From 52659e1c5ee64b1de795b8081b1c1132c1d4419f Mon Sep 17 00:00:00 2001 From: wangyu <727842003@qq.com> Date: Sat, 9 Jan 2021 17:44:28 +0800 Subject: [PATCH] =?UTF-8?q?Feat=EF=BC=9A=E7=94=A8=E6=88=B7=E6=A8=A1?= =?UTF-8?q?=E5=9D=97=E5=90=AF=E7=94=A8=E5=BC=82=E6=AD=A5=E4=BB=93=E5=BA=93?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../AttachmentUploadController.java | 4 +- .../file/controller/MediaController.java | 2 +- .../annotations/EnableAutoSecurity.java | 19 ++++ .../framework/config/WebSecurityConfig.java | 96 +++++++++++++++++++ .../config/properties/JwtProperties.java | 26 +++++ .../config/properties/SecurityProperties.java | 19 ++++ .../annotations/EnableRestBeanDetect.java | 3 +- .../framework/beans/meta/RestBean.java | 2 +- 8 files changed, 166 insertions(+), 5 deletions(-) create mode 100644 flyfish-user/src/main/java/com/flyfish/framework/annotations/EnableAutoSecurity.java create mode 100644 flyfish-user/src/main/java/com/flyfish/framework/config/WebSecurityConfig.java create mode 100644 flyfish-user/src/main/java/com/flyfish/framework/config/properties/JwtProperties.java create mode 100644 flyfish-user/src/main/java/com/flyfish/framework/config/properties/SecurityProperties.java diff --git a/flyfish-file/src/main/java/com/flyfish/framework/file/controller/AttachmentUploadController.java b/flyfish-file/src/main/java/com/flyfish/framework/file/controller/AttachmentUploadController.java index 0f2af16..32dd46f 100644 --- a/flyfish-file/src/main/java/com/flyfish/framework/file/controller/AttachmentUploadController.java +++ b/flyfish-file/src/main/java/com/flyfish/framework/file/controller/AttachmentUploadController.java @@ -26,7 +26,7 @@ import java.util.List; * 附件上传相关 * @author wangyu */ -@RestMapping("/attachments") +@RestMapping("/attachment") public class AttachmentUploadController { @Resource @@ -51,7 +51,7 @@ public class AttachmentUploadController { @GetMapping("/**") public Mono downloadStatic(ServerHttpRequest request, ServerHttpResponse response) { - String path = StringUtils.substringAfterLast(request.getURI().getPath(), "/attachments"); + String path = StringUtils.substringAfterLast(request.getURI().getPath(), "/attachment"); return DownloadUtils.download(configuration.getLocalPath() + path, response); } diff --git a/flyfish-file/src/main/java/com/flyfish/framework/file/controller/MediaController.java b/flyfish-file/src/main/java/com/flyfish/framework/file/controller/MediaController.java index 5184781..b13eee4 100644 --- a/flyfish-file/src/main/java/com/flyfish/framework/file/controller/MediaController.java +++ b/flyfish-file/src/main/java/com/flyfish/framework/file/controller/MediaController.java @@ -24,7 +24,7 @@ import java.util.List; * @author wangyu */ @RestController -@RequestMapping("/media") +@RequestMapping("/medias") public class MediaController { @Resource diff --git a/flyfish-user/src/main/java/com/flyfish/framework/annotations/EnableAutoSecurity.java b/flyfish-user/src/main/java/com/flyfish/framework/annotations/EnableAutoSecurity.java new file mode 100644 index 0000000..1082007 --- /dev/null +++ b/flyfish-user/src/main/java/com/flyfish/framework/annotations/EnableAutoSecurity.java @@ -0,0 +1,19 @@ +package com.flyfish.framework.annotations; + +import com.flyfish.framework.config.WebSecurityConfig; +import org.springframework.context.annotation.Import; +import org.springframework.data.mongodb.repository.config.EnableReactiveMongoRepositories; + +import java.lang.annotation.