若依 1.0

ruoyi-auth/pom.xml

@@ -0,0 +1,79 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <parent>
+        <groupId>com.ruoyi</groupId>
+        <artifactId>ruoyi</artifactId>
+        <version>1.0.0</version>
+    </parent>
+    <modelVersion>4.0.0</modelVersion>
+    
+    <artifactId>ruoyi-auth</artifactId>
+	
+    <description>
+        ruoyi-auth认证授权中心
+    </description>
+    
+    <dependencies>
+        
+        <!-- SpringCloud Ailibaba Nacos -->
+        <dependency>
+            <groupId>com.alibaba.cloud</groupId>
+            <artifactId>spring-cloud-starter-alibaba-nacos-discovery</artifactId>
+        </dependency>
+        
+        <!-- SpringCloud Ailibaba Nacos Config -->
+        <dependency>
+            <groupId>com.alibaba.cloud</groupId>
+            <artifactId>spring-cloud-starter-alibaba-nacos-config</artifactId>
+        </dependency>
+        
+        <!-- SpringCloud Netflix Hystrix -->
+        <dependency>
+            <groupId>org.springframework.cloud</groupId>
+            <artifactId>spring-cloud-starter-netflix-hystrix</artifactId>
+        </dependency>
+		
+        <!-- SpringBoot Web -->
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-web</artifactId>
+        </dependency>
+        
+        <!-- Mysql Connector -->
+        <dependency>
+            <groupId>mysql</groupId>
+            <artifactId>mysql-connector-java</artifactId>
+        </dependency>
+		
+        <!-- RuoYi Common Security-->
+        <dependency>
+            <groupId>com.ruoyi</groupId>
+            <artifactId>ruoyi-common-security</artifactId>
+        </dependency>
+        
+        <!-- RuoYi Common Redis-->
+        <dependency>
+            <groupId>com.ruoyi</groupId>
+            <artifactId>ruoyi-common-redis</artifactId>
+        </dependency>
+        
+    </dependencies>
+	
+    <build>
+        <plugins>
+            <plugin>
+                <groupId>org.springframework.boot</groupId>
+                <artifactId>spring-boot-maven-plugin</artifactId>
+                <executions>
+                    <execution>
+                        <goals>
+                            <goal>repackage</goal>
+                        </goals>
+                    </execution>
+                </executions>
+            </plugin>
+        </plugins>
+    </build>
+   
+</project>

ruoyi-auth/src/main/java/com/ruoyi/auth/RuoYiAuthApplication.java

@@ -0,0 +1,30 @@
+package com.ruoyi.auth;
+
+import org.springframework.boot.SpringApplication;
+import org.springframework.cloud.client.SpringCloudApplication;
+import com.ruoyi.common.security.annotation.EnableRyFeignClients;
+
+/**
+ * 认证授权中心
+ * 
+ * @author ruoyi
+ */
+@EnableRyFeignClients
+@SpringCloudApplication
+public class RuoYiAuthApplication
+{
+    public static void main(String[] args)
+    {
+        SpringApplication.run(RuoYiAuthApplication.class, args);
+        System.out.println("(♥◠‿◠)ﾉﾞ  认证授权中心启动成功   ლ(´ڡ`ლ)ﾞ  \n" +
+                " .-------.       ____     __        \n" +
+                " |  _ _   \\      \\   \\   /  /    \n" +
+                " | ( ' )  |       \\  _. /  '       \n" +
+                " |(_ o _) /        _( )_ .'         \n" +
+                " | (_,_).' __  ___(_ o _)'          \n" +
+                " |  |\\ \\  |  ||   |(_,_)'         \n" +
+                " |  | \\ `'   /|   `-'  /           \n" +
+                " |  |  \\    /  \\      /           \n" +
+                " ''-'   `'-'    `-..-'              ");
+    }
+}

