Develop

pom.xml

@@ -195,6 +195,21 @@
             <artifactId>simplecaptcha</artifactId>
             <version>1.2.2</version>
         </dependency>
+        <!-- 将token存储在redis中 -->
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-data-redis</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>com.qms.utils</groupId>
+            <artifactId>QmsUtils</artifactId>
+            <version>1.1.6.RELEASE</version>
+        </dependency>
+        <dependency>
+            <groupId>org.projectlombok</groupId>
+            <artifactId>lombok</artifactId>
+            <version>1.16.14</version>
+        </dependency>
     </dependencies>
 
     <dependencyManagement>

src/main/java/com/blueskykong/auth/AuthApplication.java

@@ -1,11 +1,12 @@
 package com.blueskykong.auth;
 
 
-
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
-import org.springframework.cloud.client.discovery.EnableDiscoveryClient;
+import org.springframework.boot.autoconfigure.security.SecurityProperties;
 import org.springframework.cloud.netflix.feign.EnableFeignClients;
+import org.springframework.core.annotation.Order;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 
 /**
  *
@@ -14,9 +15,10 @@
  */
 
 @SpringBootApplication
-//@EnableFeignClients
+@Order(SecurityProperties.ACCESS_OVERRIDE_ORDER)
+@EnableFeignClients
 //@EnableDiscoveryClient
-public class AuthApplication {
+public class AuthApplication extends WebSecurityConfigurerAdapter {
 
     public static void main(String[] args) {
         SpringApplication.run(AuthApplication.class, args);

src/main/java/com/blueskykong/auth/client/feign/UserClient.java

@@ -1,24 +1,27 @@
 package com.blueskykong.auth.client.feign;
 
 
-import com.blueskykong.auth.client.fallback.UserFallbackClient;
+import com.blueskykong.auth.dto.UserInfoDTO;
+import com.qms.utils.entity.GeneralVO;
 import org.springframework.cloud.netflix.feign.FeignClient;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
-
-import java.util.Map;
+import org.springframework.web.bind.annotation.RequestParam;
 
 /**
  * @author keets
  * @date 2017/9/25
  */
-@FeignClient(name = "user", fallback = UserFallbackClient.class)
-public interface UserClient {
 
-    @RequestMapping(method = RequestMethod.POST, value = "/api/users/exists", consumes = {"application/json"}, produces = {"application/json"})
-    Map checkUsernameAndPassword(Map userMap);
-
-    @RequestMapping(method = RequestMethod.POST, value = "/api/users/phoneExists", consumes = {"application/json"}, produces = {"application/json"})
-    Map getUserInformation(Map userCheck);
+//@FeignClient(value = "user", url="https://test.meia8.com/qmsuser/user")
+@FeignClient(value = "user", url="http://localhost:8080/qmsuser/user")
+public interface UserClient {
 
+    /**
+     * 根据c端用户名查询用户详情
+     * @param userName
+     * @return
+     */
+    @RequestMapping(value="/queryInfoByName", method = { RequestMethod.POST})
+    GeneralVO<UserInfoDTO> queryUseInfoByUserName(@RequestParam("userName") String userName);
 }

src/main/java/com/blueskykong/auth/config/oauth/OAuth2Config.java → src/main/java/com/blueskykong/auth/config/oauth/Oauth2Config.java

@@ -1,49 +1,46 @@
 package com.blueskykong.auth.config.oauth;
 
 import com.blueskykong.auth.security.CustomAuthorizationTokenServices;
-import com.blueskykong.auth.security.CustomTokenEnhancer;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.data.redis.connection.RedisConnectionFactory;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
 import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
 import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
 import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
 import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;
-import org.springframework.security.oauth2.provider.client.JdbcClientDetailsService;
 import org.springframework.security.oauth2.provider.error.WebResponseExceptionTranslator;
 import org.springframework.security.oauth2.provider.token.AuthorizationServerTokenServices;
-import org.springframework.security.oauth2.provider.token.store.JdbcTokenStore;
-import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter;
-
-import javax.sql.DataSource;
+import org.springframework.security.oauth2.provider.token.store.redis.RedisTokenStore;
 
