-
Notifications
You must be signed in to change notification settings - Fork 2
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
20 changed files
with
788 additions
and
17 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
72 changes: 72 additions & 0 deletions
72
...ta-infra-oauth/src/main/java/com/achobeta/www/oauth/config/AchoBetaWebSecurityConfig.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,72 @@ | ||
| package com.achobeta.www.oauth.config; | ||
|
|
||
| import com.achobeta.www.oauth.config.handler.AuthenticationFailureHandler; | ||
| import com.achobeta.www.oauth.config.handler.logout.AuthenticationLogoutHandler; | ||
| import com.achobeta.www.oauth.config.handler.logout.AuthenticationLogoutSuccessHandler; | ||
| import com.achobeta.www.oauth.config.handler.AuthenticationSuccessHandler; | ||
| import org.springframework.beans.factory.annotation.Autowired; | ||
| import org.springframework.context.annotation.Bean; | ||
| import org.springframework.context.annotation.Configuration; | ||
| import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity; | ||
| import org.springframework.security.config.web.server.ServerHttpSecurity; | ||
| import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; | ||
| import org.springframework.security.crypto.password.PasswordEncoder; | ||
| import org.springframework.security.web.server.SecurityWebFilterChain; | ||
|
|
||
| import static org.springframework.security.authorization.AuthorityReactiveAuthorizationManager.hasRole; | ||
|
|
||
| /** | ||
| * <span> | ||
| * security config | ||
| * </span> | ||
| * | ||
| * @author jettcc in 2023/10/18 | ||
| * @version 1.0 | ||
| */ | ||
| @Configuration | ||
| @EnableWebFluxSecurity | ||
| public class AchoBetaWebSecurityConfig { | ||
| @Autowired | ||
| private AuthenticationWhitelistConfig whitelistConfig; | ||
| @Bean | ||
| public SecurityWebFilterChain defaultSecurityFilterChain(ServerHttpSecurity http) { | ||
| String[] urls = whitelistConfig.getUrls().toArray(new String[0]); | ||
| http | ||
| .authorizeExchange((authorize) -> authorize | ||
| // 白名单路径 | ||
| .pathMatchers(urls) | ||
| .permitAll() | ||
| .pathMatchers("/admin/**") | ||
| .hasRole("ADMIN") | ||
| .pathMatchers("/db/**") | ||
| .access((authentication, context) -> | ||
| hasRole("ADMIN").check(authentication, context) | ||
| .filter(decision -> !decision.isGranted()) | ||
| .switchIfEmpty(hasRole("DBA").check(authentication, context)) | ||
| ) | ||
| .anyExchange().denyAll() | ||
| ).formLogin(fl -> | ||
| fl.authenticationSuccessHandler(new AuthenticationSuccessHandler()) | ||
| .authenticationFailureHandler(new AuthenticationFailureHandler())) | ||
| .logout(logoutSpec -> logoutSpec.logoutHandler(new AuthenticationLogoutHandler()) | ||
| .logoutSuccessHandler(new AuthenticationLogoutSuccessHandler()) | ||
| ) | ||
| // .httpBasic(basicSpec -> { | ||
| // basicSpec. | ||
| // }) | ||
| ; | ||
|
|
||
|
|
||
| http.csrf(ServerHttpSecurity.CsrfSpec::disable); | ||
| return http.build(); | ||
| } | ||
|
|
||
| /** | ||
| * this bean is encryptor | ||
| */ | ||
| @Bean | ||
| public PasswordEncoder passwordEncoder() { | ||
| return new BCryptPasswordEncoder(); | ||
| } | ||
| } | ||
|
|
24 changes: 24 additions & 0 deletions
24
...nfra-oauth/src/main/java/com/achobeta/www/oauth/config/AuthenticationWhitelistConfig.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,24 @@ | ||
| package com.achobeta.www.oauth.config; | ||
|
|
||
| import lombok.Getter; | ||
| import lombok.Setter; | ||
| import org.springframework.boot.context.properties.ConfigurationProperties; | ||
| import org.springframework.stereotype.Component; | ||
|
|
||
| import java.util.List; | ||
|
|
||
| /** | ||
| * <span> | ||
