refactor: 项目改名为 Teammodel-extension

1 year ago · 38bb428c59
parent e29283799a
commit 38bb428c59
7 changed files with 286 additions and 10 deletions
--- a/pom.xml
+++ b/pom.xml
@ -9,18 +9,54 @@
        <relativePath/> <!-- lookup parent from repository -->
    </parent>
    <groupId>cn.teammodel</groupId>
-    <artifactId>deployment-test</artifactId>
+    <artifactId>Teammodel-extension</artifactId>
-    <version>0.0.1-SNAPSHOT</version>
+    <version>1.0.1</version>
-    <name>deployment-test</name>
+    <name>Teammodel-extension</name>
-    <description>deployment-test</description>
+    <description>Teammodel-extension</description>
    <properties>
        <java.version>1.8</java.version>
        <spring-cloud-azure.version>4.11.0</spring-cloud-azure.version>
    </properties>
    <dependencies>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-web</artifactId>
        </dependency>
        <!-- Spring Security -->
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-security</artifactId>
        </dependency>
        <!-- Spring Security OAuth2 resource server -->
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-oauth2-resource-server</artifactId>
        </dependency>
        <!--    cosmos    -->
        <dependency>
            <groupId>com.azure.spring</groupId>
            <artifactId>spring-cloud-azure-starter</artifactId>
        </dependency>
        <dependency>
            <groupId>com.azure.spring</groupId>
            <artifactId>spring-cloud-azure-starter-data-cosmos</artifactId>
        </dependency>
        <dependency>
            <groupId>org.projectlombok</groupId>
            <artifactId>lombok</artifactId>
            <optional>true</optional>
        </dependency>
        <!-- jjwt -->
        <dependency>
            <groupId>io.jsonwebtoken</groupId>
            <artifactId>jjwt</artifactId>
            <version>0.9.1</version>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
@ -29,11 +65,31 @@
        </dependency>
    </dependencies>
    <dependencyManagement>
        <dependencies>
            <dependency>
                <groupId>com.azure.spring</groupId>
                <artifactId>spring-cloud-azure-dependencies</artifactId>
                <version>${spring-cloud-azure.version}</version>
                <type>pom</type>
                <scope>import</scope>
            </dependency>
        </dependencies>
    </dependencyManagement>
    <build>
        <plugins>
            <plugin>
                <groupId>org.springframework.boot</groupId>
                <artifactId>spring-boot-maven-plugin</artifactId>
                <configuration>
                    <excludes>
                        <exclude>
                            <groupId>org.projectlombok</groupId>
                            <artifactId>lombok</artifactId>
                        </exclude>
                    </excludes>
                </configuration>
            </plugin>
        </plugins>
    </build>
--- a/src/main/java/cn/teammodel/controller/HelloController.java
+++ b/src/main/java/cn/teammodel/controller/HelloController.java
@ -1,16 +1,20 @@
 package cn.teammodel.controller;
 import cn.teammodel.common.R;
-        import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.security.access.prepost.PreAuthorize;
-        import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.security.core.context.SecurityContextHolder;
-        import org.springframework.web.bind.annotation.RestController;
+import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
@RestController
@RequestMapping("/")
 public class HelloController {
    @GetMapping("hello")
-    public R helo() {
+    @PreAuthorize("hasAuthority('IES')")
-        return new R(200, "sucess","hello world");
+    public R hello() {
        System.out.println(SecurityContextHolder.getContext().getAuthentication());
        return new R(200, "success","hello world");
    }
 }
--- a/src/main/java/cn/teammodel/security/SecurityConfiguration.java
+++ b/src/main/java/cn/teammodel/security/SecurityConfiguration.java
@ -0,0 +1,65 @@
 package cn.teammodel.security;
 import cn.teammodel.security.filter.AuthInnerTokenFilter;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer;
 import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationConverter;
 import org.springframework.security.oauth2.server.resource.authentication.JwtGrantedAuthoritiesConverter;
 import org.springframework.security.oauth2.server.resource.web.BearerTokenAuthenticationFilter;
 import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RestController;
 import javax.annotation.Resource;
@Configuration
@EnableWebSecurity
 public class SecurityConfiguration {
    @Resource
    private AuthInnerTokenFilter authInnerTokenFilter;
    @Bean
    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
        http
                // CSRF禁用，因为不使用session
                .csrf().disable()
                // 禁用HTTP响应标头
                .headers().cacheControl().disable()
                .and()
                .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
                .and()
                .authorizeRequests(authorizeRequests ->
                        authorizeRequests
                                .antMatchers("/public/**").permitAll()
                                .anyRequest().authenticated()
                )
                .oauth2ResourceServer(OAuth2ResourceServerConfigurer::jwt) // 启用 OIDC jwt filter
