diff --git a/xs-api/src/main/java/com/xiang/xservice/auth/api/api/TokenApi.java b/xs-api/src/main/java/com/xiang/xservice/auth/api/api/TokenApi.java new file mode 100644 index 0000000..191eb45 --- /dev/null +++ b/xs-api/src/main/java/com/xiang/xservice/auth/api/api/TokenApi.java @@ -0,0 +1,4 @@ +package com.xiang.xservice.auth.api.api; + +public interface TokenApi { +} diff --git a/xs-server/src/main/resources/application-local.yml b/xs-server/src/main/resources/application-local.yml index c3593ab..9429b7c 100644 --- a/xs-server/src/main/resources/application-local.yml +++ b/xs-server/src/main/resources/application-local.yml @@ -20,4 +20,8 @@ spring: max-active: 8 max-idle: 8 min-idle: 0 - max-wait: 1000 \ No newline at end of file + max-wait: 1000 + +user: + auth: + issuer: http://127.0.0.1:38011 \ No newline at end of file diff --git a/xs-service/src/main/java/com/xiang/xservice/auth/service/config/AuthorizationServerConfig.java b/xs-service/src/main/java/com/xiang/xservice/auth/service/config/AuthorizationServerConfig.java index e437f0c..45fbc2c 100644 --- a/xs-service/src/main/java/com/xiang/xservice/auth/service/config/AuthorizationServerConfig.java +++ b/xs-service/src/main/java/com/xiang/xservice/auth/service/config/AuthorizationServerConfig.java @@ -5,16 +5,17 @@ import com.nimbusds.jose.jwk.RSAKey; import com.nimbusds.jose.jwk.source.JWKSource; import com.nimbusds.jose.proc.SecurityContext; import com.xiang.xservice.basic.utils.JwkUtils; +import org.springframework.beans.factory.annotation.Value; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.core.annotation.Order; import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.authentication.ProviderManager; import org.springframework.security.authentication.dao.DaoAuthenticationProvider; -import org.springframework.security.config.Customizer; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.http.SessionCreationPolicy; import org.springframework.security.core.userdetails.UserDetailsService; +import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import org.springframework.security.crypto.password.PasswordEncoder; import org.springframework.security.oauth2.core.AuthorizationGrantType; import org.springframework.security.oauth2.core.ClientAuthenticationMethod; @@ -34,6 +35,9 @@ import java.util.UUID; @Configuration(proxyBeanMethods = false) public class AuthorizationServerConfig { + @Value("${user.auth.issuer}") + private String issuer; + @Bean @Order(1) public SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) @@ -52,24 +56,12 @@ public class AuthorizationServerConfig { .anyRequest().authenticated() ) .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS)); - return http.build(); } @Bean - public RegisteredClientRepository registeredClientRepository() { - RegisteredClient registeredClient = RegisteredClient.withId(UUID.randomUUID().toString()) - .clientId("messaging-client") - .clientSecret("{noop}secret") // 演示用,生产请加密 - .clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_BASIC) - .authorizationGrantType(AuthorizationGrantType.PASSWORD) - .authorizationGrantType(AuthorizationGrantType.REFRESH_TOKEN) - .scope("message.read") - .scope("message.write") - .clientSettings(ClientSettings.builder().requireAuthorizationConsent(true).build()) - .build(); - - return new InMemoryRegisteredClientRepository(registeredClient); + public PasswordEncoder passwordEncoder() { + return new BCryptPasswordEncoder(); } @Bean @@ -81,6 +73,21 @@ public class AuthorizationServerConfig { return new ProviderManager(provider); } + @Bean + public RegisteredClientRepository registeredClientRepository(PasswordEncoder passwordEncoder) { + RegisteredClient registeredClient = RegisteredClient.withId(UUID.randomUUID().toString()) + .clientId("messaging-client") + .clientSecret(passwordEncoder.encode("secret")) // 演示用,生产请加密 + .clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_BASIC) + .authorizationGrantType(AuthorizationGrantType.PASSWORD) + .authorizationGrantType(AuthorizationGrantType.REFRESH_TOKEN) + .scope("message.read") + .scope("message.write") + .clientSettings(ClientSettings.builder().requireAuthorizationConsent(true).build()) + .build(); + // todo 暂时内存保存,后续需要配合数据库保存 + return new InMemoryRegisteredClientRepository(registeredClient); + } @Bean public JWKSource jwkSource() { @@ -97,7 +104,7 @@ public class AuthorizationServerConfig { @Bean public AuthorizationServerSettings authorizationServerSettings() { return AuthorizationServerSettings.builder() - .issuer("http://auth-server:9000") // 你的认证服务器地址 + .issuer(issuer) .build(); } } diff --git a/xs-service/src/main/java/com/xiang/xservice/auth/service/config/SecurityConfig.java b/xs-service/src/main/java/com/xiang/xservice/auth/service/config/SecurityConfig.java deleted file mode 100644 index 49dbf9e..0000000 --- a/xs-service/src/main/java/com/xiang/xservice/auth/service/config/SecurityConfig.java +++ /dev/null @@ -1,38 +0,0 @@ -package com.xiang.xservice.auth.service.config; - -import org.springframework.context.annotation.Bean; -import org.springframework.context.annotation.Configuration; -import org.springframework.security.config.Customizer; -import org.springframework.security.config.annotation.web.builders.HttpSecurity; -import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; -import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; -import org.springframework.security.crypto.password.PasswordEncoder; -import org.springframework.security.web.SecurityFilterChain; - -@Configuration -@EnableWebSecurity -public class SecurityConfig { - - @Bean - public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { - http - // 关闭 csrf(如果是前后端分离推荐关闭) - .csrf().disable() - - // 授权规则 - .authorizeHttpRequests(auth -> auth - .antMatchers("/public/auth/login", "/public/auth/register").permitAll() // 登录注册放行 - .anyRequest().authenticated() // 其他请求需要认证 - ) - // 登出配置 - .logout(Customizer.withDefaults()); - - return http.build(); - } - - // 密码加密器 - @Bean - public PasswordEncoder passwordEncoder() { - return new BCryptPasswordEncoder(); - } -} diff --git a/xs-service/src/main/java/com/xiang/xservice/auth/service/service/CustomUserDetailsService.java b/xs-service/src/main/java/com/xiang/xservice/auth/service/service/CustomUserDetailsService.java index 124c057..07f87ac 100644 --- a/xs-service/src/main/java/com/xiang/xservice/auth/service/service/CustomUserDetailsService.java +++ b/xs-service/src/main/java/com/xiang/xservice/auth/service/service/CustomUserDetailsService.java @@ -27,7 +27,6 @@ public class CustomUserDetailsService implements UserDetailsService { .withUsername(user.getUsername()) .password(user.getPassword()) // 已经加密的 .authorities("admin") -// .roles(user.getRole()) // 角色 .build(); } }