| * Whitelist request URL list | ||
| * </span> | ||
| * | ||
| * @author jettcc in 2023/10/31 | ||
| * @version 1.0 | ||
| */ | ||
| @Getter | ||
| @Setter | ||
| @Component | ||
| @ConfigurationProperties(prefix = "achobeta.auth.whitelist") | ||
| public class AuthenticationWhitelistConfig { | ||
| private List<String> urls; | ||
| } |
34 changes: 34 additions & 0 deletions
34
achobeta-infra-oauth/src/main/java/com/achobeta/www/oauth/config/MybatisFillConfig.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,34 @@ | ||
| package com.achobeta.www.oauth.config; | ||
|
|
||
| import com.baomidou.mybatisplus.core.handlers.MetaObjectHandler; | ||
| import org.apache.ibatis.reflection.MetaObject; | ||
| import org.springframework.stereotype.Component; | ||
| import org.springframework.transaction.annotation.EnableTransactionManagement; | ||
|
|
||
| import java.time.LocalDateTime; | ||
| import java.util.UUID; | ||
|
|
||
| /** | ||
| * <span> | ||
| * Mybatis fill config | ||
| * </span> | ||
| * | ||
| * @author jettcc in 2023/10/18 | ||
| * @version 1.0 | ||
| */ | ||
| @Component | ||
| @EnableTransactionManagement | ||
| public class MybatisFillConfig implements MetaObjectHandler { | ||
| @Override | ||
| public void insertFill(MetaObject metaObject) { | ||
| this.strictInsertFill(metaObject, "uuid", String.class, UUID.randomUUID().toString()); | ||
| this.strictInsertFill(metaObject, "createTime", LocalDateTime.class, LocalDateTime.now()); | ||
| this.strictInsertFill(metaObject, "version", Integer.class, 1); | ||
| this.strictInsertFill(metaObject, "deleted", Integer.class, 0); | ||
| } | ||
|
|
||
| @Override | ||
| public void updateFill(MetaObject metaObject) { | ||
| this.strictUpdateFill(metaObject, "updateTime", LocalDateTime.class, LocalDateTime.now()); | ||
| } | ||
| } |
37 changes: 37 additions & 0 deletions
37
achobeta-infra-oauth/src/main/java/com/achobeta/www/oauth/config/RedisConfig.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,37 @@ | ||
| package com.achobeta.www.oauth.config; | ||
|
|
||
| import com.alibaba.fastjson2.support.spring6.data.redis.GenericFastJsonRedisSerializer; | ||
| import org.springframework.context.annotation.Bean; | ||
| import org.springframework.context.annotation.Configuration; | ||
| import org.springframework.data.redis.connection.lettuce.LettuceConnectionFactory; | ||
| import org.springframework.data.redis.core.RedisTemplate; | ||
| import org.springframework.data.redis.serializer.RedisSerializer; | ||
|
|
||
| /** | ||
| * <span> | ||
| * redis config | ||
| * </span> | ||
| * | ||
| * @author jettcc in 2023/10/31 | ||
| * @version 1.0 | ||
| */ | ||
| @Configuration | ||
| public class RedisConfig { | ||
| @Bean | ||
| public RedisSerializer<Object> springSessionDefaultRedisSerializer() { | ||
| return new GenericFastJsonRedisSerializer(); | ||
| } | ||
|
|
||
| @Bean | ||
| public RedisTemplate<String, Object> redisTemplate(LettuceConnectionFactory factory) { | ||
| RedisTemplate<String,Object> redisTemplate = new RedisTemplate<>(); | ||
| redisTemplate.setConnectionFactory(factory); | ||
| redisTemplate.setKeySerializer(RedisSerializer.string()); | ||
| redisTemplate.setValueSerializer(RedisSerializer.json()); | ||
| redisTemplate.setHashKeySerializer(RedisSerializer.string()); | ||
| redisTemplate.setHashValueSerializer(RedisSerializer.json()); | ||
| redisTemplate.afterPropertiesSet(); | ||
| return redisTemplate; | ||
| } | ||
|
|
||
| } |
25 changes: 25 additions & 0 deletions
25
achobeta-infra-oauth/src/main/java/com/achobeta/www/oauth/config/SpringSessionConfig.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,25 @@ | ||
| package com.achobeta.www.oauth.config; | ||
|
|
||
