xservice/xservice-auth-center
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

perf:密码登录优化

Browse Source
This commit is contained in:
xiang
2025-08-24 15:14:55 +08:00
parent 3a533e98bc
commit 72965b8922
5 changed files with 32 additions and 56 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
xs-api/src/main/java/com/xiang/xservice/auth/api/api/TokenApi.java Normal file
View File

@@ -0,0 +1,4 @@
package com.xiang.xservice.auth.api.api;
public interface TokenApi {
}

4
xs-server/src/main/resources/application-local.yml
View File

@@ -21,3 +21,7 @@ spring:
max-idle: 8 max-idle: 8
min-idle: 0 min-idle: 0
max-wait: 1000 max-wait: 1000
user:
auth:
issuer: http://127.0.0.1:38011

39
xs-service/src/main/java/com/xiang/xservice/auth/service/config/AuthorizationServerConfig.java
View File

@@ -5,16 +5,17 @@ import com.nimbusds.jose.jwk.RSAKey;
import com.nimbusds.jose.jwk.source.JWKSource; import com.nimbusds.jose.jwk.source.JWKSource;
import com.nimbusds.jose.proc.SecurityContext; import com.nimbusds.jose.proc.SecurityContext;
import com.xiang.xservice.basic.utils.JwkUtils; import com.xiang.xservice.basic.utils.JwkUtils;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order; import org.springframework.core.annotation.Order;
import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.ProviderManager; import org.springframework.security.authentication.ProviderManager;
import org.springframework.security.authentication.dao.DaoAuthenticationProvider; import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
import org.springframework.security.config.Customizer;
import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.http.SessionCreationPolicy; import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder; import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.oauth2.core.AuthorizationGrantType; import org.springframework.security.oauth2.core.AuthorizationGrantType;
import org.springframework.security.oauth2.core.ClientAuthenticationMethod; import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
@@ -34,6 +35,9 @@ import java.util.UUID;
@Configuration(proxyBeanMethods = false) @Configuration(proxyBeanMethods = false)
public class AuthorizationServerConfig { public class AuthorizationServerConfig {
@Value("${user.auth.issuer}")
private String issuer;
@Bean @Bean
@Order(1) @Order(1)
public SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) public SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http)
@@ -52,24 +56,12 @@ public class AuthorizationServerConfig {
.anyRequest().authenticated() .anyRequest().authenticated()
) )
.sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS)); .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS));
return http.build(); return http.build();
} }
@Bean @Bean
public RegisteredClientRepository registeredClientRepository() { public PasswordEncoder passwordEncoder() {
RegisteredClient registeredClient = RegisteredClient.withId(UUID.randomUUID().toString()) return new BCryptPasswordEncoder();
.clientId("messaging-client")
.clientSecret("{noop}secret") // 演示用,生产请加密
.clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_BASIC)
.authorizationGrantType(AuthorizationGrantType.PASSWORD)
.authorizationGrantType(AuthorizationGrantType.REFRESH_TOKEN)
.scope("message.read")
.scope("message.write")
.clientSettings(ClientSettings.builder().requireAuthorizationConsent(true).build())
.build();
return new InMemoryRegisteredClientRepository(registeredClient);
} }
@Bean @Bean
@@ -81,6 +73,21 @@ public class AuthorizationServerConfig {
return new ProviderManager(provider); return new ProviderManager(provider);
} }
@Bean
public RegisteredClientRepository registeredClientRepository(PasswordEncoder passwordEncoder) {
RegisteredClient registeredClient = RegisteredClient.withId(UUID.randomUUID().toString())
.clientId("messaging-client")
.clientSecret(passwordEncoder.encode("secret")) // 演示用,生产请加密
.clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_BASIC)
.authorizationGrantType(AuthorizationGrantType.PASSWORD)
.authorizationGrantType(AuthorizationGrantType.REFRESH_TOKEN)
.scope("message.read")
.scope("message.write")
.clientSettings(ClientSettings.builder().requireAuthorizationConsent(true).build())
.build();
// todo 暂时内存保存,后续需要配合数据库保存
return new InMemoryRegisteredClientRepository(registeredClient);
}
@Bean @Bean
public JWKSource<SecurityContext> jwkSource() { public JWKSource<SecurityContext> jwkSource() {
@@ -97,7 +104,7 @@ public class AuthorizationServerConfig {
@Bean @Bean
public AuthorizationServerSettings authorizationServerSettings() { public AuthorizationServerSettings authorizationServerSettings() {
return AuthorizationServerSettings.builder() return AuthorizationServerSettings.builder()
.issuer("http://auth-server:9000") // 你的认证服务器地址 .issuer(issuer)
.build(); .build();
} }
} }

38
xs-service/src/main/java/com/xiang/xservice/auth/service/config/SecurityConfig.java
View File

@@ -1,38 +0,0 @@
package com.xiang.xservice.auth.service.config;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.Customizer;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.SecurityFilterChain;
@Configuration
@EnableWebSecurity
public class SecurityConfig {
@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http
// 关闭 csrf如果是前后端分离推荐关闭
.csrf().disable()
// 授权规则
.authorizeHttpRequests(auth -> auth
.antMatchers("/public/auth/login", "/public/auth/register").permitAll() // 登录注册放行
.anyRequest().authenticated() // 其他请求需要认证
)
// 登出配置
.logout(Customizer.withDefaults());
return http.build();
}
// 密码加密器
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
}

1
xs-service/src/main/java/com/xiang/xservice/auth/service/service/CustomUserDetailsService.java
View File

@@ -27,7 +27,6 @@ public class CustomUserDetailsService implements UserDetailsService {
.withUsername(user.getUsername()) .withUsername(user.getUsername())
.password(user.getPassword()) // 已经加密的 .password(user.getPassword()) // 已经加密的
.authorities("admin") .authorities("admin")
// .roles(user.getRole()) // 角色
.build(); .build();
} }
} }