Merge pull request #41 from zlt2000/dev

Dev

Author: zlt2000

zlt-commons/zlt-auth-client-spring-boot-starter/pom.xml

@@ -42,5 +42,10 @@
             <artifactId>javax.servlet-api</artifactId>
             <scope>provided</scope>
         </dependency>
+        <dependency>
+            <groupId>org.apache.tomcat.embed</groupId>
+            <artifactId>tomcat-embed-websocket</artifactId>
+            <optional>true</optional>
+        </dependency>
     </dependencies>
 </project>

zlt-commons/zlt-auth-client-spring-boot-starter/src/main/java/com/central/oauth2/common/config/DefaultResourceServerConf.java

@@ -9,6 +9,7 @@
 import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
 import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;
+import org.springframework.security.oauth2.provider.authentication.TokenExtractor;
 import org.springframework.security.oauth2.provider.error.OAuth2AccessDeniedHandler;
 import org.springframework.security.oauth2.provider.expression.OAuth2WebSecurityExpressionHandler;
 import org.springframework.security.oauth2.provider.token.TokenStore;
@@ -36,13 +37,17 @@ public class DefaultResourceServerConf extends ResourceServerConfigurerAdapter {
     @Autowired
     private SecurityProperties securityProperties;
 
+    @Resource
+    private TokenExtractor tokenExtractor;
+
     @Override
     public void configure(ResourceServerSecurityConfigurer resources) {
         resources.tokenStore(tokenStore)
                 .stateless(true)
                 .authenticationEntryPoint(authenticationEntryPoint)
                 .expressionHandler(expressionHandler)
-                .accessDeniedHandler(oAuth2AccessDeniedHandler);
+                .accessDeniedHandler(oAuth2AccessDeniedHandler)
+                .tokenExtractor(tokenExtractor);
     }
 
     @Override

zlt-commons/zlt-auth-client-spring-boot-starter/src/main/java/com/central/oauth2/common/config/WcAuthConfigurator.java

@@ -0,0 +1,34 @@
+package com.central.oauth2.common.config;
+
+import com.central.oauth2.common.util.AuthUtils;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.web.context.request.RequestContextHolder;
+import org.springframework.web.context.request.ServletRequestAttributes;
+
+import javax.websocket.server.ServerEndpointConfig;
+
+/**
+ * webSocket鉴权配置
+ *
+ * @author zlt
+ * @version 1.0
+ * @date 2022/5/8
+ * <p>
+ * Blog: https://zlt2000.gitee.io
+ * Github: https://github.com/zlt2000
+ */
+@Slf4j
+public class WcAuthConfigurator extends ServerEndpointConfig.Configurator {
+    @Override
+    public boolean checkOrigin(String originHeaderValue) {
+        ServletRequestAttributes servletRequestAttributes = (ServletRequestAttributes) RequestContextHolder.getRequestAttributes();
+        try {
+            //检查token有效性
+            AuthUtils.checkAccessToken(servletRequestAttributes.getRequest());
+        } catch (Exception e) {
+            log.error("WebSocket-auth-error", e);
+            return false;
+        }
+        return super.checkOrigin(originHeaderValue);
+    }
+}

zlt-commons/zlt-auth-client-spring-boot-starter/src/main/java/com/central/oauth2/common/service/impl/CustomBearerTokenExtractor.java

@@ -0,0 +1,44 @@
+package com.central.oauth2.common.service.impl;
+
+import com.central.oauth2.common.properties.SecurityProperties;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.oauth2.provider.authentication.BearerTokenExtractor;
+import org.springframework.stereotype.Component;
+import org.springframework.util.AntPathMatcher;
+
+import javax.annotation.Resource;
+import javax.servlet.http.HttpServletRequest;
+
+/**
+ * 自定义 TokenExtractor
+ *
+ * @author zlt
+ * @version 1.0
+ * @date 2022/6/4
+ * <p>
+ * Blog: https://zlt2000.gitee.io
+ * Github: https://github.com/zlt2000
+ */
+@ConditionalOnClass(HttpServletRequest.class)
+@Component
+public class CustomBearerTokenExtractor extends BearerTokenExtractor {
+    @Resource
+    private SecurityProperties securityProperties;
+
+    private final AntPathMatcher antPathMatcher = new AntPathMatcher();
+
+    /**
+     * 解决只要请求携带access_token，排除鉴权的url依然会被拦截
+     */
+    @Override
+    public Authentication extract(HttpServletRequest request) {
+        //判断当前请求为排除鉴权的url时，直接返回null
+        for (String url : securityProperties.getIgnore().getUrls()) {
+            if (antPathMatcher.match(url, request.getRequestURI())) {
+                return null;
+            }
+        }
+        return super.extract(request);
+    }
+}

zlt-commons/zlt-auth-client-spring-boot-starter/src/main/java/com/central/oauth2/common/util/AuthUtils.java