 /**
- * Created by keets on 2017/9/25.
+ * 配置Oauth2.0
+ * 1. 配置token存储为redis
+ * 2. 配置用户username,password的数据库验证数据源
+ * 3. 配置内存clientId,secret用于验证请求的client是否合法
+ * @author figo
  */
-
 @Configuration
 @EnableAuthorizationServer
-public class OAuth2Config extends AuthorizationServerConfigurerAdapter {
+public class Oauth2Config extends AuthorizationServerConfigurerAdapter {
 
     @Autowired
     private AuthenticationManager authenticationManager;
 
     @Autowired
-    private DataSource dataSource;
+    private WebResponseExceptionTranslator webResponseExceptionTranslator;
 
     @Autowired
-    private WebResponseExceptionTranslator webResponseExceptionTranslator;
+    private RedisConnectionFactory redisConnectionFactory;
 
-    @Bean
-    public JdbcClientDetailsService clientDetailsService(DataSource dataSource) {
-        return new JdbcClientDetailsService(dataSource);
-    }
+    @Autowired
+    private RedisTokenStore redisTokenStore;
 
     @Bean
-    public JdbcTokenStore tokenStore(DataSource dataSource) {
-        return new JdbcTokenStore(dataSource);
+    public RedisTokenStore tokenStore(RedisConnectionFactory redisConnectionFactory) {
+        return new RedisTokenStore(redisConnectionFactory);
     }
 
     @Override
@@ -53,33 +50,53 @@ public void configure(AuthorizationServerSecurityConfigurer security) throws Exc
 
     @Override
     public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
-        clients.withClientDetails(clientDetailsService(dataSource));
+        //配置客户端,用于password认证
+        clients.inMemory()
+                .withClient("frontend")
+                    .authorizedGrantTypes("password", "refresh_token")
+                    .scopes("select")
+                    .authorities("client")
+                    .secret("frontend")
+                .and()
+                .withClient("waiter")
+                    .authorizedGrantTypes("password", "refresh_token")
+                    .scopes("select")
+                    .authorities("client")
+                    .secret("waiter")
+                .and()
+                .withClient("shop")
+                    .authorizedGrantTypes("password", "refresh_token")
+                    .scopes("select")
+                    .authorities("client")
+                    .secret("shop")
+                .and()
+                .withClient("customer")
+                    .authorizedGrantTypes("password", "refresh_token")
+                    .scopes("select")
+                    .authorities("client")
+                    .secret("customer")
+                .and()
+                    .withClient("platform")
+                    .authorizedGrantTypes("password", "refresh_token")
+                    .scopes("select")
+                    .authorities("client")
+                    .secret("platform");
     }
 
     @Override
     public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
         endpoints.authenticationManager(authenticationManager)
-                .tokenStore(tokenStore(dataSource))
+                .tokenStore(redisTokenStore)
                 .tokenServices(authorizationServerTokenServices())
-                .accessTokenConverter(accessTokenConverter())
                 .exceptionTranslator(webResponseExceptionTranslator);
     }
 
-    @Bean
-    public JwtAccessTokenConverter accessTokenConverter() {
-        JwtAccessTokenConverter converter = new CustomTokenEnhancer();
-        converter.setSigningKey("secret");
-        return converter;
-    }
-
     @Bean
     public AuthorizationServerTokenServices authorizationServerTokenServices() {
         CustomAuthorizationTokenServices customTokenServices = new CustomAuthorizationTokenServices();
-        customTokenServices.setTokenStore(tokenStore(dataSource));
+        customTokenServices.setTokenStore(redisTokenStore);
+        customTokenServices.setAccessTokenValiditySeconds(-1);
         customTokenServices.setSupportRefreshToken(true);
-        customTokenServices.setReuseRefreshToken(true);
-        customTokenServices.setClientDetailsService(clientDetailsService(dataSource));
-        customTokenServices.setTokenEnhancer(accessTokenConverter());
         return customTokenServices;
     }
 }

