认证服务器调整
This commit is contained in:
wangjianhong
@@ -1,6 +1,6 @@
|
|||||||
package com.arrokoth.standalone.authorization.common.util;
|
package com.arrokoth.standalone.authorization.common.util;
|
||||||
|
|
||||||
import com.arrokoth.standalone.authorization.common.exception.JwtException;
|
import com.arrokoth.standalone.authorization.exception.JwtException;
|
||||||
import com.nimbusds.jose.JOSEException;
|
import com.nimbusds.jose.JOSEException;
|
||||||
import com.nimbusds.jose.JWSAlgorithm;
|
import com.nimbusds.jose.JWSAlgorithm;
|
||||||
import com.nimbusds.jose.JWSHeader;
|
import com.nimbusds.jose.JWSHeader;
|
||||||
|
|||||||
@@ -27,6 +27,7 @@ public class SecurityWebAutoConfigurer {
|
|||||||
private final SecurityWebProperties securityWebProperties;
|
private final SecurityWebProperties securityWebProperties;
|
||||||
private final SessionRegistry sessionRegistry;
|
private final SessionRegistry sessionRegistry;
|
||||||
private final JwtRequestFilter jwtRequestFilter;
|
private final JwtRequestFilter jwtRequestFilter;
|
||||||
|
// private final LoginFilter loginFilter;
|
||||||
|
|
||||||
private final AuthenticationSuccessHandler sampleAuthenticationSuccessHandler;
|
private final AuthenticationSuccessHandler sampleAuthenticationSuccessHandler;
|
||||||
private final AuthenticationFailureHandler sampleAuthenticationFailureHandler;
|
private final AuthenticationFailureHandler sampleAuthenticationFailureHandler;
|
||||||
@@ -63,6 +64,7 @@ public class SecurityWebAutoConfigurer {
|
|||||||
|
|
||||||
private void configureJwtAuthentication(HttpSecurity http) {
|
private void configureJwtAuthentication(HttpSecurity http) {
|
||||||
http.addFilterBefore(jwtRequestFilter, UsernamePasswordAuthenticationFilter.class);
|
http.addFilterBefore(jwtRequestFilter, UsernamePasswordAuthenticationFilter.class);
|
||||||
|
// http.addFilterAt(loginFilter, UsernamePasswordAuthenticationFilter.class);
|
||||||
}
|
}
|
||||||
|
|
||||||
private void configureFormLogin(HttpSecurity http) throws Exception {
|
private void configureFormLogin(HttpSecurity http) throws Exception {
|
||||||
|
|||||||
@@ -1,9 +1,9 @@
|
|||||||
package com.arrokoth.standalone.authorization.controller;
|
package com.arrokoth.standalone.authorization.controller;
|
||||||
|
|
||||||
import com.arrokoth.standalone.authorization.common.basic.BasicModel;
|
import com.arrokoth.standalone.authorization.common.basic.BasicModel;
|
||||||
|
import com.arrokoth.standalone.authorization.common.util.JwtUtils;
|
||||||
import com.arrokoth.standalone.authorization.properties.SecurityWebProperties;
|
import com.arrokoth.standalone.authorization.properties.SecurityWebProperties;
|
||||||
import com.arrokoth.standalone.authorization.service.AuthorizationService;
|
import com.arrokoth.standalone.authorization.service.AuthorizationService;
|
||||||
import com.arrokoth.standalone.authorization.common.util.JwtUtils;
|
|
||||||
import io.swagger.v3.oas.annotations.Operation;
|
import io.swagger.v3.oas.annotations.Operation;
|
||||||
import jakarta.servlet.http.HttpServletRequest;
|
import jakarta.servlet.http.HttpServletRequest;
|
||||||
import jakarta.validation.Valid;
|
import jakarta.validation.Valid;
|
||||||
|
|||||||
@@ -1,4 +1,4 @@
|
|||||||
package com.arrokoth.standalone.authorization.common.exception;
|
package com.arrokoth.standalone.authorization.exception;
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
@@ -0,0 +1,85 @@
|
|||||||
|
//package com.arrokoth.standalone.authorization.filter;
|
||||||
|
//
|
||||||
|
//import com.arrokoth.framework.boot.graceful.response.RestResponseFactory;
|
||||||
|
//import com.arrokoth.framework.boot.rest.RestResponse;
|
||||||
|
//import com.arrokoth.standalone.authorization.common.basic.BasicModel;
|
||||||
|
//import com.arrokoth.standalone.authorization.service.AuthorizationService;
|
||||||
|
//import com.fasterxml.jackson.databind.ObjectMapper;
|
||||||
|
//import jakarta.servlet.FilterChain;
