介绍

原理简介

spring security基本原理:通过使用过滤器实现拦截数据流,并对参数进行一系列的处理。 最终由FilterSecurityInterceptor类拦截,并对之前过滤器的异常做处理(具体可参考:https://blog.csdn.net/duanshengjie/article/details/79985196)。
image.png
此项目也是开发了一个Filter,并放在了认证链上的匿名用户过滤器前的位置,保证在处理第三方认证的时候可以准确判断是否已经有认证用户。当存在已认证的用户则进行绑定操作,不存在已认证的用户则进行登录验证操作。

此项目基于 justauth开发的认证并嫁接到 spring security 的认证上。一些内容为参考spring-security-social项目。

功能

  • 未认证用户经第三方认证后走认证流程
  • 已认证用户经第三方认证后走注册流程
  • 查看用户绑定记录
  • 解绑用户

    主要代码展示

    创建认证服务、对应的Userdetals、UserDetailsService、AuthenticationToken、可提供的第三方Provider认证和对应的过滤器Filter。

    第三方认证服务

    主要提供用户登录时获取token,当拦截到用户是要用以第三方登录时,会跳转到第三方去登录认证。 ```java package com.luoqiz.oauth2.justauth;

import com.luoqiz.oauth2.justauth.exception.JustauthAuthenticationRedirectException; import com.luoqiz.oauth2.justauth.provider.JustauthAuthenticationService; import com.luoqiz.oauth2.justauth.util.ConcurrentHashMapCacheUtils; import com.xkcoding.justauth.AuthRequestFactory; import lombok.Data; import lombok.NoArgsConstructor; import lombok.extern.slf4j.Slf4j; import me.zhyd.oauth.model.AuthCallback; import me.zhyd.oauth.model.AuthResponse; import me.zhyd.oauth.model.AuthUser; import me.zhyd.oauth.request.AuthRequest; import me.zhyd.oauth.utils.AuthStateUtils; import org.springframework.security.core.Authentication; import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.util.StringUtils;

import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse;

@Slf4j @NoArgsConstructor @Data public abstract class AbstractJustauthAuthenticationService implements JustauthAuthenticationService {

  1. private String providerId;
  2. private AuthRequestFactory factory;
  4. public AbstractJustauthAuthenticationService(String providerId, AuthRequestFactory factory) {
  5.     this.providerId = providerId;
  6.     this.factory = factory;
  7. }
  9. public void afterPropertiesSet(AuthUser user) throws Exception {
  10. }
  13. //此处跳转到第三方认证
  14. @Override
  15. public JustauthAuthenticationToken getAuthToken(HttpServletRequest request, HttpServletResponse response) {
  16.     //判断是否是第一次登录
  17.     String code = request.getParameter("code");
  18.     if (!StringUtils.hasText(code)) {
  19.         AuthRequest authRequest = factory.get(providerId);
  20.         String state = providerId + "::" + AuthStateUtils.createState();
  21.         Authentication auth = SecurityContextHolder.getContext().getAuthentication();
  23.         if (auth != null) {
  24.             log.info("auth user : {}", auth.toString());
  25.             ConcurrentHashMapCacheUtils.setCache(state, auth, 120 * 1000);
  26.         }
  28.         throw new JustauthAuthenticationRedirectException(authRequest.authorize(state));
  29.     } else if (StringUtils.hasText(code)) {
  30.         try {
  31.             AuthRequest authRequest = factory.get(providerId);
  32.             AuthCallback callback = new AuthCallback();
  33.             callback.setCode(code);
  34.             String state = request.getParameter("state");
  36.             callback.setState(state);
  37.             Authentication auth = (Authentication) ConcurrentHashMapCacheUtils.getCache(state);
  38.             if (auth != null) {
  39.                 log.info("auth user ---- : {}", auth.toString());
  40.                 SecurityContextHolder.getContext().setAuthentication(auth);
  41.             }
  44.             AuthUser user = parseUser(authRequest.login(callback));
  46.             afterPropertiesSet(user);
  48.             return new JustauthAuthenticationToken(providerId, user, null, false);
  49.         } catch (Exception e) {
  50.             log.debug("failed to exchange for access", e);
  51.             return null;
  52.         }
  54.     } else {
  55.         return null;
  56.     }
  57. }
  59. protected AuthUser parseUser(AuthResponse<S> response) {
  60.     if (response.getCode() == 2000) {
  61.         AuthUser authuser = response.getData();
  62.         return authuser;
  63.     }
  64.     return null;
  65. }

