✨ 增加 pig-boot 单体模式启动模块

pig-mesh · Apr 4, 2024 · 6c57f41 · 6c57f41
1 parent 1ac6fd5
commit 6c57f41
Show file tree

Hide file tree

Showing 10 changed files with 576 additions and 97 deletions.
diff --git a/pig-auth/src/main/java/com/pig4cloud/pig/auth/config/AuthorizationServerConfiguration.java b/pig-auth/src/main/java/com/pig4cloud/pig/auth/config/AuthorizationServerConfiguration.java
@@ -20,6 +20,8 @@
 import com.pig4cloud.pig.auth.support.core.CustomeOAuth2TokenCustomizer;
 import com.pig4cloud.pig.auth.support.core.FormIdentityLoginConfigurer;
 import com.pig4cloud.pig.auth.support.core.PigDaoAuthenticationProvider;
+import com.pig4cloud.pig.auth.support.filter.PasswordDecoderFilter;
+import com.pig4cloud.pig.auth.support.filter.ValidateCodeFilter;
 import com.pig4cloud.pig.auth.support.handler.PigAuthenticationFailureEventHandler;
 import com.pig4cloud.pig.auth.support.handler.PigAuthenticationSuccessEventHandler;
 import com.pig4cloud.pig.auth.support.password.OAuth2ResourceOwnerPasswordAuthenticationConverter;
@@ -28,6 +30,7 @@
 import com.pig4cloud.pig.auth.support.sms.OAuth2ResourceOwnerSmsAuthenticationProvider;
 import com.pig4cloud.pig.common.core.constant.SecurityConstants;
 import lombok.RequiredArgsConstructor;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.core.Ordered;
@@ -45,107 +48,110 @@
 import org.springframework.security.web.DefaultSecurityFilterChain;
 import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.authentication.AuthenticationConverter;
+import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
 import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
 
 import java.util.Arrays;
 
 /**
  * @author lengleng
  * @date 2022/5/27
- *
+ * <p>
  * 认证服务器配置
  */
 @Configuration
 @RequiredArgsConstructor
 public class AuthorizationServerConfiguration {
 
