diff --git a/settings.gradle b/settings.gradle index 58cb34d..51012a1 100644 --- a/settings.gradle +++ b/settings.gradle @@ -5,8 +5,10 @@ include 'skean-jdbc-core' include 'skean-jdbc-spring-boot-starter' include 'skean-web' include 'skean-web-spring-boot-starter' -include 'skean-id-oauth-server' +include 'skean-id-oauth-authsrv' +include 'skean-id-oauth-ressrv-spring-boot-starter' include 'skean-dict' include 'skean-id-spring-boot-starter' include 'skean-samples' include 'skean-samples:navyapp' + diff --git a/skean-id-oauth-server/build.gradle b/skean-id-oauth-authsrv/build.gradle similarity index 100% rename from skean-id-oauth-server/build.gradle rename to skean-id-oauth-authsrv/build.gradle diff --git a/skean-id-oauth-server/src/main/java/party/threebody/skean/id/oauth/AuthServerConfig.java b/skean-id-oauth-authsrv/src/main/java/party/threebody/skean/id/oauth/AuthServerConfig.java similarity index 91% rename from skean-id-oauth-server/src/main/java/party/threebody/skean/id/oauth/AuthServerConfig.java rename to skean-id-oauth-authsrv/src/main/java/party/threebody/skean/id/oauth/AuthServerConfig.java index d507144..b9b7a0b 100644 --- a/skean-id-oauth-server/src/main/java/party/threebody/skean/id/oauth/AuthServerConfig.java +++ b/skean-id-oauth-authsrv/src/main/java/party/threebody/skean/id/oauth/AuthServerConfig.java @@ -52,8 +52,6 @@ public TokenStore tokenStore() { public JwtAccessTokenConverter accessTokenConverter() { JwtAccessTokenConverter converter = new JwtAccessTokenConverter(); converter.setSigningKey(authServerConfigProperties.getJwtSigningKey()); - //converter.setVerifierKey("123"); - //converter.setJwtClaimsSetVerifier(jwtClaimsSetVerifier()); return converter; } @@ -61,7 +59,7 @@ public JwtAccessTokenConverter accessTokenConverter() { public DefaultTokenServices tokenServices() { DefaultTokenServices defaultTokenServices = new DefaultTokenServices(); defaultTokenServices.setTokenStore(tokenStore()); - defaultTokenServices.setTokenEnhancer(tokenEnhancer()); + defaultTokenServices.setTokenEnhancer(accessTokenConverter()); defaultTokenServices.setSupportRefreshToken(true); defaultTokenServices.setAccessTokenValiditySeconds(authServerConfigProperties.getAccessTokenValiditySeconds()); return defaultTokenServices; @@ -70,16 +68,11 @@ public DefaultTokenServices tokenServices() { @Override public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception { endpoints - .tokenStore(tokenStore()) .tokenServices(tokenServices()) .authenticationManager(authenticationManager); //required } - @Bean - public TokenEnhancer tokenEnhancer() { - return new JwtAccessTokenConverter(); - } } diff --git a/skean-id-oauth-server/src/main/java/party/threebody/skean/id/oauth/AuthServerConfigProperties.java b/skean-id-oauth-authsrv/src/main/java/party/threebody/skean/id/oauth/AuthServerConfigProperties.java similarity index 87% rename from skean-id-oauth-server/src/main/java/party/threebody/skean/id/oauth/AuthServerConfigProperties.java rename to skean-id-oauth-authsrv/src/main/java/party/threebody/skean/id/oauth/AuthServerConfigProperties.java index 94c6c96..dd1ef99 100644 --- a/skean-id-oauth-server/src/main/java/party/threebody/skean/id/oauth/AuthServerConfigProperties.java +++ b/skean-id-oauth-authsrv/src/main/java/party/threebody/skean/id/oauth/AuthServerConfigProperties.java @@ -4,16 +4,18 @@ import org.springframework.context.annotation.Configuration; @Configuration -@ConfigurationProperties("skean.auth-server") +@ConfigurationProperties("skean.id.oauth-auth-server") public class AuthServerConfigProperties { - private String clientId = "skean-id-0"; + private String clientId = "skean-id-authsrv-0"; private String clientSecret; private String userPasswordStyle = "encrypt"; private String