admin security 添加文档

Author: andanyoung

security-spring-boot-starter/README.md

@@ -0,0 +1,155 @@
+# admin security
+
+## USAGES
+
+1. 引入 pom
+
+```
+        <dependency>
+            <groupId>com.admin4j.framework</groupId>
+            <artifactId>security-spring-boot-starter</artifactId>
+            <version>0.9.0</version>
+        </dependency>
+```
+
+2. 实现 JwtUserDetailsService 接口,用于根据用户ID获取用户详情。由于我们的JWT Token 存的是 userId,所以这里的入参为userId
+
+```java
+
+@Component
+public class Admin4jJwtUserDetailsService implements JwtUserDetailsService {
+
+    @Autowired
+    ISysUserLongInfoService sysUserLongInfoService;
+
+    @Override
+    public JwtUserDetails loadUserByUserId(Long userId) {
+
+        return sysUserLongInfoService.getByUserId(userId);
+    }
+}
+```
+
+3. 账号密码登录。需要实现 `Spring Security`的`UserDetailsService` 接口，用于根据 username 查询用户详情
+
+```java
+
+@Component
+public class Admin4jJwtUserDetailsService implements JwtUserDetailsService, UserDetailsService {
+
+    @Autowired
+    ISysUserLongInfoService sysUserLongInfoService;
+    @Autowired
+    ISysUserService sysUserService;
+
+    @Override
+    public JwtUserDetails loadUserByUserId(Long userId) {
+
+        return sysUserLongInfoService.getByUserId(userId);
+    }
+
+    @Override
+    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
+        SysUser sysUser = sysUserService.getByUserName(username);
+        return SysUserConvert.INSTANCE.convert(sysUser);
+    }
+}
+
+```
+
+### 测试
+
+- 登录接口
+
+```curl
+curl --location 'http://localhost:8080/login' \
+--header 'Content-Type: application/x-www-form-urlencoded' \
+--data-urlencode 'username=admin' \
+--data-urlencode 'password=123456'
+```
+
+- 返回结果
+
+```json
+{
+  "code": 200,
+  "data": {
+    "token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzYWx0IjoiMTIiLCJleHAiOjE2OTkzNDU3ODAsInVzZXJJRCI6MX0.tz0RGKSQEwfS0aTrsF7bdxF1enU4Vy32rn4ckDn3-D0"
+  },
+  "msg": "success"
+}
+```
+
+## 多渠道登录
+
+通过配置的方式，支持微信，手机号等多渠道登录
+
+### 验证码手机号登录
+
+- yaml配置方式
+
+```yaml
+admin4j:
+  security:
+    multi:
+      auth-map:
+        phone: phoneNumber
+
+```
+
+auth-map 为渠道登录登录方式配置。对象类型，key为 登录方式 (`authType`)。value 为登录认证的字段名称。
+解释如上配置，
+
+- 登录方式 (`authType`) : `phone`
+- 登录认证的字段名称: `phoneNumber`
+
+前端登录接口案例：`/login/phone` (/login/authType)
+
+```curl
+curl --location 'http://localhost:8080/login/phone' \
+--header 'Content-Type: application/x-www-form-urlencoded' \
+  --data-urlencode 'phoneNumber=admin' \
+  --data-urlencode 'verificationCode=123456'
+```
+
+- java 配置代码，实现接口`MultiUserDetailsService`
+    1. 配置登录方式 `support()` 为 phone （yaml配置的`authType`）
+    2. 检查手机对应的验证码是否正确
+    3. 根据手机号获取用户详情
+
+```java
+
+/**
+ * 验证码手机号登录
+ *
+ */
+@Component
+public class PhoneMultiUserDetailsService implements MultiUserDetailsService {
+    @Autowired
+    ISysUserService sysUserService;
+
+    @Override
+    public String support() {
+        return "phone";
+    }
+
+    @Override
+    public boolean preVerify(MultiAuthenticationToken multiAuthenticationToken) {
+
+        // 验证码
+        String verificationCode = multiAuthenticationToken.getAuthParameter("verificationCode");
+        // TODO 验证验证码正确性。错误返回 false,或者抛出错误
+        return true;
+    }
+
+    @Override
+    public UserDetails loadUserByMultiToken(String phoneNumber) {
+
+        SysUser sysUser = sysUserService.getByPhoneNumber(phoneNumber);
+        return SysUserConvert.INSTANCE.convert(sysUser);
+    }
+}
+
+```
+
+### 其他渠道登录，如微信openid 登录，参考上方可实现

security-spring-boot-starter/pom.xml

@@ -1,4 +1,4 @@
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+<project xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://maven.apache.org/POM/4.0.0"
          xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
     <modelVersion>4.0.0</modelVersion>
     <parent>
@@ -10,6 +10,7 @@
     <groupId>com.admin4j.framework</groupId>
     <artifactId>security-spring-boot-starter</artifactId>
     <packaging>jar</packaging>
+    <version>0.9.1-SNAPSHOT</version>
 
