feat:token 验签
This commit is contained in:
xiang
3
pom.xml
3
pom.xml
@@ -4,7 +4,7 @@
|
||||
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
|
||||
<parent>
|
||||
<groupId>com.xiang</groupId>
|
||||
<artifactId>xservice-basic</artifactId>
|
||||
<artifactId>xservice-parent-starter</artifactId>
|
||||
<version>2.0</version>
|
||||
</parent>
|
||||
<packaging>pom</packaging>
|
||||
@@ -86,6 +86,7 @@
|
||||
<dependency>
|
||||
<groupId>com.github.pagehelper</groupId>
|
||||
<artifactId>pagehelper-spring-boot-starter</artifactId>
|
||||
<version>1.4.7</version>
|
||||
</dependency>
|
||||
</dependencies>
|
||||
|
||||
|
||||
28
xs-server/src/main/resources/keys/rsa-private.pem
Normal file
28
xs-server/src/main/resources/keys/rsa-private.pem
Normal file
@@ -0,0 +1,28 @@
|
||||
-----BEGIN PRIVATE KEY-----
|
||||
MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQD7JdqQe8W8byYT
|
||||
KuPK7STLYO5TTe5uWhHj1SLq7Xoj1y0agO+x1X3/dUA1X/k5Dd2rmkmIU2VoB/9c
|
||||
aoE5naXUhVfE9wDsl5AKdWRCn1PKvuofd/0kuGFS44tNQcLGtDD7e8CQQJZJPZVS
|
||||
Z8F2nlHjYSTUPVvi77hKG21qoZLEa0F+TYfqgOohabQtxeBAnyRW50/g281Bqd3w
|
||||
ntfM0aKfW9fsFhJnk+AlXWaqxQKkhtzMmKVeqLNfJnXvhgUA6QbnzHPtPxF+fLEx
|
||||
BNnBEPF8CsQFVdt1TtsQlfCzVMTMibZU2CcwtqHUP1maEcH5zV5whPfgkahejiNm
|
||||
L08Jw74VAgMBAAECggEACJHb0pGHh4IkF/XmM6Qs6xMFYmqmvRkf0JjoTYDl9+JW
|
||||
Y9RMYKfqy+Yius+GSNRjPWS7p38MHkiysGL/F7uYyCwvhwU3x+kugM2+/+gWqyaT
|
||||
WnwYgZ4YXIRu2ieFr4xq1symnzO14nDny4uqB9PEZFd7wS4I0ZShe5yLM6Yai88V
|
||||
0Jm6Hi9RcC5efiE4tWismBKaP13WXamAVySROW30lEaMgyI66DNYgs+RHiZgAFP7
|
||||
u7raUD07xrk6eV6YnG/9EvS/oqV+IPEacY+bP3ZUqvPMI50tLTEVN1yJXrr4T3kS
|
||||
W1TiApaL87rdDCYem7rtIury+JcSadaI6lwP5OhmLwKBgQD/4mSrFi30IzD6LFam
|
||||
N7CYBxSleWgha2fHuycDGNGcXDCn3y4JuqTMRpV1c9F5emPPv1E3ELj4plz/NnVr
|
||||
67SkCs3nqoSRjyXJKhN/kJqM/NB+Ic1UgXeI+wGMkfkUHrQ6T6SghYVxWW+hQKm8
|
||||
IeV7aVJiM01/Ze938cnJuWd17wKBgQD7QumZzRTMkmnmSFCpOhs2Y3B8JYrJsJXY
|
||||
PeYkxea/7brDyuIdWKt0kl9EvpsrIzTe0t4LYV3Vmmfh15PNZp4PEr30NEBxeVOO
|
||||
HoglNfyJgP/nvhOGYesNhqPlK96/ajEvu7FpFHwDje5RKRWxCK5qhZneDy0ppjWb
|
||||
6seshN1wOwKBgQDqNPxxP/bFu6Qrh4Oz1cs0C18RakMuO5Gc1acKhZ/tntAGBxer
|
||||
XgNS2dQY0e5MYwKSdwlN/mdfZ149Vko5gl8vupfmUEPQuxYZvwJjwyZCn2/x0tyO
|
||||
WYXggeZUFJPHn6bUrGsBZdTS/8pV7Mqu4NOblrYKHez0C4gY390TXzjcTwKBgQDR
|
||||
mD6fYrjf8Z7PTzGiCOucUhUKKpL8rgZBbVknAcL8BYZPP1Whn07fHh7EjK+Jq4O2
|
||||
AHbjTWRmA7h2Z0tPAzQEZOD57gB35/pwSj3NtJwl4+sU2LUW22WlUdQ0HoVgbWf8
|
||||
ZniWrFTK7kGHiFsk45YDG9F/sG8/F/wORSotWmQR8wKBgQDqrlyvMCwiJHW7vOPs
|
||||
ih+utzIvtZ8D4fxzEFluTUqubAAl3N+81NuRJuEFIJLjIAeTNOHj1IdlPj5oe0aa
|
||||
IYOzoB2+xJxnLPbvI1tTat/pqgXxPY24/9c9rBoTCsJboTPb0fMh1nHxTZvny4tB
|
||||
jP7d5EBvIMWnCEuTo4y39ZFsMA==
|
||||
-----END PRIVATE KEY-----
|
||||
9
xs-server/src/main/resources/keys/rsa-public.pem
Normal file
9
xs-server/src/main/resources/keys/rsa-public.pem
Normal file
@@ -0,0 +1,9 @@
|
||||
-----BEGIN PUBLIC KEY-----
|
||||
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+yXakHvFvG8mEyrjyu0k
|
||||
y2DuU03ubloR49Ui6u16I9ctGoDvsdV9/3VANV/5OQ3dq5pJiFNlaAf/XGqBOZ2l
|
||||
1IVXxPcA7JeQCnVkQp9Tyr7qH3f9JLhhUuOLTUHCxrQw+3vAkECWST2VUmfBdp5R
|
||||
42Ek1D1b4u+4ShttaqGSxGtBfk2H6oDqIWm0LcXgQJ8kVudP4NvNQand8J7XzNGi