inMemoryUserConfFilePath = "classpath:users.conf.json"; - private int accessTokenValiditySeconds = 3600; - private int refreshTokenValiditySeconds = 3600 * 24 * 30; + private int refreshTokenValiditySeconds = 3600 * 24 * 60; // default 60 days. + + private int accessTokenValiditySeconds = 3600 * 24 * 7; // default 7 days. + private String jwtSigningKey; public String getClientId() { diff --git a/skean-id-oauth-server/src/main/java/party/threebody/skean/id/oauth/SkeanIdOAuthServerApp.java b/skean-id-oauth-authsrv/src/main/java/party/threebody/skean/id/oauth/SkeanIdOAuthServerApp.java similarity index 100% rename from skean-id-oauth-server/src/main/java/party/threebody/skean/id/oauth/SkeanIdOAuthServerApp.java rename to skean-id-oauth-authsrv/src/main/java/party/threebody/skean/id/oauth/SkeanIdOAuthServerApp.java diff --git a/skean-id-oauth-server/src/main/java/party/threebody/skean/id/oauth/WebSecurityConfig.java b/skean-id-oauth-authsrv/src/main/java/party/threebody/skean/id/oauth/WebSecurityConfig.java similarity index 98% rename from skean-id-oauth-server/src/main/java/party/threebody/skean/id/oauth/WebSecurityConfig.java rename to skean-id-oauth-authsrv/src/main/java/party/threebody/skean/id/oauth/WebSecurityConfig.java index c0fec64..6053df2 100644 --- a/skean-id-oauth-server/src/main/java/party/threebody/skean/id/oauth/WebSecurityConfig.java +++ b/skean-id-oauth-authsrv/src/main/java/party/threebody/skean/id/oauth/WebSecurityConfig.java @@ -19,6 +19,7 @@ import party.threebody.skean.id.oauth.domain.SkUser; import party.threebody.skean.misc.SkeanInvalidArgumentException; import party.threebody.skean.misc.SkeanNotImplementedException; +import party.threebody.skean.web.util.SkeanResources; import java.util.List; import java.util.stream.Collectors; diff --git a/skean-id-oauth-server/src/main/java/party/threebody/skean/id/oauth/domain/SkUser.java b/skean-id-oauth-authsrv/src/main/java/party/threebody/skean/id/oauth/domain/SkUser.java similarity index 100% rename from skean-id-oauth-server/src/main/java/party/threebody/skean/id/oauth/domain/SkUser.java rename to skean-id-oauth-authsrv/src/main/java/party/threebody/skean/id/oauth/domain/SkUser.java diff --git a/skean-id-oauth-authsrv/src/main/resources/application.yml b/skean-id-oauth-authsrv/src/main/resources/application.yml new file mode 100644 index 0000000..0906878 --- /dev/null +++ b/skean-id-oauth-authsrv/src/main/resources/application.yml @@ -0,0 +1,14 @@ +server: + port: 8910 + +skean: + id: + oauth-auth-server: + client-id: c1 + client-secret: '$2a$10$G4OlUys4SJH4KmLtmq8Cqep1.XOlRghB4e47ApJbxviMMyQxbp01W' # a bcrypt output of 123456 + + user-password-style: encrypted #plain or encrypted + #user-password-storingStyle: inMemory + jwt-signing-key: 888 + +#logging.level.org.springframework.security: DEBUG \ No newline at end of file diff --git a/skean-id-oauth-server/src/main/resources/banner.txt b/skean-id-oauth-authsrv/src/main/resources/banner.txt similarity index 100% rename from skean-id-oauth-server/src/main/resources/banner.txt rename to skean-id-oauth-authsrv/src/main/resources/banner.txt diff --git a/skean-id-oauth-server/src/main/resources/users.conf.json b/skean-id-oauth-authsrv/src/main/resources/users.conf.json similarity index 100% rename from skean-id-oauth-server/src/main/resources/users.conf.json rename to skean-id-oauth-authsrv/src/main/resources/users.conf.json diff --git a/skean-id-oauth-server/src/test/java/party/threebody/skean/id/tmp/BCryptGenerator.java b/skean-id-oauth-authsrv/src/test/java/party/threebody/skean/id/tmp/BCryptGenerator.java similarity index 100% rename from skean-id-oauth-server/src/test/java/party/threebody/skean/id/tmp/BCryptGenerator.java rename to skean-id-oauth-authsrv/src/test/java/party/threebody/skean/id/tmp/BCryptGenerator.java