OAuth2 集成

160c2fe1 · mahx · 9cf7e21b · 160c2fe1 · 160c2fe1 · 160c2fe1
Commit 160c2fe1 authored Mar 05, 2026 by mahx
10 changed files
--- a/pom.xml
+++ b/pom.xml
@@ -52,6 +52,12 @@
            <artifactId>jasypt-spring-boot-starter</artifactId>
            <version>3.0.3</version>
        </dependency>
+        <dependency>
+            <groupId>com.auth0</groupId>
+            <artifactId>java-jwt</artifactId>
+            <version>3.11.0</version>
+        </dependency>
    </dependencies>
    <build>
@@ -92,4 +98,24 @@
            </plugin>
        </plugins>
    </build>
+    <repositories>
+        <repository>
+            <id>jsqlparser-snapshots</id>
+            <snapshots>
+                <enabled>true</enabled>
+            </snapshots>
+            <url>https://oss.sonatype.org/content/groups/public/</url>
+        </repository>
+        <repository>
+            <id>nexus</id>
+            <url>http://139.198.127.28:18081/repository/maven-public/</url>
+            <name>keymobile</name>
+            <snapshots>
+                <enabled>true</enabled>
+            </snapshots>
+        </repository>
+    </repositories>
 </project>
--- a/src/main/java/com/keymobile/sso/SsoApplication.java
+++ b/src/main/java/com/keymobile/sso/SsoApplication.java
@@ -4,14 +4,16 @@ import com.keymobile.authservice.component.SecurityConfig;
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
 import org.springframework.cloud.client.discovery.EnableDiscoveryClient;
+import org.springframework.cloud.openfeign.EnableFeignClients;
 import org.springframework.context.annotation.ComponentScan;
 import org.springframework.context.annotation.FilterType;
 import org.springframework.context.annotation.PropertySource;
 @SpringBootApplication
 @EnableDiscoveryClient
+@EnableFeignClients
 @ComponentScan(basePackages = {"com.keymobile.sso",
-        "com.keymobile.config.logging", "com.keymobile.config.naming",
+        "com.keymobile.config.logging", "com.keymobile.config.naming", "com.keymobile.config.feignclient",
        "com.keymobile.config.redisclient", "com.keymobile.authservice.component"}, excludeFilters = {
        @ComponentScan.Filter(type= FilterType.ASSIGNABLE_TYPE, value= SecurityConfig.class)
 })

--- a/src/main/java/com/keymobile/sso/api/Constants.java
+++ b/src/main/java/com/keymobile/sso/api/Constants.java
@@ -2,11 +2,33 @@ package com.keymobile.sso.api;
 public class Constants {
-    public static final String Session_UserId = "userId";
+    public static final String SESSION_USER_ID = "userId";
-    public static final String Session_UserName = "userName";
+    public static final String SESSION_USER_NAME = "userName";
-    public static final String Session_UserDName = "userDName";
+    public static final String SESSION_USER_D_NAME = "userDName";
-    public static final String Session_Roles = "roles";
+    public static final String SESSION_ROLES = "roles";
-    public static final String Session_Lang = "lang";
+    public static final String SESSION_LANG = "lang";
+    public static final String JWT_ACCESS_TOKEN = "access_token";
+    public static final String JWT_TOKEN_TYPE = "Bearer";
+    public static final String JWT_ID_TOKEN = "id_token";
+    public static final String JWT_EXPIRES_IN = "expires_in";
+    public static final String OAUTH_AUTHORIZE_CODE_PARAM = "code";
+    public static final String OAUTH_AUTHORIZE_STATE_PARAM = "state";
+    public static final String OAUTH_AUTHORIZE_GRANT_TYPE_PARAM = "grant_type";
+    public static final String OAUTH_AUTHORIZE_CLIENT_ID_PARAM = "client_id";
+    public static final String OAUTH_AUTHORIZE_CLIENT_SECRET_PARAM = "client_secret";
+    public static final String OAUTH_AUTHORIZE_REDIRECT_URI_PARAM = "redirect_uri";
+    public static final String OAUTH_AUTHORIZE_RESPONSE_MODE = "query";
+    public static final String OAUTH_AUTHORIZE_STATE = "keymobile";
+    public static final String OAUTH_AUTHORIZE_RESPONSE_TYPE = "code";
+    public static final String OAUTH_AUTHORIZE_GRANT_TYPE = "authorization_code";
+    public static final String USER_INFO_NAME = "name";
+    public static final String USER_INFO_D_NAME = "dname";
+    public static final String USER_INFO_PASSWORD = "password";
 }
--- a/src/main/java/com/keymobile/sso/api/LoginManagement.java
+++ b/src/main/java/com/keymobile/sso/api/LoginManagement.java
--- a/src/main/java/com/keymobile/sso/conf/RESTAuthenticationEntryPoint.java
