Spring Security OAuth2自定义Token获取方式

64.Spring-Security-OAuth2-Customize/pom.xml

@@ -0,0 +1,70 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+    <parent>
+        <groupId>org.springframework.boot</groupId>
+        <artifactId>spring-boot-starter-parent</artifactId>
+        <version>2.1.6.RELEASE</version>
+        <relativePath/> <!-- lookup parent from repository -->
+    </parent>
+    <groupId>cc.mrbird</groupId>
+    <artifactId>security</artifactId>
+    <version>0.0.1-SNAPSHOT</version>
+    <name>security</name>
+    <description>Demo project for Spring Boot</description>
+
+    <properties>
+        <java.version>1.8</java.version>
+        <spring-cloud.version>Greenwich.SR1</spring-cloud.version>
+    </properties>
+
+    <dependencies>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-web</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.cloud</groupId>
+            <artifactId>spring-cloud-starter</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.cloud</groupId>
+            <artifactId>spring-cloud-starter-oauth2</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.cloud</groupId>
+            <artifactId>spring-cloud-starter-security</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.commons</groupId>
+            <artifactId>commons-lang3</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-data-redis</artifactId>
+        </dependency>
+    </dependencies>
+
+    <dependencyManagement>
+        <dependencies>
+            <dependency>
+                <groupId>org.springframework.cloud</groupId>
+                <artifactId>spring-cloud-dependencies</artifactId>
+                <version>${spring-cloud.version}</version>
+                <type>pom</type>
+                <scope>import</scope>
+            </dependency>
+        </dependencies>
+    </dependencyManagement>
+
+    <build>
+        <plugins>
+            <plugin>
+                <groupId>org.springframework.boot</groupId>
+                <artifactId>spring-boot-maven-plugin</artifactId>
+            </plugin>
+        </plugins>
+    </build>
+
+</project>

64.Spring-Security-OAuth2-Customize/src/main/java/cc/mrbird/security/SecurityApplication.java

@@ -0,0 +1,13 @@
+package cc.mrbird.security;
+
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+
+@SpringBootApplication
+public class SecurityApplication {
+
+    public static void main(String[] args) {
+        SpringApplication.run(SecurityApplication.class, args);
+    }
+
+}

64.Spring-Security-OAuth2-Customize/src/main/java/cc/mrbird/security/config/AuthorizationServerConfig.java

@@ -0,0 +1,20 @@
+package cc.mrbird.security.config;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
+
+/**
+ * @author MrBird
+ */
+@Configuration
+@EnableAuthorizationServer
+public class AuthorizationServerConfig {
+
+    @Bean
+    public PasswordEncoder passwordEncoder() {
+        return new BCryptPasswordEncoder();
+    }
+}

64.Spring-Security-OAuth2-Customize/src/main/java/cc/mrbird/security/config/ResourceServerConfig.java

@@ -0,0 +1,46 @@
+package cc.mrbird.security.config;
+
+import cc.mrbird.security.handler.MyAuthenticationFailureHandler;
+import cc.mrbird.security.handler.MyAuthenticationSucessHandler;
+import cc.mrbird.security.validate.smscode.SmsAuthenticationConfig;
+import cc.mrbird.security.validate.smscode.SmsCodeFilter;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
+import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
+import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
+
+/**
+ * @author MrBird
+ */
+@Configuration
+@EnableResourceServer
+public class ResourceServerConfig extends ResourceServerConfigurerAdapter {
+
+    @Autowired
+    private MyAuthenticationSucessHandler authenticationSucessHandler;
+    @Autowired
+    private MyAuthenticationFailureHandler authenticationFailureHandler;
+    @Autowired
+    private SmsCodeFilter smsCodeFilter;
+    @Autowired
+    private SmsAuthenticationConfig smsAuthenticationConfig;
+
+    @Override
+    public void configure(HttpSecurity http) throws Exception {
+        http.addFilterBefore(smsCodeFilter, UsernamePasswordAuthenticationFilter.class) // 添加短信验证码校验过滤器
+                .formLogin() // 表单登录
+                .loginProcessingUrl("/login") // 处理表单登录 URL
+                .successHandler(authenticationSucessHandler) // 处理登录成功
+                .failureHandler(authenticationFailureHandler) // 处理登录失败
+            .and()
+                .authorizeRequests() // 授权配置
+                .antMatchers("/code/sms").permitAll()
+                .anyRequest()  // 所有请求
+                .authenticated() // 都需要认证
+            .and()
+                .csrf().disable()
+            .apply(smsAuthenticationConfig);
+    }
+}

