xiaoying
1 year ago
8 changed files with 86 additions and 26 deletions
+ 14
- 5
tuoheng_oidc_server/src/main/java/com/tuoheng/config/SecurityConfig.java
View File
| package com.tuoheng.config; | package com.tuoheng.config; | ||||
| import com.tuoheng.exception.DiyException; | |||||
| import com.tuoheng.oauth2.authentication.OAuth2ResourceOwnerPasswordAuthenticationConverter; | import com.tuoheng.oauth2.authentication.OAuth2ResourceOwnerPasswordAuthenticationConverter; | ||||
| import com.tuoheng.handler.AccessDeniedHandler; | import com.tuoheng.handler.AccessDeniedHandler; | ||||
| import com.tuoheng.mapper.UserMapper; | import com.tuoheng.mapper.UserMapper; | ||||
| import org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization.OAuth2AuthorizationServerConfigurer; | import org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization.OAuth2AuthorizationServerConfigurer; | ||||
| import org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer; | import org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer; | ||||
| import org.springframework.security.core.userdetails.UserDetailsService; | import org.springframework.security.core.userdetails.UserDetailsService; | ||||
| import org.springframework.security.oauth2.core.OAuth2AuthenticationException; | |||||
| import org.springframework.security.oauth2.core.OAuth2Token; | import org.springframework.security.oauth2.core.OAuth2Token; | ||||
| import org.springframework.security.oauth2.core.oidc.OidcUserInfo; | import org.springframework.security.oauth2.core.oidc.OidcUserInfo; | ||||
| import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService; | import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService; | ||||
| OidcUserInfoAuthenticationToken authentication = context.getAuthentication(); | OidcUserInfoAuthenticationToken authentication = context.getAuthentication(); | ||||
| JwtAuthenticationToken principal = (JwtAuthenticationToken) authentication.getPrincipal(); | JwtAuthenticationToken principal = (JwtAuthenticationToken) authentication.getPrincipal(); | ||||
| UserBaseInfoDto userBaseInfoDto = userMapper.getUserBaseInfo(principal.getName()); | UserBaseInfoDto userBaseInfoDto = userMapper.getUserBaseInfo(principal.getName()); | ||||
| // 在这里做校验 | |||||
| if (0 == userBaseInfoDto.getIsAble()) { | |||||
| throw new DiyException(1001, "该账号已被禁用,请联系系统管理员"); | |||||
| } | |||||
| if (0 == userBaseInfoDto.getIsExpire()) { | |||||
| throw new DiyException(1002, "系统有效期已过,请联系系统管理员"); | |||||
| } | |||||
| return oidcUserInfoService.loadUser(principal.getName(), context.getAccessToken().getScopes(), userBaseInfoDto); | return oidcUserInfoService.loadUser(principal.getName(), context.getAccessToken().getScopes(), userBaseInfoDto); | ||||
| }; | }; | ||||
| authorizationServerConfigurer.oidc((oidc) -> { | authorizationServerConfigurer.oidc((oidc) -> { | ||||
| .authorizeRequests((authorizeRequests) -> { | .authorizeRequests((authorizeRequests) -> { | ||||
| ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) authorizeRequests.anyRequest()).authenticated(); | ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) authorizeRequests.anyRequest()).authenticated(); | ||||
| }).csrf((csrf) -> { | }).csrf((csrf) -> { | ||||
| csrf.ignoringRequestMatchers(new RequestMatcher[]{endpointsMatcher}); | |||||
| }).apply(authorizationServerConfigurer) | |||||
| csrf.ignoringRequestMatchers(new RequestMatcher[]{endpointsMatcher}); | |||||
| }).apply(authorizationServerConfigurer) | |||||
| .and() | .and() | ||||
| .oauth2ResourceServer(OAuth2ResourceServerConfigurer::jwt) | .oauth2ResourceServer(OAuth2ResourceServerConfigurer::jwt) | ||||
| .exceptionHandling(exceptions -> exceptions | .exceptionHandling(exceptions -> exceptions | ||||
| .authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/toLogin")) | .authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/toLogin")) | ||||
