From 68bae76a8c014a5e109603a6ea86e7a38e32a893 Mon Sep 17 00:00:00 2001 From: xiwa Date: Sat, 21 May 2022 15:35:48 +0800 Subject: [PATCH] =?UTF-8?q?=E8=AE=A4=E8=AF=81=E5=92=8C=E6=9D=83=E9=99=90?= =?UTF-8?q?=E7=9B=B8=E5=85=B3=E5=86=85=E5=AE=B9=E8=B0=83=E6=95=B4?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../cc/iotkit/common/utils/CodecUtil.java | 6 ++ .../manager/config/AutoBeanConfig.java1 | 22 ----- .../config/KeycloakSecurityConfig.java1 | 92 ------------------- .../manager/config/SaTokenConfigure.java | 38 ++++---- .../manager/config/SecurityConfig.java1 | 55 ----------- .../manager/controller/DeviceController.java | 2 +- .../controller/ProtocolController.java | 2 +- .../controller/RuleEngineController.java | 2 +- .../manager/controller/SpaceController.java | 2 +- .../controller/SpaceDeviceController.java | 2 +- .../controller/UserInfoController.java | 6 +- .../aligenie/AligenieProductController.java | 2 +- .../controller/api/AccountController.java | 2 +- .../controller/api/DeviceController.java | 2 +- .../controller/api/HomeController.java | 2 +- .../controller/api/SpaceController.java | 2 +- .../manager/service/DataOwnerService.java | 2 +- .../src/main/resources/application-dev.yml | 2 +- manager/src/main/resources/application.yml | 2 +- oauth2-server/pom.xml | 6 ++ .../controller/AuthClientController.java | 39 +++----- .../controller/AuthServerController.java | 18 ++-- .../oauth/service/StpInterfaceImpl.java | 7 +- .../oauth/service/TokenRequestHandler.java | 62 ++++++++++++- .../java/cc/iotkit/oauth/vo/UserInfoVo.java | 70 ++++++++++++++ .../main/java/cc/iotkit}/utils/AuthUtil.java | 15 ++- oauth2-server/src/test/java/GenPwdSecret.java | 14 +++ .../main/java/cc/iotkit/comps/ApiTool.java | 2 +- 28 files changed, 232 insertions(+), 246 deletions(-) delete mode 100755 manager/src/main/java/cc/iotkit/manager/config/AutoBeanConfig.java1 delete mode 100755 manager/src/main/java/cc/iotkit/manager/config/KeycloakSecurityConfig.java1 delete mode 100755 manager/src/main/java/cc/iotkit/manager/config/SecurityConfig.java1 create mode 100644 oauth2-server/src/main/java/cc/iotkit/oauth/vo/UserInfoVo.java rename {manager/src/main/java/cc/iotkit/manager => oauth2-server/src/main/java/cc/iotkit}/utils/AuthUtil.java (52%) create mode 100644 oauth2-server/src/test/java/GenPwdSecret.java diff --git a/common/src/main/java/cc/iotkit/common/utils/CodecUtil.java b/common/src/main/java/cc/iotkit/common/utils/CodecUtil.java index 44f2f575..810fd8b0 100755 --- a/common/src/main/java/cc/iotkit/common/utils/CodecUtil.java +++ b/common/src/main/java/cc/iotkit/common/utils/CodecUtil.java @@ -1,6 +1,7 @@ package cc.iotkit.common.utils; import org.apache.commons.codec.binary.Base64; +import org.apache.commons.codec.digest.DigestUtils; import org.apache.commons.lang3.StringUtils; import javax.crypto.Cipher; @@ -96,4 +97,9 @@ public class CodecUtil { encryptStr = new String(HexUtil.parseHex(encryptStr)); return StringUtils.isEmpty(encryptStr) ? "" : aesDecryptByBytes(base64Decode(encryptStr), decryptKey); } + + public static String md5Str(String content) { + return DigestUtils.md5Hex(content); + } + } diff --git a/manager/src/main/java/cc/iotkit/manager/config/AutoBeanConfig.java1 b/manager/src/main/java/cc/iotkit/manager/config/AutoBeanConfig.java1 deleted file mode 100755 index 118acb6b..00000000 --- a/manager/src/main/java/cc/iotkit/manager/config/AutoBeanConfig.java1 +++ /dev/null @@ -1,22 +0,0 @@ -package cc.iotkit.manager.config; - -import org.keycloak.adapters.KeycloakDeployment; -import org.keycloak.adapters.KeycloakDeploymentBuilder; -import org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver; -import org.keycloak.representations.adapters.config.AdapterConfig; -import org.springframework.context.annotation.Bean; -import org.springframework.context.annotation.Configuration; - -@Configuration -public class AutoBeanConfig { - - @Bean - public KeycloakSpringBootConfigResolver keycloakConfigResolver() { - return new KeycloakSpringBootConfigResolver(); - } - - @Bean - public KeycloakDeployment getKeycloakDeployment(AdapterConfig adapterConfig){ - return KeycloakDeploymentBuilder.build(adapterConfig); - } -} diff --git a/manager/src/main/java/cc/iotkit/manager/config/KeycloakSecurityConfig.java1 b/manager/src/main/java/cc/iotkit/manager/config/KeycloakSecurityConfig.java1 deleted file mode 100755 index 8bc3444d..00000000 --- a/manager/src/main/java/cc/iotkit/manager/config/KeycloakSecurityConfig.java1 +++ /dev/null @@ -1,92 +0,0 @@ -package cc.iotkit.manager.config; - - -import org.keycloak.adapters.springsecurity.KeycloakConfiguration; -import org.keycloak.adapters.springsecurity.authentication.KeycloakAuthenticationProvider; -import org.keycloak.adapters.springsecurity.config.KeycloakWebSecurityConfigurerAdapter; -import org.keycloak.adapters.springsecurity.management.HttpSessionManager; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.beans.factory.annotation.Value; -import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean; -import