     <name>security-spring-boot-starter</name>
 

security-spring-boot-starter/src/main/java/com/admin4j/framework/security/UserTokenService.java

@@ -1,7 +1,6 @@
 package com.admin4j.framework.security;
 
 import com.admin4j.framework.security.jwt.JwtUserDetails;
-import org.springframework.security.core.userdetails.UserDetails;
 
 import javax.servlet.http.HttpServletRequest;
 
@@ -39,5 +38,5 @@ public interface UserTokenService {
      * @param token
      * @return 登录用户名
      */
-    UserDetails getUserDetails(String token);
+    JwtUserDetails getUserDetails(String token);
 }

security-spring-boot-starter/src/main/java/com/admin4j/framework/security/configuration/SecurityConfiguration.java

@@ -100,7 +100,7 @@ public AuthenticationManager authenticationManager(AuthenticationConfiguration a
      * 取消ROLE_前缀
      */
     //@Bean
-    //public GrantedAuthorityDefaults grantedAuthorityDefaults() {
+    // public GrantedAuthorityDefaults grantedAuthorityDefaults() {
     //    // Remove the ROLE_ prefix
     //    return new GrantedAuthorityDefaults("");
     //}
@@ -122,9 +122,9 @@ public ReloadableResourceBundleMessageSource messageSource() {
     @ConditionalOnMissingBean(SecurityFilterChain.class)
     public SecurityFilterChain filterChain(HttpSecurity httpSecurity) throws Exception {
 
-//FilterSecurityInterceptor
+// FilterSecurityInterceptor
         httpSecurity
-                //关闭cors
+                // 关闭cors
                 .cors().disable()
                 // CSRF禁用，因为不使用session
                 .csrf().disable()
@@ -161,7 +161,7 @@ public SecurityFilterChain filterChain(HttpSecurity httpSecurity) throws Excepti
 
         authorizeRequestsConfigurer(httpSecurity);
 
-        //多渠道登录
+        // 多渠道登录
         if (multiAuthenticationProperties.isEnable()) {
 
             MultiAuthenticationFilter authenticationFilter = new MultiAuthenticationFilter(multiAuthenticationProperties, formLoginProperties);
@@ -174,7 +174,7 @@ public SecurityFilterChain filterChain(HttpSecurity httpSecurity) throws Excepti
             httpSecurity.apply(multiSecurityConfigurerAdapter);
 
         } else {
-            //开启form表单认证
+            // 开启form表单认证
             httpSecurity.formLogin()
                     .loginProcessingUrl(formLoginProperties.getLoginProcessingUrl())
                     .passwordParameter(formLoginProperties.getPasswordParameter())
@@ -189,8 +189,8 @@ public SecurityFilterChain filterChain(HttpSecurity httpSecurity) throws Excepti
             httpSecurity.addFilterBefore(actuatorFilter, UsernamePasswordAuthenticationFilter.class);
         }
 
-        //GlobalAuthenticationConfigurerAdapter
-        //WebSecurityConfigurerAdapter
+        // GlobalAuthenticationConfigurerAdapter
+        // WebSecurityConfigurerAdapter
         return httpSecurity.build();
     }
 
@@ -200,7 +200,7 @@ public SecurityFilterChain filterChain(HttpSecurity httpSecurity) throws Excepti
     private void authorizeRequestsConfigurer(HttpSecurity httpSecurity) throws Exception {
         ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry expressionInterceptUrlRegistry =
                 httpSecurity.authorizeRequests();
-        //忽略URl配置
+        // 忽略URl配置
         ignoringRequestMatcherRegistry(expressionInterceptUrlRegistry);
         // 除上面外的所有请求全部需要鉴权认证;其他路径必须验证
         expressionInterceptUrlRegistry.anyRequest().authenticated();
@@ -249,7 +249,7 @@ private void ignoringRequestMatcherRegistry(ExpressionUrlAuthorizationConfigurer
             }
         }
 
-        //AnonymousAccess 注解
+        // AnonymousAccess 注解
         if (anonymousAccessUrl != null) {
 
             Map<HttpMethod, String[]> anonymousUrl = anonymousAccessUrl.getAnonymousUrl();
@@ -265,7 +265,7 @@ private void ignoringRequestMatcherRegistry(ExpressionUrlAuthorizationConfigurer
      */
     //@Bean
     //@ConditionalOnMissingBean(WebSecurityCustomizer.class)
-    //public WebSecurityCustomizer webSecurityCustomizer() {
+    // public WebSecurityCustomizer webSecurityCustomizer() {
     //    return (web) -> {
     //
     //        //设置匿名访问url

security-spring-boot-starter/src/main/java/com/admin4j/framework/security/configuration/SecurityHandlerConfiguration.java