+++ b/src/main/java/com/keymobile/sso/conf/RESTAuthenticationEntryPoint.java
 package com.keymobile.sso.conf;
+import com.keymobile.sso.oauth2.Oauth2Properties;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.web.AuthenticationEntryPoint;
 import org.springframework.stereotype.Component;
@@ -11,10 +13,13 @@ import java.io.IOException;
 @Component
 public class RESTAuthenticationEntryPoint implements AuthenticationEntryPoint {
+    @Autowired
+    private Oauth2Properties oauth2Properties;
    @Override
    public void commence(HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, AuthenticationException authException)
            throws IOException {
-        response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
+        response.sendRedirect(oauth2Properties.getAuthorizeFullUri());
    }
 }
--- a/src/main/java/com/keymobile/sso/conf/RESTLogoutSuccessHandler.java
+++ b/src/main/java/com/keymobile/sso/conf/RESTLogoutSuccessHandler.java
 package com.keymobile.sso.conf;
+import com.keymobile.sso.oauth2.Oauth2Properties;
 import jakarta.servlet.ServletException;
+import jakarta.servlet.http.Cookie;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpStatus;
 import org.springframework.security.core.Authentication;
@@ -14,10 +17,44 @@ import java.io.IOException;
 @Component
 public class RESTLogoutSuccessHandler implements LogoutSuccessHandler {
+    @Autowired
+    private Oauth2Properties oauth2Properties;
    @Override
    public void onLogoutSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException {
+        clearAllCookies(request, response);
+        String logoutUri = oauth2Properties.getAuthorizationLoginOutUri();
+        String postLogoutRedirectUri = oauth2Properties.getPostLogoutRedirectUri();
+        if (logoutUri != null && !logoutUri.isEmpty()) {
+            StringBuilder redirectUrl = new StringBuilder(logoutUri);
+            if (postLogoutRedirectUri != null && !postLogoutRedirectUri.isEmpty()) {
+                redirectUrl.append(logoutUri.contains("?") ? "&" : "?");
+                redirectUrl.append("post_logout_redirect_uri=").append(java.net.URLEncoder.encode(postLogoutRedirectUri, "UTF-8"));
+            }
+            response.sendRedirect(redirectUrl.toString());
+        } else {
            response.setStatus(HttpStatus.OK.value());
            response.getWriter().flush();
        }
+    }
+    private void clearAllCookies(HttpServletRequest request, HttpServletResponse response) {
+        Cookie[] cookies = request.getCookies();
+        if (cookies != null) {
+            for (Cookie cookie : cookies) {
+                cookie.setValue("");
+                cookie.setPath(getCookiePath(request));
+                cookie.setMaxAge(0);
+                response.addCookie(cookie);
+            }
+        }
+    }
+    private String getCookiePath(HttpServletRequest request) {
+        String contextPath = request.getContextPath();
+        return contextPath != null && !contextPath.isEmpty() ? contextPath : "/";
+    }
 }
\ No newline at end of file
--- a/src/main/java/com/keymobile/sso/conf/SsoSecurityConfig.java
+++ b/src/main/java/com/keymobile/sso/conf/SsoSecurityConfig.java
@@ -38,7 +38,10 @@ public class SsoSecurityConfig {
    @Bean
    protected SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
        http.authorizeHttpRequests((request) -> {
-            request.anyRequest().authenticated();
+            request
+                .requestMatchers("/login", "/signin", "/signout").permitAll()
+                .requestMatchers("/error").permitAll()
+                .anyRequest().authenticated();
        });
        http.csrf((httpSecurityCsrfConfigurer) -> {
            httpSecurityCsrfConfigurer.disable();

--- a/src/main/java/com/keymobile/sso/oauth2/Oauth2Properties.java
+++ b/src/main/java/com/keymobile/sso/oauth2/Oauth2Properties.java
+package com.keymobile.sso.oauth2;
+import com.keymobile.sso.api.Constants;
+import org.springframework.boot.context.properties.ConfigurationProperties;
+import org.springframework.stereotype.Component;
+@ConfigurationProperties(prefix = "security.oauth2.client")
+@Component
+public class Oauth2Properties {
+    private String clientId;
+    private String clientSecret;
+    private String clientTokenUri;
+    private String userAuthorizationUri;
+    private String postLoginRedirectUri;
+    private String authorizationSuccessRedirectUri;