}

  1.  <br />注意:此时需要跳转到第三方去登录认证的时候,若是已经登录,则会临时保存用户信息。是使用系统内自定义的线程。
  3. ```java
  4. package com.luoqiz.oauth2.justauth.service;
  6. import com.luoqiz.oauth2.justauth.AbstractJustauthAuthenticationService;
  7. import com.xkcoding.justauth.AuthRequestFactory;
  8. import lombok.extern.slf4j.Slf4j;
  9. import me.zhyd.oauth.model.AuthUser;
  11. @Slf4j
  12. public class GithubJustauthAuthenticationService<A> extends AbstractJustauthAuthenticationService<AuthUser> {
  14.     public GithubJustauthAuthenticationService(String providerId, AuthRequestFactory factory) {
  15.         super(providerId,factory );
  16.     }
  18. }

认证token

  1. /*
  2.  * Copyright 2015 the original author or authors.
  3.  *
  4.  * Licensed under the Apache License, Version 2.0 (the "License");
  5.  * you may not use this file except in compliance with the License.
  6.  * You may obtain a copy of the License at
  7.  *
  8.  *      http://www.apache.org/licenses/LICENSE-2.0
  9.  *
  10.  * Unless required by applicable law or agreed to in writing, software
  11.  * distributed under the License is distributed on an "AS IS" BASIS,
  12.  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  13.  * See the License for the specific language governing permissions and
  14.  * limitations under the License.
  15.  */
  16. package com.luoqiz.oauth2.justauth;
  18. import org.springframework.security.authentication.AbstractAuthenticationToken;
  19. import org.springframework.security.core.GrantedAuthority;
  21. import java.io.Serializable;
  22. import java.util.Collection;
  23. import java.util.Collections;
  24. import java.util.HashMap;
  25. import java.util.Map;
  27. /**
  28.  * 自定义认证token
  29.  */
  30. public class JustauthAuthenticationToken extends AbstractAuthenticationToken {
  32.     private final String providerId;
  34.     private final Serializable principle;
  36.     private final Map<String, String> providerAccountData;
  38.     /**
  39.      * @param providerAccountData optional extra account data
  40.      * @param authorities
  41.      */
  42.     public JustauthAuthenticationToken(String providerId, Serializable principle, Map<String, String> providerAccountData,
  43.                                        Collection<? extends GrantedAuthority> authorities) {
  44.         super(authorities);
  45.         this.providerId = providerId;
  47.         this.principle = principle; //no principal yet
  48.         if (providerAccountData != null) {
  49.             this.providerAccountData = Collections.unmodifiableMap(new HashMap<String, String>(providerAccountData));
  50.         } else {
  51.             this.providerAccountData = Collections.emptyMap();
  52.         }
  53.         super.setAuthenticated(true);
  54.     }
  56.     /**
  57.      * @param authorities any {@link GrantedAuthority}s for this user
  58.      */
  59.     public JustauthAuthenticationToken(String providerId, Serializable principle, Collection<? extends GrantedAuthority> authorities, Boolean b) {
  60.         super(authorities);
  61.         this.providerId = providerId;
  62.         this.principle = principle;
  63.         this.providerAccountData = null;
  64.         super.setAuthenticated(b);
  65.     }
  68.     public String getProviderId() {
  69.         return providerId;
  70.     }
  72.     /**
  73.      * @return always null
  74.      */
  75.     public Object getCredentials() {
  76.         return null;
  77.     }
  79.     @Override
  80.     public Object getPrincipal() {
  81.         return this.principle;
  82.     }
  84.     /**
  85.      * @return unmodifiable map, never null
  86.      */
  87.     public Map<String, String> getProviderAccountData() {
  88.         return providerAccountData;
  89.     }
  91.     /**
  92.      * @throws IllegalArgumentException when trying to authenticate a previously unauthenticated token
  93.      */
  94.     @Override
  95.     public void setAuthenticated(final boolean isAuthenticated) throws IllegalArgumentException {
  96.         if (!isAuthenticated) {
  97.             super.setAuthenticated(false);
  98.         } else if (!super.isAuthenticated()) {
  99.             throw new IllegalArgumentException(
  100.                     "Cannot set this token to trusted - use constructor which takes a GrantedAuthority list instead");
  101.         }
  102.     }
  104. }