| .accessDeniedHandler(new AccessDeniedHandler())) | .accessDeniedHandler(new AccessDeniedHandler())) | ||||
| //.authenticationEntryPoint(new AuthenticationEntryPoint())) | |||||
| //.authenticationEntryPoint(new AuthenticationEntryPoint())) | |||||
| .apply(authorizationServerConfigurer); | .apply(authorizationServerConfigurer); | ||||
| SecurityFilterChain securityFilterChain = http.build(); | SecurityFilterChain securityFilterChain = http.build(); | ||||
| addCustomOAuth2ResourceOwnerPasswordAuthenticationProvider(http); | addCustomOAuth2ResourceOwnerPasswordAuthenticationProvider(http); | ||||
| @Order(2) | @Order(2) | ||||
| SecurityFilterChain defaultSecurityFilterChain(HttpSecurity http) throws Exception { | SecurityFilterChain defaultSecurityFilterChain(HttpSecurity http) throws Exception { | ||||
| //http.addFilterBefore(verifyCodeFilter, UsernamePasswordAuthenticationFilter.class); | //http.addFilterBefore(verifyCodeFilter, UsernamePasswordAuthenticationFilter.class); | ||||
| http.addFilterAt(new VerifyCodeFilter(),UsernamePasswordAuthenticationFilter.class); | |||||
| http.addFilterAt(new VerifyCodeFilter(), UsernamePasswordAuthenticationFilter.class); | |||||
| http.csrf().disable() | http.csrf().disable() | ||||
| .authorizeHttpRequests((authorize) -> authorize | .authorizeHttpRequests((authorize) -> authorize | ||||
| .antMatchers("/toLogin", "/getHealth", "/static/**", "/vercode").permitAll() | .antMatchers("/toLogin", "/getHealth", "/static/**", "/vercode").permitAll() | ||||
| .antMatchers("/user/create","/user/getInfo").permitAll() | |||||
| .antMatchers("/user/create", "/user/getInfo").permitAll() | |||||
| .anyRequest().authenticated() | .anyRequest().authenticated() | ||||
| ) | ) | ||||
| // Form login handles the redirect to the login page from the | // Form login handles the redirect to the login page from the |
+ 52
- 0
tuoheng_oidc_server/src/main/java/com/tuoheng/exception/DiyException.java
View File
| package com.tuoheng.exception; | |||||
| public class DiyException extends RuntimeException { | |||||
| private static final long serialVersionUID = -783442404816393286L; | |||||
| //默认错误异常码为-1 | |||||
| public static final int ERROR_CODE_DEFAULT = -1; | |||||
| private String msg; | |||||
| private int code; | |||||
| public String getMsg() { | |||||
| return msg; | |||||
| } | |||||
| public void setMsg(String msg) { | |||||
| this.msg = msg; | |||||
| } | |||||
| public int getCode() { | |||||
| return code; | |||||
| } | |||||
| public void setCode(int code) { | |||||
| this.code = code; | |||||
| } | |||||
| /** | |||||
| * 带参构造器 | |||||
| * | |||||
| * @param msg 异常信息 | |||||
| */ | |||||
| public DiyException(String msg) { | |||||
| super(msg); | |||||
| this.code = ERROR_CODE_DEFAULT; | |||||
| this.msg = msg; | |||||
| } | |||||
| /** | |||||
| * 带参构造器 | |||||
| * | |||||
| * @param code 异常码 | |||||
| * @param msg 异常信息 | |||||
| */ | |||||
| public DiyException(int code, String msg) { | |||||
| super(msg); | |||||
| this.code = code; | |||||
| this.msg = msg; | |||||
| } | |||||
| } | |||||
+ 0
- 17
tuoheng_oidc_server/src/main/java/com/tuoheng/model/dto/AuthoritiesDto.java
View File
| package com.tuoheng.model.dto; | |||||
| import lombok.Data; | |||||
| /** | |||||
| * @Author xiaoying | |||||
| * @Date 2023/7/3 9:49 | |||||
| */ | |||||
| @Data | |||||
| public class AuthoritiesDto { | |||||
| private String authority; | |||||
| private Integer status; | |||||
| } |
+ 4
- 0
tuoheng_oidc_server/src/main/java/com/tuoheng/model/dto/UserBaseInfoDto.java
View File
| */ | */ | ||||
| private List<ClientRoleDto> clientRoleDtoList; | private List<ClientRoleDto> clientRoleDtoList; | ||||
| private Integer isAble; | |||||
| private Integer isExpire; | |||||
| } | } |
+ 8
- 2
tuoheng_oidc_server/src/main/resources/mapper/UserMapper.xml
View File
| <id column="userId" jdbcType="INTEGER" property="userId"/> | <id column="userId" jdbcType="INTEGER" property="userId"/> | ||||