+    private String postLogoutRedirectUri;
+    private String accessTokenUri;
+    private String userInfoUri;
+    private String authorizationLoginOutUri;
+    public void setPostLogoutRedirectUri(String postLogoutRedirectUri) {
+        this.postLogoutRedirectUri = postLogoutRedirectUri;
+    }
+    public String getPostLogoutRedirectUri() {
+        return postLogoutRedirectUri;
+    }
+    public void setAuthorizationLoginOutUri(String authorizationLoginOutUri) {
+        this.authorizationLoginOutUri = authorizationLoginOutUri;
+    }
+    public String getAuthorizationLoginOutUri() {
+        return authorizationLoginOutUri;
+    }
+    public void setAccessTokenUri(String accessTokenUri) {
+        this.accessTokenUri = accessTokenUri;
+    }
+    public String getAccessTokenUri() {
+        return accessTokenUri;
+    }
+    public void setAuthorizationSuccessRedirectUri(String authorizationSuccessRedirectUri) {
+        this.authorizationSuccessRedirectUri = authorizationSuccessRedirectUri;
+    }
+    public String getAuthorizationSuccessRedirectUri() {
+        return authorizationSuccessRedirectUri;
+    }
+    public void setPostLoginRedirectUri(String postLoginRedirectUri) {
+        this.postLoginRedirectUri = postLoginRedirectUri;
+    }
+    public String getPostLoginRedirectUri() {
+        return postLoginRedirectUri;
+    }
+    public String getClientId() {
+        return clientId;
+    }
+    public void setClientId(String clientId) {
+        this.clientId = clientId;
+    }
+    public String getClientSecret() {
+        return clientSecret;
+    }
+    public void setClientSecret(String clientSecret) {
+        this.clientSecret = clientSecret;
+    }
+    public String getClientTokenUri() {
+        return clientTokenUri;
+    }
+    public void setClientTokenUri(String clientTokenUri) {
+        this.clientTokenUri = clientTokenUri;
+    }
+    public String getUserAuthorizationUri() {
+        return userAuthorizationUri;
+    }
+    public void setUserAuthorizationUri(String userAuthorizationUri) {
+        this.userAuthorizationUri = userAuthorizationUri;
+    }
+    public String getUserInfoUri() {
+        return userInfoUri;
+    }
+    public void setUserInfoUri(String userInfoUri) {
+        this.userInfoUri = userInfoUri;
+    }
+    public String getAuthorizeFullUri() {
+        String authorizeUri = getUserAuthorizationUri();
+        String cliId = getClientId();
+        String redirectUri = getPostLoginRedirectUri();
+        String responseType = Constants.OAUTH_AUTHORIZE_RESPONSE_TYPE;
+        String responseMode = Constants.OAUTH_AUTHORIZE_RESPONSE_MODE;
+        String state = Constants.OAUTH_AUTHORIZE_STATE;
+        String authorizeFullUri = String.format("%s?client_id=%s&redirect_uri=%s&response_type=%s&state=%s&response_model=%s",
+                authorizeUri, cliId, redirectUri, responseType, state, responseMode);
+        return authorizeFullUri;
+    }
+}
--- a/src/main/java/com/keymobile/sso/service/AuthService.java
+++ b/src/main/java/com/keymobile/sso/service/AuthService.java
+package com.keymobile.sso.service;
+import org.springframework.cloud.openfeign.FeignClient;
+import org.springframework.web.bind.annotation.*;
+import java.util.List;
+import java.util.Map;
+@FeignClient(value = "authService")
+public interface AuthService {
+    @RequestMapping(value = "/users/findByName")
+    List<Map<String, Object>> getUserByName(@RequestParam(value = "match") String match);
+    @PostMapping(value = "/users")
+    Map<String, Object> addUser(@RequestBody Map<String, Object> user);
+}
--- a/src/main/resources/application.yml
+++ b/src/main/resources/application.yml
@@ -28,3 +28,16 @@ logging:
  level:
    root: info
  config: classpath:logback-custom.xml
+security:
+  oauth2:
+    client:
+      client-id: 3822273eeb1a432a9041221b67f82979
+      client-secret: 3ca5a9aeced9476dbe0ff8207b2363ca
+      access-token-uri: https://portal-udadmin.sznsmic.com/auth/ud/oidc/token
+      user-authorization-uri: https://portal-udadmin.sznsmic.com/auth/ud/oidc/authorize
+      user-info-uri: https://portal-udadmin.sznsmic.com/auth/ud/oidc/userinfo
+      authorization-success-redirect-uri: http://10.193.54.42/text2sql/
+      authorization-login-out-uri:
+      post-login-redirect-uri: http://10.193.54.42/api/auth/login
+      post-logout-redirect_uri: http://10.193.54.42/api/auth/signout
\ No newline at end of file