diff --git a/skean-id-oauth-server/src/test/resources/dev-guide.md b/skean-id-oauth-authsrv/src/test/resources/dev-guide.md similarity index 100% rename from skean-id-oauth-server/src/test/resources/dev-guide.md rename to skean-id-oauth-authsrv/src/test/resources/dev-guide.md diff --git a/skean-id-oauth-ressrv-spring-boot-starter/build.gradle b/skean-id-oauth-ressrv-spring-boot-starter/build.gradle new file mode 100644 index 0000000..de13011 --- /dev/null +++ b/skean-id-oauth-ressrv-spring-boot-starter/build.gradle @@ -0,0 +1,19 @@ +apply plugin: 'java' +dependencies { + compile project(':skean-web') + // compile project(':skean-dict') + + compile group: 'org.springframework.boot', name: 'spring-boot-devtools', version: versions.'spring-boot' + compile group: 'org.springframework.boot', name: 'spring-boot-starter-security', version: versions.'spring-boot' + compile group: 'org.springframework.boot', name: 'spring-boot-starter-web', version: versions.'spring-boot' + //compile group: 'org.springframework.boot', name: 'spring-boot-configuration-processor', vversions.'spring-boot' + + compile group: 'org.springframework.security', name: 'spring-security-jwt', version: '1.0.9.RELEASE' + compile group: 'org.springframework.security.oauth', name: 'spring-security-oauth2', version: '2.2.1.RELEASE' + compile group: 'io.jsonwebtoken', name: 'jjwt', version: '0.9.0' +} + + + + + diff --git a/skean-id-oauth-ressrv-spring-boot-starter/src/main/java/party/threebody/skean/id/oauth/ressrv/autoconfigure/ResServerAutoConfiguration.java b/skean-id-oauth-ressrv-spring-boot-starter/src/main/java/party/threebody/skean/id/oauth/ressrv/autoconfigure/ResServerAutoConfiguration.java new file mode 100644 index 0000000..1cbc93b --- /dev/null +++ b/skean-id-oauth-ressrv-spring-boot-starter/src/main/java/party/threebody/skean/id/oauth/ressrv/autoconfigure/ResServerAutoConfiguration.java @@ -0,0 +1,58 @@ +package party.threebody.skean.id.oauth.ressrv.autoconfigure; + +import org.springframework.boot.context.properties.EnableConfigurationProperties; +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; +import org.springframework.context.annotation.Primary; +import org.springframework.security.config.annotation.web.builders.HttpSecurity; +import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; +import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer; +import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter; +import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer; +import org.springframework.security.oauth2.provider.token.DefaultTokenServices; +import org.springframework.security.oauth2.provider.token.TokenStore; +import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter; +import org.springframework.security.oauth2.provider.token.store.JwtTokenStore; + +@Configuration +@EnableConfigurationProperties(ResServerConfigProperties.class) +@EnableResourceServer +public class ResServerAutoConfiguration extends ResourceServerConfigurerAdapter{ + + private final ResServerConfigProperties resServerConfigProperties; + + public ResServerAutoConfiguration(ResServerConfigProperties resServerConfigProperties) { + this.resServerConfigProperties = resServerConfigProperties; + } + + @Override + public void configure(ResourceServerSecurityConfigurer resources) throws Exception { + resources.tokenServices(tokenServices()); + } + + @Override + public void configure(HttpSecurity http) throws Exception { + super.configure(http); + } + + @Bean + public TokenStore tokenStore() { + return new JwtTokenStore(accessTokenConverter()); + } + + @Bean + public JwtAccessTokenConverter accessTokenConverter() { + JwtAccessTokenConverter converter = new