|
||||
n1vX7BYSZ5PgJV1mqsUCpIbczJilXqizXyZ174YFAOkG58xz7T8RfnyxMQTZwRDx
|
||||
fArEBVXbdU7bEJXws1TEzIm2VNgnMLah1D9ZmhHB+c1ecIT34JGoXo4jZi9PCcO+
|
||||
FQIDAQAB
|
||||
-----END PUBLIC KEY-----
|
||||
@@ -1,10 +1,5 @@
|
||||
package com.xiang.xservice.auth.service.config;
|
||||
|
||||
import com.nimbusds.jose.jwk.JWKSet;
|
||||
import com.nimbusds.jose.jwk.RSAKey;
|
||||
import com.nimbusds.jose.jwk.source.JWKSource;
|
||||
import com.nimbusds.jose.proc.SecurityContext;
|
||||
import com.xiang.xservice.basic.utils.JwkUtils;
|
||||
import lombok.RequiredArgsConstructor;
|
||||
import org.springframework.beans.factory.annotation.Value;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
@@ -22,9 +17,6 @@ import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
|
||||
import org.springframework.security.crypto.password.PasswordEncoder;
|
||||
import org.springframework.security.oauth2.core.AuthorizationGrantType;
|
||||
import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
|
||||
import org.springframework.security.oauth2.jwt.JwtDecoder;
|
||||
import org.springframework.security.oauth2.jwt.JwtEncoder;
|
||||
import org.springframework.security.oauth2.jwt.NimbusJwtEncoder;
|
||||
import org.springframework.security.oauth2.server.authorization.client.JdbcRegisteredClientRepository;
|
||||
import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
|
||||
import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository;
|
||||
@@ -138,18 +130,6 @@ public class AuthorizationServerConfig {
|
||||
return repository;
|
||||
}
|
||||
|
||||
@Bean
|
||||
public JWKSource<SecurityContext> jwkSource() {
|
||||
RSAKey rsaKey = JwkUtils.generateRsa();
|
||||
JWKSet jwkSet = new JWKSet(rsaKey);
|
||||
return (jwkSelector, securityContext) -> jwkSelector.select(jwkSet);
|
||||
}
|
||||
|
||||
@Bean
|
||||
public JwtEncoder jwtEncoder(JWKSource<SecurityContext> jwkSource) {
|
||||
return new NimbusJwtEncoder(jwkSource);
|
||||
}
|
||||
|
||||
@Bean
|
||||
public AuthorizationServerSettings authorizationServerSettings() {
|
||||
return AuthorizationServerSettings.builder()
|
||||
@@ -157,9 +137,5 @@ public class AuthorizationServerConfig {
|
||||
.build();
|
||||
}
|
||||
|
||||
@Bean
|
||||
public JwtDecoder jwtDecoder(JWKSource<SecurityContext> jwkSource) {
|
||||
return OAuth2AuthorizationServerConfiguration.jwtDecoder(jwkSource);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -0,0 +1,71 @@
|
||||
package com.xiang.xservice.auth.service.config;
|
||||
|
||||
import com.nimbusds.jose.jwk.JWKSet;
|
||||
import com.nimbusds.jose.jwk.RSAKey;
|
||||
import com.nimbusds.jose.jwk.source.JWKSource;
|
||||
import com.nimbusds.jose.proc.SecurityContext;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.core.io.ClassPathResource;
|
||||
import org.springframework.security.oauth2.jwt.JwtDecoder;
|
||||
import org.springframework.security.oauth2.jwt.JwtEncoder;
|
||||
import org.springframework.security.oauth2.jwt.NimbusJwtEncoder;
|
||||
import org.springframework.security.oauth2.server.authorization.config.annotation.web.configuration.OAuth2AuthorizationServerConfiguration;
|
||||
|