*; + +/** + * 启用自动security配置 + * @author wangyu + */ +@Retention(RetentionPolicy.RUNTIME) +@Target({ElementType.TYPE}) +@Documented +@Import(WebSecurityConfig.class) +@EnableReactiveMongoRepositories(basePackages = "com.flyfish.framework") +public @interface EnableAutoSecurity { +} diff --git a/flyfish-user/src/main/java/com/flyfish/framework/config/WebSecurityConfig.java b/flyfish-user/src/main/java/com/flyfish/framework/config/WebSecurityConfig.java new file mode 100644 index 0000000..aa0aa0f --- /dev/null +++ b/flyfish-user/src/main/java/com/flyfish/framework/config/WebSecurityConfig.java @@ -0,0 +1,96 @@ +package com.flyfish.framework.config; + +import com.flyfish.framework.config.properties.JwtProperties; +import com.flyfish.framework.config.properties.SecurityProperties; +import com.flyfish.framework.configuration.jwt.TokenProvider; +import com.flyfish.framework.handler.JsonAuthenticationFailureHandler; +import com.flyfish.framework.handler.JsonAuthenticationSuccessHandler; +import com.flyfish.framework.handler.JsonLogoutSuccessHandler; +import com.flyfish.framework.transform.ResultDataTransformer; +import org.springframework.boot.context.properties.EnableConfigurationProperties; +import org.springframework.context.annotation.Bean; +import org.springframework.core.annotation.Order; +import org.springframework.http.HttpMethod; +import org.springframework.http.HttpStatus; +import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity; +import org.springframework.security.config.web.server.ServerHttpSecurity; +import org.springframework.security.crypto.factory.PasswordEncoderFactories; +import org.springframework.security.crypto.password.DelegatingPasswordEncoder; +import org.springframework.security.crypto.password.NoOpPasswordEncoder; +import org.springframework.security.crypto.password.PasswordEncoder; +import org.springframework.security.web.server.SecurityWebFilterChain; +import org.springframework.security.web.server.authentication.HttpStatusServerEntryPoint; +import org.springframework.security.web.server.context.ServerSecurityContextRepository; +import org.springframework.security.web.server.context.WebSessionServerSecurityContextRepository; +import org.springframework.security.web.server.util.matcher.ServerWebExchangeMatchers; + +/** + * @author wangyu + */ +@EnableWebFluxSecurity +@Order(1) +@EnableConfigurationProperties({JwtProperties.class, SecurityProperties.class}) +public class WebSecurityConfig { + + /** + * 设置密码加密策略 + * + * @return 密码加密器 + */ + @Bean + public static PasswordEncoder passwordEncoder() { + DelegatingPasswordEncoder delegatingPasswordEncoder = + (DelegatingPasswordEncoder) PasswordEncoderFactories.createDelegatingPasswordEncoder(); + //设置defaultPasswordEncoderForMatches为NoOpPasswordEncoder + delegatingPasswordEncoder.setDefaultPasswordEncoderForMatches(NoOpPasswordEncoder.getInstance()); + return delegatingPasswordEncoder; + } + + @Bean + public ServerSecurityContextRepository contextRepository() { + return new WebSessionServerSecurityContextRepository(); + } + + @Bean + public TokenProvider tokenProvider(JwtProperties properties) { + return new TokenProvider(properties.getBase64Secret(), properties.getTokenValidityInSeconds(), + properties.getTokenValidityInSecondsForRememberMe()); + } + + @Bean + public ResultDataTransformer resultDataTransformer() { + return new ResultDataTransformer(); + } + + /** + * spring安全拦截规则配置 + * + * @param http 配置器 + * @param dataTransformer 数据转换器 + * @return 结果 + */ + @Bean + public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http, ResultDataTransformer dataTransformer, + TokenProvider tokenProvider, SecurityProperties properties) { + http + .securityContextRepository(contextRepository()) + .authorizeExchange() + .pathMatchers(properties.getAllowUris()).permitAll() + .pathMatchers("/api/logout").permitAll() + .pathMatchers("/api/users/**").authenticated() + .anyExchange().authenticated() + .and() + .formLogin() // 配置登录节点 + .authenticationEntryPoint(new HttpStatusServerEntryPoint(HttpStatus.UNAUTHORIZED)) + .authenticationFailureHandler(new