JwtAccessTokenConverter(); + converter.setSigningKey(resServerConfigProperties.getJwtSigningKey()); + return converter; + } + + + @Bean + @Primary + public DefaultTokenServices tokenServices() { + DefaultTokenServices defaultTokenServices = new DefaultTokenServices(); + defaultTokenServices.setTokenStore(tokenStore()); + return defaultTokenServices; + } +} diff --git a/skean-id-oauth-ressrv-spring-boot-starter/src/main/java/party/threebody/skean/id/oauth/ressrv/autoconfigure/ResServerConfigProperties.java b/skean-id-oauth-ressrv-spring-boot-starter/src/main/java/party/threebody/skean/id/oauth/ressrv/autoconfigure/ResServerConfigProperties.java new file mode 100644 index 0000000..e7d978c --- /dev/null +++ b/skean-id-oauth-ressrv-spring-boot-starter/src/main/java/party/threebody/skean/id/oauth/ressrv/autoconfigure/ResServerConfigProperties.java @@ -0,0 +1,20 @@ +package party.threebody.skean.id.oauth.ressrv.autoconfigure; + +import org.springframework.boot.context.properties.ConfigurationProperties; +import org.springframework.context.annotation.Configuration; + +@Configuration +@ConfigurationProperties("skean.id.oauth-res-server") +public class ResServerConfigProperties { + + private String jwtSigningKey; + + + public String getJwtSigningKey() { + return jwtSigningKey; + } + + public void setJwtSigningKey(String jwtSigningKey) { + this.jwtSigningKey = jwtSigningKey; + } +} diff --git a/skean-id-oauth-ressrv-spring-boot-starter/src/main/resources/META-INF/spring.factories b/skean-id-oauth-ressrv-spring-boot-starter/src/main/resources/META-INF/spring.factories new file mode 100644 index 0000000..a402673 --- /dev/null +++ b/skean-id-oauth-ressrv-spring-boot-starter/src/main/resources/META-INF/spring.factories @@ -0,0 +1 @@ +org.springframework.boot.autoconfigure.EnableAutoConfiguration=party.threebody.skean.id.oauth.ressrv.autoconfigure.ResServerAutoConfiguration \ No newline at end of file diff --git a/skean-id-oauth-server/src/main/resources/application.yml b/skean-id-oauth-server/src/main/resources/application.yml deleted file mode 100644 index 05993f1..0000000 --- a/skean-id-oauth-server/src/main/resources/application.yml +++ /dev/null @@ -1,13 +0,0 @@ -server: - port: 8910 - -skean: - auth-server: - client-id: c1 - client-secret: '$2a$10$G4OlUys4SJH4KmLtmq8Cqep1.XOlRghB4e47ApJbxviMMyQxbp01W' # a bcrypt output of 123456 - - user-password-style: encrypted #plain or encrypted - #user-password-storingStyle: inMemory - jwt-signing-key: 888 - -#logging.level.org.springframework.security: DEBUG \ No newline at end of file diff --git a/skean-id-spring-boot-starter/build.gradle b/skean-id-spring-boot-starter/build.gradle index 3f0463f..9378808 100644 --- a/skean-id-spring-boot-starter/build.gradle +++ b/skean-id-spring-boot-starter/build.gradle @@ -13,9 +13,11 @@ apply plugin: 'groovy' apply plugin: 'org.springframework.boot' dependencies { compile project(':skean-web-spring-boot-starter') + compile group: 'org.springframework.boot', name: 'spring-boot-devtools', version: versions.'spring-boot' compile group: 'org.springframework.boot', name: 'spring-boot-starter-security', version: versions.'spring-boot' - compile group: 'org.springframework.boot', name: 'spring-boot-starter-web', version: versions.'spring-boot' + compile group: 'org.springframework.boot', name: 'spring-boot-configuration-processor', version: versions.'spring-boot' + testCompile group: 'org.springframework.boot', name: 'spring-boot-starter-test', version: versions.'spring-boot' diff --git a/skean-id-spring-boot-starter/src/main/java/party/threebody/skean/id/autoconfigure/SkeanIdCenterApp.java b/skean-id-spring-boot-starter/src/main/java/party/threebody/skean/id/autoconfigure/SkeanIdCenterApp.java deleted file mode 100644 index 0b6eca7..0000000 --- a/skean-id-spring-boot-starter/src/main/java/party/threebody/skean/id/autoconfigure/SkeanIdCenterApp.java +++ /dev/null @@ -1,11 +0,0 @@ -package party.threebody.skean.id.autoconfigure; - -import org.springframework.boot.SpringApplication; -import org.springframework.boot.autoconfigure.SpringBootApplication; - -@SpringBootApplication -public class SkeanIdCenterApp { - public static void main(String[] args) { - SpringApplication.run(SkeanIdCenterApp.class, args); - } -} diff --git a/skean-id-spring-boot-starter/src/main/java/party/threebody/skean/id/autoconfigure/SkeanIdConfigProperties.java b/skean-id-spring-boot-starter/src/main/java/party/threebody/skean/id/autoconfigure/SkeanIdConfigProperties.java index 5ce07ab..884fae0 100644 --- a/skean-id-spring-boot-starter/src/main/java/party/threebody/skean/id/autoconfigure/SkeanIdConfigProperties.java +++ b/skean-id-spring-boot-starter/src/main/java/party/threebody/skean/id/autoconfigure/SkeanIdConfigProperties.java @@ -5,7 +5,7 @@ @Configuration @ConfigurationProperties("skean.id") - public class SkeanIdConfigProperties { +public class SkeanIdConfigProperties { private String userConfFilePath = "classpath:users.conf.json"; diff --git a/skean-id-spring-boot-starter/src/main/java/party/threebody/skean/id/autoconfigure/WebSecurityConfiguration.java b/skean-id-spring-boot-starter/src/main/java/party/threebody/skean/id/autoconfigure/SkeanWebSecurityConfiguration.java similarity index 85% rename from skean-id-spring-boot-starter/src/main/java/party/threebody/skean/id/autoconfigure/WebSecurityConfiguration.java rename to skean-id-spring-boot-starter/src/main/java/party/threebody/skean/id/autoconfigure/SkeanWebSecurityConfiguration.java index 57013eb..e80b1a9 100644 --- a/skean-id-spring-boot-starter/src/main/java/party/threebody/skean/id/autoconfigure/WebSecurityConfiguration.java +++ b/skean-id-spring-boot-starter/src/main/java/party/threebody/skean/id/autoconfigure/SkeanWebSecurityConfiguration.java @@ -5,6 +5,7 @@ import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean; +import org.springframework.boot.context.properties.EnableConfigurationProperties; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; @@ -25,13 +26,19 @@ @Configuration @EnableWebSecurity -public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter { +@EnableConfigurationProperties(SkeanIdConfigProperties.class) +public class SkeanWebSecurityConfiguration extends WebSecurityConfigurerAdapter { - @Autowired SkeanIdConfigProperties skeanIdConf; + static final Logger logger = LoggerFactory.getLogger(SkeanWebSecurityConfiguration.class); - static final Logger logger = LoggerFactory.getLogger(WebSecurityConfiguration.class); + private final SkeanIdConfigProperties skeanIdConf; @Autowired ApplicationContext applicationContext; + + public SkeanWebSecurityConfiguration(SkeanIdConfigProperties skeanIdConf) { + this.skeanIdConf = skeanIdConf; + } + @Override protected void configure(AuthenticationManagerBuilder auth) throws Exception { auth.userDetailsService(userDetailsService()) diff --git a/skean-id-spring-boot-starter/src/main/resources/META-INF/spring.factories b/skean-id-spring-boot-starter/src/main/resources/META-INF/spring.factories new file mode 100644 index 0000000..a7a1436 --- /dev/null +++ b/skean-id-spring-boot-starter/src/main/resources/META-INF/spring.factories @@ -0,0 +1 @@ +org.springframework.boot.autoconfigure.EnableAutoConfiguration=party.threebody.skean.id.autoconfigure.SkeanWebSecurityConfiguration \ No newline at end of file diff --git a/skean-samples/navyapp/build.gradle b/skean-samples/navyapp/build.gradle index cd31b8b..a3a5be1 100644 --- a/skean-samples/navyapp/build.gradle +++ b/skean-samples/navyapp/build.gradle @@ -4,12 +4,16 @@ group 