Browse Source

拆分security

baihe 2 years ago
parent
commit
45860fa630
31 changed files with 424 additions and 102 deletions
  1. 14 6
      common-springboot/pom.xml
  2. 1 1
      common-springboot/src/main/java/com/gihon/GihonCommonApplication.java
  3. 58 0
      common-sso-security/pom.xml
  4. 33 0
      common-sso-security/src/main/java/com/gihon/sso/SingleSecuritySignOnApp.java
  5. 66 0
      common-sso-security/src/main/java/com/gihon/sso/entity/vo/SecurityUserInfo.java
  6. 2 4
      common-sso-security/src/main/java/com/gihon/sso/security/GigonAuthenticationProvider.java
  7. 0 0
      common-sso-security/src/main/java/com/gihon/sso/security/GihonAccessDecisionManager.java
  8. 2 1
      common-sso-security/src/main/java/com/gihon/sso/security/GihonAccessDeniedHandler.java
  9. 0 0
      common-sso-security/src/main/java/com/gihon/sso/security/GihonAuthentication.java
  10. 0 0
      common-sso-security/src/main/java/com/gihon/sso/security/GihonAuthenticationEntryPoint.java
  11. 0 0
      common-sso-security/src/main/java/com/gihon/sso/security/GihonInvocationSecurityMetadataSource.java
  12. 0 0
      common-sso-security/src/main/java/com/gihon/sso/security/GihonSecurityFilter.java
  13. 0 0
      common-sso-security/src/main/java/com/gihon/sso/security/GihonSecurityInterceptor.java
  14. 0 0
      common-sso-security/src/main/java/com/gihon/sso/security/GihonSecurityService.java
  15. 4 4
      common-sso-security/src/main/java/com/gihon/sso/security/GihonUserDetailService.java
  16. 0 0
      common-sso-security/src/main/java/com/gihon/sso/security/SecurityConstans.java
  17. 0 0
      common-sso-security/src/main/java/com/gihon/sso/security/SecurityUtil.java
  18. 41 0
      common-sso-security/src/main/java/com/gihon/sso/service/SecurityTokenService.java
  19. 85 0
      common-sso-security/src/main/java/com/gihon/sso/service/impl/SecurityTokenServiceImpl.java
  20. 37 0
      common-sso-security/src/main/resources/application.yml
  21. 4 15
      common-sso/pom.xml
  22. 7 2
      common-sso/src/main/java/com/gihon/sso/auth/AuthTokenInterceptor.java
  23. 5 0
      common-sso/src/main/java/com/gihon/sso/auth/AuthenticationInterceptor.java
  24. 3 1
      common-sso/src/main/java/com/gihon/sso/auth/impl/AuthServiceImpl.java
  25. 7 1
      common-sso/src/main/java/com/gihon/sso/config/AuthWebMvcConfig.java
  26. 4 27
      common-sso/src/main/java/com/gihon/sso/entity/vo/UserInfo.java
  27. 0 10
      common-sso/src/main/java/com/gihon/sso/service/TokenService.java
  28. 14 21
      common-sso/src/main/java/com/gihon/sso/service/impl/TokenServiceImpl.java
  29. 1 1
      common-sso/src/main/resources/application.yml
  30. 2 2
      common-util/src/main/resources/application-common.yml
  31. 34 6
      pom.xml

+ 14 - 6
common-springboot/pom.xml

@@ -17,7 +17,15 @@
     	<dependency>
             <groupId>gihon.common</groupId>
             <artifactId>common-sso</artifactId>
-        </dependency>
+    	</dependency>
+    	<dependency>
+            <groupId>gihon.common</groupId>
+            <artifactId>common-entity</artifactId>
+    	</dependency>
+    	<dependency>
+            <groupId>gihon.common</groupId>
+            <artifactId>common-util</artifactId>
+    	</dependency>
     	<!-- 单元测试 -->
     	<dependency>
             <groupId>org.springframework.boot</groupId>
@@ -37,23 +45,23 @@
         </dependency>
         
 		<!-- springboot -->
-        <dependency>
+        <!-- <dependency>
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-quartz</artifactId>
-        </dependency>
+        </dependency> -->
 
         <dependency>
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-devtools</artifactId>
-            <scope>runtime</scope>
+            <scope>provided</scope>
             <optional>true</optional><!-- 可选依赖不传递 -->
         </dependency>
       	<!-- 数据库 -->
-        <dependency>
+       <!--  <dependency>
             <groupId>com.oracle.database.jdbc</groupId>
             <artifactId>ojdbc8</artifactId>
             <scope>runtime</scope>
-        </dependency>
+        </dependency> -->
         <dependency>
             <groupId>mysql</groupId>
             <artifactId>mysql-connector-java</artifactId>

