增加 SSO 示例

YunaiV · YunaiV · commit ac113de0f3e7 · 2020-06-27T09:46:19.000+08:00
diff --git a/lab-68/lab-68-demo21-authorization-server-on-sso/pom.xml b/lab-68/lab-68-demo21-authorization-server-on-sso/pom.xml
@@ -50,6 +50,18 @@
             <artifactId>spring-security-oauth2-autoconfigure</artifactId>
             <version>${spring.boot.version}</version>
         </dependency>
+
+        <!-- 实现对数据库连接池的自动化配置 -->
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-jdbc</artifactId>
+        </dependency>
+        <dependency> <!-- 本示例，我们使用 MySQL -->
+            <groupId>mysql</groupId>
+            <artifactId>mysql-connector-java</artifactId>
+            <version>5.1.48</version>
+        </dependency>
+
     </dependencies>
 
 </project>
diff --git a/lab-68/lab-68-demo21-authorization-server-on-sso/src/main/java/cn/iocoder/springboot/lab68/authorizationserverdemo/config/OAuth2AuthorizationServerConfig.java b/lab-68/lab-68-demo21-authorization-server-on-sso/src/main/java/cn/iocoder/springboot/lab68/authorizationserverdemo/config/OAuth2AuthorizationServerConfig.java
@@ -1,13 +1,20 @@
 package cn.iocoder.springboot.lab68.authorizationserverdemo.config;
 
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
 import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
 import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
 import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
 import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;
+import org.springframework.security.oauth2.provider.ClientDetailsService;
+import org.springframework.security.oauth2.provider.client.JdbcClientDetailsService;
+import org.springframework.security.oauth2.provider.token.TokenStore;
+import org.springframework.security.oauth2.provider.token.store.JdbcTokenStore;
+
+import javax.sql.DataSource;
 
 /**
  * 授权服务器配置
@@ -22,27 +29,40 @@ public class OAuth2AuthorizationServerConfig extends AuthorizationServerConfigur
     @Autowired
     private AuthenticationManager authenticationManager;
 
+    /**
+     * 数据源 DataSource
+     */
+    @Autowired
+    private DataSource dataSource;
+
+    @Bean
+    public TokenStore jdbcTokenStore() {
+        return new JdbcTokenStore(dataSource);
+    }
+
     @Override
     public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
-        endpoints.authenticationManager(authenticationManager);
+        endpoints.authenticationManager(authenticationManager)
+                .tokenStore(jdbcTokenStore());
     }
 
     @Override
     public void configure(AuthorizationServerSecurityConfigurer oauthServer) throws Exception {
-        oauthServer.checkTokenAccess("isAuthenticated()")
-//            .tokenKeyAccess("permitAll()")
-        ;
+        oauthServer.checkTokenAccess("isAuthenticated()");
+//        oauthServer.tokenKeyAccess("isAuthenticated()")
+//                .checkTokenAccess("isAuthenticated()");
+//        oauthServer.tokenKeyAccess("permitAll()")
+//                .checkTokenAccess("permitAll()");
+    }
+
+    @Bean
+    public ClientDetailsService jdbcClientDetailsService() {
+        return new JdbcClientDetailsService(dataSource);
     }
 
     @Override
     public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
-        clients.inMemory()
-                .withClient("clientapp").secret("112233") // Client 账号、密码。
-                .authorizedGrantTypes("authorization_code") // 授权码模式
-                .redirectUris("http://127.0.0.1:9090/login") // 配置回调地址，选填。
-                .scopes("read_userinfo", "read_contacts") // 可授权的 Scope
-//                .and().withClient() // 可以继续配置新的 Client
-                ;
+        clients.withClientDetails(jdbcClientDetailsService());
     }
 
 }
diff --git a/lab-68/lab-68-demo21-authorization-server-on-sso/src/main/java/cn/iocoder/springboot/lab68/authorizationserverdemo/config/SecurityConfig.java b/lab-68/lab-68-demo21-authorization-server-on-sso/src/main/java/cn/iocoder/springboot/lab68/authorizationserverdemo/config/SecurityConfig.java
@@ -1,5 +1,6 @@
 package cn.iocoder.springboot.lab68.authorizationserverdemo.config;
 
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.authentication.AuthenticationManager;
@@ -9,10 +10,18 @@
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.crypto.password.NoOpPasswordEncoder;
 
+import javax.sql.DataSource;
+
 @Configuration
 @EnableWebSecurity
 public class SecurityConfig extends WebSecurityConfigurerAdapter {
 
+    /**
+     * 数据源 DataSource
+     */
+    @Autowired
+    private DataSource dataSource;
+
     @Override
     @Bean(name = BeanIds.AUTHENTICATION_MANAGER)
     public AuthenticationManager authenticationManagerBean() throws Exception {
@@ -26,13 +35,8 @@ public static NoOpPasswordEncoder passwordEncoder() {
 