-	private final OAuth2AuthorizationService authorizationService;
-
-	@Bean
-	@Order(Ordered.HIGHEST_PRECEDENCE)
-	public SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception {
-		OAuth2AuthorizationServerConfigurer authorizationServerConfigurer = new OAuth2AuthorizationServerConfigurer();
-
-		http.with(authorizationServerConfigurer.tokenEndpoint((tokenEndpoint) -> {// 个性化认证授权端点
-			tokenEndpoint.accessTokenRequestConverter(accessTokenRequestConverter()) // 注入自定义的授权认证Converter
-				.accessTokenResponseHandler(new PigAuthenticationSuccessEventHandler()) // 登录成功处理器
-				.errorResponseHandler(new PigAuthenticationFailureEventHandler());// 登录失败处理器
-		}).clientAuthentication(oAuth2ClientAuthenticationConfigurer -> // 个性化客户端认证
-		oAuth2ClientAuthenticationConfigurer.errorResponseHandler(new PigAuthenticationFailureEventHandler()))// 处理客户端认证异常
-			.authorizationEndpoint(authorizationEndpoint -> authorizationEndpoint// 授权码端点个性化confirm页面
-				.consentPage(SecurityConstants.CUSTOM_CONSENT_PAGE_URI)), Customizer.withDefaults());
-
-		AntPathRequestMatcher[] requestMatchers = new AntPathRequestMatcher[] {
-				AntPathRequestMatcher.antMatcher("/token/**"), AntPathRequestMatcher.antMatcher("/actuator/**"),
-				AntPathRequestMatcher.antMatcher("/css/**"), AntPathRequestMatcher.antMatcher("/error") };
-
-		http.authorizeHttpRequests(authorizeRequests -> {
-			// 自定义接口、端点暴露
-			authorizeRequests.requestMatchers(requestMatchers).permitAll();
-			authorizeRequests.anyRequest().authenticated();
-		})
-			.with(authorizationServerConfigurer.authorizationService(authorizationService)// redis存储token的实现
-				.authorizationServerSettings(
-						AuthorizationServerSettings.builder().issuer(SecurityConstants.PROJECT_LICENSE).build()),
-					Customizer.withDefaults());
-		http.with(new FormIdentityLoginConfigurer(), Customizer.withDefaults());
-		DefaultSecurityFilterChain securityFilterChain = http.build();
-
-		// 注入自定义授权模式实现
-		addCustomOAuth2GrantAuthenticationProvider(http);
-		return securityFilterChain;
-	}
-
-	/**
-	 * 令牌生成规则实现 </br>
-	 * client:username:uuid
-	 * @return OAuth2TokenGenerator
-	 */
-	@Bean
-	public OAuth2TokenGenerator oAuth2TokenGenerator() {
-		CustomeOAuth2AccessTokenGenerator accessTokenGenerator = new CustomeOAuth2AccessTokenGenerator();
-		// 注入Token 增加关联用户信息
-		accessTokenGenerator.setAccessTokenCustomizer(new CustomeOAuth2TokenCustomizer());
-		return new DelegatingOAuth2TokenGenerator(accessTokenGenerator, new OAuth2RefreshTokenGenerator());
-	}
-
-	/**
-	 * request -> xToken 注入请求转换器
-	 * @return DelegatingAuthenticationConverter
-	 */
-	private AuthenticationConverter accessTokenRequestConverter() {
-		return new DelegatingAuthenticationConverter(Arrays.asList(
-				new OAuth2ResourceOwnerPasswordAuthenticationConverter(),
-				new OAuth2ResourceOwnerSmsAuthenticationConverter(), new OAuth2RefreshTokenAuthenticationConverter(),
-				new OAuth2ClientCredentialsAuthenticationConverter(),
-				new OAuth2AuthorizationCodeAuthenticationConverter(),
-				new OAuth2AuthorizationCodeRequestAuthenticationConverter()));
-	}
-
-	/**
-	 * 注入授权模式实现提供方
-	 *
-	 * 1. 密码模式 </br>
-	 * 2. 短信登录 </br>
-	 *
-	 */
-	@SuppressWarnings("unchecked")
-	private void addCustomOAuth2GrantAuthenticationProvider(HttpSecurity http) {
-		AuthenticationManager authenticationManager = http.getSharedObject(AuthenticationManager.class);
-		OAuth2AuthorizationService authorizationService = http.getSharedObject(OAuth2AuthorizationService.class);
-
-		OAuth2ResourceOwnerPasswordAuthenticationProvider resourceOwnerPasswordAuthenticationProvider = new OAuth2ResourceOwnerPasswordAuthenticationProvider(
-				authenticationManager, authorizationService, oAuth2TokenGenerator());
-
-		OAuth2ResourceOwnerSmsAuthenticationProvider resourceOwnerSmsAuthenticationProvider = new OAuth2ResourceOwnerSmsAuthenticationProvider(
-				authenticationManager, authorizationService, oAuth2TokenGenerator());
-
-		// 处理 UsernamePasswordAuthenticationToken
-		http.authenticationProvider(new PigDaoAuthenticationProvider());
-		// 处理 OAuth2ResourceOwnerPasswordAuthenticationToken
-		http.authenticationProvider(resourceOwnerPasswordAuthenticationProvider);
-		// 处理 OAuth2ResourceOwnerSmsAuthenticationToken
-		http.authenticationProvider(resourceOwnerSmsAuthenticationProvider);
-	}
+    private final OAuth2AuthorizationService authorizationService;
+
+    private final PasswordDecoderFilter passwordDecoderFilter;
+
+    private final ValidateCodeFilter validateCodeFilter;
+
+
+    @Bean
+    @Order(Ordered.HIGHEST_PRECEDENCE)
+    @ConditionalOnProperty(value = "security.micro", matchIfMissing = true)
+    public SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception {
+        OAuth2AuthorizationServerConfigurer authorizationServerConfigurer = new OAuth2AuthorizationServerConfigurer();
+
+        // 增加验证码过滤器
+        http.addFilterBefore(validateCodeFilter, UsernamePasswordAuthenticationFilter.class);
+        // 增加密码解密过滤器
+        http.addFilterBefore(passwordDecoderFilter, UsernamePasswordAuthenticationFilter.class);
+
+        http.with(authorizationServerConfigurer.tokenEndpoint((tokenEndpoint) -> {// 个性化认证授权端点
+                    tokenEndpoint.accessTokenRequestConverter(accessTokenRequestConverter()) // 注入自定义的授权认证Converter
+                            .accessTokenResponseHandler(new PigAuthenticationSuccessEventHandler()) // 登录成功处理器
+                            .errorResponseHandler(new PigAuthenticationFailureEventHandler());// 登录失败处理器
+                }).clientAuthentication(oAuth2ClientAuthenticationConfigurer -> // 个性化客户端认证
+                        oAuth2ClientAuthenticationConfigurer.errorResponseHandler(new PigAuthenticationFailureEventHandler()))// 处理客户端认证异常
+                .authorizationEndpoint(authorizationEndpoint -> authorizationEndpoint// 授权码端点个性化confirm页面
+                        .consentPage(SecurityConstants.CUSTOM_CONSENT_PAGE_URI)), Customizer.withDefaults());
+
+        AntPathRequestMatcher[] requestMatchers = new AntPathRequestMatcher[]{AntPathRequestMatcher.antMatcher("/token/**"), AntPathRequestMatcher.antMatcher("/actuator/**"), AntPathRequestMatcher.antMatcher("/code/image"), AntPathRequestMatcher.antMatcher("/css/**"), AntPathRequestMatcher.antMatcher("/error")};
+
+        http.authorizeHttpRequests(authorizeRequests -> {
+            // 自定义接口、端点暴露
+            authorizeRequests.requestMatchers(requestMatchers).permitAll();
+            authorizeRequests.anyRequest().authenticated();
+        }).with(authorizationServerConfigurer.authorizationService(authorizationService)// redis存储token的实现
+                .authorizationServerSettings(AuthorizationServerSettings.builder().issuer(SecurityConstants.PROJECT_LICENSE).build()), Customizer.withDefaults());
+        http.with(new FormIdentityLoginConfigurer(), Customizer.withDefaults());
+        DefaultSecurityFilterChain securityFilterChain = http.build();
+
+        // 注入自定义授权模式实现
+        addCustomOAuth2GrantAuthenticationProvider(http);
+
+        return securityFilterChain;
+    }
+
+    /**
+     * 令牌生成规则实现 </br>
+     * client:username:uuid
+     *
+     * @return OAuth2TokenGenerator
+     */
+    @Bean
+    public OAuth2TokenGenerator oAuth2TokenGenerator() {
+        CustomeOAuth2AccessTokenGenerator accessTokenGenerator = new CustomeOAuth2AccessTokenGenerator();
+        // 注入Token 增加关联用户信息
+        accessTokenGenerator.setAccessTokenCustomizer(new CustomeOAuth2TokenCustomizer());
+        return new DelegatingOAuth2TokenGenerator(accessTokenGenerator, new OAuth2RefreshTokenGenerator());
+    }
+
+    /**
+     * request -> xToken 注入请求转换器
+     *
+     * @return DelegatingAuthenticationConverter
+     */
+    @Bean
+    public AuthenticationConverter accessTokenRequestConverter() {
+        return new DelegatingAuthenticationConverter(Arrays.asList(new OAuth2ResourceOwnerPasswordAuthenticationConverter(), new OAuth2ResourceOwnerSmsAuthenticationConverter(), new OAuth2RefreshTokenAuthenticationConverter(), new OAuth2ClientCredentialsAuthenticationConverter(), new OAuth2AuthorizationCodeAuthenticationConverter(), new OAuth2AuthorizationCodeRequestAuthenticationConverter()));
+    }
+
+    /**
+     * 注入授权模式实现提供方
+     * <p>
+     * 1. 密码模式 </br>
+     * 2. 短信登录 </br>
+     */
+    @SuppressWarnings("unchecked")
+    private void addCustomOAuth2GrantAuthenticationProvider(HttpSecurity http) {
+        AuthenticationManager authenticationManager = http.getSharedObject(AuthenticationManager.class);
+        OAuth2AuthorizationService authorizationService = http.getSharedObject(OAuth2AuthorizationService.class);
+
+        OAuth2ResourceOwnerPasswordAuthenticationProvider resourceOwnerPasswordAuthenticationProvider = new OAuth2ResourceOwnerPasswordAuthenticationProvider(authenticationManager, authorizationService, oAuth2TokenGenerator());
+
+        OAuth2ResourceOwnerSmsAuthenticationProvider resourceOwnerSmsAuthenticationProvider = new OAuth2ResourceOwnerSmsAuthenticationProvider(authenticationManager, authorizationService, oAuth2TokenGenerator());
+
+        // 处理 UsernamePasswordAuthenticationToken
+        http.authenticationProvider(new PigDaoAuthenticationProvider());
+        // 处理 OAuth2ResourceOwnerPasswordAuthenticationToken
+        http.authenticationProvider(resourceOwnerPasswordAuthenticationProvider);
+        // 处理 OAuth2ResourceOwnerSmsAuthenticationToken
+        http.authenticationProvider(resourceOwnerSmsAuthenticationProvider);
+    }
 