+ 1 - 1
common-springboot/src/main/java/com/gihon/GihonCommonApplication.java

@@ -8,7 +8,7 @@ import org.springframework.context.annotation.ComponentScan.Filter;
 import org.springframework.context.annotation.FilterType;
 
 @SpringBootApplication(exclude = {SecurityAutoConfiguration.class })
-@ComponentScan(excludeFilters = {@Filter(type = FilterType.REGEX,pattern = {"com.gihon.sso.controller.*"})} )
+//@ComponentScan(excludeFilters = {@Filter(type = FilterType.REGEX,pattern = {"com.gihon.sso.controller.*"})} )
 public class GihonCommonApplication {
 
 	public static void main(String[] args) {

+ 58 - 0
common-sso-security/pom.xml

@@ -0,0 +1,58 @@
+<?xml version="1.0"?>
+<project
+	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd"
+	xmlns="http://maven.apache.org/POM/4.0.0"
+	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+	<modelVersion>4.0.0</modelVersion>
+	<parent>
+		<groupId>gihon.common</groupId>
+		<artifactId>common-parent</artifactId>
+		<version>0.0.1-SNAPSHOT</version>
+		<relativePath>../</relativePath>
+	</parent>
+	<artifactId>common-sso-security</artifactId>
+	<name>common-sso-security</name>
+	<description>security单点登录模块,可以单独部署,也可以集成</description>
+
+	<properties>
+		<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+	</properties>
+
+	<dependencies>
+		<dependency>
+			<groupId>gihon.common</groupId>
+			<artifactId>common-sso</artifactId>
+		</dependency>
+		<dependency>
+			<groupId>mysql</groupId>
+			<artifactId>mysql-connector-java</artifactId>
+			<scope>runtime</scope>
+		</dependency>
+		<dependency>
+			<groupId>org.springframework.boot</groupId>
+			<artifactId>spring-boot-starter-security</artifactId>
+			<scope>provided</scope>
+			<optional>true</optional>
+		</dependency>
+		<dependency>
+			<groupId>org.springframework.boot</groupId>
+			<artifactId>spring-boot-starter-oauth2-client</artifactId>
+			<scope>provided</scope>
+			<optional>true</optional>
+		</dependency>
+		<dependency>
+			<groupId>org.springframework.boot</groupId>
+			<artifactId>spring-boot-starter-oauth2-resource-server</artifactId>
+			<scope>provided</scope>
+			<optional>true</optional>
+		</dependency>
+	</dependencies>
+	<build>
+		<!-- <plugins>
+			<plugin>
+				<groupId>org.springframework.boot</groupId>
+				<artifactId>spring-boot-maven-plugin</artifactId>
+			</plugin>
+		</plugins> -->
+	</build>
+</project>

+ 33 - 0
common-sso-security/src/main/java/com/gihon/sso/SingleSecuritySignOnApp.java

@@ -0,0 +1,33 @@
+package com.gihon.sso;
+
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration;
+import org.springframework.boot.builder.SpringApplicationBuilder;
+import org.springframework.boot.web.servlet.support.SpringBootServletInitializer;
+import org.springframework.context.annotation.ComponentScan;
+
+
+/**
+ * 单点登录
+ * 
+ * @author baihe
+ *
+ */
+@ComponentScan(basePackages = {"com.gihon.common","com.gihon.sso"})
+@SpringBootApplication(exclude = {SecurityAutoConfiguration.class })
+public class SingleSecuritySignOnApp extends SpringBootServletInitializer {
+	
+	public static void main(String[] args) {
+		SpringApplication app = new SpringApplication(SingleSecuritySignOnApp.class);
+		app.run(args);
+	}
+
+	/**
+	 * 部署在Web容器中,需要Servlet3.0
+	 */
+	@Override
+	protected SpringApplicationBuilder configure(SpringApplicationBuilder builder) {
+		return builder.sources(SingleSecuritySignOnApp.class);
+	}
+}

+ 66 - 0
common-sso-security/src/main/java/com/gihon/sso/entity/vo/SecurityUserInfo.java