'party.threebody.skean.samples' dependencies { compile project(':skean-jdbc-spring-boot-starter') compile project(':skean-web-spring-boot-starter') - compile project(':skean-id-spring-boot-starter') + compile project(':skean-id-oauth-ressrv-spring-boot-starter') + + //compile project(':skean-id-spring-boot-starter') + // compile group: 'org.springframework.boot', name: 'spring-boot-starter-security', version: versions.'spring-boot' testCompile group: 'org.springframework.boot', name: 'spring-boot-devtools', version: versions.'spring-boot' testCompile group: 'org.springframework.boot', name: 'spring-boot-starter-test', version: versions.'spring-boot' + testCompile group: 'com.h2database', name: 'h2', version: versions.h2 } \ No newline at end of file diff --git a/skean-samples/navyapp/src/test/java/party/threebody/skean/samples/navyapp/ResourceServerConfig.java b/skean-samples/navyapp/src/test/java/party/threebody/skean/samples/navyapp/ResourceServerConfig.java new file mode 100644 index 0000000..94b00a0 --- /dev/null +++ b/skean-samples/navyapp/src/test/java/party/threebody/skean/samples/navyapp/ResourceServerConfig.java @@ -0,0 +1,50 @@ +package party.threebody.skean.samples.navyapp; + +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; +import org.springframework.context.annotation.Primary; +import org.springframework.security.config.annotation.web.builders.HttpSecurity; +import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer; +import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter; +import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer; +import org.springframework.security.oauth2.provider.token.DefaultTokenServices; +import org.springframework.security.oauth2.provider.token.TokenStore; +import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter; +import org.springframework.security.oauth2.provider.token.store.JwtTokenStore; + +@Deprecated +//@Configuration +//@EnableResourceServer +public class ResourceServerConfig extends ResourceServerConfigurerAdapter { + @Override + public void configure(ResourceServerSecurityConfigurer resources) throws Exception { + resources.tokenServices(tokenServices()); + } + + @Override + public void configure(HttpSecurity http) throws Exception { + super.configure(http); + } + + @Bean + public TokenStore tokenStore() { + return new JwtTokenStore(accessTokenConverter()); + } + + @Bean + public JwtAccessTokenConverter accessTokenConverter() { + JwtAccessTokenConverter converter = new JwtAccessTokenConverter(); + converter.setSigningKey("888"); + return converter; + } + + + @Bean + @Primary + public DefaultTokenServices tokenServices() { + DefaultTokenServices defaultTokenServices = new DefaultTokenServices(); + defaultTokenServices.setTokenStore(tokenStore()); + return defaultTokenServices; + } + +} diff --git a/skean-samples/navyapp/src/test/java/party/threebody/skean/samples/navyapp/SecConfiguration.java b/skean-samples/navyapp/src/test/java/party/threebody/skean/samples/navyapp/SecConfiguration.java new file mode 100644 index 0000000..e9db007 --- /dev/null +++ b/skean-samples/navyapp/src/test/java/party/threebody/skean/samples/navyapp/SecConfiguration.java @@ -0,0 +1,100 @@ +package party.threebody.skean.samples.navyapp; + +import com.fasterxml.jackson.core.type.TypeReference; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.ApplicationContext; +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; +import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; +import org.springframework.security.config.annotation.web.builders.HttpSecurity; +import org.springframework.security.config.annotation.web.builders.WebSecurity; +import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; +import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; +import