 }
diff --git a/...uth/src/main/java/com/pig4cloud/pig/auth/support/filter/AuthSecurityConfigProperties.java b/...uth/src/main/java/com/pig4cloud/pig/auth/support/filter/AuthSecurityConfigProperties.java
@@ -0,0 +1,37 @@
+package com.pig4cloud.pig.auth.support.filter;
+
+import lombok.Data;
+import org.springframework.boot.context.properties.ConfigurationProperties;
+import org.springframework.cloud.context.config.annotation.RefreshScope;
+import org.springframework.stereotype.Component;
+
+import java.util.List;
+
+/**
+ * @author lengleng
+ * @date 2020/10/4
+ * <p>
+ * 网关配置文件
+ */
+@Data
+@Component
+@RefreshScope
+@ConfigurationProperties("security")
+public class AuthSecurityConfigProperties {
+
+    /**
+     * 是否是微服务架构
+     */
+    private boolean isMicro;
+
+    /**
+     * 网关解密登录前端密码 秘钥
+     */
+    private String encodeKey;
+
+    /**
+     * 网关不需要校验验证码的客户端
+     */
+    private List<String> ignoreClients;
+
+}
diff --git a/...ain/java/com/pig4cloud/pig/auth/support/handler/PigAuthenticationFailureEventHandler.java b/...ain/java/com/pig4cloud/pig/auth/support/handler/PigAuthenticationFailureEventHandler.java
@@ -19,8 +19,6 @@
 import cn.hutool.core.util.StrUtil;
 import com.pig4cloud.pig.admin.api.entity.SysLog;
 import com.pig4cloud.pig.common.core.constant.CommonConstants;
-import com.pig4cloud.pig.common.core.constant.SecurityConstants;
-import com.pig4cloud.pig.common.core.util.MsgUtils;
 import com.pig4cloud.pig.common.core.util.R;
 import com.pig4cloud.pig.common.core.util.SpringContextHolder;
 import com.pig4cloud.pig.common.log.event.SysLogEvent;
@@ -97,12 +95,6 @@ private void sendErrorResponse(HttpServletRequest request, HttpServletResponse r
 			errorMessage = exception.getLocalizedMessage();
 		}
 
-		// 手机号登录
-		String grantType = request.getParameter(OAuth2ParameterNames.GRANT_TYPE);
-		if (SecurityConstants.MOBILE.equals(grantType)) {
-			errorMessage = MsgUtils.getSecurityMessage("AbstractUserDetailsAuthenticationProvider.smsBadCredentials");
-		}
-
 		this.errorHttpResponseConverter.write(R.failed(errorMessage), MediaType.APPLICATION_JSON, httpResponse);
 	}
 

diff --git a/pig-boot/Dockerfile b/pig-boot/Dockerfile
@@ -0,0 +1,13 @@
+FROM alibabadragonwell/dragonwell:21-anolis
+
+WORKDIR /pig-boot
+
+ARG JAR_FILE=target/pig-boot.jar
+
+COPY ${JAR_FILE} app.jar
+
+EXPOSE 9999
+
+ENV TZ=Asia/Shanghai JAVA_OPTS="-Xms512m -Xmx1024m -Djava.security.egd=file:/dev/./urandom"
+
+CMD sleep 60; java $JAVA_OPTS -jar app.jar