@@ -0,0 +1,66 @@
+package com.gihon.sso.entity.vo;
+
+import java.util.Collection;
+import java.util.List;
+import java.util.stream.Collectors;
+
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
+import org.springframework.security.core.userdetails.UserDetails;
+
+import com.gihon.common.entity.GihonUser;
+
+import lombok.Data;
+
+/**
+ * 获取用户信息
+ * 
+ * @author baihe
+ *
+ */
+@Data
+public class SecurityUserInfo extends UserInfo implements  UserDetails  {
+
+    /**
+     * 
+     */
+    private static final long serialVersionUID = -3292038128292709733L;
+    /**
+     * 用户具有的角色集合(数据库中没有与之对应的字段,用户登录后系统自动注入)
+     */
+    private Collection<? extends GrantedAuthority> authorities;
+
+    public SecurityUserInfo() { 
+        
+    }
+
+    public SecurityUserInfo(GihonUser user) {
+        super(user);
+    }
+    public SecurityUserInfo(UserInfo user) {
+        this.setId(user.getId());
+        this.setUsername(user.getUsername());
+        this.setNickName(user.getNickName());
+        this.setPassword(user.getPassword());
+        this.setUsername(user.getUsername());
+        this.setCompanyId(user.getCompanyId());
+        this.setCompanyAdmin(user.getCompanyAdmin());
+    }
+
+    @Override
+    public List<String> getRoleList() {
+        if (authorities == null) {
+            return null;
+        }
+        return authorities.stream().map(g -> g.getAuthority()).collect(Collectors.toList());
+    }
+    @Override
+    public void setRoleList(List<String> roleList) {
+        if (roleList == null) {
+            return;
+        }
+        authorities = roleList.stream().map(r -> {
+            return new SimpleGrantedAuthority(r);
+        }).collect(Collectors.toList());
+    }
+}

+ 2 - 4
common-sso/src/main/java/com/gihon/sso/security/GigonAuthenticationProvider.java → common-sso-security/src/main/java/com/gihon/sso/security/GigonAuthenticationProvider.java

@@ -1,13 +1,11 @@
 package com.gihon.sso.security;
 
 import org.springframework.beans.factory.InitializingBean;
-import org.springframework.boot.autoconfigure.SpringBootApplication;
-import org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration;
 import org.springframework.security.authentication.AuthenticationProvider;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.AuthenticationException;
 
-import com.gihon.sso.service.TokenService;
+import com.gihon.sso.service.SecurityTokenService;
 /**
  * 当前包 用于开启SpringSecurity 使用
  * 否则 去掉 SpringSecurity的依赖或者 在 启动类生去掉SecurityAutoConfiguration
@@ -17,7 +15,7 @@ import com.gihon.sso.service.TokenService;
  */
 public class GigonAuthenticationProvider implements AuthenticationProvider, InitializingBean {
 
-    private TokenService tokenStore;
+    private SecurityTokenService tokenStore;
 
     @Override
     public void afterPropertiesSet() throws Exception {

+ 0 - 0
common-sso/src/main/java/com/gihon/sso/security/GihonAccessDecisionManager.java → common-sso-security/src/main/java/com/gihon/sso/security/GihonAccessDecisionManager.java


+ 2 - 1
common-sso/src/main/java/com/gihon/sso/security/GihonAccessDeniedHandler.java → common-sso-security/src/main/java/com/gihon/sso/security/GihonAccessDeniedHandler.java

@@ -15,7 +15,8 @@ public class GihonAccessDeniedHandler implements AccessDeniedHandler {
     @Override
     public void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException e) throws IOException, ServletException {
         String ajax = request.getHeader("X-Requested-With");
-        if ("XMLHttpRequest".equalsIgnoreCase(ajax)) {
+        String contentType = request.getHeader("Accept").toLowerCase();
+        if ("XMLHttpRequest".equalsIgnoreCase(ajax)||contentType.contains("json")) {
             throw new AccessDeniedException("无权限登录");
         } else {
             response.setContentType("text/html;charset=UTF-8");

+ 0 - 0
common-sso/src/main/java/com/gihon/sso/security/GihonAuthentication.java → common-sso-security/src/main/java/com/gihon/sso/security/GihonAuthentication.java


+ 0 - 0
common-sso/src/main/java/com/gihon/sso/security/GihonAuthenticationEntryPoint.java → common-sso-security/src/main/java/com/gihon/sso/security/GihonAuthenticationEntryPoint.java


+ 0 - 0
common-sso/src/main/java/com/gihon/sso/security/GihonInvocationSecurityMetadataSource.java → common-sso-security/src/main/java/com/gihon/sso/security/GihonInvocationSecurityMetadataSource.java