||||
import java.io.InputStream;
|
||||
import java.nio.charset.StandardCharsets;
|
||||
import java.security.KeyFactory;
|
||||
import java.security.interfaces.RSAPrivateKey;
|
||||
import java.security.interfaces.RSAPublicKey;
|
||||
import java.security.spec.PKCS8EncodedKeySpec;
|
||||
import java.security.spec.X509EncodedKeySpec;
|
||||
import java.util.Base64;
|
||||
|
||||
@Configuration
|
||||
public class JwtConfig {
|
||||
|
||||
private RSAPrivateKey loadPrivateKey(String classpath) throws Exception {
|
||||
InputStream is = new ClassPathResource(classpath).getInputStream();
|
||||
String key = new String(is.readAllBytes(), StandardCharsets.UTF_8)
|
||||
.replace("-----BEGIN PRIVATE KEY-----", "")
|
||||
.replace("-----END PRIVATE KEY-----", "")
|
||||
.replaceAll("\\s+", "");
|
||||
PKCS8EncodedKeySpec spec = new PKCS8EncodedKeySpec(Base64.getDecoder().decode(key));
|
||||
return (RSAPrivateKey) KeyFactory.getInstance("RSA").generatePrivate(spec);
|
||||
}
|
||||
|
||||
private RSAPublicKey loadPublicKey(String classpath) throws Exception {
|
||||
InputStream is = new ClassPathResource(classpath).getInputStream();
|
||||
String key = new String(is.readAllBytes(), StandardCharsets.UTF_8)
|
||||
.replace("-----BEGIN PUBLIC KEY-----", "")
|
||||
.replace("-----END PUBLIC KEY-----", "")
|
||||
.replaceAll("\\s+", "");
|
||||
X509EncodedKeySpec spec = new X509EncodedKeySpec(Base64.getDecoder().decode(key));
|
||||
return (RSAPublicKey) KeyFactory.getInstance("RSA").generatePublic(spec);
|
||||
}
|
||||
|
||||
@Bean
|
||||
public JWKSource<SecurityContext> jwkSource() throws Exception {
|
||||
// 使用RSA对称加密进行加密
|
||||
RSAPublicKey publicKey = loadPublicKey("keys/rsa-public.pem");
|
||||
RSAPrivateKey privateKey = loadPrivateKey("keys/rsa-private.pem");
|
||||
|
||||
RSAKey rsaKey = new RSAKey.Builder(publicKey)
|
||||
.privateKey(privateKey)
|
||||
.keyID("xservice")
|
||||
.build();
|
||||
|
||||
JWKSet jwkSet = new JWKSet(rsaKey);
|
||||
return (jwkSelector, ctx) -> jwkSelector.select(jwkSet);
|
||||
}
|
||||
|
||||
@Bean
|
||||
public JwtEncoder jwtEncoder(JWKSource<SecurityContext> jwkSource) {
|
||||
return new NimbusJwtEncoder(jwkSource);
|
||||
}
|
||||
|
||||
@Bean
|
||||
public JwtDecoder jwtDecoder(JWKSource<SecurityContext> jwkSource) {
|
||||
return OAuth2AuthorizationServerConfiguration.jwtDecoder(jwkSource);
|
||||
}
|
||||
}
|
||||
@@ -2,6 +2,7 @@ package com.xiang.xservice.auth.service.constants;
|
||||
|
||||
public class RedisConstant {
|
||||
|
||||
public static final String LOGIN_TOKEN = "login:token:";
|
||||
public static final String XS_PERMISSION_ROLE = "auth:permission:role";
|
||||
public static final String XS_SMS_CODE_KEY = "auth:sms:code:key:";
|
||||
public static final String XS_CAPTCHA_CODE_KEY = "auth:captcha:code:key:";
|
||||
|
||||
@@ -95,4 +95,13 @@ public class XUser implements Serializable {
|
||||
* 修改时间
|
||||
*/
|
||||
private LocalDateTime updateTime;
|
||||
|
||||
/**
|
||||
* token
|
||||
*/
|
||||
private String token;
|
||||
/**
|
||||
* 刷新token
|
||||
*/
|
||||
private String refreshToken;
|
||||
}
|
||||
|
||||