org.springframework.context.annotation.Bean; -import org.springframework.http.HttpMethod; -import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; -import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity; -import org.springframework.security.config.annotation.web.builders.HttpSecurity; -import org.springframework.security.core.authority.mapping.SimpleAuthorityMapper; -import org.springframework.security.web.authentication.session.NullAuthenticatedSessionStrategy; -import org.springframework.security.web.authentication.session.SessionAuthenticationStrategy; - -@EnableGlobalMethodSecurity(prePostEnabled = true) -@KeycloakConfiguration -public class KeycloakSecurityConfig extends KeycloakWebSecurityConfigurerAdapter { - - @Value("${app.systemRole}") - private String systemRole; - - @Autowired - public void configureGlobal(AuthenticationManagerBuilder auth) { - SimpleAuthorityMapper grantedAuthorityMapper = new SimpleAuthorityMapper(); - grantedAuthorityMapper.setPrefix("ROLE_"); - - KeycloakAuthenticationProvider keycloakAuthenticationProvider = keycloakAuthenticationProvider(); - keycloakAuthenticationProvider.setGrantedAuthoritiesMapper(grantedAuthorityMapper); - auth.authenticationProvider(keycloakAuthenticationProvider); - - } - - @Bean - @Override - protected SessionAuthenticationStrategy sessionAuthenticationStrategy() { -// return new RegisterSessionAuthenticationStrategy(new SessionRegistryImpl()); - return new NullAuthenticatedSessionStrategy(); - } - - @Bean - @Override - @ConditionalOnMissingBean(HttpSessionManager.class) - protected HttpSessionManager httpSessionManager() { - return new HttpSessionManager(); - } - - @Override - protected void configure(HttpSecurity http) throws Exception { - super.configure(http); - http - .authorizeRequests() - .antMatchers("/*.html", "/favicon.ico", "/v2/api-docs", "/webjars/**", "/swagger-resources/**", "/*.js").permitAll() - .antMatchers("/api/**").hasRole("iot_client_user") - .antMatchers("/aligenieDevice/invoke/**").hasRole("iot_client_user") - //客户端用户写权限 - .antMatchers("/space/addSpace/**").hasAnyRole("iot_write","iot_client_user") - .antMatchers("/space/saveSpace/**").hasAnyRole("iot_write","iot_client_user") - .antMatchers("/space/delSpace/**").hasAnyRole("iot_write","iot_client_user") - .antMatchers("/space/saveHome/**").hasAnyRole("iot_write","iot_client_user") - .antMatchers("/space/currentHome/**").hasAnyRole("iot_write","iot_client_user") - .antMatchers("/space/myRecentDevices/**").hasAnyRole("iot_write","iot_client_user") - .antMatchers("/space/spaces/**").hasAnyRole("iot_write","iot_client_user") - .antMatchers("/space/myDevices/**").hasAnyRole("iot_write","iot_client_user") - .antMatchers("/space/findDevice/**").hasAnyRole("iot_write","iot_client_user") - .antMatchers("/space/addDevice/**").hasAnyRole("iot_write","iot_client_user") - .antMatchers("/space/saveDevice").hasAnyRole("iot_write","iot_client_user") - .antMatchers("/space/removeDevice").hasAnyRole("iot_write","iot_client_user") - .antMatchers("/space/device/*").hasAnyRole("iot_write","iot_client_user") - .antMatchers("/device/*/consumer/*").hasAnyRole("iot_write","iot_client_user") - .antMatchers("/device/*/service/property/set").hasAnyRole("iot_write","iot_client_user") - .antMatchers("/device/*/service/*/invoke").hasAnyRole("iot_write","iot_client_user") - - - .antMatchers(HttpMethod.DELETE).hasRole("iot_write") - .antMatchers(HttpMethod.PUT).hasRole("iot_write") - .antMatchers("/**/save*/**").hasRole("iot_write") - .antMatchers("/**/remove*/**").hasRole("iot_write") - .antMatchers("/**/del*/**").hasRole("iot_write") - .antMatchers("/**/add*/**").hasRole("iot_write") - .antMatchers("/**/clear*/**").hasRole("iot_write") - .antMatchers("/**/set*/**").hasRole("iot_write") - .antMatchers("/**/set").hasRole("iot_write") - .antMatchers("/**/invoke").hasRole("iot_write") - .antMatchers("/**").hasAnyRole(systemRole) - .and().csrf().disable(); - } -} \ No newline at end of file diff --git a/manager/src/main/java/cc/iotkit/manager/config/SaTokenConfigure.java b/manager/src/main/java/cc/iotkit/manager/config/SaTokenConfigure.java index 856ec79d..51ef6d7d 100755 --- a/manager/src/main/java/cc/iotkit/manager/config/SaTokenConfigure.java +++ b/manager/src/main/java/cc/iotkit/manager/config/SaTokenConfigure.java @@ -4,10 +4,12 @@ import cn.dev33.satoken.interceptor.SaAnnotationInterceptor; import cn.dev33.satoken.interceptor.SaRouteInterceptor; import cn.dev33.satoken.router.SaRouter; import cn.dev33.satoken.stp.StpUtil; +import lombok.extern.slf4j.Slf4j; import org.springframework.context.annotation.Configuration; import org.springframework.web.servlet.config.annotation.InterceptorRegistry; import org.springframework.web.servlet.config.annotation.WebMvcConfigurer; +@Slf4j @Configuration public class SaTokenConfigure implements WebMvcConfigurer { @@ -17,23 +19,8 @@ public class