .exceptionHandling()
@@ -61,6 +61,7 @@ public class ResourceServerConfig {
            .authenticationEntryPoint(authenticationEntryPoint())
            .and().csrf().disable();

+
        return http.build();
    }


--- a/gateway-service/src/main/java/com/hungraim/ltc/gateway/security/AuthorizationManager.java
+++ b/gateway-service/src/main/java/com/hungraim/ltc/gateway/security/AuthorizationManager.java
@@ -3,6 +3,7 @@ package com.hungraim.ltc.gateway.security;

 import cn.hutool.core.convert.Convert;
 import cn.hutool.core.util.StrUtil;
+import com.alibaba.fastjson.JSONObject;
 import com.hungraim.ltc.constant.AuthConstants;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -13,6 +14,7 @@ import org.springframework.security.authorization.AuthorizationDecision;
 import org.springframework.security.authorization.ReactiveAuthorizationManager;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.jwt.JwtHelper;
 import org.springframework.security.web.server.authorization.AuthorizationContext;
 import org.springframework.stereotype.Component;
 import org.springframework.util.AntPathMatcher;
@@ -45,6 +47,7 @@ public class AuthorizationManager implements ReactiveAuthorizationManager<Author
    public Mono<AuthorizationDecision> check(Mono<Authentication> mono, AuthorizationContext authorizationContext) {


+
        ServerHttpRequest request = authorizationContext.getExchange().getRequest();
        String path = request.getMethodValue() + "_" + request.getURI().getPath();
        log.info("请求，path={}", path);
@@ -62,6 +65,14 @@ public class AuthorizationManager implements ReactiveAuthorizationManager<Author
            log.info("请求token为空拒绝访问，path={}", path);
            return Mono.just(new AuthorizationDecision(false));
        }
+        String subToken = token.substring(AuthConstants.JWT_PREFIX.length());
+        String claims = JwtHelper.decode(subToken).getClaims();
+        String jti = (String) JSONObject.parseObject(claims).get("jti");
+        String acc_token = (String) redisTemplate.opsForValue().get(jti);
+        if (!StrUtil.isBlank(acc_token)) {
+            log.info("请求token为空拒绝访问，path={}", path);
+            return Mono.just(new AuthorizationDecision(false));
+        }


        // 从缓存取资源权限角色关系列表