@@ -17,6 +17,7 @@ import com.xiang.xservice.auth.api.dto.resp.LoginResp;
|
||||
import com.xiang.xservice.auth.api.dto.resp.RegisterResp;
|
||||
import com.xiang.xservice.auth.api.dto.resp.UserDTO;
|
||||
import com.xiang.xservice.auth.api.dto.resp.UserResp;
|
||||
import com.xiang.xservice.auth.service.constants.RedisConstant;
|
||||
import com.xiang.xservice.auth.service.convert.XDeptConvert;
|
||||
import com.xiang.xservice.auth.service.convert.XPermissionConvert;
|
||||
import com.xiang.xservice.auth.service.convert.XRoleConvert;
|
||||
@@ -40,15 +41,19 @@ import com.xiang.xservice.auth.service.service.XUserService;
|
||||
import com.xiang.xservice.basic.enums.DelStatusEnum;
|
||||
import com.xiang.xservice.basic.exception.BusinessException;
|
||||
import com.xiang.xservice.basic.utils.PrimaryKeyUtils;
|
||||
import com.xiang.xservice.cache.service.IRedisService;
|
||||
import lombok.RequiredArgsConstructor;
|
||||
import lombok.extern.slf4j.Slf4j;
|
||||
import org.apache.commons.collections4.CollectionUtils;
|
||||
import org.apache.commons.lang3.StringUtils;
|
||||
import org.springframework.security.authentication.AuthenticationManager;
|
||||
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.core.context.SecurityContextHolder;
|
||||
import org.springframework.security.crypto.password.PasswordEncoder;
|
||||
import org.springframework.security.oauth2.jwt.Jwt;
|
||||
import org.springframework.security.oauth2.jwt.JwtClaimsSet;
|
||||
import org.springframework.security.oauth2.jwt.JwtDecoder;
|
||||
import org.springframework.security.oauth2.jwt.JwtEncoder;
|
||||
import org.springframework.security.oauth2.jwt.JwtEncoderParameters;
|
||||
import org.springframework.stereotype.Service;
|
||||
@@ -59,6 +64,7 @@ import java.time.LocalDateTime;
|
||||
import java.time.temporal.ChronoUnit;
|
||||
import java.util.List;
|
||||
import java.util.Objects;
|
||||
import java.util.concurrent.TimeUnit;
|
||||
import java.util.stream.Collectors;
|
||||
|
||||
@Slf4j
|
||||
@@ -80,6 +86,8 @@ public class XUserServiceImpl implements XUserService {
|
||||
private final XRolePermissionMapper rolePermissionMapper;
|
||||
private final XPermissionMapper permissionMapper;
|
||||
private final XPermissionConvert permissionConvert;
|
||||
private final IRedisService redisService;
|
||||
private final JwtDecoder jwtDecoder;
|
||||
|
||||
@Override
|
||||
public LoginResp login(LoginRequest request) {
|
||||
@@ -106,6 +114,21 @@ public class XUserServiceImpl implements XUserService {
|
||||
}
|
||||
roleCodes.addAll(roles.stream().map(XRole::getCode).toList());
|
||||
}
|
||||
if (StringUtils.isNotBlank(user.getToken())) {
|
||||
try {
|
||||
Jwt jwt = jwtDecoder.decode(user.getToken());
|
||||
if (Objects.nonNull(jwt.getExpiresAt())) {
|
||||
if (jwt.getExpiresAt().isAfter(Instant.now())) {
|
||||
LoginResp loginResp = new LoginResp();
|
||||
loginResp.setToken(user.getToken());
|
||||
loginResp.setUsername(request.getUsername());
|
||||
return loginResp;
|
||||
}
|
||||
}
|
||||
} catch (Exception e) {
|
||||
log.info("jwt解析token失败", e);
|
||||
}
|
||||
}
|
||||
// 生成 token
|
||||
Instant now = Instant.now();
|
||||
|
||||
