♻️ ballcat-oauth 更名为 ballcat-auth,将授权相关代码剥离。方便后续将授权服务和 upms 资源服务分开独立部署
This commit is contained in:
b2baccline
@@ -59,7 +59,7 @@
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>com.hccake</groupId>
|
||||
<artifactId>ballcat-oauth-controller</artifactId>
|
||||
<artifactId>ballcat-auth-controller</artifactId>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>com.hccake</groupId>
|
||||
|
||||
@@ -1,18 +1,11 @@
|
||||
package com.hccake.ballcat.admin;
|
||||
|
||||
import com.anji.captcha.service.CaptchaService;
|
||||
import com.hccake.ballcat.auth.annotation.EnableOauth2AuthorizationServer;
|
||||
import com.hccake.ballcat.common.security.annotation.EnableOauth2ResourceServer;
|
||||
import com.hccake.ballcat.common.security.constant.SecurityConstants;
|
||||
import com.hccake.ballcat.oauth.UserInfoCoordinator;
|
||||
import com.hccake.ballcat.oauth.filter.LoginCaptchaFilter;
|
||||
import com.hccake.ballcat.common.security.properties.SecurityProperties;
|
||||
import com.hccake.ballcat.system.properties.UpmsProperties;
|
||||
import org.mybatis.spring.annotation.MapperScan;
|
||||
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
|
||||
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
|
||||
import org.springframework.boot.context.properties.EnableConfigurationProperties;
|
||||
import org.springframework.boot.web.servlet.FilterRegistrationBean;
|
||||
import org.springframework.boot.web.servlet.ServletComponentScan;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.ComponentScan;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
|
||||
@@ -22,31 +15,12 @@ import org.springframework.context.annotation.Configuration;
|
||||
* @date 2020/5/25 21:01
|
||||
*/
|
||||
@MapperScan("com.hccake.ballcat.**.mapper")
|
||||
@ComponentScan({ "com.hccake.ballcat.admin", "com.hccake.ballcat.oauth", "com.hccake.ballcat.system",
|
||||
@ComponentScan({ "com.hccake.ballcat.admin", "com.hccake.ballcat.auth", "com.hccake.ballcat.system",
|
||||
"com.hccake.ballcat.log", "com.hccake.ballcat.file", "com.hccake.ballcat.notify" })
|
||||
@ServletComponentScan("com.hccake.ballcat.oauth.filter")
|
||||
@Configuration(proxyBeanMethods = false)
|
||||
@EnableConfigurationProperties(UpmsProperties.class)
|
||||
@EnableConfigurationProperties({ UpmsProperties.class, SecurityProperties.class })
|
||||
@EnableOauth2AuthorizationServer
|
||||
@EnableOauth2ResourceServer
|
||||
public class UpmsAutoConfiguration {
|
||||
|
||||
@Bean
|
||||
@ConditionalOnMissingBean
|
||||
public UserInfoCoordinator userInfoCoordinator() {
|
||||
return new UserInfoCoordinator();
|
||||
}
|
||||
|
||||
@Bean
|
||||
@ConditionalOnProperty(prefix = "ballcat.upms", name = "loginCaptchaEnabled", havingValue = "true",
|
||||
matchIfMissing = true)
|
||||
public FilterRegistrationBean<LoginCaptchaFilter> filterRegistrationBean(CaptchaService captchaService) {
|
||||
FilterRegistrationBean<LoginCaptchaFilter> bean = new FilterRegistrationBean<>();
|
||||
LoginCaptchaFilter filter = new LoginCaptchaFilter(captchaService);
|
||||
bean.setFilter(filter);
|
||||
// 比密码解密早一步
|
||||
bean.setOrder(-1);
|
||||
bean.addUrlPatterns(SecurityConstants.LOGIN_URL);
|
||||
return bean;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@@ -3,21 +3,21 @@
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
|
||||
<parent>
|
||||
<artifactId>ballcat-oauth</artifactId>
|
||||
<artifactId>ballcat-auth</artifactId>
|
||||
<groupId>com.hccake</groupId>
|
||||
<version>${revision}</version>
|
||||
</parent>
|
||||
<modelVersion>4.0.0</modelVersion>
|
||||
|
||||
