整合security

auth-center/auth-center-api/src/main/java/com/peng/auth/api/pojo/auth/BaseGrantedAuthority.java

@@ -13,6 +13,13 @@ public class BaseGrantedAuthority implements GrantedAuthority {
 
     private BaseRole baseRole;
 
+    public BaseGrantedAuthority(){}
+
+    public BaseGrantedAuthority(BaseUser baseUser, BaseRole baseRole){
+        this.baseUser = baseUser;
+        this.baseRole = baseRole;
+    }
+
     @Override
     public String getAuthority() {
         return baseRole.getRoleCode();

auth-center/auth-center-provider/pom.xml

@@ -25,6 +25,25 @@
             <version>1.0-SNAPSHOT</version>
         </dependency>
 
+        <!-- 数据库连接池 -->
+        <dependency>
+            <groupId>com.alibaba</groupId>
+            <artifactId>druid-spring-boot-starter</artifactId>
+            <version>1.1.2</version>
+        </dependency>
+
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-jdbc</artifactId>
+        </dependency>
+
+        <!-- Mysql 驱动 -->
+        <dependency>
+            <groupId>mysql</groupId>
+            <artifactId>mysql-connector-java</artifactId>
+            <version>5.1.43</version>
+        </dependency>
+
         <dependency>
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-actuator</artifactId>
@@ -54,10 +73,22 @@
             <groupId>org.springframework.cloud</groupId>
             <artifactId>spring-cloud-starter-oauth2</artifactId>
         </dependency>
+
+
         <dependency>
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-freemarker</artifactId>
         </dependency>
+        <dependency>
+            <groupId>org.webjars</groupId>
+            <artifactId>Semantic-UI</artifactId>
+            <version>2.2.10</version>
+        </dependency>
+        <dependency>
+            <groupId>org.webjars</groupId>
+            <artifactId>jquery</artifactId>
+            <version>3.2.1</version>
+        </dependency>
 
         <dependency>
             <groupId>org.springframework.boot</groupId>

auth-center/auth-center-provider/src/main/java/com/peng/auth/provider/AuthCenterProviderApplication.java

@@ -2,11 +2,15 @@
 
 import org.springframework.boot.SpringApplication;
 import org.springframework.cloud.client.SpringCloudApplication;
+import org.springframework.cloud.netflix.feign.EnableFeignClients;
+import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
 
 /**
  * Created by fp295 on 2018/4/2.
  */
 @SpringCloudApplication
+@EnableAuthorizationServer
+@EnableFeignClients("com.peng.main.client")
 public class AuthCenterProviderApplication {
    public static void main(String[] args){
        SpringApplication.run(AuthCenterProviderApplication.class, args);

auth-center/auth-center-provider/src/main/java/com/peng/auth/provider/config/auth/AuthorizationServerConfig.java

@@ -8,7 +8,9 @@
 import org.springframework.boot.web.servlet.FilterRegistrationBean;
 import org.springframework.boot.web.servlet.RegistrationBean;
 import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
 import org.springframework.core.Ordered;
+import org.springframework.core.annotation.Order;
 import org.springframework.core.io.ClassPathResource;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
@@ -29,6 +31,8 @@
 /**
  * Created by fp295 on 2018/4/16.
  */
+@Configuration
+@Order(2)
 public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {
 
     @Autowired

auth-center/auth-center-provider/src/main/java/com/peng/auth/provider/config/auth/WebSecurityConfig.java

@@ -3,7 +3,10 @@
 
 import com.peng.auth.provider.service.BaseUserDetailService;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.actuate.autoconfigure.ManagementServerProperties;
 import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.core.annotation.Order;
 import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
@@ -13,6 +16,8 @@
 /**
  * Created by fp295 on 2018/4/15.
  */
+@Configuration
+@Order(ManagementServerProperties.ACCESS_OVERRIDE_ORDER)
 public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
 
     @Autowired

auth-center/auth-center-provider/src/main/java/com/peng/auth/provider/config/web/WebMvcConfig.java

