Skip to content
项目
群组
代码片段
帮助
正在加载...
帮助
提交反馈
为 GitLab 提交贡献
登录
切换导航
I
ibzuaa
项目
项目
详情
动态
版本
周期分析
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
统计图
议题
0
议题
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
CI / CD
CI / CD
流水线
作业
计划
统计图
Wiki
Wiki
代码片段
代码片段
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
统计图
创建新议题
作业
提交
议题看板
打开侧边栏
ibiz4jteam
ibzuaa
提交
bd815338
提交
bd815338
编写于
2月 08, 2021
作者:
ibizdev
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
zhouweidong 部署微服务接口 [ibiz-uaa,micorservice]
上级
520f431e
变更
3
隐藏空白字符变更
内嵌
并排
正在显示
3 个修改的文件
包含
152 行增加
和
0 行删除
+152
-0
ibzuaa-provider-api-k8s.yaml
...provider-api/src/main/docker/ibzuaa-provider-api-k8s.yaml
+2
-0
ibzuaa-provider-api.yaml
...uaa-provider-api/src/main/docker/ibzuaa-provider-api.yaml
+1
-0
OAuth2SecurityConfig.java
...n/java/cn/ibizlab/util/security/OAuth2SecurityConfig.java
+149
-0
未找到文件。
ibzuaa-provider/ibzuaa-provider-api/src/main/docker/ibzuaa-provider-api-k8s.yaml
浏览文件 @
bd815338
...
...
@@ -46,6 +46,8 @@ spec:
value
:
"
com.mysql.jdbc.Driver"
-
name
:
SPRING_DATASOURCE_DEFAULTSCHEMA
value
:
"
a_A_5d9d78509"
-
name
:
IBIZ_OAUTH2_ENABLE
value
:
"
true"
-
name
:
NACOS
value
:
"
172.16.100.243:8848"
-
name
:
SPRING_CLOUD_NACOS_DISCOVERY_GROUP
...
...
ibzuaa-provider/ibzuaa-provider-api/src/main/docker/ibzuaa-provider-api.yaml
浏览文件 @
bd815338
...
...
@@ -18,6 +18,7 @@ services:
-
SPRING_DATASOURCE_URL=jdbc:mysql://172.16.180.232:3306/a_A_5d9d78509?autoReconnect=true&useUnicode=true&characterEncoding=UTF-8&useOldAliasMetadataBehavior=true&allowMultiQueries=true
-
SPRING_DATASOURCE_DRIVER-CLASS-NAME=com.mysql.jdbc.Driver
-
SPRING_DATASOURCE_DEFAULTSCHEMA=a_A_5d9d78509
-
IBIZ_OAUTH2_ENABLE=true
-
NACOS=172.16.100.243:8848
-
SPRING_CLOUD_NACOS_DISCOVERY_GROUP=ibizdev
deploy
:
...
...
ibzuaa-util/src/main/java/cn/ibizlab/util/security/OAuth2SecurityConfig.java
0 → 100644
浏览文件 @
bd815338
package
cn
.
ibizlab
.
core
.
util
;
import
lombok.extern.slf4j.Slf4j
;
import
org.springframework.beans.factory.annotation.Value
;
import
org.springframework.context.annotation.Bean
;
import
org.springframework.context.annotation.Configuration
;
import
org.springframework.security.config.annotation.web.builders.HttpSecurity
;
import
org.springframework.security.core.Authentication
;
import
org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer
;
import
org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter
;
import
org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer
;
import
org.springframework.security.oauth2.provider.authentication.OAuth2AuthenticationDetails
;
import
org.springframework.security.oauth2.provider.authentication.TokenExtractor
;
import
org.springframework.security.oauth2.provider.token.TokenStore
;
import
org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter
;
import
org.springframework.security.oauth2.provider.token.store.JwtTokenStore
;
import
org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken
;
import
org.springframework.security.web.util.matcher.RequestMatcher
;
import
org.springframework.util.StringUtils
;
import
javax.servlet.http.HttpServletRequest
;
import
java.util.Enumeration
;
/**
* oauth资源服务器配置
*/
@Configuration
@EnableResourceServer
@Slf4j
public
class
OAuth2SecurityConfig
extends
ResourceServerConfigurerAdapter
{
@Value
(
"${ibiz.oauth2.header:accesstoken}"
)
private
String
authorization
;
@Value
(
"${ibiz.oauth2.signkey:oauth2}"
)
private
String
SignKey
;
/**
* token存储、解析,校验
* @param resources
*/
@Override
public
void
configure
(
ResourceServerSecurityConfigurer
resources
)
{
resources
.