SaTokenConfigure implements WebMvcConfigurer { registry.addInterceptor(new SaAnnotationInterceptor()).addPathPatterns("/**"); // 注册路由拦截器,自定义认证规则 registry.addInterceptor(new SaRouteInterceptor((req, res, handler) -> { - System.out.println(req.getRequestPath()); - // 根据路由划分模块,不同模块不同鉴权 + log.info("resource role check,path:{}", req.getRequestPath()); SaRouter - //管理员、系统用户角色能使用的功能 - .match("/**") - .notMatch("/oauth2/**","/*.png").check(c -> StpUtil.checkRoleOr("iot_admin", "iot_system")) - //需要有可写权限的功能 - .match( - "/**/save*/**", - "/**/remove*/**", - "/**/del*/**", - "/**/add*/**", - "/**/clear*/**", - "/**/set*/**", - "/**/set", - "/**/invoke" - ).check(c -> StpUtil.checkPermission("write")) //管理员、系统、客户端用户角色能使用的功能 .match("/space/addSpace/**", "/space/saveSpace/**", @@ -52,7 +39,26 @@ public class SaTokenConfigure implements WebMvcConfigurer { "/device/*/service/property/set", "/device/*/service/*/invoke" ) + .check(c -> StpUtil.checkRoleOr("iot_admin", "iot_system", "iot_client")); + + SaRouter + //需要有可写权限的功能 + .match( + "/**/save*/**", + "/**/remove*/**", + "/**/del*/**", + "/**/add*/**", + "/**/clear*/**", + "/**/set*/**", + "/**/set", + "/**/invoke" + ).check(c -> StpUtil.checkPermission("write")); + + SaRouter + //管理员、系统用户角色能使用的功能 + .match("/**") .check(c -> StpUtil.checkRoleOr("iot_admin", "iot_system", "iot_client")) + ; })).addPathPatterns("/**") .excludePathPatterns( diff --git a/manager/src/main/java/cc/iotkit/manager/config/SecurityConfig.java1 b/manager/src/main/java/cc/iotkit/manager/config/SecurityConfig.java1 deleted file mode 100755 index 2c6bf25f..00000000 --- a/manager/src/main/java/cc/iotkit/manager/config/SecurityConfig.java1 +++ /dev/null @@ -1,55 +0,0 @@ -package cc.iotkit.manager.config; - -import org.springframework.beans.factory.annotation.Value; -import org.springframework.context.annotation.Configuration; -import org.springframework.http.HttpMethod; -import org.springframework.security.config.annotation.web.builders.HttpSecurity; -import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; - -@Configuration -public class SecurityConfig extends WebSecurityConfigurerAdapter { - - @Value("${app.systemRole}") - private String systemRole; - - @Override - protected void configure(HttpSecurity http) throws Exception { -// super.configure(http); - http - .authorizeRequests() - .antMatchers("/oauth2/**", "/*.html", "/favicon.ico", "/v2/api-docs", "/webjars/**", "/swagger-resources/**", "/*.js").permitAll() - .antMatchers("/api/**").hasRole("iot_client_user") - .antMatchers("/aligenieDevice/invoke/**").hasRole("iot_client_user") - //客户端用户写权限 - .antMatchers("/space/addSpace/**").hasAnyRole("iot_write", "iot_client_user") - .antMatchers("/space/saveSpace/**").hasAnyRole("iot_write", "iot_client_user") - .antMatchers("/space/delSpace/**").hasAnyRole("iot_write", "iot_client_user") - .antMatchers("/space/saveHome/**").hasAnyRole("iot_write", "iot_client_user") - .antMatchers("/space/currentHome/**").hasAnyRole("iot_write", "iot_client_user") - .antMatchers("/space/myRecentDevices/**").hasAnyRole("iot_write", "iot_client_user") - .antMatchers("/space/spaces/**").hasAnyRole("iot_write", "iot_client_user") - .antMatchers("/space/myDevices/**").hasAnyRole("iot_write", "iot_client_user") - .antMatchers("/space/findDevice/**").hasAnyRole("iot_write", "iot_client_user") - .antMatchers("/space/addDevice/**").hasAnyRole("iot_write", "iot_client_user") - .antMatchers("/space/saveDevice").hasAnyRole("iot_write", "iot_client_user") - .antMatchers("/space/removeDevice").hasAnyRole("iot_write", "iot_client_user") - .antMatchers("/space/device/*").hasAnyRole("iot_write", "iot_client_user") - .antMatchers("/device/*/consumer/*").hasAnyRole("iot_write", "iot_client_user") - .antMatchers("/device/*/service/property/set").hasAnyRole("iot_write", "iot_client_user") - .antMatchers("/device/*/service/*/invoke").hasAnyRole("iot_write", "iot_client_user") - - - .antMatchers(HttpMethod.DELETE).hasRole("iot_write") - .antMatchers(HttpMethod.PUT).hasRole("iot_write") - .antMatchers("/**/save*/**").hasRole("iot_write") - .antMatchers("/**/remove*/**").hasRole("iot_write") - .antMatchers("/**/del*/**").hasRole("iot_write") - .antMatchers("/**/add*/**").hasRole("iot_write") - .antMatchers("/**/clear*/**").hasRole("iot_write") - .antMatchers("/**/set*/**").hasRole("iot_write") - .antMatchers("/**/set").hasRole("iot_write") - .antMatchers("/**/invoke").hasRole("iot_write") - .antMatchers("/**").hasAnyRole(systemRole) - .and().csrf().disable(); - } -} diff --git a/manager/src/main/java/cc/iotkit/manager/controller/DeviceController.java b/manager/src/main/java/cc/iotkit/manager/controller/DeviceController.java index 1a6e945e..9677bd3b 100755 --- a/manager/src/main/java/cc/iotkit/manager/controller/DeviceController.java +++ b/manager/src/main/java/cc/iotkit/manager/controller/DeviceController.java @@ -10,7 +10,7 @@ import cc.iotkit.manager.model.query.DeviceQuery; import