@@ -0,0 +1,17 @@
+package com.peng.auth.provider.config.web;
+
+import org.springframework.context.annotation.Configuration;
+import org.springframework.web.servlet.config.annotation.ViewControllerRegistry;
+import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;
+
+/**
+ * Created by fp295 on 2018/4/21.
+ */
+@Configuration
+public class WebMvcConfig extends WebMvcConfigurerAdapter {
+
+    @Override
+    public void addViewControllers(ViewControllerRegistry registry){
+        registry.addViewController("/login").setViewName("login");
+    }
+}

auth-center/auth-center-provider/src/main/java/com/peng/auth/provider/service/BaseUserDetailService.java

@@ -1,5 +1,6 @@
 package com.peng.auth.provider.service;
 
+import com.peng.auth.api.pojo.auth.BaseGrantedAuthority;
 import com.peng.common.pojo.ResponseData;
 import com.peng.main.api.mapper.model.BaseModuleResources;
 import com.peng.main.api.mapper.model.BaseRole;
@@ -12,6 +13,7 @@
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.data.redis.core.RedisTemplate;
+import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.core.userdetails.UsernameNotFoundException;
@@ -44,12 +46,13 @@ public class BaseUserDetailService implements UserDetailsService {
     public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
 
         ResponseData<BaseUser> baseUserResponseData = baseUserService.getUserByUserName(username);
-        if(baseUserResponseData.getData() == null || baseUserResponseData.getCode() != ResponseCode.SUCCESS.getCode()){
+        if(baseUserResponseData.getData() == null || !ResponseCode.SUCCESS.getCode().equals(baseUserResponseData.getCode())){
             logger.error("找不到该用户，用户名：" + username);
             throw new UsernameNotFoundException("找不到该用户，用户名：" + username);
         }
         BaseUser baseUser = baseUserResponseData.getData();
 
+        //查询角色
         ResponseData<List<BaseRole>> baseRoleListResponseData = baseRoleService.getRoleByUserId(baseUser.getId());
         List<BaseRole> roles;
         if(baseRoleListResponseData.getData() == null || baseRoleListResponseData.getCode() != ResponseCode.SUCCESS.getCode()){
@@ -59,7 +62,38 @@ public UserDetails loadUserByUsername(String username) throws UsernameNotFoundEx
             roles = baseRoleListResponseData.getData();
         }
 
+        //查询菜单
+        ResponseData<List<BaseModuleResources>> baseModuleResourceListResponseData = baseModuleResourceService.getMenusByUserId(baseUser.getId());
 
-        return null;
+        // 转换权限数据
+        List<GrantedAuthority> authorities = convertToAuthorities(baseUser, roles);
+
+        // 存储菜单到redis
+        if(baseModuleResourceListResponseData.getCode() == ResponseCode.SUCCESS.getCode() && baseModuleResourceListResponseData.getData() != null){
+            resourcesTemplate.delete(baseUser.getId() + "-menu");
+            baseModuleResourceListResponseData.getData().forEach(e -> {
+                resourcesTemplate.opsForList().leftPush(baseUser.getId() + "-menu", e);
+            });
+        }
+
+        return new org.springframework.security.core.userdetails.User(baseUser.getUserName(),
+                baseUser.getPassword(), isActive(baseUser.getActive()), true, true, true, authorities);
+    }
+
+    private boolean isActive(int active){
+        return active == 1 ? true : false;
+    }
+
+    private List<GrantedAuthority> convertToAuthorities(BaseUser baseUser, List<BaseRole> roles) {
+        List<GrantedAuthority> authorities = new ArrayList();
+        // 清除 Redis 中用户的角色
+        redisTemplate.delete(baseUser.getId());
+        roles.forEach(e -> {
+            GrantedAuthority authority = new BaseGrantedAuthority(baseUser, e);
+            authorities.add(authority);
+            //存储角色到redis
+            redisTemplate.opsForList().rightPush(baseUser.getId(), e);
+        });
+        return authorities;
     }
 }