64.Spring-Security-OAuth2-Customize/src/main/java/cc/mrbird/security/controller/UserController.java

@@ -0,0 +1,18 @@
+package cc.mrbird.security.controller;
+
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.annotation.AuthenticationPrincipal;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+/**
+ * @author MrBird
+ */
+@RestController
+public class UserController {
+
+    @GetMapping("index")
+    public Object index(@AuthenticationPrincipal Authentication authentication){
+        return authentication;
+    }
+}

64.Spring-Security-OAuth2-Customize/src/main/java/cc/mrbird/security/controller/ValidateController.java

@@ -0,0 +1,33 @@
+package cc.mrbird.security.controller;
+
+import cc.mrbird.security.service.RedisCodeService;
+import cc.mrbird.security.validate.smscode.SmsCode;
+import org.apache.commons.lang3.RandomStringUtils;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RestController;
+import org.springframework.web.context.request.ServletWebRequest;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+@RestController
+public class ValidateController {
+
+    @Autowired
+    private RedisCodeService redisCodeService;
+
+    @GetMapping("/code/sms")
+    public void createSmsCode(HttpServletRequest request, HttpServletResponse response, String mobile) throws Exception {
+        SmsCode smsCode = createSMSCode();
+        redisCodeService.save(smsCode, new ServletWebRequest(request), mobile);
+        // 输出验证码到控制台代替短信发送服务
+        System.out.println("手机号" + mobile + "的登录验证码为：" + smsCode.getCode() + "，有效时间为120秒");
+    }
+
+    private SmsCode createSMSCode() {
+        String code = RandomStringUtils.randomNumeric(6);
+        return new SmsCode(code);
+    }
+
+}

64.Spring-Security-OAuth2-Customize/src/main/java/cc/mrbird/security/domain/MyUser.java

@@ -0,0 +1,67 @@
+package cc.mrbird.security.domain;
+
+import java.io.Serializable;
+
+public class MyUser implements Serializable {
+    private static final long serialVersionUID = 3497935890426858541L;
+
+    private String userName;
+
+    private String password;
+
+    private boolean accountNonExpired = true;
+
+    private boolean accountNonLocked= true;
+
+    private boolean credentialsNonExpired= true;
+
+    private boolean enabled= true;
+
+    public String getUserName() {
+        return userName;
+    }
+
+    public void setUserName(String userName) {
+        this.userName = userName;
+    }
+
+    public String getPassword() {
+        return password;
+    }
+
+    public void setPassword(String password) {
+        this.password = password;
+    }
+
+    public boolean isAccountNonExpired() {
+        return accountNonExpired;
+    }
+
+    public void setAccountNonExpired(boolean accountNonExpired) {
+        this.accountNonExpired = accountNonExpired;
+    }
+
+    public boolean isAccountNonLocked() {
+        return accountNonLocked;
+    }
+
+    public void setAccountNonLocked(boolean accountNonLocked) {
+        this.accountNonLocked = accountNonLocked;
+    }
+
+    public boolean isCredentialsNonExpired() {
+        return credentialsNonExpired;
+    }
+
+    public void setCredentialsNonExpired(boolean credentialsNonExpired) {
+        this.credentialsNonExpired = credentialsNonExpired;
+    }
+
+    public boolean isEnabled() {
+        return enabled;
+    }
+
+    public void setEnabled(boolean enabled) {
+        this.enabled = enabled;
+    }
+}

64.Spring-Security-OAuth2-Customize/src/main/java/cc/mrbird/security/handler/MyAuthenticationFailureHandler.java

@@ -0,0 +1,28 @@
+package cc.mrbird.security.handler;
+
+import com.fasterxml.jackson.databind.ObjectMapper;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.http.HttpStatus;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.web.authentication.AuthenticationFailureHandler;
+import org.springframework.stereotype.Component;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+
+@Component
+public class MyAuthenticationFailureHandler implements AuthenticationFailureHandler {
+
+    @Autowired
+    private ObjectMapper mapper;
+
+    @Override
+    public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response,
+                                        AuthenticationException exception) throws IOException {
+        response.setStatus(HttpStatus.INTERNAL_SERVER_ERROR.value());
+        response.setContentType("application/json;charset=utf-8");
+        response.getWriter().write(mapper.writeValueAsString(exception.getMessage()));
+    }
+}