<artifactId>ballcat-oauth-biz</artifactId>
|
||||
<artifactId>ballcat-auth-biz</artifactId>
|
||||
<dependencies>
|
||||
<dependency>
|
||||
<groupId>com.hccake</groupId>
|
||||
<artifactId>ballcat-system-biz</artifactId>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.springframework.boot</groupId>
|
||||
<artifactId>spring-boot</artifactId>
|
||||
<groupId>com.anji-plus</groupId>
|
||||
<artifactId>captcha</artifactId>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
@@ -1,4 +1,4 @@
|
||||
package com.hccake.ballcat.oauth;
|
||||
package com.hccake.ballcat.auth;
|
||||
|
||||
import com.anji.captcha.service.CaptchaCacheService;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
@@ -1,4 +1,4 @@
|
||||
package com.hccake.ballcat.oauth;
|
||||
package com.hccake.ballcat.auth;
|
||||
|
||||
import cn.hutool.core.collection.CollectionUtil;
|
||||
import com.hccake.ballcat.common.security.userdetails.User;
|
||||
@@ -1,4 +1,4 @@
|
||||
package com.hccake.ballcat.oauth;
|
||||
package com.hccake.ballcat.auth;
|
||||
|
||||
import com.hccake.ballcat.common.security.constant.TokenAttributeNameConstants;
|
||||
import com.hccake.ballcat.common.security.userdetails.User;
|
||||
@@ -0,0 +1,24 @@
|
||||
package com.hccake.ballcat.auth;
|
||||
|
||||
import lombok.Getter;
|
||||
import lombok.Setter;
|
||||
import org.springframework.boot.context.properties.ConfigurationProperties;
|
||||
|
||||
/**
|
||||
* 授权服务器的配置文件
|
||||
*
|
||||
* @author hccake
|
||||
*/
|
||||
@Getter
|
||||
@Setter
|
||||
@ConfigurationProperties(prefix = OAuth2AuthorizationServerProperties.PREFIX)
|
||||
public class OAuth2AuthorizationServerProperties {
|
||||
|
||||
public static final String PREFIX = "ballcat.security.oauth2.authorizationserver";
|
||||
|
||||
/**
|
||||
* 登陆验证码开关
|
||||
*/
|
||||
private boolean loginCaptchaEnabled = true;
|
||||
|
||||
}
|
||||
@@ -1,4 +1,4 @@
|
||||
package com.hccake.ballcat.oauth;
|
||||
package com.hccake.ballcat.auth;
|
||||
|
||||
import cn.hutool.core.collection.CollectionUtil;
|
||||
import com.hccake.ballcat.common.security.constant.TokenAttributeNameConstants;
|
||||
@@ -1,4 +1,4 @@
|
||||
package com.hccake.ballcat.oauth;
|
||||
package com.hccake.ballcat.auth;
|
||||
|
||||
import com.hccake.ballcat.system.model.entity.SysUser;
|
||||
|
||||
@@ -0,0 +1,21 @@
|
||||
package com.hccake.ballcat.auth.annotation;
|
||||
|
||||
import com.hccake.ballcat.auth.configuration.AuthorizationAutoConfiguration;
|
||||
import org.springframework.context.annotation.Import;
|
||||
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
|
||||
|
||||
import java.lang.annotation.*;
|
||||
|
||||
/**
|
||||
* 开启 Oauth2 授权服务器
|
||||
* @author hccake
|
||||
*/
|
||||
@Target({ ElementType.TYPE })
|
||||
@Retention(RetentionPolicy.RUNTIME)
|
||||
@Documented
|
||||
@Inherited
|
||||
@Import({ AuthorizationAutoConfiguration.class })
|
||||
@EnableAuthorizationServer
|
||||
public @interface EnableOauth2AuthorizationServer {
|
||||
|
||||
}
|
||||
@@ -1,5 +1,9 @@
|
||||
package com.hccake.ballcat.admin.config;
|
||||
package com.hccake.ballcat.auth.configuration;
|
||||
|
||||
import com.hccake.ballcat.auth.CustomTokenEnhancer;
|
||||
import com.hccake.ballcat.auth.OAuth2AuthorizationServerProperties;
|
||||
import com.hccake.ballcat.auth.UserInfoCoordinator;
|
||||
import com.hccake.ballcat.auth.confogurer.CustomAuthorizationServerConfigurer;
|
||||
import com.hccake.ballcat.common.redis.config.CachePropertiesHolder;
|
||||
import com.hccake.ballcat.common.security.component.CustomRedisTokenStore;
|
||||
