Skip to content

L
loginservice
Commit e36ae21d by lanmw
Options

update

parent 3783fe52
Showing with 33 additions and 264 deletions
src/main/java/com/keymobile/login/LoginApplication.java
...@@ -13,7 +13,6 @@ import org.springframework.context.annotation.ComponentScan; ...@@ -13,7 +13,6 @@ import org.springframework.context.annotation.ComponentScan;
public class LoginApplication { public class LoginApplication {
public static void main(String[] args) { public static void main(String[] args) {
System.setProperty("org.apache.commons.ssl.trustStorePassword", "123456");
SpringApplication.run(LoginApplication.class, args); SpringApplication.run(LoginApplication.class, args);
} }
......
src/main/java/com/keymobile/login/api/Constants.java
...@@ -2,11 +2,11 @@ package com.keymobile.login.api; ...@@ -2,11 +2,11 @@ package com.keymobile.login.api;
public class Constants { public class Constants {
public static final String Session_UserId = "userId"; public static final String SESSION_USER_ID = "userId";
public static final String Session_UserName = "userName"; public static final String SESSION_USER_NAME = "userName";
public static final String Session_UserDName = "userDName"; public static final String SESSION_USER_DNAME = "userDName";
public static final String Session_Roles = "roles"; public static final String SESSION_ROLES = "roles";
public static final String Session_Lang = "lang"; public static final String SESSION_LANG = "lang";
public static final String JWT_ACCESS_TOKEN = "access_token"; public static final String JWT_ACCESS_TOKEN = "access_token";
public static final String JWT_TOKEN_TYPE = "Bearer"; public static final String JWT_TOKEN_TYPE = "Bearer";
public static final String JWT_ID_TOKEN = "id_token"; public static final String JWT_ID_TOKEN = "id_token";
......
src/main/java/com/keymobile/login/api/LoginManagement.java
...@@ -57,34 +57,34 @@ public class LoginManagement { ...@@ -57,34 +57,34 @@ public class LoginManagement {
public @ResponseBody public @ResponseBody
Object verifyLogin(HttpServletRequest request, HttpServletResponse response) { Object verifyLogin(HttpServletRequest request, HttpServletResponse response) {
UserDetails userDetails = (UserDetails) SecurityContextHolder.getContext().getAuthentication().getPrincipal(); UserDetails userDetails = (UserDetails) SecurityContextHolder.getContext().getAuthentication().getPrincipal();
Map<String,Object> rs = new HashMap<>(); Map<String, Object> rs = new HashMap<>();
String userNameWithIdAttached = userDetails.getUsername(); String userNameWithIdAttached = userDetails.getUsername();
rs.put(Constants.Session_UserName, userNameWithIdAttached.split(":")[0]); rs.put(Constants.SESSION_USER_NAME, userNameWithIdAttached.split(":")[0]);
rs.put(Constants.Session_UserId, userNameWithIdAttached.split(":")[1]); rs.put(Constants.SESSION_USER_ID, userNameWithIdAttached.split(":")[1]);
rs.put(Constants.Session_UserDName, userNameWithIdAttached.split(":")[2]); rs.put(Constants.SESSION_USER_DNAME, userNameWithIdAttached.split(":")[2]);
List<String> roles = new ArrayList<>(); List<String> roles = new ArrayList<>();
userDetails.getAuthorities().forEach(auth -> roles.add(auth.getAuthority())); userDetails.getAuthorities().forEach(auth -> roles.add(auth.getAuthority()));
rs.put(Constants.Session_Roles, roles); rs.put(Constants.SESSION_ROLES, roles);
HttpSession session = request.getSession(); HttpSession session = request.getSession();
Object lang = session.getAttribute(Constants.Session_Lang); Object lang = session.getAttribute(Constants.SESSION_LANG);
Object access_token = session.getAttribute("access_token"); Object access_token = session.getAttribute(Constants.JWT_ACCESS_TOKEN);
Object id_token = session.getAttribute("id_token"); Object id_token = session.getAttribute(Constants.JWT_ID_TOKEN);
rs.put("access_token", access_token); rs.put(Constants.JWT_ACCESS_TOKEN, access_token);
rs.put("id_token", id_token); rs.put(Constants.JWT_ID_TOKEN, id_token);
rs.put(Constants.Session_Lang, lang != null ? lang.toString() : "cn"); rs.put(Constants.SESSION_LANG, lang != null ? lang.toString() : "cn");
return rs; return rs;
} }
@RequestMapping(value = "/lang", method = {RequestMethod.POST, RequestMethod.GET}) @RequestMapping(value = "/lang", method = {RequestMethod.POST, RequestMethod.GET})
public String setLANG(HttpServletRequest request, @RequestParam(value = "LANG", required = true) String LANG) { public String setLANG(HttpServletRequest request, @RequestParam(value = "LANG", required = true) String LANG) {