+ 0 - 0
common-sso/src/main/java/com/gihon/sso/security/GihonSecurityFilter.java → common-sso-security/src/main/java/com/gihon/sso/security/GihonSecurityFilter.java


+ 0 - 0
common-sso/src/main/java/com/gihon/sso/security/GihonSecurityInterceptor.java → common-sso-security/src/main/java/com/gihon/sso/security/GihonSecurityInterceptor.java


+ 0 - 0
common-sso/src/main/java/com/gihon/sso/security/GihonSecurityService.java → common-sso-security/src/main/java/com/gihon/sso/security/GihonSecurityService.java


+ 4 - 4
common-sso/src/main/java/com/gihon/sso/security/GihonUserDetailService.java → common-sso-security/src/main/java/com/gihon/sso/security/GihonUserDetailService.java

@@ -11,19 +11,19 @@ import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.core.userdetails.UsernameNotFoundException;
 import org.springframework.util.StringUtils;
 
-import com.gihon.sso.entity.vo.UserInfo;
-import com.gihon.sso.service.TokenService;
+import com.gihon.sso.entity.vo.SecurityUserInfo;
+import com.gihon.sso.service.SecurityTokenService;
 
 public class GihonUserDetailService implements UserDetailsService {
 
     @Autowired
-    private TokenService tokenService;
+    private SecurityTokenService tokenService;
 
     @Override
     public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
         ArrayList<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>();
 
-        UserInfo user = tokenService.getUserInfo(username);
+        SecurityUserInfo user = tokenService.getUserInfo(username);
         if (user == null) {
             throw new UsernameNotFoundException("用户信息不正确");
         }

+ 0 - 0
common-sso/src/main/java/com/gihon/sso/security/SecurityConstans.java → common-sso-security/src/main/java/com/gihon/sso/security/SecurityConstans.java


+ 0 - 0
common-sso/src/main/java/com/gihon/sso/security/SecurityUtil.java → common-sso-security/src/main/java/com/gihon/sso/security/SecurityUtil.java


+ 41 - 0
common-sso-security/src/main/java/com/gihon/sso/service/SecurityTokenService.java

@@ -0,0 +1,41 @@
+package com.gihon.sso.service;
+
+import org.springframework.security.core.Authentication;
+
+import com.gihon.sso.entity.vo.SecurityUserInfo;
+import com.gihon.sso.service.TokenService;
+
+/**
+ * 管理Token
+ * 
+ * @author baihe
+ *
+ */
+public interface SecurityTokenService extends TokenService{
+
+
+    /*********************** Security *****************************************/
+    /**
+     * Security 获取Authentication
+     * 
+     * @param authentication
+     * @return
+     */
+    Authentication getAuthentication(Authentication authentication);
+    
+    /**
+     * 通过账号获取用户信息
+     * 
+     * @param account
+     * @return
+     */
+    SecurityUserInfo getUserInfo(String account);
+    
+    /**
+     * 通过账号获取用户信息
+     * 
+     * @param account
+     * @return
+     */
+    SecurityUserInfo checkTokenInfo(String account);
+}

+ 85 - 0
common-sso-security/src/main/java/com/gihon/sso/service/impl/SecurityTokenServiceImpl.java