import com.hccake.ballcat.common.security.constant.SecurityConstants;
|
||||
@@ -7,12 +11,11 @@ import com.hccake.ballcat.common.security.exception.CustomAuthenticationEntryPoi
|
||||
import com.hccake.ballcat.common.security.exception.CustomWebResponseExceptionTranslator;
|
||||
import com.hccake.ballcat.common.security.properties.SecurityProperties;
|
||||
import com.hccake.ballcat.common.security.util.PasswordUtils;
|
||||
import com.hccake.ballcat.oauth.CustomTokenEnhancer;
|
||||
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
|
||||
import org.springframework.boot.context.properties.EnableConfigurationProperties;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.context.annotation.DependsOn;
|
||||
import org.springframework.context.annotation.Import;
|
||||
import org.springframework.data.redis.connection.RedisConnectionFactory;
|
||||
import org.springframework.security.crypto.password.PasswordEncoder;
|
||||
import org.springframework.security.oauth2.common.exceptions.OAuth2Exception;
|
||||
@@ -26,8 +29,8 @@ import org.springframework.security.web.AuthenticationEntryPoint;
|
||||
*
|
||||
* @author hccake
|
||||
*/
|
||||
@Configuration(proxyBeanMethods = false)
|
||||
@EnableConfigurationProperties(SecurityProperties.class)
|
||||
@Import({ CustomAuthorizationServerConfigurer.class, AuthorizationFilterConfiguration.class })
|
||||
@EnableConfigurationProperties({ SecurityProperties.class, OAuth2AuthorizationServerProperties.class })
|
||||
public class AuthorizationAutoConfiguration {
|
||||
|
||||
/**
|
||||
@@ -83,4 +86,14 @@ public class AuthorizationAutoConfiguration {
|
||||
return new CustomAuthenticationEntryPoint();
|
||||
}
|
||||
|
||||
/**
|
||||
* 用户信息协调者
|
||||
* @return UserInfoCoordinator
|
||||
*/
|
||||
@Bean
|
||||
@ConditionalOnMissingBean
|
||||
public UserInfoCoordinator userInfoCoordinator() {
|
||||
return new UserInfoCoordinator();
|
||||
}
|
||||
|
||||
}
|
||||
@@ -0,0 +1,57 @@
|
||||
package com.hccake.ballcat.auth.configuration;
|
||||
|
||||
import com.anji.captcha.service.CaptchaService;
|
||||
import com.hccake.ballcat.auth.OAuth2AuthorizationServerProperties;
|
||||
import com.hccake.ballcat.auth.filter.LoginCaptchaFilter;
|
||||
import com.hccake.ballcat.auth.filter.LoginPasswordDecoderFilter;
|
||||
import com.hccake.ballcat.common.security.constant.SecurityConstants;
|
||||
import com.hccake.ballcat.common.security.properties.SecurityProperties;
|
||||
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
|
||||
import org.springframework.boot.web.servlet.FilterRegistrationBean;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
|
||||
/**
|
||||
* 授权服务器用到的一些过滤器
|
||||
*
|
||||
* @author hccake
|
||||
*/
|
||||
@Configuration(proxyBeanMethods = false)
|
||||
public class AuthorizationFilterConfiguration {
|
||||
|
||||
/**
|
||||
* password 模式下,密码入参要求 AES 加密。 在进入令牌端点前,通过过滤器进行解密处理。
|
||||
* @param securityProperties 安全配置相关
|
||||
* @return FilterRegistrationBean<LoginPasswordDecoderFilter>
|
||||
*/
|
||||
@Bean
|
||||
@ConditionalOnProperty(prefix = SecurityProperties.PREFIX, name = "password-secret-key")
|
||||
public FilterRegistrationBean<LoginPasswordDecoderFilter> loginPasswordDecoderFilter(
|
||||
SecurityProperties securityProperties) {
|
||||
FilterRegistrationBean<LoginPasswordDecoderFilter> bean = new FilterRegistrationBean<>();
|
||||
LoginPasswordDecoderFilter filter = new LoginPasswordDecoderFilter(securityProperties.getPasswordSecretKey());
|
||||
bean.setFilter(filter);
|
||||
bean.setOrder(0);
|
||||
bean.addUrlPatterns(SecurityConstants.LOGIN_URL);