自系统内的认证

  1. package com.luoqiz.oauth2.justauth;
  3. import com.luoqiz.oauth2.justauth.provider.JustauthUserDetailsService;
  4. import com.luoqiz.oauth2.justauth.support.UsersConnectionRepository;
  5. import com.luoqiz.oauth2.justauth.support.jdbc.JdbcUsersConnectionRepository;
  6. import me.zhyd.oauth.model.AuthUser;
  7. import org.springframework.security.authentication.AuthenticationProvider;
  8. import org.springframework.security.authentication.BadCredentialsException;
  9. import org.springframework.security.core.Authentication;
  10. import org.springframework.security.core.AuthenticationException;
  11. import org.springframework.security.core.GrantedAuthority;
  12. import org.springframework.security.core.userdetails.UserDetails;
  13. import org.springframework.security.core.userdetails.UsernameNotFoundException;
  14. import org.springframework.util.Assert;
  16. import java.util.Collection;
  17. import java.util.HashSet;
  18. import java.util.Set;
  20. /**
  21.  * 从第三方正确获取用户信息后,自系统用户处理
  22.  */
  23. public class JustauthAuthenticationProvider implements AuthenticationProvider {
  25.     private UsersConnectionRepository usersConnectionRepository;
  27.     private JustauthUserDetailsService userDetailsService;
  29.     public JustauthAuthenticationProvider(UsersConnectionRepository usersConnectionRepository, JustauthUserDetailsService userDetailsService) {
  30.         this.usersConnectionRepository = usersConnectionRepository;
  31.         this.userDetailsService = userDetailsService;
  32.     }
  34.     public boolean supports(Class<? extends Object> authentication) {
  35.         return JustauthAuthenticationToken.class.isAssignableFrom(authentication);
  36.     }
  38.     /**
  39.      * Authenticate user based on {@link JustauthAuthenticationToken}
  40.      */
  41.     public Authentication authenticate(Authentication authentication) throws AuthenticationException {
  42.         Assert.isInstanceOf(JustauthAuthenticationToken.class, authentication, "unsupported justAuth authentication type");
  43.         Assert.isTrue(!authentication.isAuthenticated(), "already authenticated");
  44.         JustauthAuthenticationToken authToken = (JustauthAuthenticationToken) authentication;
  45.         String providerId = authToken.getProviderId();
  46.         AuthUser authUser = (AuthUser) authToken.getPrincipal();
  47.         String userId = toUserId(authUser);
  48.         if (userId == null) {
  49.             throw new BadCredentialsException("Unknown access token");
  50.         }
  52.         UserDetails userDetails = userDetailsService.loadUserByUserId(userId);
  53.         if (userDetails == null) {
  54.             throw new UsernameNotFoundException("Unknown connected account id");
  55.         }
  57.         return new JustauthAuthenticationToken(providerId, userDetails, getAuthorities(providerId, userDetails), true);
  58.     }
  60.     protected String toUserId(AuthUser authUser) {
  61.         Set<String> providerUserIds = new HashSet<>(1);
  62.         providerUserIds.add(authUser.getUuid());
  63.         Set<String> userIds = usersConnectionRepository.findUserIdsConnectedTo(authUser.getSource(), providerUserIds);
  64.         // only if a single userId is connected to this providerUserId
  65.         return (userIds.size() == 1) ? userIds.iterator().next() : null;
  66.     }
  69.     protected Collection<? extends GrantedAuthority> getAuthorities(String providerId, UserDetails userDetails) {
  70.         return userDetails.getAuthorities();
  71.     }
  73. }

创建认证过滤器

默认拦截路径为:/justauth/{providerId}

  1. package com.luoqiz.oauth2.justauth;
  3. import com.luoqiz.oauth2.justauth.provider.JustauthUserDetailsService;
  4. import com.luoqiz.oauth2.justauth.support.UsersConnectionRepository;
  5. import com.luoqiz.oauth2.justauth.support.jdbc.JdbcUsersConnectionRepository;
  6. import me.zhyd.oauth.model.AuthUser;
  7. import org.springframework.security.authentication.AuthenticationProvider;
  8. import org.springframework.security.authentication.BadCredentialsException;
  9. import org.springframework.security.core.Authentication;
  10. import org.springframework.security.core.AuthenticationException;
  11. import org.springframework.security.core.GrantedAuthority;
  12. import org.springframework.security.core.userdetails.UserDetails;
  13. import org.springframework.security.core.userdetails.UsernameNotFoundException;
  14. import org.springframework.util.Assert;
  16. import java.util.Collection;
  17. import java.util.HashSet;
  18. import java.util.Set;
  20. /**
  21.  * 从第三方正确获取用户信息后,自系统用户处理
  22.  */
  23. public class JustauthAuthenticationProvider implements AuthenticationProvider {
  25.     private UsersConnectionRepository usersConnectionRepository;
  27.     private JustauthUserDetailsService userDetailsService;
  29.     public JustauthAuthenticationProvider(UsersConnectionRepository usersConnectionRepository, JustauthUserDetailsService userDetailsService) {
  30.         this.usersConnectionRepository = usersConnectionRepository;
  31.         this.userDetailsService = userDetailsService;
  32.     }
  34.     public boolean supports(Class<? extends Object> authentication) {
  35.         return JustauthAuthenticationToken.class.isAssignableFrom(authentication);
  36.     }
  38.     /**
  39.      * Authenticate user based on {@link JustauthAuthenticationToken}
  40.      */
  41.     public Authentication authenticate(Authentication authentication) throws AuthenticationException {
  42.         Assert.isInstanceOf(JustauthAuthenticationToken.class, authentication, "unsupported justAuth authentication type");
  43.         Assert.isTrue(!authentication.isAuthenticated(), "already authenticated");
  44.         JustauthAuthenticationToken authToken = (JustauthAuthenticationToken) authentication;
  45.         String providerId = authToken.getProviderId();
  46.         AuthUser authUser = (AuthUser) authToken.getPrincipal();
  47.         String userId = toUserId(authUser);
  48.         if (userId == null) {
  49.             throw new BadCredentialsException("Unknown access token");
  50.         }
  52.         UserDetails userDetails = userDetailsService.loadUserByUserId(userId);
  53.         if (userDetails == null) {
  54.             throw new UsernameNotFoundException("Unknown connected account id");
  55.         }
  57.         return new JustauthAuthenticationToken(providerId, userDetails, getAuthorities(providerId, userDetails), true);
  58.     }
  60.     protected String toUserId(AuthUser authUser) {
  61.         Set<String> providerUserIds = new HashSet<>(1);
  62.         providerUserIds.add(authUser.getUuid());
  63.         Set<String> userIds = usersConnectionRepository.findUserIdsConnectedTo(authUser.getSource(), providerUserIds);
  64.         // only if a single userId is connected to this providerUserId
  65.         return (userIds.size() == 1) ? userIds.iterator().next() : null;
  66.     }
  69.     protected Collection<? extends GrantedAuthority> getAuthorities(String providerId, UserDetails userDetails) {
  70.         return userDetails.getAuthorities();
  71.     }
  73. }