HttpSession session = request.getSession(); HttpSession session = request.getSession();
if (!LANG.equals("en") && !LANG.equals("cn")) if (!LANG.equals("en") && !LANG.equals("cn")) {
session.setAttribute(Constants.Session_Lang, "cn"); session.setAttribute(Constants.SESSION_LANG, "cn");
else } else {
session.setAttribute(Constants.Session_Lang, LANG); session.setAttribute(Constants.SESSION_LANG, LANG);
}
return session.getAttribute(Constants.Session_Lang).toString(); return session.getAttribute(Constants.SESSION_LANG).toString();
} }
@GetMapping("/oauth/login") @GetMapping("/oauth/login")
...@@ -109,12 +109,12 @@ public class LoginManagement { ...@@ -109,12 +109,12 @@ public class LoginManagement {
@GetMapping("/oauth/logout") @GetMapping("/oauth/logout")
public String logout(HttpServletRequest request){ public String logout(HttpServletRequest request) {
String loginOutUri = oauth2Properties.getAuthorizationLoginOutUri(); String loginOutUri = oauth2Properties.getAuthorizationLoginOutUri();
HttpSession session = request.getSession(); HttpSession session = request.getSession();
String id_token = ""; String id_token = "";
if (session != null) { if (session != null) {
id_token = (String)session.getAttribute(Constants.JWT_ID_TOKEN); id_token = (String) session.getAttribute(Constants.JWT_ID_TOKEN);
id_token = id_token == null ? "" : id_token; id_token = id_token == null ? "" : id_token;
} }
String postLogoutRedirectUri = oauth2Properties.getPostLogoutRedirectUri(); String postLogoutRedirectUri = oauth2Properties.getPostLogoutRedirectUri();
...@@ -140,7 +140,7 @@ public class LoginManagement { ...@@ -140,7 +140,7 @@ public class LoginManagement {
} }
UserDetails userDetails = customizedUserDetailService.loadUserByUsername(userDetailByTokenInfo.get("unique_name")); UserDetails userDetails = customizedUserDetailService.loadUserByUsername(userDetailByTokenInfo.get("unique_name"));
UsernamePasswordAuthenticationToken authentication = UsernamePasswordAuthenticationToken authentication =
new UsernamePasswordAuthenticationToken(userDetails, userDetails.getPassword(),userDetails.getAuthorities()); new UsernamePasswordAuthenticationToken(userDetails, userDetails.getPassword(), userDetails.getAuthorities());
authentication.setDetails(new WebAuthenticationDetails(request)); authentication.setDetails(new WebAuthenticationDetails(request));
SecurityContextHolder.getContext().setAuthentication(authentication); SecurityContextHolder.getContext().setAuthentication(authentication);
HttpSession session = request.getSession(true); HttpSession session = request.getSession(true);
...@@ -174,7 +174,7 @@ public class LoginManagement { ...@@ -174,7 +174,7 @@ public class LoginManagement {
log.info("从 adfs中获取到的 access_token is {}", access_token); log.info("从 adfs中获取到的 access_token is {}", access_token);
log.info("从 adfs中获取到的 id_token is {}", id_token); log.info("从 adfs中获取到的 id_token is {}", id_token);
return exactUserInfoFromToken((String)id_token); return exactUserInfoFromToken((String) id_token);
} }
throw new RuntimeException("adfs获取token的参数code或者state为空!"); throw new RuntimeException("adfs获取token的参数code或者state为空!");
} catch (Exception e) { } catch (Exception e) {
...@@ -213,5 +213,4 @@ public class LoginManagement { ...@@ -213,5 +213,4 @@ public class LoginManagement {
} }
} }
src/main/java/com/keymobile/login/conf/LogoutProcessHandler.java
...@@ -47,9 +47,10 @@ public class LogoutProcessHandler implements LogoutHandler { ...@@ -47,9 +47,10 @@ public class LogoutProcessHandler implements LogoutHandler {
HttpSession session = request.getSession(); HttpSession session = request.getSession();
if (session != null) { if (session != null) {
String id_token = (String)session.getAttribute(Constants.JWT_ID_TOKEN); String id_token = (String)session.getAttribute(Constants.JWT_ID_TOKEN);
if (null != id_token) if (null != id_token) {
params.put("id_token_hint", id_token); params.put("id_token_hint", id_token);
} }
}
String adfsLoginOutUri = oauth2Properties.getAuthorizationLoginOutUri(); String adfsLoginOutUri = oauth2Properties.getAuthorizationLoginOutUri();
params.put("client_id", oauth2Properties.getClientId()); params.put("client_id", oauth2Properties.getClientId());
log.info("loginOutADFS url is {} ", adfsLoginOutUri); log.info("loginOutADFS url is {} ", adfsLoginOutUri);
......