cc.iotkit.manager.service.DataOwnerService; import cc.iotkit.manager.service.DeferredDataConsumer; import cc.iotkit.manager.service.DeviceService; -import cc.iotkit.manager.utils.AuthUtil; +import cc.iotkit.utils.AuthUtil; import cc.iotkit.model.InvokeResult; import cc.iotkit.model.Paging; import cc.iotkit.model.device.DeviceInfo; diff --git a/manager/src/main/java/cc/iotkit/manager/controller/ProtocolController.java b/manager/src/main/java/cc/iotkit/manager/controller/ProtocolController.java index 3dfab8da..0d1fe4d8 100755 --- a/manager/src/main/java/cc/iotkit/manager/controller/ProtocolController.java +++ b/manager/src/main/java/cc/iotkit/manager/controller/ProtocolController.java @@ -9,7 +9,7 @@ import cc.iotkit.dao.ProtocolComponentRepository; import cc.iotkit.dao.ProtocolConverterRepository; import cc.iotkit.dao.UserInfoRepository; import cc.iotkit.manager.service.DataOwnerService; -import cc.iotkit.manager.utils.AuthUtil; +import cc.iotkit.utils.AuthUtil; import cc.iotkit.model.Paging; import cc.iotkit.model.protocol.ProtocolComponent; import cc.iotkit.model.protocol.ProtocolConverter; diff --git a/manager/src/main/java/cc/iotkit/manager/controller/RuleEngineController.java b/manager/src/main/java/cc/iotkit/manager/controller/RuleEngineController.java index 9f317c1d..617639be 100755 --- a/manager/src/main/java/cc/iotkit/manager/controller/RuleEngineController.java +++ b/manager/src/main/java/cc/iotkit/manager/controller/RuleEngineController.java @@ -4,7 +4,7 @@ import cc.iotkit.common.exception.BizException; import cc.iotkit.common.utils.ReflectUtil; import cc.iotkit.dao.*; import cc.iotkit.manager.service.DataOwnerService; -import cc.iotkit.manager.utils.AuthUtil; +import cc.iotkit.utils.AuthUtil; import cc.iotkit.model.Paging; import cc.iotkit.model.rule.RuleInfo; import cc.iotkit.model.rule.RuleLog; diff --git a/manager/src/main/java/cc/iotkit/manager/controller/SpaceController.java b/manager/src/main/java/cc/iotkit/manager/controller/SpaceController.java index ccbee2a2..20f7872e 100755 --- a/manager/src/main/java/cc/iotkit/manager/controller/SpaceController.java +++ b/manager/src/main/java/cc/iotkit/manager/controller/SpaceController.java @@ -4,7 +4,7 @@ import cc.iotkit.common.exception.BizException; import cc.iotkit.dao.HomeRepository; import cc.iotkit.dao.SpaceRepository; import cc.iotkit.manager.service.DataOwnerService; -import cc.iotkit.manager.utils.AuthUtil; +import cc.iotkit.utils.AuthUtil; import cc.iotkit.model.space.Home; import cc.iotkit.model.space.Space; import org.apache.commons.lang3.StringUtils; diff --git a/manager/src/main/java/cc/iotkit/manager/controller/SpaceDeviceController.java b/manager/src/main/java/cc/iotkit/manager/controller/SpaceDeviceController.java index 1a0e4597..002bc387 100755 --- a/manager/src/main/java/cc/iotkit/manager/controller/SpaceDeviceController.java +++ b/manager/src/main/java/cc/iotkit/manager/controller/SpaceDeviceController.java @@ -6,7 +6,7 @@ import cc.iotkit.dao.*; import cc.iotkit.manager.model.vo.FindDeviceVo; import cc.iotkit.manager.model.vo.SpaceDeviceVo; import cc.iotkit.manager.service.DataOwnerService; -import cc.iotkit.manager.utils.AuthUtil; +import cc.iotkit.utils.AuthUtil; import cc.iotkit.model.UserInfo; import cc.iotkit.model.device.DeviceInfo; import cc.iotkit.model.product.Category; diff --git a/manager/src/main/java/cc/iotkit/manager/controller/UserInfoController.java b/manager/src/main/java/cc/iotkit/manager/controller/UserInfoController.java index 432e5256..a685e84a 100755 --- a/manager/src/main/java/cc/iotkit/manager/controller/UserInfoController.java +++ b/manager/src/main/java/cc/iotkit/manager/controller/UserInfoController.java @@ -8,7 +8,7 @@ import cc.iotkit.dao.AligenieDeviceRepository; import cc.iotkit.dao.UserInfoRepository; import cc.iotkit.manager.service.DataOwnerService; import cc.iotkit.manager.service.PulsarAdminService; -import cc.iotkit.manager.utils.AuthUtil; +import cc.iotkit.utils.AuthUtil; import cc.iotkit.model.UserInfo; import cn.dev33.satoken.annotation.SaCheckRole; import org.springframework.beans.factory.annotation.Autowired; @@ -51,7 +51,7 @@ public class UserInfoController { user.setRoles(Collections.singletonList(Constants.ROLE_SYSTEM)); user.setPermissions(Collections.singletonList(Constants.PERMISSION_WRITE)); user.setCreateAt(System.currentTimeMillis()); - user.setSecret(CodecUtil.aesEncrypt(Constants.PWD_SYSTEM_USER, Constants.PWD_SYSTEM_USER)); + user.setSecret(AuthUtil.enCryptPwd(Constants.PWD_SYSTEM_USER)); userInfoRepository.save(user); } catch (Throwable e) { throw new BizException("add platform user error", e); @@ -75,7 +75,7 @@ public class UserInfoController { user.setOwnerId(AuthUtil.getUserId()); user.setRoles(Collections.singletonList(Constants.ROLE_CLIENT)); user.setCreateAt(System.currentTimeMillis()); - user.setSecret(CodecUtil.aesEncrypt(Constants.PWD_CLIENT_USER, Constants.ACCOUNT_SECRET)); + user.setSecret(AuthUtil.enCryptPwd(Constants.PWD_CLIENT_USER)); userInfoRepository.save(user); } diff --git a/manager/src/main/java/cc/iotkit/manager/controller/aligenie/AligenieProductController.java b/manager/src/main/java/cc/iotkit/manager/controller/aligenie/AligenieProductController.java index 10f91330..7ec64982 100755 --- a/manager/src/main/java/cc/iotkit/manager/controller/aligenie/AligenieProductController.java +++ b/manager/src/main/java/cc/iotkit/manager/controller/aligenie/AligenieProductController.java @@ -2,7 +2,7 @@ package cc.iotkit.manager.controller.aligenie; import cc.iotkit.dao.AligenieProductRepository; import cc.iotkit.manager.service.DataOwnerService; -import cc.iotkit.manager.utils.AuthUtil; +import cc.iotkit.utils.AuthUtil; import cc.iotkit.model.aligenie.AligenieProduct; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.web.bind.annotation.GetMapping; diff --git a/manager/src/main/java/cc/iotkit/manager/controller/api/AccountController.java b/manager/src/main/java/cc/iotkit/manager/controller/api/AccountController.java index 8d70ccd5..3fbc8635 100755 --- a/manager/src/main/java/cc/iotkit/manager/controller/api/AccountController.java +++ b/manager/src/main/java/cc/iotkit/manager/controller/api/AccountController.java @@ -3,7 +3,7 @@ package cc.iotkit.manager.controller.api; import cc.iotkit.dao.AppInfoRepository; import cc.iotkit.dao.HomeRepository; import cc.iotkit.dao.UserInfoRepository; -import cc.iotkit.manager.utils.AuthUtil; +import cc.iotkit.utils.AuthUtil; import cc.iotkit.model.AppInfo; import cc.iotkit.model.space.Home; import cc.iotkit.model.UserInfo; diff --git a/manager/src/main/java/cc/iotkit/manager/controller/api/DeviceController.java b/manager/src/main/java/cc/iotkit/manager/controller/api/DeviceController.java index a690322a..9cb5d203 100755 --- a/manager/src/main/java/cc/iotkit/manager/controller/api/DeviceController.java +++ b/manager/src/main/java/cc/iotkit/manager/controller/api/DeviceController.java @@ -6,7 +6,7 @@ import cc.iotkit.dao.SpaceDeviceRepository; import cc.iotkit.manager.model.vo.AppPageNode; import cc.iotkit.manager.service.AppDesignService; import cc.iotkit.manager.service.DeviceService; -import cc.iotkit.manager.utils.AuthUtil; +import cc.iotkit.utils.AuthUtil; import cc.iotkit.model.device.DeviceInfo; import cc.iotkit.model.space.SpaceDevice; import io.swagger.annotations.ApiImplicitParam; diff --git a/manager/src/main/java/cc/iotkit/manager/controller/api/HomeController.java b/manager/src/main/java/cc/iotkit/manager/controller/api/HomeController.java index 84cbe5c1..d5fdc6d3 100755 --- a/manager/src/main/java/cc/iotkit/manager/controller/api/HomeController.java +++ b/manager/src/main/java/cc/iotkit/manager/controller/api/HomeController.java @@ -4,7 +4,7 @@ import cc.iotkit.dao.HomeRepository; import cc.iotkit.dao.SpaceRepository; import cc.iotkit.dao.UserActionLogRepository; import cc.iotkit.dao.UserInfoRepository; -import cc.iotkit.manager.utils.AuthUtil; +import cc.iotkit.utils.AuthUtil; import cc.iotkit.model.space.Home; import cc.iotkit.model.space.Space; import cc.iotkit.model.UserActionLog; diff --git a/manager/src/main/java/cc/iotkit/manager/controller/api/SpaceController.java b/manager/src/main/java/cc/iotkit/manager/controller/api/SpaceController.java index 63478cc3..ea5df8ca 100755 --- a/manager/src/main/java/cc/iotkit/manager/controller/api/SpaceController.java +++ b/manager/src/main/java/cc/iotkit/manager/controller/api/SpaceController.java @@ -3,7 +3,7 @@ package cc.iotkit.manager.controller.api; import cc.iotkit.dao.*; import cc.iotkit.manager.model.vo.SpaceDeviceVo; import cc.iotkit.manager.service.SpaceDeviceService; -import cc.iotkit.manager.utils.AuthUtil; +import cc.iotkit.utils.AuthUtil; import cc.iotkit.model.device.DeviceInfo; import cc.iotkit.model.product.Product; import cc.iotkit.model.space.Space; diff --git a/manager/src/main/java/cc/iotkit/manager/service/DataOwnerService.java b/manager/src/main/java/cc/iotkit/manager/service/DataOwnerService.java index 062ffcd2..140ce7e5 100755 --- a/manager/src/main/java/cc/iotkit/manager/service/DataOwnerService.java +++ b/manager/src/main/java/cc/iotkit/manager/service/DataOwnerService.java @@ -1,7 +1,7 @@ package cc.iotkit.manager.service; import cc.iotkit.common.exception.BizException; -import cc.iotkit.manager.utils.AuthUtil; +import cc.iotkit.utils.AuthUtil; import cc.iotkit.model.Owned; import cc.iotkit.model.device.DeviceInfo; import org.apache.commons.lang3.StringUtils; diff --git a/manager/src/main/resources/application-dev.yml b/manager/src/main/resources/application-dev.yml index 0956d7ed..491d9f7d 100755 --- a/manager/src/main/resources/application-dev.yml +++ b/manager/src/main/resources/application-dev.yml @@ -42,7 +42,7 @@ aliyun: sa-token: # token名称 (同时也是cookie名称) - token-name: satoken + token-name: token # token有效期,单位s 默认30天, -1代表永不过期 timeout: 2592000 # token临时有效期 (指定时间内无操作就视为token过期) 单位: 秒 diff --git a/manager/src/main/resources/application.yml b/manager/src/main/resources/application.yml