@@ -0,0 +1,85 @@
+package com.gihon.sso.service.impl;
+
+import java.util.List;
+import java.util.stream.Collectors;
+
+import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
+import org.springframework.boot.context.properties.EnableConfigurationProperties;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.stereotype.Service;
+import org.springframework.util.StringUtils;
+
+import com.gihon.common.entity.GihonRole;
+import com.gihon.common.properties.GihonCommonProperties;
+import com.gihon.common.properties.RedisConstants;
+import com.gihon.common.util.JacksonJsonUtils;
+import com.gihon.sso.entity.vo.SecurityUserInfo;
+import com.gihon.sso.entity.vo.TokenVal;
+import com.gihon.sso.entity.vo.UserInfo;
+import com.gihon.sso.security.GihonAuthentication;
+import com.gihon.sso.service.SecurityTokenService;
+import com.gihon.sso.service.TokenService;
+import com.gihon.sso.service.impl.TokenServiceImpl;
+
+import lombok.extern.slf4j.Slf4j;
+
+//TODO 清理token和refreshToken 需要分开 最好TokenStore:有各种实现,类似Cas中的统一认证中心
+
+@Slf4j
+@ConditionalOnClass(UserDetails.class)
+@Service("tokenService")
+@EnableConfigurationProperties(GihonCommonProperties.class)
+public class SecurityTokenServiceImpl extends TokenServiceImpl implements SecurityTokenService {
+
+    @Override
+    public Authentication getAuthentication(Authentication authentication) {
+        Authentication r = null;
+        String token = authentication.getPrincipal().toString();
+        SecurityUserInfo userInfo = this.checkTokenInfo(token);
+        if (userInfo != null) {
+            r = new GihonAuthentication(authentication.getPrincipal(), authentication.getCredentials(), userInfo);
+        }
+        return r;
+    }
+
+    /**
+     * 从UserStore中获取用户基本信息 TODO 定时刷新或者AOP通知
+     * 
+     * @param account
+     * @return
+     */
+    public SecurityUserInfo getUserInfo(String account) {
+        String userAccount = (String) stringRedisTemplate.opsForHash().get(USER_STORE, account);
+        SecurityUserInfo userInfo = null;
+        if (StringUtils.hasText(userAccount)) {
+            userInfo = JacksonJsonUtils.readObject(userAccount, SecurityUserInfo.class);
+        } else {
+            UserInfo userInfos = loginUserService.queryUserByUserAccount(userAccount);
+            if (userInfos == null) {
+                return null;
+            }
+            userInfo = new SecurityUserInfo(userInfos);
+            // add roleList;
+            List<GihonRole> rl = gihonRoleService.getRoleList(userInfos.getId());
+            userInfo.setRoleList(rl.stream().map(r -> r.getCompanyId()+RedisConstants.SEP+r.getRoleCode()).collect(Collectors.toList()));
+            stringRedisTemplate.opsForHash().put(USER_STORE, account, JacksonJsonUtils.writeObject(userInfo));
+        }
+        return userInfo;
+    }
+    @Override
+    public SecurityUserInfo checkTokenInfo(String token) {
+        String tokenValue = stringRedisTemplate.opsForValue().get(TOKEN_PRE + token);
+        TokenVal tokenEntity = null;
+        if (StringUtils.hasText(tokenValue)) {
+            tokenEntity = JacksonJsonUtils.readObject(tokenValue, TokenVal.class);
+            if (tokenEntity != null) {
+                return this.getUserInfo(tokenEntity.getUserAccount());
+            } else {
+                stringRedisTemplate.delete(TOKEN_PRE + token);
+            }
+        }
+        return null;
+    }
+}

+ 37 - 0
common-sso-security/src/main/resources/application.yml

@@ -0,0 +1,37 @@
+server:
+  port: 10020
+  servlet: 
+    context-path: /sso
+  tomcat: 
+    uri-encoding: UTF-8
+    basedir: /data/tmp
+    
+spring: 
+  profiles:
    include:
      - common
    
+# Redis           
+  redis:
    database: 8          # Redis数据库索引(默认为0)
+    timeout: 0            # 连接超时时间(毫秒)
+    host: 172.18.0.23
+    port: 6379
+    password: Ebe1tech/Passw0rd
+        
+# dataBase
+  datasource: 
+    druid:
+      # 从这里开始(druid)
+      url: jdbc:mysql://172.18.0.23:3306/gihon?characterEncoding=UTF-8&useSSL=false
+      username: root
+      password: 1q2w3e4r
+knife4j: 
+  # 开启增强配置 
+  enable: true
+  setting: 
    swaggerModelName: '模型名称'
+    enableFooter: false
+  documents:
+    - 
+      group: SSO
+      name: 登录验证模块
+    
+  
+      
+  

+ 4 - 15
common-sso/pom.xml

@@ -11,7 +11,8 @@
 		<relativePath>../</relativePath>
 	</parent>
 	<artifactId>common-sso</artifactId>
-	<name>单点登录模块,可以单独部署,也可以集成</name>
+	<name>common-sso</name>
+	<description>单点登录模块,可以单独部署,也可以集成</description>
 
 	<properties>
 		<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
@@ -47,25 +48,13 @@
 			<artifactId>mysql-connector-java</artifactId>
 			<scope>runtime</scope>
 		</dependency>
-		<dependency>
-			<groupId>org.springframework.boot</groupId>
-			<artifactId>spring-boot-starter-security</artifactId>
-		</dependency>
-		<dependency>
-			<groupId>org.springframework.boot</groupId>
-			<artifactId>spring-boot-starter-oauth2-client</artifactId>
-		</dependency>
-		<dependency>
-			<groupId>org.springframework.boot</groupId>
-			<artifactId>spring-boot-starter-oauth2-resource-server</artifactId>
-		</dependency>
 	</dependencies>
 	<build>
-		<plugins>
+		<!-- <plugins>
 			<plugin>
 				<groupId>org.springframework.boot</groupId>
 				<artifactId>spring-boot-maven-plugin</artifactId>
 			</plugin>
-		</plugins>
+		</plugins> -->
 	</build>
 </project>

