oauth

255f1eb2 · zhouweidong · ccc7a4ce · 255f1eb2 · 255f1eb2
--- a/ibzuaa-core/src/main/java/cn/ibizlab/core/uaa/extensions/service/OAuth2AuthorizationServer.java
+++ b/ibzuaa-core/src/main/java/cn/ibizlab/core/uaa/extensions/service/OAuth2AuthorizationServer.java
+package cn.ibizlab.core.uaa.extensions.service;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.data.redis.connection.RedisConnectionFactory;
+import org.springframework.http.HttpMethod;
+import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.crypto.factory.PasswordEncoderFactories;
+import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
+import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
+import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
+import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
+import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;
+import org.springframework.security.oauth2.provider.token.AuthorizationServerTokenServices;
+import org.springframework.security.oauth2.provider.token.DefaultTokenServices;
+import org.springframework.security.oauth2.provider.token.TokenEnhancerChain;
+import org.springframework.security.oauth2.provider.token.TokenStore;
+import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter;
+import org.springframework.security.oauth2.provider.token.store.JwtTokenStore;
+
+import java.util.Arrays;
+
+
+/**
+ * oauth2认证服务器配置
+ */
+@Configuration
+@EnableAuthorizationServer
+@ConditionalOnProperty(name = "ibiz.oauth2.enable", havingValue = "true")
+public class OAuth2AuthorizationServer extends AuthorizationServerConfigurerAdapter {
+
+    @Value("${ibiz.jwt.oauth2.signkey:oauth2}")
+    private String SignKey;
+
+    @Value("${ibiz.oauth.expiration:7200}")
+    private int expiration;
+
+    @Autowired
+    AuthenticationManager authenticationManager;
+
+    @Autowired
+    RedisConnectionFactory redisConnectionFactory;
+
+    @Autowired
+    OAuth2ClientDetailsService clientDetailsService;
+
+    /**
+     * 客户端配置
+     * @param clients
+     * @throws Exception
+     */
+    @Override
+    public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
+        clients.withClientDetails(clientDetailsService);
+    }
+
+    /**
+     * 访问端点、Token存储策略
+     */
+    @Override
+    public void configure(AuthorizationServerEndpointsConfigurer endpoints) {
+        endpoints
+                .tokenStore(getTokenStore())
+                .accessTokenConverter(accessTokenConverter())
+                .authenticationManager(authenticationManager)
+                .allowedTokenEndpointRequestMethods(HttpMethod.GET, HttpMethod.POST);
+    }
+
+    /**
+     * 访问端点权限配置
+     * @param oauthServer
+     */
+    @Override
+    public void configure(AuthorizationServerSecurityConfigurer oauthServer) {
+        oauthServer.allowFormAuthenticationForClients().checkTokenAccess("permitAll()");
+    }
+
+    /**
+     * token存储策略
+     * @return
+     */
+    @Bean
+    public TokenStore getTokenStore() {
+        return new JwtTokenStore(accessTokenConverter());
+    }
+
+    /**
+     * 客户端秘钥
+     * @return
+     */
+    @Bean
+    public PasswordEncoder passwordEncoder() {
+        return PasswordEncoderFactories.createDelegatingPasswordEncoder();
+    }
+
+    /**
+     * token存储策略（jwt增强）
+     * @return
+     */
+    @Bean
+    public AuthorizationServerTokenServices tokenService() {
+        DefaultTokenServices tokenService = new DefaultTokenServices();
+        tokenService.setClientDetailsService(clientDetailsService);
+        tokenService.setSupportRefreshToken(true);
+        tokenService.setTokenStore(getTokenStore());
+
+        TokenEnhancerChain enhancer = new TokenEnhancerChain();
+        enhancer.setTokenEnhancers(Arrays.asList(accessTokenConverter()));
+        tokenService.setTokenEnhancer(enhancer);
+        tokenService.setAccessTokenValiditySeconds(expiration);
+        return tokenService;
+    }
+
+    /**
+     * jwt密签
+     * @return
+     */
+    @Bean
+    public JwtAccessTokenConverter accessTokenConverter() {
+        final JwtAccessTokenConverter converter = new JwtAccessTokenConverter();
+        converter.setSigningKey(SignKey);
+        return converter;
+    }
+}
+
+
--- a/ibzuaa-core/src/main/java/cn/ibizlab/core/uaa/extensions/service/OAuth2ClientDetailsService.java
+++ b/ibzuaa-core/src/main/java/cn/ibizlab/core/uaa/extensions/service/OAuth2ClientDetailsService.java
+package cn.ibizlab.core.uaa.extensions.service;
+
+import cn.ibizlab.core.uaa.domain.SysOpenAccess;
+import cn.ibizlab.core.uaa.service.ISysOpenAccessService;
+import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
+import org.springframework.security.core.userdetails.UsernameNotFoundException;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.oauth2.provider.ClientDetails;
+import org.springframework.security.oauth2.provider.ClientDetailsService;
+import org.springframework.security.oauth2.provider.ClientRegistrationException;
+import org.springframework.security.oauth2.provider.client.BaseClientDetails;
+import org.springframework.stereotype.Service;
+import org.springframework.util.ObjectUtils;
+
+import java.util.ArrayList;
+
+/**
+ * oauth2客户端管理
+ */
+@Service
+@ConditionalOnProperty(name = "ibiz.oauth2.enable", havingValue = "true")
+public class OAuth2ClientDetailsService implements ClientDetailsService {
+
+    @Autowired
+    ISysOpenAccessService openAccessService;
+
+    private static final String scope = "all";
+
+    private static final String authority="ROLE_SUPERADMIN";
+
+    @Override
+    public ClientDetails loadClientByClientId(String clientId)
+            throws ClientRegistrationException {
+        QueryWrapper<SysOpenAccess> conds = new QueryWrapper();
+        conds.eq("access_key",clientId);
+        SysOpenAccess openAccess = openAccessService.getOne(conds);
+        if (openAccess == null) {
+            throw new UsernameNotFoundException("用户" + clientId + "未找到");
+        }
+        String appSecret=openAccess.getSecretKey();
+        if(ObjectUtils.isEmpty(appSecret)){
+            throw new UsernameNotFoundException("获取" + clientId + "应用秘钥失败");
+        }
+        BaseClientDetails client = new BaseClientDetails();
+        String secret = "{bcrypt}" + new BCryptPasswordEncoder().encode(openAccess.getSecretKey());
+        client.setScope(new ArrayList(){{add(scope);}});
+        client.setClientId(clientId);
+        client.setClientSecret(secret);
+        client.setAuthorities(new ArrayList(){{add(new SimpleGrantedAuthority(authority));}});
+        return client;
+    }
+}