|
||||||
|
//import jakarta.servlet.http.HttpServletRequest;
|
||||||
|
//import jakarta.servlet.http.HttpServletResponse;
|
||||||
|
//import org.springframework.beans.factory.annotation.Autowired;
|
||||||
|
//import org.springframework.security.authentication.AuthenticationManager;
|
||||||
|
//import org.springframework.security.authentication.AuthenticationServiceException;
|
||||||
|
//import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
|
||||||
|
//import org.springframework.security.core.Authentication;
|
||||||
|
//import org.springframework.security.core.session.SessionRegistry;
|
||||||
|
//import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
|
||||||
|
//import org.springframework.stereotype.Component;
|
||||||
|
//
|
||||||
|
//import java.io.IOException;
|
||||||
|
//import java.io.PrintWriter;
|
||||||
|
//
|
||||||
|
//@Component
|
||||||
|
//public class LoginFilter extends UsernamePasswordAuthenticationFilter {
|
||||||
|
//
|
||||||
|
// @Autowired
|
||||||
|
// private SessionRegistry sessionRegistry;
|
||||||
|
//
|
||||||
|
//
|
||||||
|
// AuthorizationService authorizationService;
|
||||||
|
//
|
||||||
|
// @Autowired
|
||||||
|
// RestResponseFactory restResponseFactory;
|
||||||
|
//
|
||||||
|
// @Autowired
|
||||||
|
// public LoginFilter(AuthenticationManager authenticationManager,AuthorizationService authorizationService) {
|
||||||
|
// this.authorizationService =authorizationService;
|
||||||
|
// this.setAuthenticationManager(authenticationManager);
|
||||||
|
// this.setFilterProcessesUrl("/user/login"); // 设置登录URL
|
||||||
|
// }
|
||||||
|
// @Override
|
||||||
|
// public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) {
|
||||||
|
// if (!request.getMethod().equals("POST")) {
|
||||||
|
// throw new AuthenticationServiceException("Authentication method not supported: " + request.getMethod());
|
||||||
|
// }
|
||||||
|
// try {
|
||||||
|
// // 解析请求体中的 JSON
|
||||||
|
// ObjectMapper mapper = new ObjectMapper();
|
||||||
|
// BasicModel.LoginRequest loginRequest = mapper.readValue(request.getInputStream(), BasicModel.LoginRequest.class);
|
||||||
|
// // 创建认证 Token
|
||||||
|
// UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(loginRequest.username(), loginRequest.password());
|
||||||
|
// return getAuthenticationManager().authenticate(authRequest);
|
||||||
|
// } catch (IOException e) {
|
||||||
|
// throw new RuntimeException("Could not read request", e);
|
||||||
|
// }
|
||||||
|
// }
|
||||||
|
//
|
||||||
|
//
|
||||||
|
// @Override
|
||||||
|
// protected void successfulAuthentication(HttpServletRequest request,
|
||||||
|
// HttpServletResponse response,
|
||||||
|
// FilterChain chain,
|
||||||
|
// Authentication authentication) throws IOException {
|
||||||
|
// ObjectMapper mapper = new ObjectMapper();
|
||||||
|
//
|
||||||
|
//
|
||||||
|
// Object principal = authentication.getPrincipal();
|
||||||
|
//
|
||||||
|
//
|
||||||
|
// BasicModel.LoginRequest loginRequest = new BasicModel.LoginRequest("admin","");
|
||||||
|
//
|
||||||
|
//
|
||||||
|
// // 登录成功:生成 Token 并返回
|
||||||
|
// BasicModel.Token token = authorizationService.login(loginRequest);
|
||||||
|
// RestResponse restResponse = restResponseFactory.newSuccessInstance(token);
|
||||||
|
//
|
||||||
|
// response.setContentType("application/json;charset=UTF-8");
|
||||||
|
// PrintWriter out = response.getWriter();
|
||||||
|
// String jsonResponse = mapper.writeValueAsString(restResponse);
|
||||||
|
// out.print(jsonResponse);
|
||||||
|
// out.flush();
|
||||||
|
// }
|
||||||
|
//
|
||||||
|
//
|
||||||
|
//}
|
||||||
@@ -71,6 +71,7 @@ public class SecurityWebProperties {
|
|||||||
private static final List<String> DEFAULT_PERMIT_URLS = Arrays.asList(
|
private static final List<String> DEFAULT_PERMIT_URLS = Arrays.asList(
|
||||||
AXIOS_LOGIN_PROCESSING_URL,
|
AXIOS_LOGIN_PROCESSING_URL,
|
||||||
DEFAULT_LOGIN_PROCESSING_URL,
|
DEFAULT_LOGIN_PROCESSING_URL,