|
||||
return bean;
|
||||
}
|
||||
|
||||
/**
|
||||
* 登录验证码拦截判断
|
||||
* @param captchaService 验证码处理类
|
||||
* @return FilterRegistrationBean<LoginCaptchaFilter>
|
||||
*/
|
||||
@Bean
|
||||
@ConditionalOnProperty(prefix = OAuth2AuthorizationServerProperties.PREFIX, name = "login-captcha-enabled",
|
||||
havingValue = "true", matchIfMissing = true)
|
||||
public FilterRegistrationBean<LoginCaptchaFilter> loginCaptchaFilter(CaptchaService captchaService) {
|
||||
FilterRegistrationBean<LoginCaptchaFilter> bean = new FilterRegistrationBean<>();
|
||||
LoginCaptchaFilter filter = new LoginCaptchaFilter(captchaService);
|
||||
bean.setFilter(filter);
|
||||
// 比密码解密早一步
|
||||
bean.setOrder(-1);
|
||||
bean.addUrlPatterns(SecurityConstants.LOGIN_URL);
|
||||
return bean;
|
||||
}
|
||||
|
||||
}
|
||||
@@ -1,8 +1,8 @@
|
||||
package com.hccake.ballcat.admin.config;
|
||||
package com.hccake.ballcat.auth.confogurer;
|
||||
|
||||
import com.hccake.ballcat.oauth.CustomAccessTokenConverter;
|
||||
import com.hccake.ballcat.oauth.SysUserDetailsServiceImpl;
|
||||
import com.hccake.ballcat.oauth.mobile.MobileTokenGranter;
|
||||
import com.hccake.ballcat.auth.CustomAccessTokenConverter;
|
||||
import com.hccake.ballcat.auth.SysUserDetailsServiceImpl;
|
||||
import com.hccake.ballcat.auth.mobile.MobileTokenGranter;
|
||||
import lombok.RequiredArgsConstructor;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.core.annotation.Order;
|
||||
@@ -12,7 +12,6 @@ import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
||||
import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
|
||||
import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurer;
|
||||
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
|
||||
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
|
||||
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;
|
||||
import org.springframework.security.oauth2.provider.CompositeTokenGranter;
|
||||
@@ -32,10 +31,6 @@ import java.util.List;
|
||||
* @version 1.0
|
||||
* @date 2019/9/27 16:14 OAuth2 授权服务器配置
|
||||
*/
|
||||
@Configuration(proxyBeanMethods = false)
|
||||
@EnableAuthorizationServer
|
||||
// @Import({ AuthorizationServerEndpointsConfiguration.class,
|
||||
// AuthorizationServerSecurityConfiguration.class })
|
||||
@RequiredArgsConstructor
|
||||
public class CustomAuthorizationServerConfigurer implements AuthorizationServerConfigurer {
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
package com.hccake.ballcat.oauth.filter;
|
||||
package com.hccake.ballcat.auth.filter;
|
||||
|
||||
import com.anji.captcha.model.common.ResponseModel;
|
||||
import com.anji.captcha.model.vo.CaptchaVO;
|
||||
@@ -1,23 +1,19 @@
|
||||
package com.hccake.ballcat.oauth.filter;
|
||||
package com.hccake.ballcat.auth.filter;
|
||||
|
||||
import com.hccake.ballcat.common.core.request.wrapper.ModifyParamMapRequestWrapper;
|
||||
import com.hccake.ballcat.common.model.result.R;
|
||||
import com.hccake.ballcat.common.model.result.SystemResultCode;
|
||||
import com.hccake.ballcat.common.security.constant.SecurityConstants;
|
||||
import com.hccake.ballcat.common.util.JsonUtils;
|
||||
import com.hccake.ballcat.common.security.util.PasswordUtils;
|
||||
import com.hccake.ballcat.common.security.properties.SecurityProperties;
|
||||
import com.hccake.ballcat.common.security.util.SecurityUtils;
|
||||
import com.hccake.ballcat.common.util.JsonUtils;
|
||||
import lombok.RequiredArgsConstructor;
|
||||
import lombok.extern.slf4j.Slf4j;
|
||||
import org.springframework.core.annotation.Order;
|
||||