tokenExtractor
(
new
OAuth2TokenExtractor
());
resources
.
tokenStore
(
getTokenStore
()).
stateless
(
true
);
}
/**
* 校验策略,只校验oauth2颁发的token(特定请求头)
* @param http
* @throws Exception
*/
@Override
public
void
configure
(
HttpSecurity
http
)
throws
Exception
{
http
.
requestMatcher
(
new
OAuth2RequestMatcher
());
http
.
authorizeRequests
().
anyRequest
().
authenticated
();
}
/**
* token存储器
* @return
*/
@Bean
public
TokenStore
getTokenStore
()
{
return
new
JwtTokenStore
(
accessTokenConverter
());
}
/**
* jwt密签
* @return
*/
@Bean
public
JwtAccessTokenConverter
accessTokenConverter
()
{
final
JwtAccessTokenConverter
converter
=
new
JwtAccessTokenConverter
();
converter
.
setSigningKey
(
SignKey
);
return
converter
;
}
/**
* 匹配特定oauth2请求头token,其余请求交由spring security处理
*/
public
class
OAuth2RequestMatcher
implements
RequestMatcher
{
@Override
public
boolean
matches
(
HttpServletRequest
request
)
{
String
header
=
request
.
getHeader
(
authorization
);
if
(!
StringUtils
.
isEmpty
(
header
))
{
return
true
;
}
else
{
return
false
;
}
}
}
/**
* token请求头处理
*/
public
class
OAuth2TokenExtractor
implements
TokenExtractor
{
@Override
public
Authentication
extract
(
HttpServletRequest
request
)
{
String
tokenValue
=
this
.
extractToken
(
request
);
if
(
tokenValue
!=
null
)
{
PreAuthenticatedAuthenticationToken
authentication
=
new
PreAuthenticatedAuthenticationToken
(
tokenValue
,
""
);
return
authentication
;
}
else
{
return
null
;
}
}
protected
String
extractToken
(
HttpServletRequest
request
)
{
String
token
=
this
.
extractHeaderToken
(
request
);
if
(
token
==
null
)
{
log
.
debug
(
"Token not found in headers. Trying request parameters."
);
token
=
request
.
getParameter
(
"access_token"
);
if
(
token
==
null
)
{
log
.
debug
(
"Token not found in request parameters. Not an OAuth2 request."
);
}
else
{
request
.
setAttribute
(
OAuth2AuthenticationDetails
.
ACCESS_TOKEN_TYPE
,
"Bearer"
);
}
}
return
token
;
}
protected
String
extractHeaderToken
(
HttpServletRequest
request
)
{
Enumeration
headers
=
request
.
getHeaders
(
authorization
);
String
value
;
do
{
if
(!
headers
.
hasMoreElements
())
{
return
null
;
}
value
=
(
String
)
headers
.
nextElement
();
}
while
(!
value
.
toLowerCase
().
startsWith
(
"Bearer"
.
toLowerCase
()));
String
authHeaderValue
=
value
.
substring
(
"Bearer"
.
length
()).
trim
();
request
.
setAttribute
(
OAuth2AuthenticationDetails
.
ACCESS_TOKEN_TYPE
,
value
.
substring
(
0
,
"Bearer"
.
length
()).
trim
());
int
commaIndex
=
authHeaderValue
.
indexOf
(
44
);
if
(
commaIndex
>
0
)
{
authHeaderValue
=
authHeaderValue
.
substring
(
0
,
commaIndex
);
}
return
authHeaderValue
;
}
}
}
编辑
预览
Markdown
格式
0%
请重试
or
添加新附件
添加附件
取消
您添加了
0
人
到此讨论。请谨慎行事。
先完成此消息的编辑!
取消
想要评论请
注册
或
登录