src/main/java/com/blueskykong/auth/config/oauth/ResourceServerConfig.java

@@ -1,15 +1,13 @@
 package com.blueskykong.auth.config.oauth;
 
 import com.blueskykong.auth.security.filter.CustomLogoutHandler;
-import com.blueskykong.auth.security.filter.CustomSecurityFilter;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
 import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
 import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;
-import org.springframework.security.web.authentication.logout.HttpStatusReturningLogoutSuccessHandler;
 
 /**
  * @author keets
@@ -24,15 +22,13 @@ public void configure(HttpSecurity http) throws Exception {
         http.csrf().disable()
                 .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
                 .and()
-                .requestMatchers().antMatchers("/**")
-                .and().authorizeRequests()
-                .antMatchers("/**").permitAll()
-                .anyRequest().authenticated()
-                .and().logout()
+                .antMatcher("/me")
+                .authorizeRequests().anyRequest().authenticated();
+                /*.and().logout()
                 .logoutUrl("/logout")
                 .clearAuthentication(true)
                 .logoutSuccessHandler(new HttpStatusReturningLogoutSuccessHandler())
-                .addLogoutHandler(customLogoutHandler());
+                .addLogoutHandler(customLogoutHandler());*/
 
         //http.antMatcher("/api/**").addFilterAt(customSecurityFilter(), FilterSecurityInterceptor.class);
 

src/main/java/com/blueskykong/auth/dao/UserDao.java

@@ -0,0 +1,35 @@
+package com.blueskykong.auth.dao;
+
+import org.apache.ibatis.annotations.Mapper;
+
+import java.util.Map;
+
+/**
+ * @author figo
+ */
+@Mapper
+public interface UserDao {
+
+    /**
+     * 获取店铺账户信息
+     * @param map
+     * @return
+     */
+    Map getShopAccount(Map map);
+
+
+    /**
+     * 获取服务员信息
+     * @param map
+     * @return
+     */
+    Map getWaiter(Map map);
+
+    /**
+     * 获取平台用户
+     * @param map
+     * @return
+     */
+    Map getPlatformUser(Map map);
+
+}

src/main/java/com/blueskykong/auth/dao/impl/MybatisClientSecretDAO.java → src/main/java/com/blueskykong/auth/dao/impl/MybatisClientSecretDAOImpl.java

@@ -13,7 +13,7 @@
 import java.util.UUID;
 
 @Repository
-public class MybatisClientSecretDAO implements ClientSecretDAO {
+public class MybatisClientSecretDAOImpl implements ClientSecretDAO {
 
     @Autowired
     private ClientSecretMapper mapper;

src/main/java/com/blueskykong/auth/dao/impl/UserDaoImpl.java

@@ -0,0 +1,49 @@
+package com.blueskykong.auth.dao.impl;
+
+import com.blueskykong.auth.dao.UserDao;
+import com.blueskykong.auth.dao.mapper.UserMapper;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Repository;
+
+import java.util.Map;
+
+/**
+ * @author figo
+ */
+@Repository
+public class UserDaoImpl implements UserDao {
+
+    @Autowired
+    private UserMapper mapper;
+
+    /**
+     * 获取店铺账户信息
+     * @param map
+     * @return
+     */
+    @Override
+    public Map getShopAccount(Map map){
+        return mapper.getShopAccount(map);
+    }
+
+
+    /**
+     * 获取服务员信息
+     * @param map
+     * @return
+     */
+    @Override
+    public Map getWaiter(Map map){
+        return mapper.getWaiter(map);
+    }
+
+    /**
+     * 获取平台用户
+     * @param map
+     * @return
+     */
+    @Override
+    public Map getPlatformUser(Map map){
+        return mapper.getPlatformUser(map);
+    }
+}