auth server, resource server
This commit is contained in:
liquidjoo
@@ -2,8 +2,10 @@ package io.bluemoon.authorizationserver;
|
|||||||
|
|
||||||
import org.springframework.boot.SpringApplication;
|
import org.springframework.boot.SpringApplication;
|
||||||
import org.springframework.boot.autoconfigure.SpringBootApplication;
|
import org.springframework.boot.autoconfigure.SpringBootApplication;
|
||||||
|
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
|
||||||
|
|
||||||
@SpringBootApplication
|
@SpringBootApplication
|
||||||
|
@EnableResourceServer
|
||||||
public class AuthorizationServerApplication {
|
public class AuthorizationServerApplication {
|
||||||
|
|
||||||
public static void main(String[] args) {
|
public static void main(String[] args) {
|
||||||
|
|||||||
@@ -14,7 +14,8 @@ import org.springframework.security.config.annotation.web.configuration.WebSecur
|
|||||||
import org.springframework.security.crypto.password.NoOpPasswordEncoder;
|
import org.springframework.security.crypto.password.NoOpPasswordEncoder;
|
||||||
|
|
||||||
@Configuration
|
@Configuration
|
||||||
@Order(SecurityProperties.BASIC_AUTH_ORDER - 6)
|
//@Order(SecurityProperties.BASIC_AUTH_ORDER - 6)
|
||||||
|
@Order(-1)
|
||||||
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
|
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
|
||||||
|
|
||||||
private CustomUserDetailsServiceImpl customUserDetailsService;
|
private CustomUserDetailsServiceImpl customUserDetailsService;
|
||||||
@@ -42,6 +43,8 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
|
|||||||
@Override
|
@Override
|
||||||
protected void configure(HttpSecurity http) throws Exception {
|
protected void configure(HttpSecurity http) throws Exception {
|
||||||
http.formLogin().loginPage("/login").permitAll()
|
http.formLogin().loginPage("/login").permitAll()
|
||||||
|
.and()
|
||||||
|
.requestMatchers().antMatchers("/login", "/logout", "/oauth/authorize", "/oauth/confirm_access")
|
||||||
.and()
|
.and()
|
||||||
.authorizeRequests().anyRequest().authenticated();
|
.authorizeRequests().anyRequest().authenticated();
|
||||||
|
|
||||||
|
|||||||
@@ -11,6 +11,7 @@ import org.springframework.web.bind.annotation.RequestParam;
|
|||||||
import org.springframework.web.bind.annotation.ResponseBody;
|
import org.springframework.web.bind.annotation.ResponseBody;
|
||||||
|
|
||||||
import javax.servlet.http.HttpServletRequest;
|
import javax.servlet.http.HttpServletRequest;
|
||||||
|
import java.security.Principal;
|
||||||
|
|
||||||
@Controller
|
@Controller
|
||||||
public class SsoController {
|
public class SsoController {
|
||||||
@@ -68,4 +69,10 @@ public class SsoController {
|
|||||||
return "aa";
|
return "aa";
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@RequestMapping(value = "/user")
|
||||||
|
@ResponseBody
|
||||||
|
public Principal user(Principal user) {
|
||||||
|
return user;
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -7,12 +7,17 @@ import org.springframework.cloud.client.loadbalancer.LoadBalancerInterceptor;
|
|||||||
import org.springframework.cloud.netflix.zuul.EnableZuulProxy;
|
import org.springframework.cloud.netflix.zuul.EnableZuulProxy;
|
||||||
import org.springframework.context.annotation.Bean;
|
import org.springframework.context.annotation.Bean;
|
||||||
import org.springframework.http.client.ClientHttpRequestInterceptor;
|
import org.springframework.http.client.ClientHttpRequestInterceptor;
|
||||||
|
import org.springframework.security.core.annotation.AuthenticationPrincipal;
|
||||||
import org.springframework.security.oauth2.client.token.AccessTokenProviderChain;
|
import org.springframework.security.oauth2.client.token.AccessTokenProviderChain;
|
||||||
import org.springframework.security.oauth2.client.token.grant.client.ClientCredentialsAccessTokenProvider;
|