JsonAuthenticationFailureHandler(dataTransformer)) + .authenticationSuccessHandler(new JsonAuthenticationSuccessHandler(dataTransformer)) + .requiresAuthenticationMatcher(ServerWebExchangeMatchers.pathMatchers(HttpMethod.POST, "/login", "/api/login")) + .and() + .logout() + .logoutUrl("/api/logout") + .logoutSuccessHandler(new JsonLogoutSuccessHandler(dataTransformer, tokenProvider)) + .and() + .csrf().disable(); + return http.build(); + } +} diff --git a/flyfish-user/src/main/java/com/flyfish/framework/config/properties/JwtProperties.java b/flyfish-user/src/main/java/com/flyfish/framework/config/properties/JwtProperties.java new file mode 100644 index 0000000..412e069 --- /dev/null +++ b/flyfish-user/src/main/java/com/flyfish/framework/config/properties/JwtProperties.java @@ -0,0 +1,26 @@ +package com.flyfish.framework.config.properties; + +import lombok.Data; +import org.springframework.boot.context.properties.ConfigurationProperties; + +import java.util.Map; + +/** + * jwt属性 + * + * @author wangyu + */ +@ConfigurationProperties(prefix = "jwt") +@Data +public class JwtProperties { + + private String header = "Authorization"; + // This token must be encoded using Base64 with mininum 88 Bits (you can type `echo 'secret-key'|base64` on your command line) + private String base64Secret = "ZmQ0ZGI5NjQ0MDQwY2I4MjMxY2Y3ZmI3MjdhN2ZmMjNhODViOTg1ZGE0NTBjMGM4NDA5NzYxMjdjOWMwYWRmZTBlZjlhNGY3ZTg4Y2U3YTE1ODVkZDU5Y2Y3OGYwZWE1NzUzNWQ2YjFjZDc0NGMxZWU2MmQ3MjY1NzJmNTE0MzI="; + // token is valid 24 hours + private long tokenValidityInSeconds = 86400L; + // valid 30 hours + private long tokenValidityInSecondsForRememberMe = 108000L; + // route + private Map route; +} diff --git a/flyfish-user/src/main/java/com/flyfish/framework/config/properties/SecurityProperties.java b/flyfish-user/src/main/java/com/flyfish/framework/config/properties/SecurityProperties.java new file mode 100644 index 0000000..93b7125 --- /dev/null +++ b/flyfish-user/src/main/java/com/flyfish/framework/config/properties/SecurityProperties.java @@ -0,0 +1,19 @@ +package com.flyfish.framework.config.properties; + +import lombok.Data; +import org.springframework.boot.context.properties.ConfigurationProperties; + +import java.util.List; + +/** + * 安全配置类 + * + * @author wangyu + */ +@ConfigurationProperties(prefix = "security") +@Data +public class SecurityProperties { + + // 允许的uris + private String[] allowUris = new String[0]; +} diff --git a/flyfish-web/src/main/java/com/flyfish/framework/beans/annotations/EnableRestBeanDetect.java b/flyfish-web/src/main/java/com/flyfish/framework/beans/annotations/EnableRestBeanDetect.java index 9e56d1a..67d6820 100644 --- a/flyfish-web/src/main/java/com/flyfish/framework/beans/annotations/EnableRestBeanDetect.java +++ b/flyfish-web/src/main/java/com/flyfish/framework/beans/annotations/EnableRestBeanDetect.java @@ -1,5 +1,6 @@ package com.flyfish.framework.beans.annotations; +import com.flyfish.framework.config.BeanConfig; import com.flyfish.framework.config.RestBeanAutoConfigure; import org.springframework.context.annotation.Import; @@ -12,7 +13,7 @@ import java.lang.annotation.*; @Target(ElementType.TYPE) @Retention(RetentionPolicy.RUNTIME) @Documented -@Import(RestBeanAutoConfigure.class) +@Import({RestBeanAutoConfigure.class, BeanConfig.class}) public @interface EnableRestBeanDetect { /** diff --git a/flyfish-web/src/main/java/com/flyfish/framework/beans/meta/RestBean.java b/flyfish-web/src/main/java/com/flyfish/framework/beans/meta/RestBean.java index 81d10ae..3684c88 100644 --- a/flyfish-web/src/main/java/com/flyfish/framework/beans/meta/RestBean.java +++ b/flyfish-web/src/main/java/com/flyfish/framework/beans/meta/RestBean.java @@ -42,7 +42,7 @@ public @interface RestBean { * 排除的属性 * @return 结果 */ - String[] exclude() default ""; + String[] exclude() default {}; /** * 必须指定qo