sso login using spring security

pom.xml

@@ -6,7 +6,7 @@
 	<groupId>LV77</groupId>
 	<artifactId>ads-mds-login</artifactId>
 	<version>0.0.1-SNAPSHOT</version>
-	<packaging>jar</packaging>
+	<packaging>war</packaging>
 
 	<name>mdslogin</name>
 	<description>mdslogin</description>
@@ -119,26 +119,6 @@
 				<groupId>org.springframework.boot</groupId>
 				<artifactId>spring-boot-maven-plugin</artifactId>
 			</plugin>
-			<plugin>
-				<groupId>org.apache.maven.plugins</groupId>
-				<artifactId>maven-surefire-plugin</artifactId>
-				<version>2.21.0</version>
-				<configuration>
-					<testFailureIgnore>true</testFailureIgnore>
-				</configuration>
-			</plugin>
 		</plugins>
-		<resources>
-			<resource>
-				<directory>src/main/webapp/WEB-INF/jsp</directory>
-				<!--如果使用springboot自带的tomcat启动，则使用如下配置jsp路径-->
-				<targetPath>META-INF/resources</targetPath>
-				<!--如果使用maven启动本地tomcat启动，则使用如下配置-->
-				<!--<targetPath>/WEB-INF/jsp</targetPath>-->
-				<includes>
-					<include>**/*.*</include>
-				</includes>
-			</resource>
-		</resources>
 	</build>
 </project>

src/main/java/com/keymobile/proxy/api/LoginManagement.java

@@ -14,27 +14,26 @@ import java.util.List;
 import java.util.Map;
 
 @RestController
-@RequestMapping(value = "/")
 public class LoginManagement {
 
-    @RequestMapping(value = "/sessionInfo", method = RequestMethod.POST)
+    @GetMapping("/sso")
+    public void doJump() {
+        System.out.println("GO");
+    }
+
+    @RequestMapping(value = "/sessionInfo", method = {RequestMethod.POST, RequestMethod.GET})
     public @ResponseBody Map<String,Object> verifyLogin(HttpServletRequest request, HttpServletResponse response) {
-//        UserDetails userDetails = (UserDetails) SecurityContextHolder.getContext().getAuthentication().getPrincipal();
-//        String userNameWithIdAttached = userDetails.getUsername(  );
-//        rs.put(Constants.Session_UserName, userNameWithIdAttached.split(":")[0]);
-//        rs.put(Constants.Session_UserId, userNameWithIdAttached.split(":")[1]);
-//        rs.put(Constants.Session_UserDName, userNameWithIdAttached.split(":")[2]);
-//        List<String> roles = new ArrayList<>();
-//        userDetails.getAuthorities().forEach(auth -> roles.add(auth.getAuthority()));
-//        rs.put(Constants.Session_Roles, roles);
         Map<String,Object> rs = new HashMap<>();
-        HttpSession session = request.getSession();
-        rs.put(Constants.Session_UserId, session.getAttribute(Constants.Session_UserId));
-        rs.put(Constants.Session_UserDName, session.getAttribute(Constants.Session_UserDName));
-        rs.put(Constants.Session_UserDName, session.getAttribute(Constants.Session_UserDName));
-        rs.put(Constants.Session_Roles, session.getAttribute(Constants.Session_Roles));
-        Object lang = session.getAttribute(Constants.Session_Lang);
-        rs.put(Constants.Session_Lang, lang != null ? lang.toString() : "cn");
+
+        UserDetails userDetails = (UserDetails) SecurityContextHolder.getContext().getAuthentication().getPrincipal();
+        String userNameWithIdAttached = userDetails.getUsername();
+        rs.put(Constants.Session_UserName, userNameWithIdAttached.split(":")[0]);
+        rs.put(Constants.Session_UserId, userNameWithIdAttached.split(":")[1]);
+        rs.put(Constants.Session_UserDName, userNameWithIdAttached.split(":")[2]);
+        List<String> roles = new ArrayList<>();
+        userDetails.getAuthorities().forEach(auth -> roles.add(auth.getAuthority()));
+        rs.put(Constants.Session_Roles, roles);
+
         return rs;
     }
 