import org.springframework.http.HttpStatus;
|
||||
import org.springframework.http.MediaType;
|
||||
import org.springframework.web.filter.OncePerRequestFilter;
|
||||
|
||||
import javax.servlet.FilterChain;
|
||||
import javax.servlet.ServletException;
|
||||
import javax.servlet.annotation.WebFilter;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
import java.io.IOException;
|
||||
@@ -30,12 +26,10 @@ import java.util.Map;
|
||||
* @date 2019/9/28 16:57 前端传递过来的加密密码,需要在登陆之前先解密
|
||||
*/
|
||||
@Slf4j
|
||||
@Order(0)
|
||||
@WebFilter(urlPatterns = { SecurityConstants.LOGIN_URL })
|
||||
@RequiredArgsConstructor
|
||||
public class LoginPasswordDecoderFilter extends OncePerRequestFilter {
|
||||
|
||||
private final SecurityProperties securityProperties;
|
||||
private final String passwordSecretKey;
|
||||
|
||||
private static final String PASSWORD = "password";
|
||||
|
||||
@@ -46,7 +40,6 @@ public class LoginPasswordDecoderFilter extends OncePerRequestFilter {
|
||||
throws ServletException, IOException {
|
||||
|
||||
// 未配置密码密钥时,直接跳过
|
||||
String passwordSecretKey = securityProperties.getPasswordSecretKey();
|
||||
if (passwordSecretKey == null) {
|
||||
log.warn("passwordSecretKey not configured, skip password decoder");
|
||||
filterChain.doFilter(request, response);
|
||||
@@ -1,4 +1,4 @@
|
||||
package com.hccake.ballcat.oauth.mobile;
|
||||
package com.hccake.ballcat.auth.mobile;
|
||||
|
||||
import lombok.Getter;
|
||||
import lombok.Setter;
|
||||
@@ -1,4 +1,4 @@
|
||||
package com.hccake.ballcat.oauth.mobile;
|
||||
package com.hccake.ballcat.auth.mobile;
|
||||
|
||||
import lombok.SneakyThrows;
|
||||
import org.springframework.security.authentication.AbstractAuthenticationToken;
|
||||
@@ -1,4 +1,4 @@
|
||||
package com.hccake.ballcat.oauth.mobile;
|
||||
package com.hccake.ballcat.auth.mobile;
|
||||
|
||||
import org.springframework.security.authentication.AuthenticationManager;
|
||||
import org.springframework.security.core.Authentication;
|
||||
@@ -3,13 +3,13 @@
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
|
||||
<parent>
|
||||
<artifactId>ballcat-oauth</artifactId>
|
||||
<artifactId>ballcat-auth</artifactId>
|
||||
<groupId>com.hccake</groupId>
|
||||
<version>${revision}</version>
|
||||
</parent>
|
||||
<modelVersion>4.0.0</modelVersion>
|
||||
|
||||
<artifactId>ballcat-oauth-controller</artifactId>
|
||||
<artifactId>ballcat-auth-controller</artifactId>
|
||||
<dependencies>
|
||||
<dependency>
|
||||
<groupId>com.hccake</groupId>
|
||||
@@ -29,7 +29,7 @@
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>com.hccake</groupId>
|
||||
<artifactId>ballcat-oauth-biz</artifactId>
|
||||
<artifactId>ballcat-auth-biz</artifactId>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
@@ -39,10 +39,6 @@
|
||||
<groupId>org.springframework.security.oauth</groupId>
|
||||
<artifactId>spring-security-oauth2</artifactId>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>com.anji-plus</groupId>
|
||||
<artifactId>captcha</artifactId>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.springframework.data</groupId>
|
||||
<artifactId>spring-data-redis</artifactId>
|
||||
@@ -1,4 +1,4 @@
|
||||
package com.hccake.ballcat.oauth.controller;
|
||||
package com.hccake.ballcat.auth.controller;
|
||||
|
||||
import cn.hutool.core.util.StrUtil;
|
||||
import com.hccake.ballcat.common.model.result.R;
|
||||
@@ -0,0 +1 @@
|
||||
com.hccake.ballcat.auth.CaptchaCacheServiceRedisImpl
|
||||
@@ -9,12 +9,12 @@
|
||||
</parent>
|
||||
<modelVersion>4.0.0</modelVersion>
|
||||
|
||||