@@ -3,11 +3,15 @@
 import com.central.common.constant.CommonConstant;
 import com.central.common.constant.SecurityConstants;
 import com.central.common.model.SysUser;
+import com.central.common.utils.SpringUtil;
 import com.central.oauth2.common.token.CustomWebAuthenticationDetails;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.oauth2.common.OAuth2AccessToken;
+import org.springframework.security.oauth2.common.exceptions.InvalidTokenException;
 import org.springframework.security.oauth2.common.exceptions.UnapprovedClientAuthenticationException;
+import org.springframework.security.oauth2.provider.OAuth2Authentication;
+import org.springframework.security.oauth2.provider.token.TokenStore;
 
 import javax.servlet.http.HttpServletRequest;
 import java.nio.charset.StandardCharsets;
@@ -66,6 +70,29 @@ private static String extractHeaderToken(HttpServletRequest request) {
         return null;
     }
 
+    /**
+     * 校验accessToken
+     */
+    public static void checkAccessToken(HttpServletRequest request) {
+        String accessToken = extractToken(request);
+        checkAccessToken(accessToken);
+    }
+
+    public static void checkAccessToken(String accessTokenValue) {
+        TokenStore tokenStore = SpringUtil.getBean(TokenStore.class);
+        OAuth2AccessToken accessToken = tokenStore.readAccessToken(accessTokenValue);
+        if (accessToken == null || accessToken.getValue() == null) {
+            throw new InvalidTokenException("Invalid access token: " + accessTokenValue);
+        } else if (accessToken.isExpired()) {
+            tokenStore.removeAccessToken(accessToken);
+            throw new InvalidTokenException("Access token expired: " + accessTokenValue);
+        }
+        OAuth2Authentication result = tokenStore.readAuthentication(accessToken);
+        if (result == null) {
+            throw new InvalidTokenException("Invalid access token: " + accessTokenValue);
+        }
+    }
+
     /**
      * *从header 请求中的clientId:clientSecret
      */

zlt-commons/zlt-common-core/src/main/java/com/central/common/utils/SpringUtil.java

@@ -2,6 +2,7 @@
 
 import org.springframework.context.ApplicationContext;
 import org.springframework.context.ApplicationContextAware;
+import org.springframework.core.annotation.Order;
 import org.springframework.core.env.Environment;
 import org.springframework.stereotype.Component;
 
@@ -11,6 +12,7 @@
  * @author 作者 owen E-mail: 624191343@qq.com
  */
 @Component
+@Order(0)
 public class SpringUtil implements ApplicationContextAware {
 
     private static ApplicationContext applicationContext = null;

zlt-commons/zlt-common-core/src/main/resources/META-INF/spring.factories

@@ -3,4 +3,5 @@ com.central.common.config.BannerInitializer
 
 org.springframework.boot.autoconfigure.EnableAutoConfiguration=\
 com.central.common.feign.fallback.UserServiceFallbackFactory,\
-com.central.common.lock.LockAspect
+com.central.common.lock.LockAspect,\
+com.central.common.utils.SpringUtil

zlt-commons/zlt-db-spring-boot-starter/src/main/java/com/central/db/config/MybatisPlusAutoConfigure.java

@@ -40,14 +40,14 @@ public class MybatisPlusAutoConfigure {
     @Bean
     public MybatisPlusInterceptor paginationInterceptor() {
         MybatisPlusInterceptor mpInterceptor = new MybatisPlusInterceptor();
-        mpInterceptor.addInnerInterceptor(new PaginationInnerInterceptor(DbType.MYSQL));
         boolean enableTenant = tenantProperties.getEnable();
         //是否开启多租户隔离
         if (enableTenant) {
             CustomTenantInterceptor tenantInterceptor = new CustomTenantInterceptor(
                     tenantLineHandler, tenantProperties.getIgnoreSqls());
             mpInterceptor.addInnerInterceptor(tenantInterceptor);
         }
+        mpInterceptor.addInnerInterceptor(new PaginationInnerInterceptor(DbType.MYSQL));
         return mpInterceptor;
     }
 

zlt-commons/zlt-loadbalancer-spring-boot-starter/src/main/java/com/central/common/lb/chooser/RandomRuleChooser.java

@@ -1,7 +1,7 @@
 package com.central.common.lb.chooser;
 
 import com.alibaba.nacos.common.utils.CollectionUtils;
-import lombok.extern.log4j.Log4j2;
+import lombok.extern.slf4j.Slf4j;
 import org.springframework.cloud.client.ServiceInstance;
 
 import java.util.List;
@@ -12,7 +12,7 @@
  *
  * @author jarvis create by 2022/3/13
  */
-@Log4j2
+@Slf4j
 public class RandomRuleChooser implements IRuleChooser {
     @Override
     public ServiceInstance choose(List<ServiceInstance> instances) {

zlt-commons/zlt-loadbalancer-spring-boot-starter/src/main/java/com/central/common/lb/chooser/RoundRuleChooser.java

@@ -1,7 +1,7 @@
 package com.central.common.lb.chooser;
 
 import com.alibaba.nacos.common.utils.CollectionUtils;
-import lombok.extern.log4j.Log4j2;
+import lombok.extern.slf4j.Slf4j;
 import org.springframework.cloud.client.ServiceInstance;
 
 import java.util.List;
@@ -12,7 +12,7 @@
  *
  * @author jarvis create by 2022/3/13
  */
-@Log4j2
+@Slf4j
 public class RoundRuleChooser implements IRuleChooser{
 
     private AtomicInteger position;