系统配置过滤器

  1. /*
  2.  * Copyright 2015 the original author or authors.
  3.  *
  4.  * Licensed under the Apache License, Version 2.0 (the "License");
  5.  * you may not use this file except in compliance with the License.
  6.  * You may obtain a copy of the License at
  7.  *
  8.  *      http://www.apache.org/licenses/LICENSE-2.0
  9.  *
  10.  * Unless required by applicable law or agreed to in writing, software
  11.  * distributed under the License is distributed on an "AS IS" BASIS,
  12.  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  13.  * See the License for the specific language governing permissions and
  14.  * limitations under the License.
  15.  */
  16. package com.luoqiz.oauth2.justauth;
  18. import com.luoqiz.oauth2.justauth.connect.JustauthAuthenticationServiceRegistry;
  19. import com.luoqiz.oauth2.justauth.provider.JustauthUserDetailsService;
  20. import com.luoqiz.oauth2.justauth.service.GiteeJustauthAuthenticationService;
  21. import com.luoqiz.oauth2.justauth.service.GithubJustauthAuthenticationService;
  22. import com.luoqiz.oauth2.justauth.service.GoogleJustauthAuthenticationService;
  23. import com.luoqiz.oauth2.justauth.support.UsersConnectionRepository;
  24. import com.luoqiz.oauth2.justauth.support.jdbc.JdbcUsersConnectionRepository;
  25. import com.xkcoding.justauth.AuthRequestFactory;
  26. import lombok.Data;
  27. import me.zhyd.oauth.model.AuthUser;
  28. import org.springframework.security.authentication.AuthenticationManager;
  29. import org.springframework.security.config.annotation.SecurityConfigurerAdapter;
  30. import org.springframework.security.config.annotation.web.builders.HttpSecurity;
  31. import org.springframework.security.web.DefaultSecurityFilterChain;
  32. import org.springframework.security.web.access.intercept.FilterSecurityInterceptor;
  33. import org.springframework.security.web.authentication.AnonymousAuthenticationFilter;
  34. import org.springframework.security.web.authentication.AuthenticationFailureHandler;
  35. import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
  36. import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
  38. /**
  39.  * 系统配置过滤器
  40.  */
  41. @Data
  42. public class JustAuthSocialConfigurer extends SecurityConfigurerAdapter<DefaultSecurityFilterChain, HttpSecurity> {
  44.     private AuthRequestFactory factory;
  45.     private UsersConnectionRepository jdbcUsersConnectionRepository;
  46.     private JustauthUserDetailsService userDetailsService;
  47.     private AuthenticationSuccessHandler authenticationSuccessHandler;
  48.     private AuthenticationFailureHandler authenticationFailureHandler;
  50.     public JustAuthSocialConfigurer(AuthRequestFactory factory, UsersConnectionRepository jdbcUsersConnectionRepository) {
  51.         this.factory = factory;
  52.         this.jdbcUsersConnectionRepository = jdbcUsersConnectionRepository;
  53.     }
  55.     /**
  56.      * 此组件已经实现的服务
  57.      */
  58.     private void justauthAuthenticationServiceRegistry() {
  59.         JustauthAuthenticationServiceRegistry.getInstance().addJustauthAuthenticationService("github", new GithubJustauthAuthenticationService<>("github", factory));
  60.         JustauthAuthenticationServiceRegistry.getInstance().addJustauthAuthenticationService("google", new GoogleJustauthAuthenticationService<>("google", factory));
  61.         JustauthAuthenticationServiceRegistry.getInstance().addJustauthAuthenticationService("gitee", new GiteeJustauthAuthenticationService<>("gitee", factory));
  62.     }
  64.     /**
  65.      * 添加自定义  JustauthAuthenticationService 服务
  66.      *
  67.      * @param key
  68.      * @param service
  69.      */
  70.     public void addJustauthAuthenticationService(String key, AbstractJustauthAuthenticationService<AuthUser> service) {
  71.         service.setFactory(factory);
  72.         JustauthAuthenticationServiceRegistry.getInstance().addJustauthAuthenticationService(key, service);
  73.     }
  76.     @Override
  77.     public void configure(HttpSecurity http) throws Exception {
  78.         justauthAuthenticationServiceRegistry();
  79.         JustAuthSocialAuthenticationFilter filter = new JustAuthSocialAuthenticationFilter(
  80.                 http.getSharedObject(AuthenticationManager.class), factory, jdbcUsersConnectionRepository);
  81.         filter.setAuthenticationManager(http.getSharedObject(AuthenticationManager.class));
  82.         filter.setAuthenticationSuccessHandler(authenticationSuccessHandler);
  83.         filter.setAuthenticationFailureHandler(authenticationFailureHandler);
  84.         http.authenticationProvider(
  85.                 new JustauthAuthenticationProvider(jdbcUsersConnectionRepository, userDetailsService))
  86. //                .addFilterBefore(postProcess(filter), AbstractPreAuthenticatedProcessingFilter.class);
  87.                 .addFilterBefore(postProcess(filter), AnonymousAuthenticationFilter.class);
  88.     }
  90. }