64.Spring-Security-OAuth2-Customize/src/main/java/cc/mrbird/security/handler/MyAuthenticationSucessHandler.java

@@ -0,0 +1,93 @@
+package cc.mrbird.security.handler;
+
+import com.fasterxml.jackson.databind.ObjectMapper;
+import org.apache.commons.lang3.StringUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.authentication.BadCredentialsException;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.oauth2.common.OAuth2AccessToken;
+import org.springframework.security.oauth2.common.exceptions.UnapprovedClientAuthenticationException;
+import org.springframework.security.oauth2.provider.*;
+import org.springframework.security.oauth2.provider.token.AuthorizationServerTokenServices;
+import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
+import org.springframework.stereotype.Component;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+import java.nio.charset.StandardCharsets;
+import java.util.Base64;
+import java.util.HashMap;
+
+@Component
+public class MyAuthenticationSucessHandler implements AuthenticationSuccessHandler {
+
+    private Logger log = LoggerFactory.getLogger(this.getClass());
+
+    @Autowired
+    private ClientDetailsService clientDetailsService;
+    @Autowired
+    private AuthorizationServerTokenServices authorizationServerTokenServices;
+
+    @Override
+    public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException {
+        // 1. 从请求头中获取 ClientId
+        String header = request.getHeader("Authorization");
+        if (header == null || !header.startsWith("Basic ")) {
+            throw new UnapprovedClientAuthenticationException("请求头中无client信息");
+        }
+
+        String[] tokens = this.extractAndDecodeHeader(header, request);
+        String clientId = tokens[0];
+        String clientSecret = tokens[1];
+
+        TokenRequest tokenRequest = null;
+
+        // 2. 通过 ClientDetailsService 获取 ClientDetails
+        ClientDetails clientDetails = clientDetailsService.loadClientByClientId(clientId);
+
+        // 3. 校验 ClientId和 ClientSecret的正确性
+        if (clientDetails == null) {
+            throw new UnapprovedClientAuthenticationException("clientId:" + clientId + "对应的信息不存在");
+        } else if (!StringUtils.equals(clientDetails.getClientSecret(), clientSecret)) {
+            throw new UnapprovedClientAuthenticationException("clientSecret不正确");
+        } else {
+            // 4. 通过 TokenRequest构造器生成 TokenRequest
+            tokenRequest = new TokenRequest(new HashMap<>(), clientId, clientDetails.getScope(), "custom");
+        }
+
+        // 5. 通过 TokenRequest的 createOAuth2Request方法获取 OAuth2Request
+        OAuth2Request oAuth2Request = tokenRequest.createOAuth2Request(clientDetails);
+        // 6. 通过 Authentication和 OAuth2Request构造出 OAuth2Authentication
+        OAuth2Authentication auth2Authentication = new OAuth2Authentication(oAuth2Request, authentication);
+
+        // 7. 通过 AuthorizationServerTokenServices 生成 OAuth2AccessToken
+        OAuth2AccessToken token = authorizationServerTokenServices.createAccessToken(auth2Authentication);
+
+        // 8. 返回 Token
+        log.info("登录成功");
+        response.setContentType("application/json;charset=UTF-8");
+        response.getWriter().write(new ObjectMapper().writeValueAsString(token));
+    }
+
+    private String[] extractAndDecodeHeader(String header, HttpServletRequest request) {
+        byte[] base64Token = header.substring(6).getBytes(StandardCharsets.UTF_8);
+
+        byte[] decoded;
+        try {
+            decoded = Base64.getDecoder().decode(base64Token);
+        } catch (IllegalArgumentException var7) {
+            throw new BadCredentialsException("Failed to decode basic authentication token");
+        }
+
+        String token = new String(decoded, StandardCharsets.UTF_8);
+        int delim = token.indexOf(":");
+        if (delim == -1) {
+            throw new BadCredentialsException("Invalid basic authentication token");
+        } else {
+            return new String[]{token.substring(0, delim), token.substring(delim + 1)};
+        }
+    }
+}