src/main/java/com/keymobile/login/conf/RedisConf.java
...@@ -20,8 +20,8 @@ public class RedisConf { ...@@ -20,8 +20,8 @@ public class RedisConf {
* 注入 RedisConnectionFactory * 注入 RedisConnectionFactory
*/ */
@Autowired // @Autowired
RedisConnectionFactory redisConnectionFactory; // RedisConnectionFactory redisConnectionFactory;
/** /**
* 实例化 RedisTemplate 对象 * 实例化 RedisTemplate 对象
...@@ -29,7 +29,7 @@ public class RedisConf { ...@@ -29,7 +29,7 @@ public class RedisConf {
* @return * @return
*/ */
@Bean @Bean
public RedisTemplate<String, Object> functionDomainRedisTemplate() { public RedisTemplate<String, Object> functionDomainRedisTemplate(RedisConnectionFactory redisConnectionFactory) {
RedisTemplate<String, Object> redisTemplate = new RedisTemplate<>(); RedisTemplate<String, Object> redisTemplate = new RedisTemplate<>();
initDomainRedisTemplate(redisTemplate, redisConnectionFactory); initDomainRedisTemplate(redisTemplate, redisConnectionFactory);
return redisTemplate; return redisTemplate;
......
src/main/java/com/keymobile/login/conf/SecurityConfig.java
...@@ -43,8 +43,6 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter { ...@@ -43,8 +43,6 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired @Autowired
private LogoutProcessHandler logoutProcessHandler; private LogoutProcessHandler logoutProcessHandler;
private RestTemplate restTemplate = new RestTemplate();
@Autowired @Autowired
public void configure(AuthenticationManagerBuilder auth) throws Exception { public void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(customUserDetailService).passwordEncoder(NoOpPasswordEncoder.getInstance()); auth.userDetailsService(customUserDetailService).passwordEncoder(NoOpPasswordEncoder.getInstance());
......