用户来源提供

  1. package com.luoqiz.oauth2.justauth.support.jdbc;
  3. import com.luoqiz.oauth2.justauth.support.ConnectionData;
  4. import com.luoqiz.oauth2.justauth.support.UsersConnectionRepository;
  5. import org.springframework.dao.DataAccessException;
  6. import org.springframework.dao.DuplicateKeyException;
  7. import org.springframework.jdbc.core.BeanPropertyRowMapper;
  8. import org.springframework.jdbc.core.JdbcTemplate;
  9. import org.springframework.jdbc.core.ResultSetExtractor;
  10. import org.springframework.jdbc.core.RowMapper;
  11. import org.springframework.jdbc.core.namedparam.MapSqlParameterSource;
  12. import org.springframework.jdbc.core.namedparam.NamedParameterJdbcTemplate;
  13. import org.springframework.security.crypto.encrypt.Encryptors;
  14. import org.springframework.security.crypto.encrypt.TextEncryptor;
  15. import org.springframework.transaction.annotation.Transactional;
  17. import javax.sql.DataSource;
  18. import java.sql.ResultSet;
  19. import java.sql.SQLException;
  20. import java.util.*;
  22. /**
  23.  * 认证来源,目前只实现保存在数据库中的用户
  24.  */
  25. public class JdbcUsersConnectionRepository implements UsersConnectionRepository {
  27.     private final JdbcTemplate jdbcTemplate;
  29.     private final TextEncryptor textEncryptor;
  31.     private String tablePrefix = "";
  33.     public JdbcUsersConnectionRepository(DataSource dataSource, TextEncryptor textEncryptor) {
  34.         this.jdbcTemplate = new JdbcTemplate(dataSource);
  35.         if (textEncryptor != null) {
  36.             this.textEncryptor = textEncryptor;
  37.         } else {
  38.             this.textEncryptor = Encryptors.noOpText();
  39.         }
  41.     }
  44.     /**
  45.      * Sets a table name prefix. This will be prefixed to all the table names before queries are executed. Defaults to "".
  46.      * This is can be used to qualify the table name with a schema or to distinguish Spring Social tables from other application tables.
  47.      *
  48.      * @param tablePrefix the tablePrefix to set
  49.      */
  50.     public void setTablePrefix(String tablePrefix) {
  51.         this.tablePrefix = tablePrefix;
  52.     }
  54.     @Override
  55.     public List<String> findUserIdsWithProvider(String providerId, String providerUserId) {
  56.         List<String> localUserIds = jdbcTemplate.queryForList("select userId from " + tablePrefix + "UserConnection where providerId = ? and providerUserId = ?", String.class, providerId, providerUserId);
  57. //        if (localUserIds.size() == 0 ) {
  58. //            String newUserId = connectionSignUp.execute(connection);
  59. //            if (newUserId != null) {
  60. //                createConnectionRepository(newUserId).addConnection(connection);
  61. //                return Arrays.asList(newUserId);
  62. //            }
  63. //        }
  64.         return localUserIds;
  65.     }
  66.     @Override
  67.     public Set<String> findUserIdsConnectedTo(String providerId, Set<String> providerUserIds) {
  68.         MapSqlParameterSource parameters = new MapSqlParameterSource();
  69.         parameters.addValue("providerId", providerId);
  70.         parameters.addValue("providerUserIds", providerUserIds);
  71.         final Set<String> localUserIds = new HashSet<String>();
  72.         return new NamedParameterJdbcTemplate(jdbcTemplate).query("select userId from " + tablePrefix + "UserConnection where providerId = :providerId and providerUserId in (:providerUserIds)", parameters,
  73.                 new ResultSetExtractor<Set<String>>() {
  74.                     public Set<String> extractData(ResultSet rs) throws SQLException, DataAccessException {
  75.                         while (rs.next()) {
  76.                             localUserIds.add(rs.getString("userId"));
  77.                         }
  78.                         return localUserIds;
  79.                     }
  80.                 });
  81.     }
  82.     @Override
  83.     public ConnectionData findRowWithUserIdProviderId(String userId, String providerId) {
  84.         RowMapper<ConnectionData> rm = new BeanPropertyRowMapper<ConnectionData>(ConnectionData.class);
  85.         return jdbcTemplate.queryForObject("select * from " + tablePrefix + "UserConnection where userId = ? and providerId = ?",
  86.                 new Object[]{userId, providerId}, new RowMapper<ConnectionData>() {
  87.                     @Override
  88.                     public ConnectionData mapRow(ResultSet resultSet, int i) throws SQLException {
  89.                         return new ConnectionData(resultSet.getString("userId"),
  90.                                 resultSet.getString("providerId"),
  91.                                 resultSet.getString("providerUserId"),
  92.                                 resultSet.getString("displayName"),
  93.                                 resultSet.getString("profileUrl"),
  94.                                 resultSet.getString("imageUrl"),
  95.                                 resultSet.getString("accessToken"),