index 0956d7ed..491d9f7d 100755 --- a/manager/src/main/resources/application.yml +++ b/manager/src/main/resources/application.yml @@ -42,7 +42,7 @@ aliyun: sa-token: # token名称 (同时也是cookie名称) - token-name: satoken + token-name: token # token有效期,单位s 默认30天, -1代表永不过期 timeout: 2592000 # token临时有效期 (指定时间内无操作就视为token过期) 单位: 秒 diff --git a/oauth2-server/pom.xml b/oauth2-server/pom.xml index 777ddcc4..89ea1206 100755 --- a/oauth2-server/pom.xml +++ b/oauth2-server/pom.xml @@ -48,6 +48,12 @@ dao + + junit + junit + test + + \ No newline at end of file diff --git a/oauth2-server/src/main/java/cc/iotkit/oauth/controller/AuthClientController.java b/oauth2-server/src/main/java/cc/iotkit/oauth/controller/AuthClientController.java index 4fca1576..c73ed7f4 100755 --- a/oauth2-server/src/main/java/cc/iotkit/oauth/controller/AuthClientController.java +++ b/oauth2-server/src/main/java/cc/iotkit/oauth/controller/AuthClientController.java @@ -2,10 +2,12 @@ package cc.iotkit.oauth.controller; import cc.iotkit.common.Constants; import cc.iotkit.common.utils.CodecUtil; +import cc.iotkit.common.utils.ReflectUtil; import cc.iotkit.dao.OauthClientCache; import cc.iotkit.dao.UserInfoCache; import cc.iotkit.model.OauthClient; import cc.iotkit.model.UserInfo; +import cc.iotkit.oauth.vo.UserInfoVo; import cc.iotkit.utils.SoMap; import cn.dev33.satoken.stp.SaLoginConfig; import cn.dev33.satoken.stp.StpUtil; @@ -63,15 +65,15 @@ public class AuthClientController { .toString(); SoMap so = SoMap.getSoMap().setJsonString(str); log.info("get token by code result:{}", so); - // code不等于200 代表请求失败 - if (so.getInt("code") != 200) { + // 存在code,不是token结构 + if (so.getInt("code") != 0) { return SaResult.error(so.getString("msg")); } // 根据openid获取其对应的userId - SoMap data = so.getMap("data"); - String uid = getUserIdByOpenid(data.getString("openid")); - String access_token = data.getString("access_token"); + SoMap data = new SoMap(); + String uid = getUserIdByOpenid(so.getString("openid")); + String access_token = so.getString("access_token"); UserInfo userInfo = userInfoCache.getUserInfo(uid); data.put("name", userInfo.getNickName()); data.put("uid", uid); @@ -92,34 +94,17 @@ public class AuthClientController { return new RedirectView(redirect_uri); } - // 根据 Access-Token 置换相关的资源: 获取账号昵称、头像、性别等信息 - @RequestMapping("/getUserinfo") - public SaResult getUserinfo(String accessToken) { - // 调用Server端接口,查询开放的资源 - String str = OkHttps.sync(serverUrl + "/oauth2/userinfo") - .addBodyPara("access_token", accessToken) - .post() - .getBody() - .toString(); - SoMap so = SoMap.getSoMap().setJsonString(str); - // code不等于200 代表请求失败 - if (so.getInt("code") != 200) { - return SaResult.error(so.getString("msg")); - } - - // 返回相关参数 (data=获取到的资源 ) - SoMap data = so.getMap("data"); - return SaResult.data(data); - } - @GetMapping("/checkLogin") public SaResult checkLogin() { try { - StpUtil.checkLogin(); + String uid = StpUtil.getLoginId().toString(); + UserInfo userInfo = userInfoCache.getUserInfo(uid); + UserInfoVo userVo = new UserInfoVo(); + ReflectUtil.copyNoNulls(userInfo, userVo); + return SaResult.ok().setData(userVo); } catch (Throwable e) { return SaResult.error("no login"); } - return SaResult.ok(); } @SneakyThrows diff --git a/oauth2-server/src/main/java/cc/iotkit/oauth/controller/AuthServerController.java b/oauth2-server/src/main/java/cc/iotkit/oauth/controller/AuthServerController.java index ba1c6242..788935ac 100755 --- a/oauth2-server/src/main/java/cc/iotkit/oauth/controller/AuthServerController.java +++ b/oauth2-server/src/main/java/cc/iotkit/oauth/controller/AuthServerController.java @@ -1,25 +1,28 @@ package cc.iotkit.oauth.controller; -import cc.iotkit.common.Constants; -import cc.iotkit.common.utils.CodecUtil; +import cc.iotkit.common.utils.JsonUtil; import cc.iotkit.dao.UserInfoRepository; import cc.iotkit.model.UserInfo; import cc.iotkit.oauth.service.TokenRequestHandler; +import cc.iotkit.utils.AuthUtil; import cn.dev33.satoken.context.SaHolder; import cn.dev33.satoken.oauth2.config.SaOAuth2Config; import cn.dev33.satoken.oauth2.logic.SaOAuth2Util; import cn.dev33.satoken.stp.StpUtil; import cn.dev33.satoken.util.SaResult; +import lombok.extern.slf4j.Slf4j; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.web.bind.annotation.ExceptionHandler; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RestController; import org.springframework.web.servlet.ModelAndView; +import javax.servlet.http.HttpServletRequest; import java.util.HashMap; import java.util.LinkedHashMap; import java.util.Map; +@Slf4j @RestController public class AuthServerController { @@ -28,8 +31,10 @@ public class AuthServerController { // 处理所有OAuth相关请求 @RequestMapping("/oauth2/*") - public Object request() { - return TokenRequestHandler.serverRequest(); + public Object request(HttpServletRequest request) { + Object result = TokenRequestHandler.serverRequest(); + log.info("oauth path:{},result:{}", request.getRequestURI(), JsonUtil.toJsonString(result)); + return