     @Override
     protected void configure(AuthenticationManagerBuilder auth) throws Exception {
-        auth.
-                // 使用内存中的 InMemoryUserDetailsManager
-                inMemoryAuthentication()
-                // 不使用 PasswordEncoder 密码编码器
-                .passwordEncoder(passwordEncoder())
-                // 配置 yunai 用户
-                .withUser("yunai").password("1024").roles("USER");
+        auth.jdbcAuthentication()
+                .dataSource(dataSource);
     }
 
 //    @Override
diff --git a/lab-68/lab-68-demo21-authorization-server-on-sso/src/main/resources/application.yaml b/lab-68/lab-68-demo21-authorization-server-on-sso/src/main/resources/application.yaml
@@ -0,0 +1,7 @@
+spring:
+  # datasource 数据源配置内容，对应 DataSourceProperties 配置属性类
+  datasource:
+    url: jdbc:mysql://127.0.0.1:43063/demo-68-authorization-server-sso?useSSL=false&useUnicode=true&characterEncoding=UTF-8
+    driver-class-name: com.mysql.jdbc.Driver
+    username: root # 数据库账号
+    password: 123456 # 数据库密码
diff --git a/lab-68/lab-68-demo21-authorization-server-on-sso/src/main/resources/db/oauth_data.sql b/lab-68/lab-68-demo21-authorization-server-on-sso/src/main/resources/db/oauth_data.sql
@@ -0,0 +1,7 @@
+INSERT INTO oauth_client_details
+	(client_id, client_secret, scope, authorized_grant_types,
+	web_server_redirect_uri, authorities, access_token_validity,
+	refresh_token_validity, additional_information, autoapprove)
+VALUES
+	('clientapp', '112233', 'read_userinfo,read_contacts',
+	'password,refresh_token', null, null, 3600, 864000, null, true);
diff --git a/lab-68/lab-68-demo21-authorization-server-on-sso/src/main/resources/db/oauth_schema.sql b/lab-68/lab-68-demo21-authorization-server-on-sso/src/main/resources/db/oauth_schema.sql
@@ -0,0 +1,51 @@
+drop table if exists oauth_client_details;
+create table oauth_client_details (
+  client_id VARCHAR(255) PRIMARY KEY,
+  resource_ids VARCHAR(255),
+  client_secret VARCHAR(255),
+  scope VARCHAR(255),
+  authorized_grant_types VARCHAR(255),
+  web_server_redirect_uri VARCHAR(255),
+  authorities VARCHAR(255),
+  access_token_validity INTEGER,
+  refresh_token_validity INTEGER,
+  additional_information VARCHAR(4096),
+  autoapprove VARCHAR(255)
+);
+
+create table if not exists oauth_client_token (
+  token_id VARCHAR(255),
+  token LONG VARBINARY,
+  authentication_id VARCHAR(255) PRIMARY KEY,
+  user_name VARCHAR(255),
+  client_id VARCHAR(255)
+);
+
+create table if not exists oauth_access_token (
+  token_id VARCHAR(255),
+  token LONG VARBINARY,
+  authentication_id VARCHAR(255) PRIMARY KEY,
+  user_name VARCHAR(255),
+  client_id VARCHAR(255),
+  authentication LONG VARBINARY,
+  refresh_token VARCHAR(255)
+);
+
+create table if not exists oauth_refresh_token (
+  token_id VARCHAR(255),
+  token LONG VARBINARY,
+  authentication LONG VARBINARY
+);
+
+create table if not exists oauth_code (
+  code VARCHAR(255), authentication LONG VARBINARY
+);
+
+create table if not exists oauth_approvals (
+	userId VARCHAR(255),
+	clientId VARCHAR(255),
+	scope VARCHAR(255),
+	status VARCHAR(10),
+	expiresAt TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
+	lastModifiedAt TIMESTAMP DEFAULT CURRENT_TIMESTAMP
+);
diff --git a/lab-68/lab-68-demo21-authorization-server-on-sso/src/main/resources/db/user_data.sql b/lab-68/lab-68-demo21-authorization-server-on-sso/src/main/resources/db/user_data.sql
@@ -0,0 +1,3 @@
+INSERT INTO `authorities` VALUES ('yunai', 'ROLE_USER');
+
+INSERT INTO `users` VALUES ('yunai', '112233', '1');
diff --git a/lab-68/lab-68-demo21-authorization-server-on-sso/src/main/resources/db/user_schema.sql b/lab-68/lab-68-demo21-authorization-server-on-sso/src/main/resources/db/user_schema.sql
@@ -0,0 +1,14 @@
+DROP TABLE IF EXISTS `authorities`;
+CREATE TABLE `authorities` (
+  `username` varchar(50) NOT NULL,
+  `authority` varchar(50) NOT NULL,
+  UNIQUE KEY `ix_auth_username` (`username`,`authority`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8;
+
+DROP TABLE IF EXISTS `users`;
+CREATE TABLE `users` (
+  `username` varchar(50) NOT NULL,
+  `password` varchar(500) NOT NULL,
+  `enabled` tinyint(1) NOT NULL,
+  PRIMARY KEY (`username`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8;
diff --git a/lab-68/lab-68-demo21-resource-server-on-sso/src/main/java/cn/iocoder/springboot/lab68/resourceserverdemo/config/SecurityConfig.java b/lab-68/lab-68-demo21-resource-server-on-sso/src/main/java/cn/iocoder/springboot/lab68/resourceserverdemo/config/SecurityConfig.java
@@ -0,0 +1,12 @@
+package cn.iocoder.springboot.lab68.resourceserverdemo.config;
+
+import org.springframework.context.annotation.Configuration;
+import org.springframework.core.annotation.Order;
+import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+
+@Configuration
+@EnableGlobalMethodSecurity(prePostEnabled = true)
+@Order(101)
+public class SecurityConfig extends WebSecurityConfigurerAdapter {
+}
diff --git a/lab-68/lab-68-demo21-resource-server-on-sso/src/main/java/cn/iocoder/springboot/lab68/resourceserverdemo/controller/DemoController.java b/lab-68/lab-68-demo21-resource-server-on-sso/src/main/java/cn/iocoder/springboot/lab68/resourceserverdemo/controller/DemoController.java
@@ -0,0 +1,27 @@
+package cn.iocoder.springboot.lab68.resourceserverdemo.controller;
+
+import org.springframework.security.access.prepost.PreAuthorize;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+/**
+ * 示例 Controller
+ */
+@RestController
+@RequestMapping("/demo")
+public class DemoController {
+
+    @GetMapping("/admin-list")
+    @PreAuthorize("hasAuthority('admin')")
+    public String adminList() {
+        return "管理员列表";
+    }
+
+    @GetMapping("/user-list")
+    @PreAuthorize("hasAuthority('user')")
+    public String userList() {
+        return "用户列表";
+    }
+
+}
diff --git a/lab-68/lab-68-demo21-resource-server-on-sso/src/main/java/cn/iocoder/springboot/lab68/resourceserverdemo/controller/UserController.java b/lab-68/lab-68-demo21-resource-server-on-sso/src/main/java/cn/iocoder/springboot/lab68/resourceserverdemo/controller/UserController.java
@@ -1,5 +1,6 @@
 package cn.iocoder.springboot.lab68.resourceserverdemo.controller;
 
