1 년 전 · d4d9e0c8b6
--- a/tuoheng_oidc_server/src/main/java/com/tuoheng/config/SecurityConfig.java
+++ b/tuoheng_oidc_server/src/main/java/com/tuoheng/config/SecurityConfig.java
@@ -1,5 +1,6 @@
 package com.tuoheng.config;

 import com.tuoheng.exception.DiyException;
 import com.tuoheng.oauth2.authentication.OAuth2ResourceOwnerPasswordAuthenticationConverter;
 import com.tuoheng.handler.AccessDeniedHandler;
 import com.tuoheng.mapper.UserMapper;
@@ -21,6 +22,7 @@ import org.springframework.security.config.annotation.web.configurers.Expression
 import org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization.OAuth2AuthorizationServerConfigurer;
 import org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer;
 import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
 import org.springframework.security.oauth2.core.OAuth2Token;
 import org.springframework.security.oauth2.core.oidc.OidcUserInfo;
 import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService;
@@ -82,6 +84,13 @@ public class SecurityConfig {
            OidcUserInfoAuthenticationToken authentication = context.getAuthentication();
            JwtAuthenticationToken principal = (JwtAuthenticationToken) authentication.getPrincipal();
            UserBaseInfoDto userBaseInfoDto = userMapper.getUserBaseInfo(principal.getName());
            // 在这里做校验
            if (0 == userBaseInfoDto.getIsAble()) {
                throw new DiyException(1001, "该账号已被禁用，请联系系统管理员");
            }
            if (0 == userBaseInfoDto.getIsExpire()) {
                throw new DiyException(1002, "系统有效期已过，请联系系统管理员");
            }
            return oidcUserInfoService.loadUser(principal.getName(), context.getAccessToken().getScopes(), userBaseInfoDto);
        };
        authorizationServerConfigurer.oidc((oidc) -> {
@@ -94,14 +103,14 @@ public class SecurityConfig {
                .authorizeRequests((authorizeRequests) -> {
                    ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) authorizeRequests.anyRequest()).authenticated();
                }).csrf((csrf) -> {
                    csrf.ignoringRequestMatchers(new RequestMatcher[]{endpointsMatcher});
                }).apply(authorizationServerConfigurer)
            csrf.ignoringRequestMatchers(new RequestMatcher[]{endpointsMatcher});
        }).apply(authorizationServerConfigurer)
                .and()
                .oauth2ResourceServer(OAuth2ResourceServerConfigurer::jwt)
                .exceptionHandling(exceptions -> exceptions
                        .authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/toLogin"))
                        .accessDeniedHandler(new AccessDeniedHandler()))
                        //.authenticationEntryPoint(new AuthenticationEntryPoint()))
                //.authenticationEntryPoint(new AuthenticationEntryPoint()))
                .apply(authorizationServerConfigurer);
        SecurityFilterChain securityFilterChain = http.build();
        addCustomOAuth2ResourceOwnerPasswordAuthenticationProvider(http);
@@ -112,11 +121,11 @@ public class SecurityConfig {
    @Order(2)
    SecurityFilterChain defaultSecurityFilterChain(HttpSecurity http) throws Exception {
        //http.addFilterBefore(verifyCodeFilter, UsernamePasswordAuthenticationFilter.class);
        http.addFilterAt(new VerifyCodeFilter(),UsernamePasswordAuthenticationFilter.class);
        http.addFilterAt(new VerifyCodeFilter(), UsernamePasswordAuthenticationFilter.class);
        http.csrf().disable()
                .authorizeHttpRequests((authorize) -> authorize
                        .antMatchers("/toLogin", "/getHealth", "/static/**", "/vercode").permitAll()
                        .antMatchers("/user/create","/user/getInfo").permitAll()
                        .antMatchers("/user/create", "/user/getInfo").permitAll()
                        .anyRequest().authenticated()
                )
                // Form login handles the redirect to the login page from the
--- a/tuoheng_oidc_server/src/main/java/com/tuoheng/exception/DiyException.java
+++ b/tuoheng_oidc_server/src/main/java/com/tuoheng/exception/DiyException.java
@@ -0,0 +1,52 @@
 package com.tuoheng.exception;

 public class DiyException extends RuntimeException {

    private static final long serialVersionUID = -783442404816393286L;
    //默认错误异常码为-1
    public static final int ERROR_CODE_DEFAULT = -1;

    private String msg;
    private int code;

    public String getMsg() {
        return msg;
    }

    public void setMsg(String msg) {
        this.msg = msg;
    }

    public int getCode() {
        return code;
    }

    public void setCode(int code) {
        this.code = code;
    }

    /**
     * 带参构造器
     *
     * @param msg 异常信息
     */
    public DiyException(String msg) {
        super(msg);
        this.code = ERROR_CODE_DEFAULT;
        this.msg = msg;
    }