src/main/java/com/keymobile/login/oauth2/AccessTokenInterceptor.java deleted 100644 → 0
package com.keymobile.login.oauth2;
import com.keymobile.auth.common.security.CustomizedUserDetailService;
import com.keymobile.login.api.Constants;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.web.authentication.WebAuthenticationDetails;
import org.springframework.util.LinkedMultiValueMap;
import org.springframework.util.MultiValueMap;
import org.springframework.util.StringUtils;
import org.springframework.web.client.RestTemplate;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import java.util.Map;
public class AccessTokenInterceptor implements HandlerInterceptor {
private RestTemplate restTemplate;
private CustomizedUserDetailService userDetailService;
private Oauth2Properties oauth2Properties;
public AccessTokenInterceptor(Oauth2Properties oauth2Properties, RestTemplate restTemplate, CustomizedUserDetailService customizedUserDetailService) {
this.userDetailService = customizedUserDetailService;
this.restTemplate = restTemplate;
this.oauth2Properties = oauth2Properties;
}
// 在请求处理之前,只有返回true才会执行请求
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
// 得到session
System.out.println( Thread.currentThread().toString() + "AccessToken request url-------------------" + request.getRequestURI());
UserDetails userDetails = null;
try {
userDetails = (UserDetails) SecurityContextHolder.getContext().getAuthentication().getPrincipal();
} catch (Exception e) {
userDetails = getUserDetailByTokenInfo(request);
if (null != userDetails) {
response.sendRedirect(oauth2Properties.getAuthorizationSuccessRedirectUri());
return true;
}
String authorizeFullUri = getAuthorizeFullUri();
response.sendRedirect(authorizeFullUri);
return false;
}
return true;
}
private String getAuthorizeFullUri() {
String authorizeUri = oauth2Properties.getUserAuthorizationUri();
String clientId = oauth2Properties.getClientId();
String redirectUri = oauth2Properties.getPostLoginRedirectUri();
String response_type = Constants.OAUTH_AUTHORIZE_RESPONSE_TYPE;
String response_mode = Constants.OAUTH_AUTHORIZE_RESPONSE_MODE;
String state = Constants.OAUTH_AUTHORIZE_STATE;
String authorizeFullUri = String.format("%s?client_id=%s&redirect_uri=%s&response_type=%s&state=%s&response_model=%s",
authorizeUri, clientId, redirectUri, response_type, state, response_mode);
return authorizeFullUri;
}
private UserDetails getUserDetailByTokenInfo(HttpServletRequest request) {
try {
String code = request.getParameter(Constants.OAUTH_AUTHORIZE_CODE_PARAM);
String state = request.getParameter(Constants.OAUTH_AUTHORIZE_STATE_PARAM);
System.out.println("accessToken request 获取到code" + code + ",获取到state " + state);
UserDetails userDetails = null;
if (!StringUtils.isEmpty(code) && !StringUtils.isEmpty(state)) {
if (code != null) {
MultiValueMap<String, String> map = new LinkedMultiValueMap<>();
map.add("code", code);
map.add("client_id", oauth2Properties.getClientId());
map.add("client_secret", oauth2Properties.getClientSecret());
map.add("redirect_uri", oauth2Properties.getPostLoginRedirectUri());
map.add("grant_type", Constants.OAUTH_AUTHORIZE_GRANT_TYPE);
Map<String, String> resp = restTemplate.postForObject(oauth2Properties.getAccessTokenUri(), map, Map.class);
Object access_token = resp.get("access_token");
Object id_token = resp.get("id_token");
Object expires_in = resp.get("expires_in");
Object token_type = resp.get("token_tpye");
System.out.println("获取到token......" + access_token);
System.out.println("获取到id_token......" + id_token);
String username = exactUserInfoFromToken((String)access_token);
userDetails = userDetailService.loadUserByUsername(username);
//根据用户名username加载userDetails
UsernamePasswordAuthenticationToken authentication =
new UsernamePasswordAuthenticationToken(userDetails, userDetails.getPassword(),userDetails.getAuthorities());
authentication.setDetails(new WebAuthenticationDetails(request));
SecurityContextHolder.getContext().setAuthentication(authentication);
HttpSession session = request.getSession(true);
session.setAttribute(Constants.JWT_ACCESS_TOKEN, access_token);
session.setAttribute(Constants.JWT_ID_TOKEN, id_token);
session.setAttribute(Constants.JWT_EXPIRES_IN, expires_in);
session.setAttribute(Constants.JWT_TOKEN_TYPE, token_type);
session.setAttribute("SPRING_SECURITY_CONTEXT", SecurityContextHolder.getContext());
}
}
return userDetails;
} catch (Exception e) {
e.printStackTrace();
}
return null;
}
// 视图渲染后执行
@Override
public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception {
}
// 请求处理后,视图渲染前
@Override
public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception {
}