+import org.springframework.security.core.Authentication;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
 
@@ -11,8 +12,8 @@
 public class UserController {
 
     @RequestMapping("/info")
-    public String hello() {
-        return "world";
+    public Authentication info(Authentication authentication) {
+        return authentication;
     }
 
 }
diff --git a/lab-68/lab-68-demo21-resource-server-on-sso/src/main/resources/application.yml b/lab-68/lab-68-demo21-resource-server-on-sso/src/main/resources/application.yml
@@ -3,16 +3,16 @@ server:
   servlet:
     session:
       cookie:
-        name: OAUTH2-CLIENT-SESSIONID
+        name: SSO-SESSIONID # 自定义 Session 的 Cookie 名字，防止冲突。冲突后，会导致 SSO 登陆失败。
 
 security:
   oauth2:
     # OAuth2 Client 配置，对应 OAuth2ClientProperties 类
     client:
       client-id: clientapp
       client-secret: 112233
-      user-authorization-uri: http://127.0.0.1:8080/oauth/authorize #
-      access-token-uri: http://127.0.0.1:8080/oauth/token
+      user-authorization-uri: http://127.0.0.1:8080/oauth/authorize # 获取用户的授权码地址
+      access-token-uri: http://127.0.0.1:8080/oauth/token # 获取访问令牌的地址
     # OAuth2 Resource 配置，对应 ResourceServerProperties 类
     resource:
-      token-info-uri: http://127.0.0.1:8080/oauth/check_token # 获得 Token 信息的 URL
+      token-info-uri: http://127.0.0.1:8080/oauth/check_token # 校验访问令牌是否有效的地址

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	+INSERT INTO `authorities` VALUES ('yunai', 'ROLE_USER');
	`2`	`+`
	`3`	+INSERT INTO `users` VALUES ('yunai', '112233', '1');
Original file line number	Diff line number	Diff line change
`@@ -1,5 +1,6 @@`
`1`	`1`	`package cn.iocoder.springboot.lab68.resourceserverdemo.controller;`
`2`	`2`
	`3`	`+import org.springframework.security.core.Authentication;`
`3`	`4`	`import org.springframework.web.bind.annotation.RequestMapping;`
`4`	`5`	`import org.springframework.web.bind.annotation.RestController;`
`5`	`6`
`@@ -11,8 +12,8 @@`
`11`	`12`	`public class UserController {`
`12`	`13`
`13`	`14`	`@RequestMapping("/info")`
`14`		`- public String hello() {`
`15`		`- return "world";`
	`15`	`+ public Authentication info(Authentication authentication) {`
	`16`	`+ return authentication;`
`16`	`17`	`}`
`17`	`18`
`18`	`19`	`}`