auth-center/auth-center-provider/src/main/resources/application.yml

@@ -15,4 +15,39 @@ spring:
   redis:
     database: 0
     host: 127.0.0.1
-    port: 6379
+    port: 6379
+  datasource:
+    druid:
+      url: jdbc:mysql://127.0.0.1:3306/main-data?useUnicode=true&characterEncoding=UTF-8&useSSL=false
+      username: fangp
+      password: "000000"
+      driver-class-name: com.mysql.jdbc.Driver
+      max-active: 20
+      initial-size: 1
+      max-wait: 60000
+      min-idle: 1
+      time-between-eviction-runs-millis: 60000
+      min-evictable-idle-time-millis: 300000
+      validation-query: select 'x'
+      test-while-idle: true
+      test-on-borrow: false
+      test-on-return: false
+      pool-prepared-statements: true
+      max-open-prepared-statements: 20
+      filters: stat, wall
+      # 监控配置
+      web-stat-filter:
+        url-pattern: /*
+        exclusions: "*.js,*.gif,*.jpg,*.png,*.css,*.ico,/druid/*"
+      stat-view-servlet:
+        url-pattern: /druid/*
+        reset-enable: false
+        login-username: sysadmin
+        login-password: "000000"
+  freemarker:
+      request-context-attribute: request
+logging:
+  file: logs/auth-center.log
+management:
+  security:
+    enabled: false

auth-center/auth-center-provider/src/main/resources/static/index.html

@@ -0,0 +1,39 @@
+<!doctype html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport"
+          content="width=device-width, user-scalable=no, initial-scale=1.0, maximum-scale=1.0, minimum-scale=1.0">
+    <meta http-equiv="X-UA-Compatible" content="ie=edge">
+    <title>欢迎使用统一登录系统</title>
+    <link rel="stylesheet" href="webjars/Semantic-UI/2.2.10/semantic.min.css"/>
+</head>
+<style type="text/css">
+    body > .grid {
+        height: 100%;
+    }
+    .image {
+        margin-top: -100px;
+    }
+    .column {
+        max-width: 450px;
+    }
+</style>
+<body>
+<div class="ui middle aligned center aligned grid">
+    <div class="column">
+        <h2 class="ui teal image header">
+            <img src="images/logo.png" class="image">
+            <div class="content">
+                统一登录服务
+            </div>
+        </h2>
+        <div class="ui red message">
+            登录成功
+        </div>
+    </div>
+</div>
+</body>
+<script src="webjars/jquery/3.2.1/jquery.min.js" ></script>
+<script src="webjars/Semantic-UI/2.2.10/semantic.min.js" ></script>
+</html>

auth-center/auth-center-provider/src/main/resources/templates/authorize.ftl

@@ -0,0 +1,63 @@
+<html>
+<head>
+    <meta charset="utf-8" />
+    <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1" />
+    <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0">
+    <link rel="stylesheet" href="${request.contextPath}/webjars/Semantic-UI/2.2.10/semantic.min.css"/>
+</head>
+<style type="text/css">
+    body {
+        background-color: #DADADA;
+    }
+    body > .grid {
+        height: 100%;
+    }
+    .image {
+        margin-top: -100px;
+    }
+    .column {
+        max-width: 450px;
+    }
+</style>
+<body>
+<div class="ui middle aligned center aligned grid">
+    <div class="column">
+        <div class="ui large form">
+            <div class="ui stacked segment">
+                <div class="ui grid">
+                    <div class="left aligned sixteen wide column">
+                        将允许应用 ${authorizationRequest.clientId} 进行以下操作:<br>
+                        <i class="user icon"></i>获取你的用户信息
+                    </div>
+                    <div class="sixteen wide column">
+                        <button id="ok" class="ui primary button">允许 </button>
+                        <button id="no" class="ui button">拒绝 </button>
+                    </div>
+                    <form id="form" action="${request.contextPath}/oauth/authorize" method='post'>
+                        <input id="approval" name='user_oauth_approval' value='false' type='hidden'/>
+                        <input id="approveOrDeny" name='authorize' value='Authorize' type='hidden'/>
+                        <input id="scope" name='scope.user' value='true' type='hidden'/>
+                    </form>
+                </div>
+            </div>
+        </div>
+    </div>
+</div>
+</body>
+<script src="${request.contextPath}/webjars/jquery/3.2.1/jquery.min.js" ></script>
+<script src="${request.contextPath}/webjars/Semantic-UI/2.2.10/semantic.min.js" ></script>
+<script>
+    $("#ok").click(function () {
+        $("#approval").val("true");
+        $("#approveOrDeny").attr("name", "authorize").val("Authorize");
+        $("#form").submit();
+    })
+
+    $("#no").click(function () {
+        $("#approval").val("false");
+        $("#approveOrDeny").attr("name", "deny").val("Deny");
+        $("#scope").val("false");
+        $("#form").submit();
+    })
+</script>
+</html>