import org.springframework.security.oauth2.client.token.grant.client.ClientCredentialsAccessTokenProvider;
|
||||||
import org.springframework.security.oauth2.client.token.grant.code.AuthorizationCodeAccessTokenProvider;
|
import org.springframework.security.oauth2.client.token.grant.code.AuthorizationCodeAccessTokenProvider;
|
||||||
import org.springframework.security.oauth2.client.token.grant.implicit.ImplicitAccessTokenProvider;
|
import org.springframework.security.oauth2.client.token.grant.implicit.ImplicitAccessTokenProvider;
|
||||||
import org.springframework.security.oauth2.client.token.grant.password.ResourceOwnerPasswordAccessTokenProvider;
|
import org.springframework.security.oauth2.client.token.grant.password.ResourceOwnerPasswordAccessTokenProvider;
|
||||||
|
import org.springframework.stereotype.Controller;
|
||||||
|
import org.springframework.web.bind.annotation.RequestMapping;
|
||||||
|
import org.springframework.web.bind.annotation.RequestMethod;
|
||||||
|
|
||||||
|
import java.security.Principal;
|
||||||
import java.util.ArrayList;
|
import java.util.ArrayList;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
import java.util.stream.Collectors;
|
import java.util.stream.Collectors;
|
||||||
@@ -26,6 +31,17 @@ public class GatewayZuulApplication {
|
|||||||
SpringApplication.run(GatewayZuulApplication.class, args);
|
SpringApplication.run(GatewayZuulApplication.class, args);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Controller
|
||||||
|
@RequestMapping("/")
|
||||||
|
public static class TestController {
|
||||||
|
@RequestMapping(method = RequestMethod.GET)
|
||||||
|
public String test(Principal principal) {
|
||||||
|
System.out.println(principal.getName());
|
||||||
|
System.out.println(principal.toString());
|
||||||
|
return "aa";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
// @Bean
|
// @Bean
|
||||||
// UserInfoRestTemplateCustomizer userInfoRestTemplateCustomizer(LoadBalancerInterceptor loadBalancerInterceptor) {
|
// UserInfoRestTemplateCustomizer userInfoRestTemplateCustomizer(LoadBalancerInterceptor loadBalancerInterceptor) {
|
||||||
// return template -> {
|
// return template -> {
|
||||||
|
|||||||
@@ -18,10 +18,7 @@ import org.springframework.security.oauth2.provider.ClientDetailsService;
|
|||||||
import org.springframework.security.oauth2.provider.authentication.OAuth2AuthenticationManager;
|
import org.springframework.security.oauth2.provider.authentication.OAuth2AuthenticationManager;
|
||||||
import org.springframework.security.oauth2.provider.authentication.OAuth2AuthenticationProcessingFilter;
|
import org.springframework.security.oauth2.provider.authentication.OAuth2AuthenticationProcessingFilter;
|
||||||
import org.springframework.security.oauth2.provider.token.ResourceServerTokenServices;
|
import org.springframework.security.oauth2.provider.token.ResourceServerTokenServices;
|
||||||
import org.springframework.security.web.csrf.CsrfFilter;
|
import org.springframework.security.web.csrf.*;
|
||||||
import org.springframework.security.web.csrf.CsrfToken;
|
|
||||||
import org.springframework.security.web.csrf.CsrfTokenRepository;
|
|
||||||
import org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository;
|
|
||||||
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
|
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
|
||||||
import org.springframework.security.web.util.matcher.RequestMatcher;
|
import org.springframework.security.web.util.matcher.RequestMatcher;
|
||||||
import org.springframework.web.filter.OncePerRequestFilter;
|
import org.springframework.web.filter.OncePerRequestFilter;
|
||||||
@@ -38,7 +35,7 @@ import java.util.regex.Pattern;
|
|||||||
@Configuration
|
@Configuration
|
||||||
@EnableOAuth2Sso
|
@EnableOAuth2Sso
|
||||||
@EnableResourceServer
|
@EnableResourceServer
|
||||||
@Order(value = 0)
|
@Order(value = -1)
|
||||||
public class SecurityConfig extends WebSecurityConfigurerAdapter {
|
public class SecurityConfig extends WebSecurityConfigurerAdapter {
|
||||||
|
|
||||||
// @Bean
|
// @Bean
|
||||||
@@ -52,9 +49,9 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
|
|||||||
http.authorizeRequests()
|
http.authorizeRequests()
|
||||||
.antMatchers("/mk-auth/**", "/login").permitAll().anyRequest().authenticated()
|
.antMatchers("/mk-auth/**", "/login").permitAll().anyRequest().authenticated()
|
||||||
.and()
|
.and()
|
||||||
.csrf().requireCsrfProtectionMatcher(csrfRequestMatcher()).csrfTokenRepository(csrfTokenRepository())
|
// .csrf().requireCsrfProtectionMatcher(csrfRequestMatcher()).csrfTokenRepository(csrfTokenRepository())
|
||||||
.and()
|
// .and()
|
||||||
.addFilterAfter(csrfHeaderFilter(), CsrfFilter.class)
|
// .addFilterAfter(csrfHeaderFilter(), CsrfFilter.class)
|
||||||
.logout().permitAll()
|
.logout().permitAll()
|
||||||
.logoutSuccessUrl("/");
|
.logoutSuccessUrl("/");
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -0,0 +1,18 @@
|
|||||||
|
package io.bluemoon.gatewayzuul.filter;
|
||||||
|
|
||||||
|
import javax.servlet.*;
|
||||||
|
import javax.servlet.http.HttpServletRequest;
|
||||||
|
import java.io.IOException;
|
||||||
|
|
||||||
|
public class HeaderEnhanceFilter implements Filter {
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
|
||||||
|
String authorization = ((HttpServletRequest) request).getHeader("Authorization");
|
||||||
|
String requestURI = ((HttpServletRequest) request).getRequestURI();
|
||||||
|
// test if request url is permit all, then remove authorization from header
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
}
|
||||||
|
}
|
||||||
@@ -1,13 +1,14 @@
|
|||||||
server.port=8765
|
server.port=8765
|
||||||
|
|
||||||
|
zuul.sensitive-headers=Cookie,Set-Cookie
|
||||||
|
|
||||||
zuul.routes.mk2-service=/service/**
|
zuul.routes.mk2-service.path=/service/**
|
||||||
zuul.routes.mk2-service.url=http://127.0.0.1:8082
|
zuul.routes.mk2-service.url=http://127.0.0.1:8082
|
||||||
|
zuul.routes.mk2-service.sensitive-headers=Cookie,Set-Cookie
|
||||||
|
|
||||||
zuul.routes.mk2-oauth.path=/mk-auth/**
|
zuul.routes.mk2-oauth.path=/mk-auth/**
|
||||||
zuul.routes.mk2-oauth.url=http://127.0.0.1:8081
|
zuul.routes.mk2-oauth.url=http://127.0.0.1:8081
|
||||||
zuul.routes.mk2-oauth.sensitive-headers=Authorization
|
zuul.routes.mk2-oauth.sensitive-headers=Cookie,Set-Cookie
|
||||||
#zuul.routes.mk2-oauth.path=/mk2auth/**
|
#zuul.routes.mk2-oauth.path=/mk2auth/**
|
||||||
|
|
||||||
zuul.routes.mk2-oauth.strip-prefix=false
|
zuul.routes.mk2-oauth.strip-prefix=false
|
||||||
@@ -19,19 +20,20 @@ security.oauth2.sso.login-path=/login
|
|||||||
|
|
||||||
security.oauth2.client.access-token-uri=http://127.0.0.1:8081/mk-auth/oauth/token
|
security.oauth2.client.access-token-uri=http://127.0.0.1:8081/mk-auth/oauth/token
|
||||||
security.oauth2.client.user-authorization-uri=http://127.0.0.1:8081/mk-auth/oauth/authorize
|
security.oauth2.client.user-authorization-uri=http://127.0.0.1:8081/mk-auth/oauth/authorize
|
||||||
security.oauth2.resource.token-info-uri=http://127.0.0.1:8081/mk-auth/oauth/check_token
|
|
||||||
|
security.oauth2.resource.user-info-uri=http://127.0.0.1:8081/mk-auth/user
|
||||||
|
#security.oauth2.resource.prefer-token-info=false
|
||||||
|
|
||||||
security.oauth2.client.client-id=system1
|
security.oauth2.client.client-id=system1
|
||||||
security.oauth2.client.client-secret=1234
|
security.oauth2.client.client-secret=1234
|
||||||
|
|
||||||
|
|
||||||
|
#management.security.enabled=false
|
||||||
#security.oauth2.resource.jwt.key-value="abc"
|
#security.oauth2.resource.jwt.key-value="abc"
|
||||||
#security.oauth2.resource.id=read
|
#security.oauth2.resource.id=read
|
||||||