private String exactUserInfoFromToken(String access_token) {
//暂时写死
return "root";
}
}
src/main/java/com/keymobile/login/oauth2/LoginConfig.java deleted 100644 → 0
package com.keymobile.login.oauth2;
import com.keymobile.auth.common.security.CustomizedUserDetailService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.web.client.RestTemplateBuilder;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.client.RestTemplate;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
//@Configuration
public class LoginConfig implements WebMvcConfigurer {
@Autowired
private CustomizedUserDetailService customizedUserDetailService;
@Autowired
private Oauth2Properties oauth2Properties;
@Override
public void addInterceptors(InterceptorRegistry registry) {
// registry.addInterceptor(new LoginInterceptor(oauth2Properties)).excludePathPatterns("/oauth/**");
// registry.addInterceptor(new AccessTokenInterceptor(oauth2Properties,
// new RestTemplateBuilder().basicAuthorization(oauth2Properties.getClientId(),
// oauth2Properties.getClientSecret()).build(), customizedUserDetailService)).excludePathPatterns("/oauth/**");
}
}
\ No newline at end of file
src/main/java/com/keymobile/login/oauth2/LoginInterceptor.java deleted 100644 → 0
package com.keymobile.login.oauth2;
import com.keymobile.login.api.Constants;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.util.StringUtils;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
public class LoginInterceptor implements HandlerInterceptor {
private Oauth2Properties oauth2Properties;
public LoginInterceptor(Oauth2Properties oauth2Properties) {
this.oauth2Properties = oauth2Properties;
}
// 在请求处理之前,只有返回true才会执行请求
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
// 得到session
System.out.println(Thread.currentThread().toString() + "login request url-------------------" + request.getRequestURI());
String code = request.getParameter(Constants.OAUTH_AUTHORIZE_CODE_PARAM);
String state = request.getParameter(Constants.OAUTH_AUTHORIZE_STATE_PARAM);
System.out.println("login request 获取到code" + code + ",获取到state " + state);
if (!StringUtils.isEmpty(code) && !StringUtils.isEmpty(state)) {
return true;
}
try {
UserDetails userDetails = (UserDetails) SecurityContextHolder.getContext().getAuthentication().getPrincipal();
if (null != userDetails) {
return true;
}
} catch (Exception e) {
String authorizeFullUri = getAuthorizeFullUri();
response.sendRedirect(authorizeFullUri);
return false;
}
return true;
}
// 视图渲染后执行
@Override
public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception {
}
// 请求处理后,视图渲染前
@Override
public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception {
}
private String getAuthorizeFullUri() {
String authorizeUri = oauth2Properties.getUserAuthorizationUri();
String clientId = oauth2Properties.getClientId();
String redirectUri = oauth2Properties.getPostLoginRedirectUri();
String response_type = Constants.OAUTH_AUTHORIZE_RESPONSE_TYPE;
String response_mode = Constants.OAUTH_AUTHORIZE_RESPONSE_MODE;
String state = Constants.OAUTH_AUTHORIZE_STATE;
String authorizeFullUri = String.format("%s?client_id=%s&redirect_uri=%s&response_type=%s&state=%s&response_model=%s",
authorizeUri, clientId, redirectUri, response_type, state, response_mode);
return authorizeFullUri;
}
}
\ No newline at end of file
src/main/java/com/keymobile/login/oauth2/Oauth2Properties.java
...@@ -99,13 +99,13 @@ public class Oauth2Properties { ...@@ -99,13 +99,13 @@ public class Oauth2Properties {
public String getAuthorizeFullUri() { public String getAuthorizeFullUri() {
String authorizeUri = getUserAuthorizationUri(); String authorizeUri = getUserAuthorizationUri();
String clientId = getClientId(); String cliId = getClientId();
String redirectUri = getPostLoginRedirectUri(); String redirectUri = getPostLoginRedirectUri();
String response_type = Constants.OAUTH_AUTHORIZE_RESPONSE_TYPE; String response_type = Constants.OAUTH_AUTHORIZE_RESPONSE_TYPE;
String response_mode = Constants.OAUTH_AUTHORIZE_RESPONSE_MODE; String response_mode = Constants.OAUTH_AUTHORIZE_RESPONSE_MODE;
String state = Constants.OAUTH_AUTHORIZE_STATE; String state = Constants.OAUTH_AUTHORIZE_STATE;
String authorizeFullUri = String.format("%s?client_id=%s&redirect_uri=%s&response_type=%s&state=%s&response_model=%s", String authorizeFullUri = String.format("%s?client_id=%s&redirect_uri=%s&response_type=%s&state=%s&response_model=%s",
authorizeUri, clientId, redirectUri, response_type, state, response_mode); authorizeUri, cliId, redirectUri, response_type, state, response_mode);
return authorizeFullUri; return authorizeFullUri;
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment