420DNC涉密网代码
blame | 历史 | 原始文档
lyh
13 小时以前 78aeb8a8c97a884a640d46755e4be706bde48b7d 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107

package com.lxzn.auth.config;


 


import com.lxzn.auth.JwtUtil;


import org.springframework.beans.factory.annotation.Autowired;


import org.springframework.context.annotation.Bean;


import org.springframework.context.annotation.Configuration;


import org.springframework.core.io.ClassPathResource;


import org.springframework.security.authentication.AuthenticationManager;


import org.springframework.security.core.userdetails.UserDetailsService;


import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;


import org.springframework.security.jwt.crypto.sign.RsaVerifier;


import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;


import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;


import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;


import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;


import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;


import org.springframework.security.oauth2.provider.ClientDetailsService;


import org.springframework.security.oauth2.provider.client.JdbcClientDetailsService;


import org.springframework.security.oauth2.provider.token.DefaultAccessTokenConverter;


import org.springframework.security.oauth2.provider.token.TokenStore;


import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter;


import org.springframework.security.oauth2.provider.token.store.JwtTokenStore;


import org.springframework.security.oauth2.provider.token.store.KeyStoreKeyFactory;


 


import javax.sql.DataSource;


import java.security.KeyPair;


 


@Configuration


@EnableAuthorizationServer


class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {


    //jwt令牌转换器


    @Autowired


    private JwtAccessTokenConverter jwtAccessTokenConverter;


    @Autowired


    private UserDetailsService userDetailsService;


    @Autowired


    private AuthenticationManager authenticationManager;


    @Autowired


    private TokenStore tokenStore;


    @Autowired


    private CustomUserAuthenticationConverter customUserAuthenticationConverter;


    @Autowired


    private DataSource dataSource;


 


    private static final String PRIVATE_KEYSTORE = "xc.keystore";


    private static final String KEYSTORE_PASSWORD = "xuechengkeystore";


    private static final String ALIAS_NAME = "xckey";


    private static final String ALIAS_PASSWORD = "xuecheng";


 


 


    @Override


    public void configure(ClientDetailsServiceConfigurer clients) throws Exception {


        clients.jdbc(this.dataSource).clients(this.clientDetails());


    }


 


 


    @Bean


    @Autowired


    public TokenStore tokenStore(JwtAccessTokenConverter jwtAccessTokenConverter) {


        return new JwtTokenStore(jwtAccessTokenConverter);


    }


 


    //客户端配置


    @Bean


    public ClientDetailsService clientDetails() {


        return new JdbcClientDetailsService(dataSource);


    }


 


    @Bean


    public JwtAccessTokenConverter jwtAccessTokenConverter(CustomUserAuthenticationConverter customUserAuthenticationConverter) {


        JwtAccessTokenConverter converter = new JwtAccessTokenConverter();


        //密钥库文件路径


        ClassPathResource classPathResource = new ClassPathResource(PRIVATE_KEYSTORE);


        KeyPair keyPair = new KeyStoreKeyFactory


                (classPathResource, KEYSTORE_PASSWORD.toCharArray())


                .getKeyPair(ALIAS_NAME,ALIAS_PASSWORD.toCharArray());


        converter.setKeyPair(keyPair);


        String pubKey = JwtUtil.getPubKey();


        converter.setVerifierKey(pubKey);


        converter.setVerifier(new RsaVerifier(pubKey));


        //配置自定义的CustomUserAuthenticationConverter


        DefaultAccessTokenConverter accessTokenConverter = (DefaultAccessTokenConverter) converter.getAccessTokenConverter();


        accessTokenConverter.setUserTokenConverter(customUserAuthenticationConverter);


        return converter;


    }


    //授权服务器端点配置


    @Override


    public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {


        endpoints.accessTokenConverter(jwtAccessTokenConverter)


                .authenticationManager(authenticationManager)//认证管理器


                .tokenStore(tokenStore)//令牌存储


                .userDetailsService(userDetailsService);//用户信息service


    }


 


    //授权服务器的安全配置


    @Override


    public void configure(AuthorizationServerSecurityConfigurer oauthServer) throws Exception {


        oauthServer.allowFormAuthenticationForClients()


                .passwordEncoder(new BCryptPasswordEncoder())


                .tokenKeyAccess("permitAll()")


                .checkTokenAccess("isAuthenticated()");


    }


 


 


 


 


}