  96.                                 resultSet.getString("secret"),
  97.                                 resultSet.getString("refreshToken"),
  98.                                 resultSet.getLong("expireTime")
  99.                         );
  100.                     }
  101.                 });
  102.     }
  104.     @Override
  105.     @Transactional
  106.     public void addConnection(ConnectionData connectionData) {
  107.         try {
  108.             int rank = jdbcTemplate.queryForObject("select coalesce(max(rank) + 1, 1) as rank from " + tablePrefix + "UserConnection where userId = ? and providerId = ?", new Object[]{connectionData.getUserId(), connectionData.getProviderId()}, Integer.class);
  109.             jdbcTemplate.update("insert into " + tablePrefix + "UserConnection (userId, providerId, providerUserId, rank, displayName, profileUrl, imageUrl, accessToken, secret, refreshToken, expireTime) values (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)",
  110.                     connectionData.getUserId(), connectionData.getProviderId(), connectionData.getProviderUserId(),
  111.                     rank, connectionData.getDisplayName(), connectionData.getProfileUrl(),
  112.                     connectionData.getImageUrl(), encrypt(connectionData.getAccessToken()),
  113.                     encrypt(connectionData.getSecret()), encrypt(connectionData.getRefreshToken()), connectionData.getExpireTime());
  114.         } catch (DuplicateKeyException e) {
  115.             throw new DuplicateKeyException(connectionData.getUserId());
  116.         }
  117.     }
  119.     @Override
  120.     @Transactional
  121.     public void updateConnection(ConnectionData data) {
  122.         jdbcTemplate.update("update " + tablePrefix + "UserConnection set displayName = ?, profileUrl = ?, imageUrl = ?, accessToken = ?, secret = ?, refreshToken = ?, expireTime = ? where userId = ? and providerId = ? and providerUserId = ?",
  123.                 data.getDisplayName(), data.getProfileUrl(), data.getImageUrl(), encrypt(data.getAccessToken()),
  124.                 encrypt(data.getSecret()), encrypt(data.getRefreshToken()), data.getExpireTime(),
  125.                 data.getUserId(), data.getProviderId(), data.getProviderUserId());
  126.     }
  128.     @Override
  129.     @Transactional
  130.     public boolean removeConnections(String providerId, String userId) {
  131.         return jdbcTemplate.update("delete from " + tablePrefix + "UserConnection where userId = ? and providerId = ?",
  132.                 userId, providerId) == 1;
  133.     }
  135. //    @Transactional
  136. //    public void removeConnection(ConnectionKey connectionKey) {
  137. //        jdbcTemplate.update("delete from " + tablePrefix + "UserConnection where userId = ? and providerId = ? and providerUserId = ?", userId, connectionKey.getProviderId(), connectionKey.getProviderUserId());
  138. //    }
  140.     // internal helpers
  142.     private String selectFromUserConnection() {
  143.         return "select userId, providerId, providerUserId, displayName, profileUrl, imageUrl, accessToken, secret, refreshToken, expireTime from " + tablePrefix + "UserConnection";
  144.     }
  146. //    private Connection<?> findPrimaryConnection(String providerId) {
  147. //        List<Connection<?>> connections = jdbcTemplate.query(selectFromUserConnection() + " where userId = ? and providerId = ? order by rank", connectionMapper, userId, providerId);
  148. //        if (connections.size() > 0) {
  149. //            return connections.get(0);
  150. //        } else {
  151. //            return null;
  152. //        }
  153. //    }
  155.     private String encrypt(String text) {
  156.         return text != null ? textEncryptor.encrypt(text) : text;
  157.     }
  159.     @Override
  160.     public List<ConnectionData> findUserWithUserId(String userId) {
  161.         List<Map<String, Object>> result = jdbcTemplate.queryForList("select * from " + tablePrefix + "UserConnection where userId = ? ",
  162.                 new Object[]{userId});
  163.         List<ConnectionData> rs = new ArrayList<>();
  164.         result.forEach(resultSet -> {
  165.             ConnectionData connection = new ConnectionData(
  166.                     (String) resultSet.get("userId"),
  167.                     (String) resultSet.get("providerId"),
  168.                     (String) resultSet.get("providerUserId"),
  169.                     (String) resultSet.get("displayName"),
  170.                     (String) resultSet.get("profileUrl"),
  171.                     (String) resultSet.get("imageUrl"),
  172.                     (String) resultSet.get("accessToken"),
  173.                     (String) resultSet.get("secret"),
  174.                     (String) resultSet.get("refreshToken"),
  175.                     (Long) resultSet.get("expireTime")
  176.             );
  177.             rs.add(connection);
  178.         });
  179.         return rs;
  180.     }
  181. }