org.springframework.security.core.userdetails.UserDetailsService; +import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; +import org.springframework.security.crypto.password.PasswordEncoder; +import org.springframework.security.provisioning.InMemoryUserDetailsManager; +import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler; +import org.springframework.security.web.firewall.HttpFirewall; +import party.threebody.skean.misc.SkeanInvalidArgumentException; +import party.threebody.skean.web.util.SkeanResources; + +import java.util.List; +@Deprecated +//@Configuration +//@EnableWebSecurity +public class SecConfiguration extends WebSecurityConfigurerAdapter { + +// static final Logger logger = LoggerFactory.getLogger(SecConfiguration.class); +// +// @Autowired ApplicationContext applicationContext; +// +// @Override +// protected void configure(AuthenticationManagerBuilder auth) throws Exception { +// auth.userDetailsService(userDetailsService()) +// .passwordEncoder(passwordEncoder()); +// } +// +// @Override +// protected void configure(HttpSecurity http) throws Exception { +// http +// .exceptionHandling() +////.authenticationEntryPoint(restAuthenticationEntryPoint) +// .and() +// .authorizeRequests() +// .antMatchers("/**").authenticated() +// .antMatchers("/ships/**").permitAll() +// .and() +// .formLogin() +// .successHandler(new MySavedRequestAwareAuthenticationSuccessHandler()) +// .failureHandler(new SimpleUrlAuthenticationFailureHandler()) +// .and() +// .logout(); +// } + +// @Override +// public void configure(WebSecurity web) throws Exception { +// web.httpFirewall(allowUrlEncodedSlashHttpFirewall()); +// } + + // only support load from file now +// @Bean +// public UserDetailsService userDetailsService() { +// List skUsers = SkeanResources.readValueFromLocalJsonFile( +// "classpath:users.conf.json", +// new TypeReference>() { +// }); +// if (skUsers == null) { +// throw new SkeanInvalidArgumentException("No any available users!"); +// } +// +// InMemoryUserDetailsManager manager = new InMemoryUserDetailsManager(); +// for (SkUser u : skUsers) { +// manager.createUser(u.toSpringSecurityUser()); +// } +// return manager; +// } +// +// @Bean +// public PasswordEncoder passwordEncoder() { +// return new BCryptPasswordEncoder(); +// } + + +// @Bean +// @Override +// public AuthenticationManager authenticationManagerBean() throws Exception { +// AuthenticationManager manager = super.authenticationManagerBean(); +// return manager; +// } + +// @Bean +// public HttpFirewall allowUrlEncodedSlashHttpFirewall() { +// StrictHttpFirewall firewall = new StrictHttpFirewall(); +// firewall.setAllowUrlEncodedSlash(true); +// firewall.setAllowSemicolon(true); +// return firewall; +// } +} diff --git a/skean-samples/navyapp/src/test/java/party/threebody/skean/samples/navyapp/SkUser.java b/skean-samples/navyapp/src/test/java/party/threebody/skean/samples/navyapp/SkUser.java new file mode 100644 index 0000000..71b29b2 --- /dev/null +++ b/skean-samples/navyapp/src/test/java/party/threebody/skean/samples/navyapp/SkUser.java @@ -0,0 +1,60 @@ +package party.threebody.skean.samples.navyapp; + +import org.springframework.security.core.authority.SimpleGrantedAuthority; +import org.springframework.security.core.userdetails.User; +import org.springframework.security.crypto.password.PasswordEncoder; +import party.threebody.skean.collections.Sets; + +import java.util.Set; +import java.util.stream.Collectors; + +public class SkUser { + + static final String DEFAULT_AUTHORITY = "ROLE_USER"; + private String username; + private String password; + private Set authorities; + + public String getUsername() { + return username; + } + + public void setUsername(String username) { + this.username = username; + } + + public String getPassword() { + return password; + } + + public void setPassword(String password) { + this.password = password; + } + + public Set getAuthorities() { + return authorities; + } + + public void setAuthorities(Set authorities) { + this.authorities = authorities; + } + + // translate plain password to encrypted + public SkUser toEncyptedInstance(PasswordEncoder passwordEncoder) { + SkUser u = new SkUser(); + u.setUsername(username); + u.setPassword(passwordEncoder.encode(password)); + u.setAuthorities(authorities); + return u; + } + + public User toSpringSecurityUser() { + if (authorities == null || authorities.isEmpty()) { + authorities = Sets.of(DEFAULT_AUTHORITY); + } else { + authorities.add(DEFAULT_AUTHORITY); + } + return new User(username, password, + authorities.stream().map(a -> new SimpleGrantedAuthority(a)).collect(Collectors.toList())); + } +} diff --git a/skean-samples/navyapp/src/test/java/party/threebody/skean/samples/navyapp/WebSecurityConfig.java b/skean-samples/navyapp/src/test/java/party/threebody/skean/samples/navyapp/WebSecurityConfig.java new file mode 100644 index 0000000..8c384d8 --- /dev/null +++ b/skean-samples/navyapp/src/test/java/party/threebody/skean/samples/navyapp/WebSecurityConfig.java @@ -0,0 +1,22 @@ +package party.threebody.skean.samples.navyapp; + +import org.springframework.context.annotation.Configuration; +import org.springframework.security.config.annotation.web.builders.HttpSecurity; +import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; +import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; + +@Configuration +@EnableWebSecurity +public class WebSecurityConfig extends WebSecurityConfigurerAdapter { + + @Override + protected void configure(HttpSecurity http) throws Exception { + http + .authorizeRequests() + // .antMatchers("/**").permitAll(); + .antMatchers("/ships/hi").authenticated() + .anyRequest().permitAll() + // .antMatchers("/ships/**").permitAll(); + ; + } +} diff --git a/skean-samples/navyapp/src/test/java/party/threebody/skean/samples/navyapp/controller/ShipController.java b/skean-samples/navyapp/src/test/java/party/threebody/skean/samples/navyapp/controller/ShipController.java index d8b7648..f1cddbf 100644 --- a/skean-samples/navyapp/src/test/java/party/threebody/skean/samples/navyapp/controller/ShipController.java +++ b/skean-samples/navyapp/src/test/java/party/threebody/skean/samples/navyapp/controller/ShipController.java @@ -33,6 +33,10 @@ public void buildCrudFunctions(SinglePKCrudFunctionsBuilder builde .oneDeleter(shipService::delete); } + @GetMapping("/hi") + public String hi() { + return "hi"; + } @GetMapping("/2222") @Override diff --git a/skean-samples/navyapp/src/test/resources/application.yml b/skean-samples/navyapp/src/test/resources/application.yml index 6c9e9ba..c905054 100644 --- a/skean-samples/navyapp/src/test/resources/application.yml +++ b/skean-samples/navyapp/src/test/resources/application.yml @@ -16,5 +16,6 @@ skean: jdbc: sql-builder: modify-all-rows-enabled: true - id: + oauth-res-server: + jwt-signing-key: 888 diff --git a/skean-web/src/main/java/party/threebody/skean/web/util/SkeanResources.java b/skean-web/src/main/java/party/threebody/skean/web/util/SkeanResources.java index a080142..713aff1 100644 --- a/skean-web/src/main/java/party/threebody/skean/web/util/SkeanResources.java +++ b/skean-web/src/main/java/party/threebody/skean/web/util/SkeanResources.java @@ -12,7 +12,7 @@ /** * @see org.springframework.util.ResourceUtils */ -public class SkeanResources { +public final class SkeanResources { static final Logger logger = LoggerFactory.getLogger(SkeanResources.class); public static T readValueFromLocalJsonFile(String jsonFilePath, TypeReference typeReference) {