result; } // Sa-OAuth2 定制化配置 @@ -44,8 +49,7 @@ public class AuthServerController { UserInfo userInfo = userInfoRepository.findByUid(name); if (userInfo != null) { String secret = userInfo.getSecret(); - String encodePwd = CodecUtil.aesEncrypt(pwd, Constants.ACCOUNT_SECRET); - if (encodePwd.equals(secret)) { + if (AuthUtil.checkPwd(pwd, secret)) { StpUtil.login(userInfo.getId(), "PC"); return SaResult.ok(); } @@ -94,4 +98,6 @@ public class AuthServerController { map.put("address", "山东省 青岛市 城阳区"); return SaResult.data(map); } + + } diff --git a/oauth2-server/src/main/java/cc/iotkit/oauth/service/StpInterfaceImpl.java b/oauth2-server/src/main/java/cc/iotkit/oauth/service/StpInterfaceImpl.java index b4909649..2ce9bd51 100755 --- a/oauth2-server/src/main/java/cc/iotkit/oauth/service/StpInterfaceImpl.java +++ b/oauth2-server/src/main/java/cc/iotkit/oauth/service/StpInterfaceImpl.java @@ -6,7 +6,6 @@ import cn.dev33.satoken.stp.StpInterface; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; -import java.util.ArrayList; import java.util.List; @Component @@ -20,10 +19,8 @@ public class StpInterfaceImpl implements StpInterface { */ @Override public List getPermissionList(Object loginId, String loginType) { - // 本list仅做模拟,实际项目中要根据具体业务逻辑来查询权限 - List list = new ArrayList(); - list.add("write"); - return list; + UserInfo userInfo = userInfoCache.getUserInfo(loginId.toString()); + return userInfo.getPermissions(); } /** diff --git a/oauth2-server/src/main/java/cc/iotkit/oauth/service/TokenRequestHandler.java b/oauth2-server/src/main/java/cc/iotkit/oauth/service/TokenRequestHandler.java index 3d747281..8eaa971a 100755 --- a/oauth2-server/src/main/java/cc/iotkit/oauth/service/TokenRequestHandler.java +++ b/oauth2-server/src/main/java/cc/iotkit/oauth/service/TokenRequestHandler.java @@ -8,7 +8,13 @@ import cn.dev33.satoken.oauth2.config.SaOAuth2Config; import cn.dev33.satoken.oauth2.exception.SaOAuth2Exception; import cn.dev33.satoken.oauth2.logic.SaOAuth2Consts; import cn.dev33.satoken.oauth2.logic.SaOAuth2Handle; +import cn.dev33.satoken.oauth2.logic.SaOAuth2Util; +import cn.dev33.satoken.oauth2.model.AccessTokenModel; +import cn.dev33.satoken.oauth2.model.ClientTokenModel; +import cn.dev33.satoken.oauth2.model.RequestAuthModel; import cn.dev33.satoken.oauth2.model.SaClientModel; +import cn.dev33.satoken.stp.StpUtil; +import cn.dev33.satoken.util.SaResult; public class TokenRequestHandler { @@ -25,9 +31,9 @@ public class TokenRequestHandler { return SaOAuth2Handle.authorize(req, res, cfg); } } else if (req.isPath(SaOAuth2Consts.Api.token) && req.isParam(SaOAuth2Consts.Param.grant_type, SaOAuth2Consts.GrantType.authorization_code)) { - return SaOAuth2Handle.token(req, res, cfg); + return token(req, res, cfg); } else if (req.isPath(SaOAuth2Consts.Api.token) && req.isParam(SaOAuth2Consts.Param.grant_type, SaOAuth2Consts.GrantType.refresh_token)) { - return SaOAuth2Handle.refreshToken(req); + return refreshToken(req); } else if (req.isPath(SaOAuth2Consts.Api.revoke)) { return SaOAuth2Handle.revokeToken(req); } else if (req.isPath(SaOAuth2Consts.Api.doLogin)) { @@ -46,17 +52,65 @@ public class TokenRequestHandler { if (!cfg.getIsPassword() || !cm.isPassword && !cm.isAutoMode) { throw new SaOAuth2Exception("暂未开放的授权模式"); } else { - return SaOAuth2Handle.password(req, res, cfg); + return password(req, res, cfg); } } else if (req.isPath(SaOAuth2Consts.Api.token) && req.isParam(SaOAuth2Consts.Param.grant_type, SaOAuth2Consts.GrantType.client_credentials)) { cm = SaOAuth2Handle.currClientModel(); if (!cfg.getIsClient() || !cm.isClient && !cm.isAutoMode) { throw new SaOAuth2Exception("暂未开放的授权模式"); } else { - return SaOAuth2Handle.clientToken(req, res, cfg); + return clientToken(req, res, cfg); } } else { return "{\"msg\": \"not handle\"}"; } } + + public static Object token(SaRequest req, SaResponse res, SaOAuth2Config cfg) { + String code = req.getParamNotNull(SaOAuth2Consts.Param.code); + String clientId = req.getParamNotNull(SaOAuth2Consts.Param.client_id); + String clientSecret = req.getParamNotNull(SaOAuth2Consts.Param.client_secret); + String redirectUri = req.getParam(SaOAuth2Consts.Param.redirect_uri); + SaOAuth2Util.checkGainTokenParam(code, clientId, clientSecret, redirectUri); + AccessTokenModel token = SaOAuth2Util.generateAccessToken(code); + return token.toLineMap(); + } + + public static Object refreshToken(SaRequest req) { + String clientId = req.getParamNotNull(SaOAuth2Consts.Param.client_id); + String clientSecret = req.getParamNotNull(SaOAuth2Consts.Param.client_secret); + String refreshToken = req.getParamNotNull(SaOAuth2Consts.Param.refresh_token); + SaOAuth2Util.checkRefreshTokenParam(clientId, clientSecret, refreshToken); + return SaOAuth2Util.refreshAccessToken(refreshToken).toLineMap(); + } + + public static Object password(SaRequest req, SaResponse res, SaOAuth2Config cfg) { + String username = req.getParamNotNull(SaOAuth2Consts.Param.username); + String