使用配置

认证失败处理器

  1. package com.luoqiz.pincheng.config.permission;
  3. import cn.hutool.json.JSONObject;
  4. import com.luoqiz.oauth2.justauth.exception.JustauthAuthenticationRedirectException;
  5. import com.luoqiz.pincheng.config.exception.BusinessExCodeEnum;
  6. import com.luoqiz.pincheng.config.exception.BusinessException;
  7. import com.luoqiz.pincheng.util.Result;
  8. import org.springframework.security.core.AuthenticationException;
  9. import org.springframework.security.web.authentication.AuthenticationFailureHandler;
  10. import org.springframework.stereotype.Component;
  12. import javax.servlet.http.HttpServletRequest;
  13. import javax.servlet.http.HttpServletResponse;
  14. import java.io.IOException;
  16. /**
  17.  * 用户登录认证失败返回的信息
  18.  */
  19. @Component
  20. public class AuthenticationFailureHandlerImpl implements AuthenticationFailureHandler {
  22.     @Override
  23.     public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response, AuthenticationException exception) throws IOException {
  24.         if (exception instanceof JustauthAuthenticationRedirectException) {
  25.             response.sendRedirect(((JustauthAuthenticationRedirectException) exception).getRedirectUrl());
  26.             return;
  27.         }
  28.         response.setContentType("application/json;charset=UTF-8");
  29.         Result result = Result.error(new BusinessException(BusinessExCodeEnum.LOGIN_ERROR));
  30.         JSONObject json = new JSONObject(result);
  31.         response.getWriter().write(json.toJSONString(0));
  32.     }
  33. }

注意: if (exception instanceof JustauthAuthenticationRedirectException) 的判断必须有,否则在需要跳转到第三方登录的时候会出现失败的情况。