|
||||||
|
"/favicon.*",
|
||||||
"/login",
|
"/login",
|
||||||
"/logout",
|
"/logout",
|
||||||
"/connect/logout",
|
"/connect/logout",
|
||||||
|
|||||||
@@ -13,9 +13,10 @@ public class AuthorizationServiceImpl implements AuthorizationService {
|
|||||||
@Override
|
@Override
|
||||||
public BasicModel.Token login(BasicModel.LoginRequest loginRequest) {
|
public BasicModel.Token login(BasicModel.LoginRequest loginRequest) {
|
||||||
|
|
||||||
String accessToken = JwtUtils.createAccessToken(loginRequest.username());
|
String username = loginRequest.username();
|
||||||
String refreshToken = JwtUtils.createRefreshToken(loginRequest.username());
|
|
||||||
|
|
||||||
|
String accessToken = JwtUtils.createAccessToken(username);
|
||||||
|
String refreshToken = JwtUtils.createRefreshToken(username);
|
||||||
return new BasicModel.Token(accessToken,
|
return new BasicModel.Token(accessToken,
|
||||||
refreshToken,
|
refreshToken,
|
||||||
"Bearer",
|
"Bearer",
|
||||||
|
|||||||
@@ -99,7 +99,36 @@ public class RegisteredClientRepositoryStore {
|
|||||||
.build())
|
.build())
|
||||||
.build();
|
.build();
|
||||||
|
|
||||||
|
RegisteredClient salaryClient = RegisteredClient.withId(UUID.randomUUID().toString())
|
||||||
|
.clientId("salary-standalone-client")
|
||||||
|
.clientSecret(bCryptPasswordEncoder.encode("salary-secret"))
|
||||||
|
.clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_BASIC)
|
||||||
|
.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
|
||||||
|
.authorizationGrantType(AuthorizationGrantType.REFRESH_TOKEN)
|
||||||
|
.authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS)
|
||||||
|
// 回调地址(授权码返回地址)
|
||||||
|
.redirectUris(uris -> uris.addAll(
|
||||||
|
List.of(
|
||||||
|
|
||||||
return new InMemoryRegisteredClientRepository(oidcClient,gatewayClient, certificateClient);
|
"http://127.0.0.1:9528/cash-admin/callback",
|
||||||
|
"https://www.yyds8848.com/cash-admin/callback",
|
||||||
|
|
||||||
|
"http://127.0.0.1:8092/login/oauth2/code/messaging-client-oidc",
|
||||||
|
"http://127.0.0.1:9528/callback"
|
||||||
|
)
|
||||||
|
))
|
||||||
|
.postLogoutRedirectUri("http://127.0.0.1:8082/logged-out")
|
||||||
|
.scope(OidcScopes.OPENID)
|
||||||
|
.scope(OidcScopes.PROFILE)
|
||||||
|
.scope("salary.read")
|
||||||
|
.scope("salary.write")
|
||||||
|
.clientSettings(ClientSettings.builder().requireAuthorizationConsent(false).build())
|
||||||
|
.tokenSettings(TokenSettings.builder()
|
||||||
|
.accessTokenTimeToLive(Duration.ofHours(1))
|
||||||
|
.refreshTokenTimeToLive(Duration.ofHours(10))
|
||||||
|
.build())
|
||||||
|
.build();
|
||||||
|
|
||||||
|
return new InMemoryRegisteredClientRepository(oidcClient, gatewayClient, certificateClient, salaryClient);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -46,12 +46,12 @@
|
|||||||
<input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}"/>
|
<input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}"/>
|
||||||
<div class="form-group">
|
<div class="form-group">
|
||||||
<label for="username-input">用户名</label>
|
<label for="username-input">用户名</label>
|
||||||
<input id="username-input" name="username" placeholder="请输入用户名" type="text" value="admin">
|
<input id="username-input" name="username" placeholder="请输入用户名" type="text" value="">
|
||||||
</div>
|
</div>
|
||||||
<div class="form-group">
|
<div class="form-group">
|
||||||
<label for="password-input">密码</label>
|
<label for="password-input">密码</label>
|
||||||
<input id="password-input" name="password" placeholder="请输入密码" type="password"
|
<input id="password-input" name="password" placeholder="请输入密码" type="password"
|
||||||
value="123456">
|
value="">
|
||||||
</div>
|
</div>
|
||||||
<div class="form-group" style="display: none">
|
<div class="form-group" style="display: none">
|
||||||
<label for="pass-captcha-input">验证码</label>
|
<label for="pass-captcha-input">验证码</label>
|
||||||
|
|||||||
Reference in New Issue
Block a user