@@ -121,11 +144,26 @@ public class XUserServiceImpl implements XUserService {
|
||||
.claim("authorities", roleCodes)
|
||||
.build();
|
||||
|
||||
JwtClaimsSet refreshClaims = JwtClaimsSet.builder()
|
||||
// 对应 ProviderSettings.issuer
|
||||
.issuedAt(now)
|
||||
.expiresAt(now.plus(24, ChronoUnit.HOURS))
|
||||
// 自定义 scope
|
||||
.claim("tenantId", user.getTenantId())
|
||||
.build();
|
||||
|
||||
// 2. 编码生成 token
|
||||
String token = jwtEncoder.encode(JwtEncoderParameters.from(claims)).getTokenValue();
|
||||
String refreshToken = jwtEncoder.encode(JwtEncoderParameters.from(refreshClaims)).getTokenValue();
|
||||
LoginResp loginResp = new LoginResp();
|
||||
loginResp.setToken(token);
|
||||
loginResp.setUsername(request.getUsername());
|
||||
// 3. redis缓存token
|
||||
redisService.set(RedisConstant.LOGIN_TOKEN + request.getUsername(), token, 3, TimeUnit.HOURS);
|
||||
// 4. db 存储token
|
||||
user.setToken(token);
|
||||
user.setRefreshToken(refreshToken);
|
||||
userMapper.update(user);
|
||||
return loginResp;
|
||||
}
|
||||
|
||||
|
||||
@@ -20,6 +20,8 @@
|
||||
<result column="update_by" property="updateBy" />
|
||||
<result column="update_time" property="updateTime" />
|
||||
<result column="tenant_id" property="tenantId"/>
|
||||
<result column="token" property="token"/>
|
||||
<result column="refresh_token" property="refreshToken"/>
|
||||
</resultMap>
|
||||
|
||||
<sql id="Base_Column_List">
|
||||
@@ -38,7 +40,9 @@
|
||||
create_time,
|
||||
update_by,
|
||||
update_time,
|
||||
tenant_id
|
||||
tenant_id,
|
||||
token,
|
||||
refresh_token
|
||||
</sql>
|
||||
|
||||
<insert id="insert" useGeneratedKeys="true" keyColumn="id" keyProperty="id" parameterType="com.xiang.xservice.auth.service.entity.XUser">
|
||||
@@ -87,7 +91,13 @@
|
||||
update_time,
|
||||
</if>
|
||||
<if test="tenantId != null">
|
||||
tenant_id
|
||||
tenant_id,
|
||||
</if>
|
||||
<if test="token != null and token != ''">
|
||||
token,
|
||||
</if>
|
||||
<if test="refreshToken != null and refreshToken != ''">
|
||||
refreshToken
|
||||
</if>
|
||||
</trim>
|
||||
<trim prefix="values (" suffix=")" suffixOverrides=",">
|
||||
@@ -134,7 +144,13 @@
|
||||
#{updateTime},
|
||||
</if>
|
||||
<if test="tenantId != null">
|
||||
#{tenantId}
|
||||
#{tenantId},
|
||||
</if>
|
||||
<if test="token != null and token != ''">
|
||||
#{token},
|
||||
</if>
|
||||
<if test="refreshToken != null and refreshToken != ''">
|
||||
#{refreshToken}
|
||||
</if>
|
||||
</trim>
|
||||
</insert>
|
||||
@@ -165,7 +181,9 @@
|
||||
<if test="null != createTime ">create_time = #{createTime},</if>
|
||||
<if test="null != updateBy and '' != updateBy">update_by = #{updateBy},</if>
|
||||
<if test="null != updateTime ">update_time = #{updateTime},</if>
|
||||
<if test="null != tenantId ">tenant_id = #{tenantId}</if>
|
||||
<if test="null != tenantId ">tenant_id = #{tenantId},</if>
|
||||
<if test="null != token and '' != token ">token = #{token},</if>
|
||||
<if test="null != refreshToken and '' != refreshToken ">refresh_token = #{refreshToken}</if>
|
||||
</set>
|
||||
WHERE id = #{id}
|
||||
</update>
|
||||
|
||||
Reference in New Issue
Block a user