+ 7 - 2
common-sso/src/main/java/com/gihon/sso/auth/AuthTokenInterceptor.java

@@ -1,10 +1,11 @@
 package com.gihon.sso.auth;
 
-import javax.annotation.Resource;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
 import org.apache.commons.lang3.StringUtils;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingClass;
 import org.springframework.core.annotation.Order;
 import org.springframework.http.HttpMethod;
 import org.springframework.stereotype.Component;
@@ -16,12 +17,16 @@ import com.gihon.sso.service.TokenService;
 
 /**
  * token转UserInfo并存放于请求域
+ * 非Security
+ * @author baihe
+ *
  */
+@ConditionalOnMissingClass("org.springframework.security.core.userdetails.UserDetails")
 @Order(1)
 @Component
 public class AuthTokenInterceptor implements HandlerInterceptor {
 
-    @Resource
+    @Autowired
     private TokenService tokenService;
 
     @Override

+ 5 - 0
common-sso/src/main/java/com/gihon/sso/auth/AuthenticationInterceptor.java

@@ -5,6 +5,7 @@ import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
 import org.apache.commons.lang3.StringUtils;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingClass;
 import org.springframework.core.annotation.Order;
 import org.springframework.http.HttpMethod;
 import org.springframework.stereotype.Component;
@@ -24,7 +25,11 @@ import lombok.extern.slf4j.Slf4j;
 
 /**
  * @description 认证拦截器
+ * 非Security
+ * @author baihe
+ *
  */
+@ConditionalOnMissingClass("org.springframework.security.core.userdetails.UserDetails")
 @Order(2)
 @Slf4j
 @Component

+ 3 - 1
common-sso/src/main/java/com/gihon/sso/auth/impl/AuthServiceImpl.java

@@ -9,6 +9,7 @@ import javax.annotation.PostConstruct;
 
 import org.apache.commons.lang3.StringUtils;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingClass;
 import org.springframework.data.redis.core.StringRedisTemplate;
 import org.springframework.http.HttpMethod;
 import org.springframework.stereotype.Service;
@@ -37,10 +38,11 @@ import lombok.extern.slf4j.Slf4j;
 
 /**
  * 动态鉴权
- * 
+ * 非Security
  * @author baihe
  *
  */
+@ConditionalOnMissingClass("org.springframework.security.core.userdetails.UserDetails")
 @Slf4j
 @Service
 public class AuthServiceImpl implements AuthService{

+ 7 - 1
common-sso/src/main/java/com/gihon/sso/config/AuthWebMvcConfig.java

@@ -1,6 +1,7 @@
 package com.gihon.sso.config;
 
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingClass;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.core.Ordered;
 import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
@@ -9,7 +10,12 @@ import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
 import com.gihon.common.properties.GihonCommonProperties;
 import com.gihon.sso.auth.AuthTokenInterceptor;
 import com.gihon.sso.auth.AuthenticationInterceptor;
-
+/**
+ * 非Security
+ * @author baihe
+ *
+ */
+@ConditionalOnMissingClass("org.springframework.security.core.userdetails.UserDetails")
 @Configuration
 public class AuthWebMvcConfig implements WebMvcConfigurer {
 

+ 4 - 27
common-sso/src/main/java/com/gihon/sso/entity/vo/UserInfo.java

@@ -1,13 +1,7 @@
 package com.gihon.sso.entity.vo;
 
 import java.io.Serializable;
-import java.util.Collection;
 import java.util.List;
-import java.util.stream.Collectors;
-
-import org.springframework.security.core.GrantedAuthority;
-import org.springframework.security.core.authority.SimpleGrantedAuthority;
-import org.springframework.security.core.userdetails.UserDetails;
 
 import com.fasterxml.jackson.annotation.JsonIgnore;
 import com.gihon.common.auth.AuthUser;
@@ -23,7 +17,7 @@ import lombok.Data;
  *
  */
 @Data
-public class UserInfo implements AuthUser, UserDetails, Serializable {
+public class UserInfo implements AuthUser, Serializable {
 