password = req.getParamNotNull(SaOAuth2Consts.Param.password); + String clientId = req.getParamNotNull(SaOAuth2Consts.Param.client_id); + String scope = req.getParam(SaOAuth2Consts.Param.scope, ""); + SaOAuth2Util.checkContract(clientId, scope); + SaHolder.getStorage().set(StpUtil.stpLogic.splicingKeyJustCreatedSave(), "no-token"); + Object retObj = cfg.getDoLoginHandle().apply(username, password); + if (!StpUtil.isLogin()) { + return retObj; + } else { + RequestAuthModel ra = new RequestAuthModel(); + ra.clientId = clientId; + ra.loginId = StpUtil.getLoginId(); + ra.scope = scope; + AccessTokenModel at = SaOAuth2Util.generateAccessToken(ra, true); + return at.toLineMap(); + } + } + + public static Object clientToken(SaRequest req, SaResponse res, SaOAuth2Config cfg) { + String clientId = req.getParamNotNull(SaOAuth2Consts.Param.client_id); + String clientSecret = req.getParamNotNull(SaOAuth2Consts.Param.client_secret); + String scope = req.getParam(SaOAuth2Consts.Param.scope); + SaOAuth2Util.checkContract(clientId, scope); + SaOAuth2Util.checkClientSecret(clientId, clientSecret); + ClientTokenModel ct = SaOAuth2Util.generateClientToken(clientId, scope); + return ct.toLineMap(); + } } diff --git a/oauth2-server/src/main/java/cc/iotkit/oauth/vo/UserInfoVo.java b/oauth2-server/src/main/java/cc/iotkit/oauth/vo/UserInfoVo.java new file mode 100644 index 00000000..36190895 --- /dev/null +++ b/oauth2-server/src/main/java/cc/iotkit/oauth/vo/UserInfoVo.java @@ -0,0 +1,70 @@ +package cc.iotkit.oauth.vo; + +import lombok.AllArgsConstructor; +import lombok.Builder; +import lombok.Data; +import lombok.NoArgsConstructor; + +import java.util.ArrayList; +import java.util.List; + +@Data +@NoArgsConstructor +@AllArgsConstructor +@Builder +public class UserInfoVo { + + /** + * 用户账号 + */ + private String uid; + + /** + * 用户昵称 + */ + private String nickName; + + /** + * 性别 0-未知 1-male,2-female + */ + private Integer gender; + + /** + * 头像地址 + */ + private String avatarUrl; + + private String email; + + private String address; + + /** + * 当前家庭Id + */ + private String currHomeId; + + /** + * 用户类型 + * 0:平台用户 + * 1:终端用户 + */ + private Integer type; + + /** + * 角色 + */ + private List roles = new ArrayList<>(); + + /** + * 权限 + */ + private List permissions = new ArrayList<>(); + + /** + * 用户使用的平台 + * 见:Constants.THIRD_PLATFORM + */ + private List usePlatforms = new ArrayList<>(); + + +} diff --git a/manager/src/main/java/cc/iotkit/manager/utils/AuthUtil.java b/oauth2-server/src/main/java/cc/iotkit/utils/AuthUtil.java similarity index 52% rename from manager/src/main/java/cc/iotkit/manager/utils/AuthUtil.java rename to oauth2-server/src/main/java/cc/iotkit/utils/AuthUtil.java index 535d4074..6dc97927 100755 --- a/manager/src/main/java/cc/iotkit/manager/utils/AuthUtil.java +++ b/oauth2-server/src/main/java/cc/iotkit/utils/AuthUtil.java @@ -1,9 +1,10 @@ -package cc.iotkit.manager.utils; +package cc.iotkit.utils; import cc.iotkit.common.Constants; +import cc.iotkit.common.utils.CodecUtil; import cn.dev33.satoken.stp.StpUtil; +import org.apache.commons.lang3.RandomUtils; -import java.util.ArrayList; import java.util.List; public class AuthUtil { @@ -28,4 +29,14 @@ public class AuthUtil { return AuthUtil.getUserRoles().contains(Constants.ROLE_WRITE); } + public static String enCryptPwd(String pwd) throws Exception { + return CodecUtil.aesEncrypt(CodecUtil.md5Str(pwd) + ":" + + RandomUtils.nextInt(1000, 9999), Constants.ACCOUNT_SECRET); + } + + public static boolean checkPwd(String pwd, String secret) throws Exception { + String code = CodecUtil.aesDecrypt(secret, Constants.ACCOUNT_SECRET); + String[] arr = code.split(":"); + return arr.length > 0 && CodecUtil.md5Str(pwd).equals(arr[0]); + } } diff --git a/oauth2-server/src/test/java/GenPwdSecret.java b/oauth2-server/src/test/java/GenPwdSecret.java new file mode 100644 index 00000000..7d3147e4 --- /dev/null +++ b/oauth2-server/src/test/java/GenPwdSecret.java @@ -0,0 +1,14 @@ +import cc.iotkit.utils.AuthUtil; +import org.junit.Test; + +public class GenPwdSecret { + + @Test + public void gen() throws Exception { + //生成密码加密内容 + String secret = AuthUtil.enCryptPwd("c123456"); + System.out.println(secret); + System.out.println(AuthUtil.checkPwd("c123456", secret)); + } + +} diff --git a/protocol-gateway/component-server/src/main/java/cc/iotkit/comps/ApiTool.java b/protocol-gateway/component-server/src/main/java/cc/iotkit/comps/ApiTool.java index 72baf422..21d693b4 100755 --- a/protocol-gateway/component-server/src/main/java/cc/iotkit/comps/ApiTool.java +++ b/protocol-gateway/component-server/src/main/java/cc/iotkit/comps/ApiTool.java @@ -125,7 +125,7 @@ public class ApiTool { request = request .timeout(timeout) .putHeader("wrap-response", "json") - .putHeader("authorization", "Bearer " + token); + .putHeader("token", token); AtomicReference apiResponse = new AtomicReference<>( new ApiResponse(500, "", null, System.currentTimeMillis()));