ruoyi-auth/src/main/java/com/ruoyi/auth/config/AuthServerConfig.java

@@ -0,0 +1,139 @@
+package com.ruoyi.auth.config;
+
+import java.util.LinkedHashMap;
+import java.util.Map;
+import javax.sql.DataSource;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.data.redis.connection.RedisConnectionFactory;
+import org.springframework.http.HttpMethod;
+import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.oauth2.common.DefaultOAuth2AccessToken;
+import org.springframework.security.oauth2.common.OAuth2AccessToken;
+import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
+import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
+import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
+import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
+import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;
+import org.springframework.security.oauth2.provider.OAuth2Authentication;
+import org.springframework.security.oauth2.provider.token.TokenEnhancer;
+import org.springframework.security.oauth2.provider.token.TokenStore;
+import org.springframework.security.oauth2.provider.token.store.redis.RedisTokenStore;
+import com.ruoyi.auth.exception.CustomWebResponseExceptionTranslator;
+import com.ruoyi.common.core.constant.CacheConstants;
+import com.ruoyi.common.core.constant.SecurityConstants;
+import com.ruoyi.common.security.domain.LoginUser;
+import com.ruoyi.common.security.service.RedisClientDetailsService;
+
+/**
+ * OAuth2 认证服务配置
+ * 
+ * @author ruoyi
+ */
+@Configuration
+@EnableAuthorizationServer
+public class AuthServerConfig extends AuthorizationServerConfigurerAdapter
+{
+    @Autowired
+    private AuthenticationManager authenticationManager;
+
+    @Autowired
+    private DataSource dataSource;
+
+    @Autowired
+    private RedisConnectionFactory redisConnectionFactory;
+
+    @Autowired
+    private UserDetailsService userDetailsService;
+
+    @Autowired
+    private TokenEnhancer tokenEnhancer;
+
+    /**
+     * 定义授权和令牌端点以及令牌服务
+     */
+    @Override
+    public void configure(AuthorizationServerEndpointsConfigurer endpoints)
+    {
+        endpoints
+                // 请求方式
+                .allowedTokenEndpointRequestMethods(HttpMethod.GET, HttpMethod.POST)
+                // 指定token存储位置
+                .tokenStore(tokenStore())
+                // 自定义生成令牌
+                .tokenEnhancer(tokenEnhancer)
+                // 用户账号密码认证
+                .userDetailsService(userDetailsService)
+                // 指定认证管理器
+                .authenticationManager(authenticationManager)
+                // 是否重复使用 refresh_token
+                .reuseRefreshTokens(false)
+                // 自定义异常处理
+                .exceptionTranslator(new CustomWebResponseExceptionTranslator());
+    }
+
+    /**
+     * 配置令牌端点(Token Endpoint)的安全约束
+     */
+    @Override
+    public void configure(AuthorizationServerSecurityConfigurer oauthServer)
+    {
+        oauthServer.allowFormAuthenticationForClients().checkTokenAccess("permitAll()");
+    }
+
+    /**
+     * 声明 ClientDetails实现
+     */
+    public RedisClientDetailsService clientDetailsService()
+    {
+        RedisClientDetailsService clientDetailsService = new RedisClientDetailsService(dataSource);
+        return clientDetailsService;
+    }
+
+    /**
+     * 配置客户端详情
+     */
+    @Override
+    public void configure(ClientDetailsServiceConfigurer clients) throws Exception
+    {
+        clients.withClientDetails(clientDetailsService());
+    }
+
+    /**
+     * 基于 Redis 实现，令牌保存到缓存
+     */
+    @Bean
+    public TokenStore tokenStore()
+    {
+        RedisTokenStore tokenStore = new RedisTokenStore(redisConnectionFactory);
+        tokenStore.setPrefix(CacheConstants.OAUTH_ACCESS);
+        return tokenStore;
+    }
+
+    /**
+     * 自定义生成令牌
+     */
+    @Bean
+    public TokenEnhancer tokenEnhancer()
+    {
+        return new TokenEnhancer()
+        {
+            @Override
+            public OAuth2AccessToken enhance(OAuth2AccessToken accessToken, OAuth2Authentication authentication)
+            {
+                if (accessToken instanceof DefaultOAuth2AccessToken)
+                {
+                    DefaultOAuth2AccessToken token = (DefaultOAuth2AccessToken) accessToken;
+                    LoginUser user = (LoginUser) authentication.getUserAuthentication().getPrincipal();
+                    Map<String, Object> additionalInformation = new LinkedHashMap<String, Object>();
+                    additionalInformation.put(SecurityConstants.DETAILS_USERNAME, authentication.getName());
+                    additionalInformation.put(SecurityConstants.DETAILS_USER_ID, user.getUserId());
+                    token.setAdditionalInformation(additionalInformation);
+                }
+                return accessToken;
+            };
+        };
+    }
+}

ruoyi-auth/src/main/java/com/ruoyi/auth/config/WebSecurityConfig.java

@@ -0,0 +1,59 @@
+package com.ruoyi.auth.config;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.core.annotation.Order;
+import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.crypto.password.PasswordEncoder;
+
+/**
+ * Security 安全认证相关配置
+ * Oauth2依赖于Security 默认情况下WebSecurityConfig执行比ResourceServerConfig优先
+ * 
+ * @author ruoyi
+ */
+@Order(99)
+@Configuration
+public class WebSecurityConfig extends WebSecurityConfigurerAdapter
+{
+    @Autowired
+    private UserDetailsService userDetailsService;
+
+    @Bean
+    public PasswordEncoder passwordEncoder()
+    {
+        return new BCryptPasswordEncoder();
+    }
+
+    @Bean
+    @Override
+    public AuthenticationManager authenticationManagerBean() throws Exception
+    {
+        return super.authenticationManagerBean();
+    }
+
+    @Override
+    protected void configure(AuthenticationManagerBuilder auth) throws Exception
+    {
+        auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder());
+    }
+
+    @Override
+    protected void configure(HttpSecurity http) throws Exception
+    {
+        http
+        .authorizeRequests()
+        .antMatchers(
+            "/actuator/**",
+            "/oauth/*",
+            "/token/**").permitAll()
+        .anyRequest().authenticated()
+        .and().csrf().disable();
+    }
+}