     /**
      * 
@@ -70,10 +64,9 @@ public class UserInfo implements AuthUser, UserDetails, Serializable {
      * 非过期认证
      */
     private boolean credentialsNonExpired = true;
-    /**
-     * 用户具有的角色集合(数据库中没有与之对应的字段,用户登录后系统自动注入)
-     */
-    private Collection<? extends GrantedAuthority> authorities;
+    
+    
+    private List<String> roleList;
 
     public UserInfo() { 
         
@@ -89,20 +82,4 @@ public class UserInfo implements AuthUser, UserDetails, Serializable {
         this.companyAdmin = user.getCompanyAdmin();
     }
 
-    @Override
-    public List<String> getRoleList() {
-        if (authorities == null) {
-            return null;
-        }
-        return authorities.stream().map(g -> g.getAuthority()).collect(Collectors.toList());
-    }
-
-    public void setRoleList(List<String> roleList) {
-        if (roleList == null) {
-            return;
-        }
-        authorities = roleList.stream().map(r -> {
-            return new SimpleGrantedAuthority(r);
-        }).collect(Collectors.toList());
-    }
 }

+ 0 - 10
common-sso/src/main/java/com/gihon/sso/service/TokenService.java

@@ -2,8 +2,6 @@ package com.gihon.sso.service;
 
 import java.util.List;
 
-import org.springframework.security.core.Authentication;
-
 import com.gihon.sso.entity.vo.LoginUser;
 import com.gihon.sso.entity.vo.SsoToken;
 import com.gihon.sso.entity.vo.TokenVal;
@@ -104,12 +102,4 @@ public interface TokenService {
      */
     UserInfo getUserInfo(String account);
 
-    /*********************** Security *****************************************/
-    /**
-     * Security 获取Authentication
-     * 
-     * @param authentication
-     * @return
-     */
-    Authentication getAuthentication(Authentication authentication);
 }

+ 14 - 21
common-sso/src/main/java/com/gihon/sso/service/impl/TokenServiceImpl.java

@@ -7,9 +7,9 @@ import java.util.concurrent.TimeUnit;
 import java.util.stream.Collectors;
 
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingClass;
 import org.springframework.boot.context.properties.EnableConfigurationProperties;
 import org.springframework.data.redis.core.StringRedisTemplate;
-import org.springframework.security.core.Authentication;
 import org.springframework.stereotype.Service;
 import org.springframework.util.Base64Utils;
 import org.springframework.util.StringUtils;
@@ -27,32 +27,37 @@ import com.gihon.sso.entity.vo.RefreshTokenVal;
 import com.gihon.sso.entity.vo.SsoToken;
 import com.gihon.sso.entity.vo.TokenVal;
 import com.gihon.sso.entity.vo.UserInfo;
-import com.gihon.sso.security.GihonAuthentication;
 import com.gihon.sso.service.GihonRoleService;
 import com.gihon.sso.service.LoginUserService;
 import com.gihon.sso.service.TokenService;
 
 import lombok.extern.slf4j.Slf4j;
 
-//TODO 清理token和refreshToken 需要分开 最好TokenStore:有各种实现,类似Cas中的统一认证中心
+/**
+ * TODO 清理token和refreshToken 需要分开 最好TokenStore:有各种实现,类似Cas中的统一认证中心
+ * 与SecurityTokenServiceImpl互斥不要同时出现
+ * @author baihe
+ *
+ */
+@ConditionalOnMissingClass("org.springframework.security.core.userdetails.UserDetails")
 @Slf4j
-@Service
+@Service("tokenService")
 @EnableConfigurationProperties(GihonCommonProperties.class)
 public class TokenServiceImpl implements TokenService {
 
     @Autowired
-    private LoginUserService loginUserService;
+    protected LoginUserService loginUserService;
 
     @Autowired
-    private StringRedisTemplate stringRedisTemplate;
+    protected StringRedisTemplate stringRedisTemplate;
 
     @Autowired
-    private GihonCommonProperties gihonCommonProperties;
+    protected GihonCommonProperties gihonCommonProperties;
 
     @Autowired
-    private GihonRoleService gihonRoleService;
+    protected GihonRoleService gihonRoleService;
 
-    private String parseToken(String originToken) {
+    protected String parseToken(String originToken) {
         return Base64Utils.encodeToUrlSafeString(originToken.getBytes());
     }
 