| <result column="userName" jdbcType="VARCHAR" property="userName"/> | <result column="userName" jdbcType="VARCHAR" property="userName"/> | ||||
| <result column="password" jdbcType="VARCHAR" property="password"/> | <result column="password" jdbcType="VARCHAR" property="password"/> | ||||
| <result column="isAble" jdbcType="INTEGER" property="isAble"/> | |||||
| <result column="isExpire" jdbcType="INTEGER" property="isExpire"/> | |||||
| <collection property="authorityList" ofType="java.lang.String" javaType="java.util.List"> | <collection property="authorityList" ofType="java.lang.String" javaType="java.util.List"> | ||||
| <result column="authority" jdbcType="VARCHAR"/> | <result column="authority" jdbcType="VARCHAR"/> | ||||
| </collection> | </collection> | ||||
| a.password, | a.password, | ||||
| b.authority, | b.authority, | ||||
| c.client_id as clientId, | c.client_id as clientId, | ||||
| c.role_id as roleId | |||||
| c.role_id as roleId, | |||||
| a.is_able as isAble, | |||||
| a.is_expire as isExpire | |||||
| from users a | from users a | ||||
| left join authorities b on a.id = b.user_id | left join authorities b on a.id = b.user_id | ||||
| left join t_client_user_role c on a.id = c.user_id | left join t_client_user_role c on a.id = c.user_id | ||||
| a.password, | a.password, | ||||
| b.authority, | b.authority, | ||||
| c.client_id as clientId, | c.client_id as clientId, | ||||
| c.role_id as roleId | |||||
| c.role_id as roleId, | |||||
| a.is_able as isAble, | |||||
| a.is_expire as isExpire | |||||
| from users a | from users a | ||||
| left join authorities b on a.id = b.user_id | left join authorities b on a.id = b.user_id | ||||
| left join t_client_user_role c on a.id = c.user_id | left join t_client_user_role c on a.id = c.user_id |
BIN
tuoheng_oidc_server/target/classes/com/tuoheng/config/SecurityConfig.class
View File
BIN
tuoheng_oidc_server/target/classes/com/tuoheng/model/dto/UserBaseInfoDto.class
View File
+ 8
- 2
tuoheng_oidc_server/target/classes/mapper/UserMapper.xml
View File
| <id column="userId" jdbcType="INTEGER" property="userId"/> | <id column="userId" jdbcType="INTEGER" property="userId"/> | ||||
| <result column="userName" jdbcType="VARCHAR" property="userName"/> | <result column="userName" jdbcType="VARCHAR" property="userName"/> | ||||
| <result column="password" jdbcType="VARCHAR" property="password"/> | <result column="password" jdbcType="VARCHAR" property="password"/> | ||||
| <result column="isAble" jdbcType="INTEGER" property="isAble"/> | |||||
| <result column="isExpire" jdbcType="INTEGER" property="isExpire"/> | |||||
| <collection property="authorityList" ofType="java.lang.String" javaType="java.util.List"> | <collection property="authorityList" ofType="java.lang.String" javaType="java.util.List"> | ||||
| <result column="authority" jdbcType="VARCHAR"/> | <result column="authority" jdbcType="VARCHAR"/> | ||||
| </collection> | </collection> | ||||
| a.password, | a.password, | ||||
| b.authority, | b.authority, | ||||
| c.client_id as clientId, | c.client_id as clientId, | ||||
| c.role_id as roleId | |||||
| c.role_id as roleId, | |||||
| a.is_able as isAble, | |||||
| a.is_expire as isExpire | |||||
| from users a | from users a | ||||
| left join authorities b on a.id = b.user_id | left join authorities b on a.id = b.user_id | ||||
| left join t_client_user_role c on a.id = c.user_id | left join t_client_user_role c on a.id = c.user_id | ||||
| a.password, | a.password, | ||||
| b.authority, | b.authority, | ||||
| c.client_id as clientId, | c.client_id as clientId, | ||||
| c.role_id as roleId | |||||
| c.role_id as roleId, | |||||
| a.is_able as isAble, | |||||
| a.is_expire as isExpire | |||||
| from users a | from users a | ||||
| left join authorities b on a.id = b.user_id | left join authorities b on a.id = b.user_id | ||||
| left join t_client_user_role c on a.id = c.user_id | left join t_client_user_role c on a.id = c.user_id |
Loading…