    /**
     * 带参构造器
     *
     * @param code 异常码
     * @param msg  异常信息
     */
    public DiyException(int code, String msg) {
        super(msg);
        this.code = code;
        this.msg = msg;
    }

 }

--- a/tuoheng_oidc_server/src/main/java/com/tuoheng/model/dto/AuthoritiesDto.java
+++ b/tuoheng_oidc_server/src/main/java/com/tuoheng/model/dto/AuthoritiesDto.java
@@ -1,17 +0,0 @@
 package com.tuoheng.model.dto;

 import lombok.Data;

 /**
 * @Author xiaoying
 * @Date 2023/7/3 9:49
 */
@Data
 public class AuthoritiesDto {

    private String authority;

    private Integer status;


 }
--- a/tuoheng_oidc_server/src/main/java/com/tuoheng/model/dto/UserBaseInfoDto.java
+++ b/tuoheng_oidc_server/src/main/java/com/tuoheng/model/dto/UserBaseInfoDto.java
@@ -28,4 +28,8 @@ public class UserBaseInfoDto {
     */
    private List<ClientRoleDto> clientRoleDtoList;

    private Integer isAble;

    private Integer isExpire;

 }
--- a/tuoheng_oidc_server/src/main/resources/mapper/UserMapper.xml
+++ b/tuoheng_oidc_server/src/main/resources/mapper/UserMapper.xml
@@ -6,6 +6,8 @@
        <id column="userId" jdbcType="INTEGER" property="userId"/>
        <result column="userName" jdbcType="VARCHAR" property="userName"/>
        <result column="password" jdbcType="VARCHAR" property="password"/>
        <result column="isAble" jdbcType="INTEGER" property="isAble"/>
        <result column="isExpire" jdbcType="INTEGER" property="isExpire"/>
        <collection property="authorityList" ofType="java.lang.String" javaType="java.util.List">
            <result column="authority" jdbcType="VARCHAR"/>
        </collection>
@@ -26,7 +28,9 @@
               a.password,
               b.authority,
               c.client_id as clientId,
               c.role_id   as roleId
               c.role_id   as roleId,
               a.is_able   as isAble,
               a.is_expire as isExpire
        from users a
                 left join authorities b on a.id = b.user_id
                 left join t_client_user_role c on a.id = c.user_id
@@ -39,7 +43,9 @@
               a.password,
               b.authority,
               c.client_id as clientId,
               c.role_id   as roleId
               c.role_id   as roleId,
               a.is_able   as isAble,
               a.is_expire as isExpire
        from users a
                 left join authorities b on a.id = b.user_id
                 left join t_client_user_role c on a.id = c.user_id
--- a/tuoheng_oidc_server/target/classes/com/tuoheng/config/SecurityConfig.class
+++ b/tuoheng_oidc_server/target/classes/com/tuoheng/config/SecurityConfig.class
--- a/tuoheng_oidc_server/target/classes/com/tuoheng/model/dto/UserBaseInfoDto.class
+++ b/tuoheng_oidc_server/target/classes/com/tuoheng/model/dto/UserBaseInfoDto.class
--- a/tuoheng_oidc_server/target/classes/mapper/UserMapper.xml
+++ b/tuoheng_oidc_server/target/classes/mapper/UserMapper.xml
@@ -6,6 +6,8 @@
        <id column="userId" jdbcType="INTEGER" property="userId"/>
        <result column="userName" jdbcType="VARCHAR" property="userName"/>
        <result column="password" jdbcType="VARCHAR" property="password"/>
        <result column="isAble" jdbcType="INTEGER" property="isAble"/>
        <result column="isExpire" jdbcType="INTEGER" property="isExpire"/>
        <collection property="authorityList" ofType="java.lang.String" javaType="java.util.List">
            <result column="authority" jdbcType="VARCHAR"/>
        </collection>
@@ -26,7 +28,9 @@
               a.password,
               b.authority,
               c.client_id as clientId,
               c.role_id   as roleId
               c.role_id   as roleId,
               a.is_able   as isAble,
               a.is_expire as isExpire
        from users a
                 left join authorities b on a.id = b.user_id
                 left join t_client_user_role c on a.id = c.user_id
@@ -39,7 +43,9 @@
               a.password,
               b.authority,
               c.client_id as clientId,
               c.role_id   as roleId
               c.role_id   as roleId,
               a.is_able   as isAble,
               a.is_expire as isExpire
        from users a
                 left join authorities b on a.id = b.user_id
                 left join t_client_user_role c on a.id = c.user_id