| import org.springframework.context.annotation.Bean; | ||
| import org.springframework.context.annotation.Configuration; | ||
| import org.springframework.data.redis.connection.lettuce.LettuceConnectionFactory; | ||
| import org.springframework.session.SaveMode; | ||
| import org.springframework.session.data.redis.config.annotation.web.server.EnableRedisWebSession; | ||
|
|
||
| /** | ||
| * <span> | ||
| * spring session config | ||
| * </span> | ||
| * | ||
| * @author jettcc in 2023/11/1 | ||
| * @version 1.0 | ||
| */ | ||
| @Configuration(proxyBeanMethods = false) | ||
| @EnableRedisWebSession(redisNamespace = "achobeta:infra", saveMode = SaveMode.ALWAYS) | ||
| public class SpringSessionConfig { | ||
| @Bean | ||
| public LettuceConnectionFactory redisConnectionFactory() { | ||
| return new LettuceConnectionFactory(); | ||
| } | ||
|
|
||
| } |
26 changes: 26 additions & 0 deletions
26
...uth/src/main/java/com/achobeta/www/oauth/config/handler/AuthenticationFailureHandler.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,26 @@ | ||
| package com.achobeta.www.oauth.config.handler; | ||
|
|
||
| import com.achobeta.www.common.util.GlobalServiceStatusCode; | ||
| import org.springframework.http.server.reactive.ServerHttpResponse; | ||
| import org.springframework.security.core.AuthenticationException; | ||
| import org.springframework.security.web.server.WebFilterExchange; | ||
| import org.springframework.security.web.server.authentication.ServerAuthenticationFailureHandler; | ||
| import reactor.core.publisher.Mono; | ||
|
|
||
| import static com.achobeta.www.oauth.utils.ResponseUtil.createAccessDeniedResponse; | ||
|
|
||
| /** | ||
| * <span> | ||
| * handler authentication failure | ||
| * </span> | ||
| * | ||
| * @author jettcc in 2023/10/23 | ||
| * @version 1.0 | ||
| */ | ||
| public class AuthenticationFailureHandler implements ServerAuthenticationFailureHandler { | ||
| @Override | ||
| public Mono<Void> onAuthenticationFailure(WebFilterExchange webFilterExchange, AuthenticationException exception) { | ||
| ServerHttpResponse response = webFilterExchange.getExchange().getResponse(); | ||
| return createAccessDeniedResponse(response, GlobalServiceStatusCode.USER_NO_PERMISSION); | ||
| } | ||
| } |
31 changes: 31 additions & 0 deletions
31
...uth/src/main/java/com/achobeta/www/oauth/config/handler/AuthenticationSuccessHandler.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,31 @@ | ||
| package com.achobeta.www.oauth.config.handler; | ||
|
|
||
| import com.achobeta.www.common.util.GlobalServiceStatusCode; | ||
| import lombok.extern.slf4j.Slf4j; | ||
| import org.springframework.http.server.reactive.ServerHttpResponse; | ||
| import org.springframework.security.core.Authentication; | ||
| import org.springframework.security.web.server.WebFilterExchange; | ||
| import org.springframework.security.web.server.authentication.ServerAuthenticationSuccessHandler; | ||
| import reactor.core.publisher.Mono; | ||
|
|
||
| import static com.achobeta.www.oauth.utils.ResponseUtil.createAccessDeniedResponse; | ||
|
|
||
| /** | ||
| * <span> | ||
| * authentication success handler | ||
| * </span> | ||
| * | ||
| * @author jettcc in 2023/10/23 | ||
| * @version 1.0 | ||
| */ | ||
| @Slf4j | ||
| public class AuthenticationSuccessHandler implements ServerAuthenticationSuccessHandler { | ||
|
|
||
| @Override | ||
| public Mono<Void> onAuthenticationSuccess(WebFilterExchange webFilterExchange, | ||
| Authentication authentication) { | ||
| ServerHttpResponse response = webFilterExchange.getExchange().getResponse(); | ||
| return createAccessDeniedResponse(response, GlobalServiceStatusCode.SYSTEM_SUCCESS); | ||
| } | ||
|
|
||
| } |
Oops, something went wrong.