src/main/java/com/keymobile/proxy/api/SSOCtrl.java

 package com.keymobile.proxy.api;
 
 import com.alibaba.fastjson.JSONObject;
-import com.keymobile.proxy.service.AuthService;
+
 import com.keymobile.proxy.service.UserService;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -10,15 +10,12 @@ import org.springframework.beans.factory.annotation.Value;
 import org.springframework.http.*;
 import org.springframework.http.client.SimpleClientHttpRequestFactory;
 import org.springframework.stereotype.Controller;
-import org.springframework.util.LinkedMultiValueMap;
+
 import org.springframework.util.MultiValueMap;
-import org.springframework.util.StringUtils;
+
 import org.springframework.web.bind.annotation.*;
 import org.springframework.web.client.RestTemplate;
 
-import javax.servlet.http.HttpServletResponse;
-import javax.servlet.http.HttpSession;
-import java.io.IOException;
 import java.util.Map;
 
 @Controller
@@ -35,6 +32,14 @@ public class SSOCtrl {
     @Autowired
     private UserService userService;
 
+    @GetMapping("/go")
+    public String doJump(Map<String, Object> model) {
+        model.put("success", true);
+        model.put("redirect-url", dataPlatformURL);
+        model.put("msg", "验证成功");
+        return "main";
+    }
+
     @GetMapping("/main")
     public String getDataPlatformMainView(Map<String, Object> model,
                                           @RequestParam(value = "token",required = false) String token) {

src/main/java/com/keymobile/proxy/conf/SecurityConfig.java

 package com.keymobile.proxy.conf;
 
+import com.keymobile.proxy.api.Constants;
+import com.keymobile.proxy.model.Author;
+import com.keymobile.proxy.model.Domain;
+import com.keymobile.proxy.model.Role;
+import com.keymobile.proxy.service.AuthService;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
-import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
-import org.springframework.security.crypto.password.NoOpPasswordEncoder;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
+import org.springframework.security.core.userdetails.User;
+import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.List;
 
-import javax.sql.DataSource;
 
 @Configuration
 public class SecurityConfig extends WebSecurityConfigurerAdapter {
 
-    private static final String usersQuery = "select concat(user_name, ':', user_id, ':', user_dname), password, true \n" +
-            "from auth_user where user_name = ?";
-    private static final String rolesQuery = "select t1.user_name, concat(concat('ROLE_', t1.author_name), ':', GROUP_CONCAT(COALESCE(t2.domain_id, '*'))) as role_name \n" +
-            "from \n" +
-            "  (select a.user_name, d.author_name\n" +
-            "   from auth_user a, auth_user_roles b, auth_role_authors c, auth_author d\n" +
-            "   where a.user_id = b.user_id and b.role_id = c.role_id and c.author_id = d.author_id\n" +
-            "     and a.user_name = substring_index(?, ':', 1)) t1\n" +
-            "  left join\n" +
-            "  (select a.user_name, c.domain_id\n" +
-            "   from auth_user a, auth_user_domains b, auth_domain c\n" +
-            "   where a.user_id = b.user_id and b.domain_id = c.domain_id) t2\n" +
-            "on t1.user_name = t2.user_name \n" +
-            "group by t1.author_name";
-
-    @Autowired
-    private DataSource dataSource;
     @Autowired
     private RESTAuthenticationEntryPoint authenticationEntryPoint;
     @Autowired
@@ -39,22 +39,54 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
     private RESTLogoutSuccessHandler logoutSuccessHandler;
 
     @Autowired
-    public void configure(AuthenticationManagerBuilder auth) throws Exception {
-        auth.jdbcAuthentication().usersByUsernameQuery(usersQuery).authoritiesByUsernameQuery(rolesQuery)
-                .dataSource(dataSource).passwordEncoder(NoOpPasswordEncoder.getInstance());
-    }
+    private AuthService authService;
+
 