<artifactId>ballcat-oauth</artifactId>
|
||||
<artifactId>ballcat-auth</artifactId>
|
||||
<packaging>pom</packaging>
|
||||
|
||||
<modules>
|
||||
<module>ballcat-oauth-biz</module>
|
||||
<module>ballcat-oauth-controller</module>
|
||||
<module>ballcat-auth-biz</module>
|
||||
<module>ballcat-auth-controller</module>
|
||||
</modules>
|
||||
|
||||
</project>
|
||||
@@ -3,7 +3,6 @@ package com.hccake.ballcat.common.security.oauth2.server.resource;
|
||||
import com.hccake.ballcat.common.security.component.CustomPermissionEvaluator;
|
||||
import com.hccake.ballcat.common.security.exception.CustomAuthenticationEntryPoint;
|
||||
import com.hccake.ballcat.common.security.properties.OAuth2ResourceServerProperties;
|
||||
import com.hccake.ballcat.common.security.properties.SecurityProperties;
|
||||
import lombok.RequiredArgsConstructor;
|
||||
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
|
||||
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
|
||||
@@ -25,7 +24,7 @@ import org.springframework.security.web.AuthenticationEntryPoint;
|
||||
@RequiredArgsConstructor
|
||||
@Configuration(proxyBeanMethods = false)
|
||||
@EnableGlobalMethodSecurity(prePostEnabled = true)
|
||||
@EnableConfigurationProperties({ SecurityProperties.class, OAuth2ResourceServerProperties.class })
|
||||
@EnableConfigurationProperties(OAuth2ResourceServerProperties.class)
|
||||
@Import(ResourceServerWebSecurityConfigurerAdapter.class)
|
||||
public class ResourceServerAutoConfiguration {
|
||||
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
package com.hccake.ballcat.common.security.oauth2.server.resource;
|
||||
|
||||
import cn.hutool.core.util.ArrayUtil;
|
||||
import com.hccake.ballcat.common.security.properties.SecurityProperties;
|
||||
import com.hccake.ballcat.common.security.properties.OAuth2ResourceServerProperties;
|
||||
import lombok.RequiredArgsConstructor;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
@@ -26,7 +26,7 @@ import org.springframework.security.web.AuthenticationEntryPoint;
|
||||
@RequiredArgsConstructor
|
||||
public class ResourceServerWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {
|
||||
|
||||
private final SecurityProperties securityProperties;
|
||||
private final OAuth2ResourceServerProperties oAuth2ResourceServerProperties;
|
||||
|
||||
private final OpaqueTokenAuthenticationProvider opaqueTokenAuthenticationProvider;
|
||||
|
||||
@@ -55,7 +55,7 @@ public class ResourceServerWebSecurityConfigurerAdapter extends WebSecurityConfi
|
||||
// 拦截 url 配置
|
||||
.and()
|
||||
.authorizeRequests()
|
||||
.antMatchers(ArrayUtil.toArray(securityProperties.getIgnoreUrls(), String.class))
|
||||
.antMatchers(ArrayUtil.toArray(oAuth2ResourceServerProperties.getIgnoreUrls(), String.class))
|
||||
.permitAll()
|
||||
.anyRequest().authenticated()
|
||||
|
||||
@@ -74,7 +74,7 @@ public class ResourceServerWebSecurityConfigurerAdapter extends WebSecurityConfi
|
||||
// @formatter:on
|
||||
|
||||
// 允许嵌入iframe
|
||||
if (!securityProperties.isIframeDeny()) {
|
||||
if (!oAuth2ResourceServerProperties.isIframeDeny()) {
|
||||
http.headers().frameOptions().disable();
|
||||
}
|
||||
}
|
||||
|
||||
@@ -4,6 +4,9 @@ import lombok.Getter;
|
||||
import lombok.Setter;
|
||||
import org.springframework.boot.context.properties.ConfigurationProperties;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
|
||||
/**
|
||||
* 资源服务器的配置文件,用于配置 token 鉴定方式。由于目前 ballcat 授权服务器使用 不透明令牌,所以这里也暂时不做 jwt令牌支持的扩展
|
||||
*
|
||||
@@ -15,6 +18,16 @@ import org.springframework.boot.context.properties.ConfigurationProperties;