ruoyi-auth/src/main/java/com/ruoyi/auth/controller/TokenController.java

@@ -0,0 +1,50 @@
+package com.ruoyi.auth.controller;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.http.HttpHeaders;
+import org.springframework.security.oauth2.common.OAuth2AccessToken;
+import org.springframework.security.oauth2.common.OAuth2RefreshToken;
+import org.springframework.security.oauth2.provider.token.TokenStore;
+import org.springframework.web.bind.annotation.DeleteMapping;
+import org.springframework.web.bind.annotation.RequestHeader;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+import com.ruoyi.common.core.domain.R;
+import com.ruoyi.common.core.utils.StringUtils;
+
+/**
+ * token 控制
+ * 
+ * @author ruoyi
+ */
+@RestController
+@RequestMapping("/token")
+public class TokenController
+{
+    @Autowired
+    private TokenStore tokenStore;
+
+    @DeleteMapping("/logout")
+    public R<?> logout(@RequestHeader(value = HttpHeaders.AUTHORIZATION, required = false) String authHeader)
+    {
+        if (StringUtils.isEmpty(authHeader))
+        {
+            return R.ok();
+        }
+
+        String tokenValue = authHeader.replace(OAuth2AccessToken.BEARER_TYPE, StringUtils.EMPTY).trim();
+        OAuth2AccessToken accessToken = tokenStore.readAccessToken(tokenValue);
+        if (accessToken == null || StringUtils.isEmpty(accessToken.getValue()))
+        {
+            return R.ok();
+        }
+
+        // 清空 access token
+        tokenStore.removeAccessToken(accessToken);
+
+        // 清空 refresh token
+        OAuth2RefreshToken refreshToken = accessToken.getRefreshToken();
+        tokenStore.removeRefreshToken(refreshToken);
+        return R.ok();
+    }
+}

ruoyi-auth/src/main/java/com/ruoyi/auth/controller/UserController.java

@@ -0,0 +1,21 @@
+package com.ruoyi.auth.controller;
+
+import java.security.Principal;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+/**
+ * 身份信息获取
+ * 
+ * @author ruoyi
+ */
+@RestController
+@RequestMapping("/oauth")
+public class UserController
+{
+    @RequestMapping("/user")
+    public Principal user(Principal user)
+    {
+        return user;
+    }
+}

ruoyi-auth/src/main/java/com/ruoyi/auth/exception/CustomWebResponseExceptionTranslator.java

@@ -0,0 +1,21 @@
+package com.ruoyi.auth.exception;
+
+import javax.servlet.http.HttpServletResponse;
+import org.springframework.http.ResponseEntity;
+import org.springframework.security.oauth2.common.exceptions.OAuth2Exception;
+import org.springframework.security.oauth2.provider.error.WebResponseExceptionTranslator;
+
+/**
+ * OAuth2 自定义异常处理
+ * 
+ * @author ruoyi
+ */
+public class CustomWebResponseExceptionTranslator implements WebResponseExceptionTranslator<OAuth2Exception>
+{
+    @Override
+    public ResponseEntity<OAuth2Exception> translate(Exception e)
+    {
+        OAuth2Exception oAuth2Exception = (OAuth2Exception) e;
+        return ResponseEntity.status(HttpServletResponse.SC_UNAUTHORIZED).body(oAuth2Exception);
+    }
+}

ruoyi-auth/src/main/resources/banner.txt

@@ -0,0 +1,10 @@
+Spring Boot Version: ${spring-boot.version}
+Spring Application Name: ${spring.application.name}
+                            _                        _    _     
+                           (_)                      | |  | |    
+ _ __  _   _   ___   _   _  _  ______   __ _  _   _ | |_ | |__  
+| '__|| | | | / _ \ | | | || ||______| / _` || | | || __|| '_ \ 
+| |   | |_| || (_) || |_| || |        | (_| || |_| || |_ | | | |
+|_|    \__,_| \___/  \__, ||_|         \__,_| \__,_| \__||_| |_|
+                      __/ |                                     
+                     |___/                                      

ruoyi-auth/src/main/resources/bootstrap.yml

@@ -0,0 +1,24 @@
+# Tomcat
+server: 
+  port: 9200
+
+# Spring
+spring: 
+  application:
+    # 应用名称
+    name: ruoyi-auth
+  profiles:
+    # 环境配置
+    active: dev
+  cloud:
+    nacos:
+      discovery:
+        # 服务注册地址
+        server-addr: 127.0.0.1:8848
+      config:
+        # 配置中心地址
+        server-addr: 127.0.0.1:8848
+        # 配置文件格式
+        file-extension: yml
+        # 共享配置
+        shared-dataids: application-${spring.profiles.active}.${spring.cloud.nacos.config.file-extension}