     @Override
     protected void configure(HttpSecurity http) throws Exception {
-    	http.authorizeRequests().anyRequest().permitAll();
         http.csrf().disable();
-        http.exceptionHandling().authenticationEntryPoint(authenticationEntryPoint);
-        http.formLogin().successHandler(authenticationSuccessHandler);
-        http.formLogin().failureHandler(authenticationFailureHandler);
-        http.formLogin().loginPage("/login");
-        http.formLogin().loginProcessingUrl("/signin");
-        http.logout().logoutUrl("/signout");
-        http.logout().logoutSuccessHandler(logoutSuccessHandler);
+    }
+
+    @Bean
+    public AbstractAuthenticationProcessingFilter authenticationFilter() throws Exception {
+        AbstractAuthenticationProcessingFilter authenticationFilter = new AbstractAuthenticationProcessingFilter("/sso") {
+            @Override
+            public Authentication attemptAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws AuthenticationException, IOException, ServletException {
+                String name = "adminA";
+
+                com.keymobile.proxy.model.User u = authService.getUserByName(name);
+                if (u == null) {
+                   // todo:
+                }
+
+                List<GrantedAuthority> authorities = new ArrayList<>();
+                String userName = u.getName() + ":" + u.getId() + ":" + u.getDName();
+
+                String userDomainFilterStr = "*";
+                List<String> userDomainList = new ArrayList<>();
+                List<Domain> domainsOfUser = authService.getDomainsOfUser(u.getId());
+                domainsOfUser.forEach(d -> userDomainList.add(d.getDomainId().toString()));
+
+                if (userDomainList.size() > 0) {
+                    userDomainFilterStr = String.join(",", userDomainList);
+                }
+
+                List<Role> rolesOfUser = authService.getRolesOfUser(u.getId());
+                for (Role role : rolesOfUser) {
+                    List<Author> authors = authService.getAuthorsOfRole(role.getRoleId());
+                    for (Author author: authors) {
+                        GrantedAuthority authorityInfo = new SimpleGrantedAuthority(Constants.ROLE_PREFIX + author.getAuthorName() + ":" + userDomainFilterStr);
+                        authorities.add(authorityInfo);
+                    }
+                }
+
+                Authentication auth = new UsernamePasswordAuthenticationToken(new User(userName, "whatever", authorities), null, authorities);
+                return auth;
+            }
+        };
+        authenticationFilter.setAuthenticationManager(authenticationManager());
+        authenticationFilter.setAuthenticationSuccessHandler(authenticationSuccessHandler);
+        return authenticationFilter;
     }
 
 }

src/main/resources/application-test.yml

@@ -25,7 +25,7 @@ spring:
     timeBetweenEvictionRunsMillis: 30000 #逐出扫描的时间间隔(毫秒) 如果为负数,则不运行逐出线程, 默认-1
     testOnBorrow: true #是否在从池中取出连接前进行检验,如果检验失败,则从池中去除连接并尝试取出另一个
     testWhileIdle: true #在空闲时检查有效性, 默认false
-    password:  #密码 
+    password:
   datasource:
     url: jdbc:mysql://192.168.0.192:3306/sdrcb?autoReconnect=true&useUnicode=true&characterEncoding=UTF-8
     username: test
@@ -39,7 +39,7 @@ spring:
 
 eureka:
   client:
-    registerWithEureka: false
+    registerWithEureka: true
     region: default
     registryFetchIntervalSeconds: 5
     serviceUrl:
@@ -49,14 +49,13 @@ zuul:
   prefix: /api
   sensitive-headers:
 
-logging:
-  level:
-    org.springframework.security: DEBUG
+#logging:
+#  level:
+#    org.springframework.security: DEBUG
 
 security:
-  permit: true
   authUser: root
   authPwd: pwd
 
 sso:
-  url: http://192.168.0.113:8764/sso
+  url: http://localhost:8764/sso
\ No newline at end of file

src/main/resources/bootstrap.yml

@@ -3,6 +3,6 @@ spring:
     name: auth
   profiles:
     active: test
-  cloud:
-    config:
-      uri: http://localhost:8082
+#  cloud:
+#    config:
+#      uri: http://localhost:8082
\ No newline at end of file