@@ -12,13 +12,10 @@
 import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
 import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;
 
-/**
- * @author andanyang
- * @since 2023/5/31 18:06
- */
+
 public class SecurityHandlerConfiguration {
     @Bean
-    @ConditionalOnMissingBean(AuthenticationResult.class)
+    @ConditionalOnMissingBean({AuthenticationResult.class})
     public AuthenticationResult authenticationResult(UserTokenService userTokenService) {
         return new DefaultAuthenticationResult(userTokenService);
     }

security-spring-boot-starter/src/main/java/com/admin4j/framework/security/configuration/UserTokenServiceConfiguration.java

@@ -10,6 +10,7 @@
 import com.admin4j.framework.security.properties.ActuatorProperties;
 import com.admin4j.framework.security.properties.FormLoginProperties;
 import com.admin4j.framework.security.properties.JwtProperties;
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnBean;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
@@ -28,8 +29,8 @@
 public class UserTokenServiceConfiguration {
 
     @Bean
-    @ConditionalOnMissingBean(UserTokenService.class)
-    public UserTokenService userTokenService(JwtProperties jwtProperties, JwtUserDetailsService jwtUserDetailsService) {
+    @ConditionalOnMissingBean({UserTokenService.class})
+    public UserTokenService userTokenService(JwtProperties jwtProperties, @Autowired(required = false) JwtUserDetailsService jwtUserDetailsService) {
         return new JwtUserTokenService(jwtProperties, jwtUserDetailsService);
     }
 

security-spring-boot-starter/src/main/java/com/admin4j/framework/security/filter/JwtAuthenticationTokenFilter.java

@@ -11,7 +11,6 @@
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.context.SecurityContextHolder;
-import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
 import org.springframework.web.filter.OncePerRequestFilter;
 
@@ -47,7 +46,7 @@ protected void doFilterInternal(HttpServletRequest request, HttpServletResponse
         }
 
         try {
-            UserDetails userDetails = userTokenService.getUserDetails(token);
+            JwtUserDetails userDetails = userTokenService.getUserDetails(token);
 
             if (userDetails != null && SecurityContextHolder.getContext().getAuthentication() == null) {
                 // 认证成功吧 Authentication 对象 setAuthenticated(true), 然存到 SecurityContext 中

security-spring-boot-starter/src/main/java/com/admin4j/framework/security/handler/DefaultAuthenticationResult.java

@@ -33,9 +33,9 @@
 public class DefaultAuthenticationResult implements AuthenticationResult {
 
 
-    protected final UserTokenService userTokenService;
     protected static final IResponse FAIL_AUTH_FORBIDDEN = new SimpleResponse(ResponseEnum.FAIL_AUTH_FORBIDDEN);
     protected static final IResponse FAIL_AUTH = new SimpleResponse(ResponseEnum.FAIL_AUTH_TOKEN);
+    protected final UserTokenService userTokenService;
 
     /**
      * 认证成功回调
@@ -54,12 +54,14 @@ public void onAuthenticationSuccess(HttpServletRequest request, HttpServletRespo
 
         SpringUtils.getApplicationContext().publishEvent(new AuthenticationSuccessEvent(request, response, authentication));
 
-        String token = userTokenService.createToken((JwtUserDetails) authentication.getPrincipal());
-
         SimpleResponse simpleResponse = new SimpleResponse(ResponseEnum.SUCCESS);
         Map<String, Object> map = new HashMap<>();
-        map.put("token", token);
         simpleResponse.setData(map);
+
+        if (userTokenService != null) {
+            String token = userTokenService.createToken((JwtUserDetails) authentication.getPrincipal());
+            map.put("token", token);
+        }
         ServletUtils.renderString(response, JSON.toJSONString(simpleResponse));
     }
 

security-spring-boot-starter/src/main/java/com/admin4j/framework/security/jwt/JwtUserDetailsService.java

@@ -1,8 +1,8 @@
 package com.admin4j.framework.security.jwt;
 
-import org.springframework.security.core.userdetails.UserDetails;
-
 /**
+ * 根据用户ID，获取用户信息
+ *
  * @author andanyang
  * @since 2023/6/3 22:04
  */
@@ -19,7 +19,7 @@ public interface JwtUserDetailsService {
      * @param salt
      * @return
      */
-    default boolean verifySalt(UserDetails userDetails, String salt) {
+    default boolean verifySalt(JwtUserDetails userDetails, String salt) {
         return true;
     }
 
@@ -29,7 +29,7 @@ default boolean verifySalt(UserDetails userDetails, String salt) {
      * @param userId
      * @return
      */
-    UserDetails loadUserByUserId(Long userId);
+    JwtUserDetails loadUserByUserId(Long userId);
 
 
 }