@@ -302,16 +307,4 @@ public class TokenServiceImpl implements TokenService {
         return;
     }
 
-    @Override
-    public Authentication getAuthentication(Authentication authentication) {
-        Authentication r = null;
-        String token = authentication.getPrincipal().toString();
-        UserInfo userInfo = this.checkTokenInfo(token);
-        if (userInfo != null) {
-            r = new GihonAuthentication(authentication.getPrincipal(), authentication.getCredentials(), userInfo);
-        }
-
-        return r;
-    }
-
 }

+ 1 - 1
common-sso/src/main/resources/application.yml

@@ -1,5 +1,5 @@
 server:
-  port: 10021
+  port: 10020
   servlet: 
     context-path: /sso
   tomcat: 

+ 2 - 2
common-util/src/main/resources/application-common.yml

@@ -1,3 +1,4 @@
+# 按需自定义
 gihon:
   common:
     module-type: 1
@@ -13,8 +14,8 @@ gihon:
       - /doc.html
       - /favicon.ico
       - /**login
+      
     id-strategy:
-#   按需更新
       worker-id: 0
       dataCenter-id: 0
 spring: 
@@ -80,7 +81,6 @@ spring:
         login-password: gihon         
 #mybatis-plus 通用配置   
 mybatis-plus:
-  banner: false
   mapper-locations:
       - classpath:/mapper/**/*Mapper.xml
   #实体扫描,多个package用逗号或者分号分隔

+ 34 - 6
pom.xml

@@ -20,6 +20,7 @@
         <module>common-util</module>
         <module>common-entity</module>
   		<module>common-sso</module>
+  		<module>common-sso-security</module>
         <module>common-springboot</module>
 	</modules>
 	
@@ -38,11 +39,28 @@
 
 	<dependencyManagement>
 		<dependencies>
+	        <!--druid数据库-->
+			<dependency>
+				<groupId>org.springframework.boot</groupId>
+  				<artifactId>spring-boot-starter-jdbc</artifactId>
+  				<exclusions>
+	            	<exclusion>
+	            		<groupId>com.zaxxer</groupId>
+	            		<artifactId>HikariCP</artifactId>
+	            	</exclusion>
+				</exclusions>
+			</dependency>
+	        <dependency>
+	            <groupId>com.alibaba</groupId>
+	            <artifactId>druid-spring-boot-starter</artifactId>
+	            <version>${druid.version}</version>
+	        </dependency>
 			<!-- mybatis -->
 			<dependency>
 				<groupId>org.mybatis.spring.boot</groupId>
 				<artifactId>mybatis-spring-boot-starter</artifactId>
 				<version>${mybatis.version}</version>
+				
 			</dependency>
 			<!-- mybatis-plus -->
 			<dependency>
@@ -50,6 +68,7 @@
 				<artifactId>mybatis-plus-boot-starter</artifactId>
 				<version>${mybatis.plus.version}</version>
 			</dependency>
+			<!-- mybatis-plus -->
 			 <!--easyexcel-->
 			 <dependency>
 				<groupId>com.alibaba</groupId>
@@ -62,12 +81,6 @@
 	            <artifactId>knife4j-spring-boot-starter</artifactId>
 	            <version>${knife4j.version}</version>
 	        </dependency>
-	        <!--druid数据库-->
-	        <dependency>
-	            <groupId>com.alibaba</groupId>
-	            <artifactId>druid-spring-boot-starter</artifactId>
-	            <version>${druid.version}</version>
-	        </dependency>
 	        <!--gihon-util-->
 	        <dependency>
 				<groupId>gihon.common</groupId>
@@ -83,6 +96,21 @@
 	            <groupId>gihon.common</groupId>
 	            <artifactId>common-sso</artifactId>
 	            <version>${gihon.version}</version>
+	            <!-- security 按需开启引用 -->
+	            <!-- <exclusions>
+	            	<exclusion>
+		            	<groupId>org.springframework.boot</groupId>
+						<artifactId>spring-boot-starter-security</artifactId>
+	            	</exclusion>
+	            	<exclusion>
+		            	<groupId>org.springframework.boot</groupId>
+						<artifactId>spring-boot-starter-oauth2-client</artifactId>
+	            	</exclusion>
+	            	<exclusion>
+		            	<groupId>org.springframework.boot</groupId>
+						<artifactId>spring-boot-starter-oauth2-resource-server</artifactId>
+	            	</exclusion>
+	            </exclusions> -->
 	        </dependency>
 		</dependencies>
 	</dependencyManagement>