认证相关配置

  1. package com.luoqiz.pincheng.config;
  3. import com.fasterxml.jackson.databind.ObjectMapper;
  4. import com.luoqiz.oauth2.justauth.JustAuthSocialConfigurer;
  5. import com.luoqiz.oauth2.justauth.support.UsersConnectionRepository;
  6. import com.luoqiz.oauth2.justauth.support.jdbc.JdbcUsersConnectionRepository;
  7. import com.luoqiz.pincheng.config.permission.JwtAuthenticationTokenFilter;
  8. import com.luoqiz.pincheng.justauth.WjwJustauthAuthenticationService;
  9. import com.luoqiz.pincheng.service.ISysUserService;
  10. import com.xkcoding.justauth.AuthRequestFactory;
  11. import lombok.extern.slf4j.Slf4j;
  12. import org.springframework.beans.factory.annotation.Autowired;
  13. import org.springframework.context.annotation.Bean;
  14. import org.springframework.context.annotation.Configuration;
  15. import org.springframework.context.annotation.Primary;
  16. import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
  17. import org.springframework.security.config.annotation.web.builders.HttpSecurity;
  18. import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
  19. import org.springframework.security.config.http.SessionCreationPolicy;
  20. import org.springframework.security.crypto.encrypt.TextEncryptor;
  21. import org.springframework.security.crypto.factory.PasswordEncoderFactories;
  22. import org.springframework.security.crypto.password.PasswordEncoder;
  23. import org.springframework.security.web.AuthenticationEntryPoint;
  24. import org.springframework.security.web.access.AccessDeniedHandler;
  25. import org.springframework.security.web.authentication.AuthenticationFailureHandler;
  26. import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
  27. import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
  28. import org.springframework.transaction.annotation.EnableTransactionManagement;
  30. import javax.sql.DataSource;
  32. /**
  33.  * @author luoqiz
  34.  * @date 2019/7/21
  35.  * 认证相关配置
  36.  */
  38. @Slf4j
  39. @Primary
  40. @Configuration
  41. @EnableTransactionManagement(proxyTargetClass = true)
  42. public class WebSecurityConfigurer extends WebSecurityConfigurerAdapter {
  43.     @Autowired
  44.     private ObjectMapper objectMapper;
  46.     @Autowired
  47.     private ISysUserService sysUserService;
  49.     @Autowired
  50.     private AuthenticationEntryPoint authenticationEntryPoint;
  52.     @Autowired
  53.     private AuthenticationSuccessHandler authenticationSuccessHandler;
  55.     @Autowired
  56.     private AuthenticationFailureHandler authenticationFailureHandler;
  58.     @Autowired
  59.     private AccessDeniedHandler accessDeniedHandler;
  61.     @Autowired
  62.     JwtAuthenticationTokenFilter jwtAuthenticationTokenFilter; // JWT 拦截器
  64.     @Autowired
  65.     AuthRequestFactory factory;
  67.     @Autowired
  68.     DataSource dataSource;
  70.     @Autowired(required = false)
  71.     private TextEncryptor encryptor;
  73.     @Bean
  74.     protected UsersConnectionRepository jdbcUsersConnectionRepository() {
  75.         return new JdbcUsersConnectionRepository(dataSource, encryptor);
  76.     }
  78.     @Override
  79.     protected void configure(HttpSecurity http) throws Exception {
  80.         http
  81.                 .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
  82.                 .and()
  83.                 .httpBasic().authenticationEntryPoint(authenticationEntryPoint)
  84.                 .and()
  85.                 .formLogin()
  86. //                 登录表单提交地址
  87.                 .loginProcessingUrl("/login")
  88.                 .successHandler(authenticationSuccessHandler)
  89.                 .failureHandler(authenticationFailureHandler)
  90.                 .permitAll()
  91.                 .and()
  93.                 .authorizeRequests()
  94.                 .antMatchers("/admin/**").authenticated()
  95.                 .anyRequest().permitAll()
  96.                 .and()
  97.                 .cors().and()
  98.                 .exceptionHandling().accessDeniedHandler(accessDeniedHandler)
  99.                 .and().csrf().disable();
  101.         JustAuthSocialConfigurer justauth = new JustAuthSocialConfigurer(factory, jdbcUsersConnectionRepository());
  103.         justauth.setUserDetailsService(sysUserService);
  104.         justauth.setAuthenticationFailureHandler(authenticationFailureHandler);
  105.         justauth.setAuthenticationSuccessHandler(authenticationSuccessHandler);
  106.         justauth.addJustauthAuthenticationService("wjw", new WjwJustauthAuthenticationService("wjw", factory));
  107.         http.apply(justauth);
  109.         http.addFilterBefore(jwtAuthenticationTokenFilter, UsernamePasswordAuthenticationFilter.class); // JWT Filter
  110.     }
  112.     @Override
  113.     protected void configure(AuthenticationManagerBuilder auth) throws Exception {
  114.         auth.userDetailsService(sysUserService).passwordEncoder(passwordEncoder());
  115.     }
  118.     @Bean
  119.     public PasswordEncoder passwordEncoder() {
  120.         return PasswordEncoderFactories.createDelegatingPasswordEncoder();
  121.     }
  122. }

第三方信息配置

  1. justauth:
  2.   enabled: true
  3.   type:
  4.     github:
  5.       client-id: 323a5*********297b
  6.       client-secret: 380************32f33
  7.       redirect-uri: http://********/justauth/github
  8.     google:
  9.       client-id: 15330************.apps.googleusercontent.com
  10.       client-secret: gCzAl*************9sH
  11.       redirect-uri: http://********/justauth/google
  12.     gitee:
  13.       client-id: 12f1d90************431db5c65d850d
  14.       client-secret: ac29e60632*************be25cfc6d6e5ae2811e
  15.       redirect-uri: http://********/justauth/gitee
  16.   extend:
  17.     enumClass: com.luoqiz.test.justauth.AuthCustomSource
  18.     config:
  19.       wjw:
  20.         request-class: com.luoqiz.test.justauth.AuthWjwRequest
  21.         client-id: Y***********A
  22.         client-secret: d00955f*************3005fcd109
  23.         redirect-uri: http://test.luoqiz.top/justauth/wjw

配置完成即可使用。

项目地址:https://gitee.com/luoqiz/justauth-spring-security-starter.git
此为自己写的为自己使用。可参考原理编写更适合自己的程序,如临时用户信息存储等。若是对此项目有好的建议或者需求可提issues。优化代码后会上传到 maven 仓库,方便使用和查看。

演示

springsecurity-justauth演示.wmv (4.18MB)