                .addFilterAfter(authInnerTokenFilter, BearerTokenAuthenticationFilter.class); // 添加 x-auth-authToken filter
            // todo： 失败处理器
        return http.build();
    }
    /**
     * OIDC: 将 jwt 中的 claim 中的 roles 放进 authorities 中
     *
     * @author: winter
     * @date: 2023/11/8 17:13
     */
    @Bean
    public JwtAuthenticationConverter jwtAuthenticationConverter() {
        JwtGrantedAuthoritiesConverter grantedAuthoritiesConverter = new JwtGrantedAuthoritiesConverter();
        grantedAuthoritiesConverter.setAuthoritiesClaimName("roles");
        grantedAuthoritiesConverter.setAuthorityPrefix("");
        JwtAuthenticationConverter jwtAuthenticationConverter = new JwtAuthenticationConverter();
        jwtAuthenticationConverter.setJwtGrantedAuthoritiesConverter(grantedAuthoritiesConverter);
        return jwtAuthenticationConverter;
    }
 }
--- a/src/main/java/cn/teammodel/security/filter/AuthInnerTokenFilter.java
+++ b/src/main/java/cn/teammodel/security/filter/AuthInnerTokenFilter.java
@ -0,0 +1,23 @@
 package cn.teammodel.security.filter;
 import org.springframework.stereotype.Component;
 import org.springframework.web.filter.OncePerRequestFilter;
 import javax.servlet.FilterChain;
 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import java.io.IOException;
 /**
 * x-auth-authToken filter
 * @author winter
 * @create 2023-11-09 10:43
 */
@Component
 public class AuthInnerTokenFilter extends OncePerRequestFilter {
    @Override
    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
        filterChain.doFilter(request, response);
    }
 }
--- a/src/main/java/cn/teammodel/security/utils/JwtTokenUtil.java
+++ b/src/main/java/cn/teammodel/security/utils/JwtTokenUtil.java
@ -0,0 +1,115 @@
 package cn.teammodel.security.utils;
 import io.jsonwebtoken.Claims;
 import io.jsonwebtoken.Jwts;
 import io.jsonwebtoken.SignatureAlgorithm;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.stereotype.Component;
 import java.util.Date;
 import java.util.HashMap;
 import java.util.Map;
 /**
 * @author winter
 * @date 2022年11月24日 下午10:50
 * @description 生成jwt令牌的工具类
 */
@Component
@Slf4j
 public class JwtTokenUtil {
    private static final String CLAIM_KEY_USERNAME = "sub";
    private static final String CLAIM_KEY_CREATED = "created";
    @Value("${jwt.secret}")
    private String secret;
    @Value("${jwt.expiration}")
    private Long expiration;
    @Value("${jwt.tokenHead}")
    private String tokenHead;
    /**
     * 生成token
     * @param userDetails 传入userDetails
     * @return token
     */
    public String generateToken(UserDetails userDetails){
        Map<String, Object> claims = new HashMap<>();
        claims.put(CLAIM_KEY_USERNAME,userDetails.getUsername());
        claims.put(CLAIM_KEY_CREATED,new Date());
        return generateToken(claims);
    }
    private String generateToken(Map<String,Object> claims){
        return Jwts.builder()
                .setClaims(claims)
                .setExpiration(getExpirationDate())
                .signWith(SignatureAlgorithm.HS512,secret)
                .compact();
    }
    /**
     * 生成token过期时间
     * @return 过期时间
     */
    private Date getExpirationDate() {
        return new Date(System.currentTimeMillis() + expiration * 1000);
    }
    /**
     * 从token中获取用户名
     * @param token 前端传入的token
     * @return 负载中的用户名,获取失败返回null
     */
    public String getUsernameFromToken(String token) {
        String username = null;
        try {
            Claims claims = getClaimsFromToken(token);
            username = claims.getSubject();
        }catch (Exception e){
            log.info("jwt验证出错:{}",token);
        }
        return username;
    }
    /**
     * 从token中获取Claims，异常返回null
     * @param token token
     * @return claims或者null
     */
    private Claims getClaimsFromToken(String token){
        Claims claims = null;
        try {
            claims = Jwts.parser()
                    .setSigningKey(secret)
                    .parseClaimsJws(token)
                    .getBody();
        } catch (Exception e){
            e.printStackTrace();
            log.info("jwt解析出错:{}",token);
        }
        return claims;
    }
    /**
     * 检验token是否还有效
     * @param token 前端传入的token
     * @param userDetails 登录用户细节
     * @return true表示有效，false表示无效
     */
    public boolean validateToken(String token) {
        return !isTokenExpired(token);
    }
    private boolean isTokenExpired(String token) {
        Date expiredDate = getExpiredDateFromToken(token);
        return expiredDate.before(new Date());
    }
    private Date getExpiredDateFromToken(String token) {
        Claims claims = getClaimsFromToken(token);
        return claims.getExpiration();
    }
 }
--- a/src/main/resources/application.properties
+++ b/src/main/resources/application.properties
@ -1 +0,0 @@
--- a/src/main/resources/application.yml
+++ b/src/main/resources/application.yml
@ -0,0 +1,14 @@
 spring:
  cloud:
    azure:
      cosmos:
        endpoint: https://cdhabookdep-free.documents.azure.cn:443
        database: TEAMModelOS
        key: v07dMthUjNk8AbwI8698AXHPbXBaaADgtgdYf4sFGXohei6aD2doq6XV45sLMGpDtDDpENAnlGkEUBu9RaAhpg==
  security:
    oauth2:
      resourceserver:
        jwt:
          issuer-uri: https://login.partner.microsoftonline.cn/4807e9cf-87b8-4174-aa5b-e76497d7392b/v2.0
          audiences: 72643704-b2e7-4b26-b881-bd5865e7a7a5