|
||||
@ConfigurationProperties(prefix = "ballcat.security.oauth2.resourceserver")
|
||||
public class OAuth2ResourceServerProperties {
|
||||
|
||||
/**
|
||||
* 忽略鉴权的 url 列表
|
||||
*/
|
||||
private List<String> ignoreUrls = new ArrayList<>();
|
||||
|
||||
/**
|
||||
* 是否禁止嵌入iframe
|
||||
*/
|
||||
private boolean iframeDeny = true;
|
||||
|
||||
/**
|
||||
* 共享存储的token,这种情况下,利用 tokenStore 可以直接获取 token 信息
|
||||
*/
|
||||
|
||||
@@ -4,9 +4,6 @@ import lombok.Getter;
|
||||
import lombok.Setter;
|
||||
import org.springframework.boot.context.properties.ConfigurationProperties;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
|
||||
/**
|
||||
* @author Hccake
|
||||
* @version 1.0
|
||||
@@ -14,22 +11,14 @@ import java.util.List;
|
||||
*/
|
||||
@Getter
|
||||
@Setter
|
||||
@ConfigurationProperties(prefix = "ballcat.security")
|
||||
@ConfigurationProperties(prefix = SecurityProperties.PREFIX)
|
||||
public class SecurityProperties {
|
||||
|
||||
public static final String PREFIX = "ballcat.security";
|
||||
|
||||
/**
|
||||
* 前后端交互使用的对称加密算法的密钥,必须 16 位字符
|
||||
*/
|
||||
private String passwordSecretKey;
|
||||
|
||||
/**
|
||||
* 忽略鉴权的 url 列表
|
||||
*/
|
||||
private List<String> ignoreUrls = new ArrayList<>();
|
||||
|
||||
/**
|
||||
* 是否禁止嵌入iframe
|
||||
*/
|
||||
private boolean iframeDeny = true;
|
||||
|
||||
}
|
||||
|
||||
@@ -292,15 +292,15 @@
|
||||
<artifactId>ballcat-system-model</artifactId>
|
||||
<version>${revision}</version>
|
||||
</dependency>
|
||||
<!-- oauth 授权模块 -->
|
||||
<!-- auth 授权模块 -->
|
||||
<dependency>
|
||||
<groupId>com.hccake</groupId>
|
||||
<artifactId>ballcat-oauth-controller</artifactId>
|
||||
<artifactId>ballcat-auth-controller</artifactId>
|
||||
<version>${revision}</version>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>com.hccake</groupId>
|
||||
<artifactId>ballcat-oauth-biz</artifactId>
|
||||
<artifactId>ballcat-auth-biz</artifactId>
|
||||
<version>${revision}</version>
|
||||
</dependency>
|
||||
<!-- notify 通知模块 -->
|
||||
|
||||
@@ -1 +0,0 @@
|
||||
com.hccake.ballcat.oauth.CaptchaCacheServiceRedisImpl
|
||||
@@ -15,11 +15,6 @@ import org.springframework.boot.context.properties.ConfigurationProperties;
|
||||
@ConfigurationProperties(prefix = "ballcat.upms")
|
||||
public class UpmsProperties {
|
||||
|
||||
/**
|
||||
* 登陆验证码开关
|
||||
*/
|
||||
private boolean loginCaptchaEnabled = true;
|
||||
|
||||
/**
|
||||
* 超级管理员的配置
|
||||
*/
|
||||
|
||||
@@ -16,10 +16,6 @@
|
||||
<groupId>com.hccake</groupId>
|
||||
<artifactId>ballcat-system-biz</artifactId>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>com.hccake</groupId>
|
||||
<artifactId>ballcat-oauth-biz</artifactId>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>com.hccake</groupId>
|
||||
<artifactId>ballcat-spring-boot-starter-log</artifactId>
|
||||
|
||||
@@ -10,8 +10,8 @@ import com.hccake.ballcat.common.model.domain.SelectData;
|
||||
import com.hccake.ballcat.common.model.result.BaseResultCode;
|
||||
import com.hccake.ballcat.common.model.result.R;
|
||||
import com.hccake.ballcat.common.model.result.SystemResultCode;
|
||||
import com.hccake.ballcat.common.security.util.PasswordUtils;
|
||||
import com.hccake.ballcat.common.security.properties.SecurityProperties;
|
||||
import com.hccake.ballcat.common.security.util.PasswordUtils;
|
||||
import com.hccake.ballcat.system.constant.SysUserConst;
|
||||
import com.hccake.ballcat.system.converter.SysUserConverter;
|
||||
import com.hccake.ballcat.system.model.dto.SysUserDTO;
|
||||
|
||||
Reference in New Issue
Block a user