#security.oauth2.resource.service-id=${PREFIX:}resource
|
#security.oauth2.resource.service-id=${PREFIX:}resource
|
||||||
|
|
||||||
|
|
||||||
management.endpoints.web.exposure.include=routes, health, filter
|
#management.endpoints.web.exposure.include=routes, health, filter
|
||||||
management.endpoint.routes.enabled=true
|
#management.endpoint.routes.enabled=true
|
||||||
management.endpoint.filters.enabled=true
|
#management.endpoint.filters.enabled=true
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@@ -0,0 +1,18 @@
|
|||||||
|
//package io.bluemoon.testservice;
|
||||||
|
//
|
||||||
|
//import org.springframework.context.annotation.Configuration;
|
||||||
|
//import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||||
|
//import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
|
||||||
|
//import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
|
||||||
|
//import org.springframework.security.web.util.matcher.RequestHeaderRequestMatcher;
|
||||||
|
//
|
||||||
|
//@EnableResourceServer
|
||||||
|
//@Configuration
|
||||||
|
//public class ResourceServiceConfig extends ResourceServerConfigurerAdapter {
|
||||||
|
//
|
||||||
|
// @Override
|
||||||
|
// public void configure(HttpSecurity http) throws Exception {
|
||||||
|
// http.requestMatcher(new RequestHeaderRequestMatcher("Authorization"))
|
||||||
|
// .authorizeRequests().anyRequest().fullyAuthenticated();
|
||||||
|
// }
|
||||||
|
//}
|
||||||
@@ -2,17 +2,19 @@ package io.bluemoon.testservice;
|
|||||||
|
|
||||||
import org.springframework.boot.SpringApplication;
|
import org.springframework.boot.SpringApplication;
|
||||||
import org.springframework.boot.autoconfigure.SpringBootApplication;
|
import org.springframework.boot.autoconfigure.SpringBootApplication;
|
||||||
|
import org.springframework.core.annotation.Order;
|
||||||
import org.springframework.security.access.prepost.PreAuthorize;
|
import org.springframework.security.access.prepost.PreAuthorize;
|
||||||
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
|
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
|
||||||
import org.springframework.stereotype.Controller;
|
import org.springframework.stereotype.Controller;
|
||||||
import org.springframework.web.bind.annotation.RequestMapping;
|
import org.springframework.web.bind.annotation.RequestMapping;
|
||||||
import org.springframework.web.bind.annotation.RequestMethod;
|
import org.springframework.web.bind.annotation.RequestMethod;
|
||||||
import org.springframework.web.bind.annotation.ResponseBody;
|
import org.springframework.web.bind.annotation.ResponseBody;
|
||||||
|
import org.springframework.web.bind.annotation.SessionAttributes;
|
||||||
|
|
||||||
import java.security.Principal;
|
import java.security.Principal;
|
||||||
|
|
||||||
@EnableResourceServer
|
|
||||||
@SpringBootApplication
|
@SpringBootApplication
|
||||||
|
@EnableResourceServer
|
||||||
public class TestServiceApplication {
|
public class TestServiceApplication {
|
||||||
|
|
||||||
public static void main(String[] args) {
|
public static void main(String[] args) {
|
||||||
|
|||||||
@@ -3,4 +3,10 @@ server.port=8082
|
|||||||
|
|
||||||
#security.oauth2.resource.jwt.key-value="abc"
|
#security.oauth2.resource.jwt.key-value="abc"
|
||||||
#security.oauth2.resource.id=read
|
#security.oauth2.resource.id=read
|
||||||
#security.oauth2.resource.service-id=${PREFIX:}resource
|
#security.oauth2.resource.service-id=${PREFIX:}resource
|
||||||
|
|
||||||
|
security.oauth2.client.client-id=system1
|
||||||
|
security.oauth2.client.client-secret=1234
|
||||||
|
#security.oauth2.resource.token-info-uri=http://127.0.0.1:8081/mk-auth/oauth/check_token
|
||||||
|
security.oauth2.resource.user-info-uri=http://127.0.0.1:8081/mk-auth/user
|
||||||
|
security.oauth2.resource.prefer-token-info=false
|
||||||
Reference in New Issue
Block a user