From 22c40f1e1dcc7b61c1d08f06dd28f9a152a5f956 Mon Sep 17 00:00:00 2001 From: MaxKey Date: Tue, 18 Jun 2024 10:18:34 +0800 Subject: [PATCH] spring-boot-security-oauth-client-sample --- integrations/readme.md | 2 +- .../.gitattributes | 2 + .../README.md | 89 +++++++++++++++++++ .../pom.xml | 83 +++++++++++++++++ .../SpringBootOauthClientApplication.java | 14 +++ .../config/ResourceServerConfiguration.java | 42 +++++++++ .../controller/ResourceController.java | 20 +++++ .../oauthclient/http/HttpsTrusts.java | 75 ++++++++++++++++ .../src/main/resources/application.yml | 22 +++++ .../src/main/resources/log4j.properties | 13 +++ 10 files changed, 361 insertions(+), 1 deletion(-) create mode 100644 integrations/spring-boot-security-oauth-client-sample/.gitattributes create mode 100644 integrations/spring-boot-security-oauth-client-sample/README.md create mode 100644 integrations/spring-boot-security-oauth-client-sample/pom.xml create mode 100644 integrations/spring-boot-security-oauth-client-sample/src/main/java/org/maxkey/springboot/oauthclient/SpringBootOauthClientApplication.java create mode 100644 integrations/spring-boot-security-oauth-client-sample/src/main/java/org/maxkey/springboot/oauthclient/config/ResourceServerConfiguration.java create mode 100644 integrations/spring-boot-security-oauth-client-sample/src/main/java/org/maxkey/springboot/oauthclient/controller/ResourceController.java create mode 100644 integrations/spring-boot-security-oauth-client-sample/src/main/java/org/maxkey/springboot/oauthclient/http/HttpsTrusts.java create mode 100644 integrations/spring-boot-security-oauth-client-sample/src/main/resources/application.yml create mode 100644 integrations/spring-boot-security-oauth-client-sample/src/main/resources/log4j.properties diff --git a/integrations/readme.md b/integrations/readme.md index 316309a66..a355d4bd1 100644 --- a/integrations/readme.md +++ b/integrations/readme.md @@ -7,7 +7,7 @@ | --------| :----- | | cas-springboot-demo | SpringBoot开发的CAS协议客户端集成的介绍 | | jeesite/5.2.1 | jeesite集成插件及使用介绍 | -| Spring-Security-Oauth2-SSO | Spring-Security-Oauth2-SSO| +| spring-boot-security-oauth-client-sample | spring-boot-security-oauth-client-sample| | *_* | *_* | diff --git a/integrations/spring-boot-security-oauth-client-sample/.gitattributes b/integrations/spring-boot-security-oauth-client-sample/.gitattributes new file mode 100644 index 000000000..dfe077042 --- /dev/null +++ b/integrations/spring-boot-security-oauth-client-sample/.gitattributes @@ -0,0 +1,2 @@ +# Auto detect text files and perform LF normalization +* text=auto diff --git a/integrations/spring-boot-security-oauth-client-sample/README.md b/integrations/spring-boot-security-oauth-client-sample/README.md new file mode 100644 index 000000000..59bf80758 --- /dev/null +++ b/integrations/spring-boot-security-oauth-client-sample/README.md @@ -0,0 +1,89 @@ +# spring-oauth-client-sample + +## spring-boot-security-oauth-client-sample + +### Application + +```java +@SpringBootApplication +public class SpringBootOauthClientApplication { + + public static void main(String[] args) { + SpringApplication.run(SpringBootOauthClientApplication.class, args); + } + +} +``` + +### application.yml + +```ini +# 授权服务地址 +maxkey-auth-url: http://sso.maxkey.top/sign + +security: + oauth2: + client: + client-id: 1000185112135991296 + client-secret: 8Nv7MTcwNjIwMjQyMDU5Mzg5MDU65R + scope: all + user-authorization-uri: ${maxkey-auth-url}/authz/oauth/v20/authorize + access-token-uri: ${maxkey-auth-url}/authz/oauth/v20/token + resource: + # 检查令牌 + #token-info-uri: ${maxkey-auth-url}/authz/oauth/v20/token + # 用户信息 + user-info-uri: ${maxkey-auth-url}/api/oauth/v20/me +``` + +### ResourceServerConfiguration + +```java +@Configuration +@EnableOAuth2Sso +public class ResourceServerConfiguration extends WebSecurityConfigurerAdapter { + Logger log = LoggerFactory.getLogger(ResourceServerConfiguration.class); + + @Value("${maxkey-auth-url}") + String maxkeyAuthUrl; + + @Value("${security.oauth2.client.user-authorization-uri}") + String userAuthorizationUri; + + @Value("${security.oauth2.client.access-token-uri}") + String accessTokenUri; + + @Value("${security.oauth2.resource.user-info-uri}") + String userInfoUri; + + @Override + public void configure(HttpSecurity http) throws Exception { + //http.antMatcher("/orgs/**").antMatcher("/userinfo").antMatcher("/login").authorizeRequests().anyRequest().authenticated(); + http.authorizeRequests().anyRequest().authenticated().and().csrf().disable(); + log.info("UserAuthorizationUri {}" ,userAuthorizationUri); + log.info("AccessTokenUri {}" ,accessTokenUri); + log.info("UserInfoUri {}" ,userInfoUri); + if(accessTokenUri.startsWith("https")) { + HttpsTrusts.beforeConnection(); + } + log.debug("ResourceServerConfiguration"); + + } +} +``` + +### ResourceController + +```java +@RestController +public class ResourceController { + Logger log = LoggerFactory.getLogger(ResourceController.class); + + @GetMapping("/") + public String index() { + Authentication authentication = SecurityContextHolder.getContext().getAuthentication(); + return authentication.getPrincipal().toString(); + } +} + +``` \ No newline at end of file diff --git a/integrations/spring-boot-security-oauth-client-sample/pom.xml b/integrations/spring-boot-security-oauth-client-sample/pom.xml new file mode 100644 index 000000000..257340487 --- /dev/null +++ b/integrations/spring-boot-security-oauth-client-sample/pom.xml @@ -0,0 +1,83 @@ + + + 4.0.0 + + org.springframework.boot + spring-boot-starter-parent + 2.3.6.RELEASE + + + org.maxkey.oauthclient + spring-boot-security-oauth-client-sample + 0.0.1-SNAPSHOT + boot-oauth-client + Demo project for spring-boot-security-oauth-client-sample + + + 1.8 + Finchley.SR1 + UTF-8 + UTF-8 + + + + + org.springframework.boot + spring-boot-starter + + + org.springframework.boot + spring-boot-starter-test + test + + + org.springframework.boot + spring-boot-starter + + + org.springframework.boot + spring-boot-starter-logging + + + + + + org.springframework.boot + spring-boot-starter-log4j + 1.3.8.RELEASE + + + + org.springframework.security.oauth.boot + spring-security-oauth2-autoconfigure + + + org.springframework.cloud + spring-cloud-starter-security + + + + + + + org.springframework.cloud + spring-cloud-dependencies + ${spring-cloud.version} + pom + import + + + + + + + + org.springframework.boot + spring-boot-maven-plugin + + + + + diff --git a/integrations/spring-boot-security-oauth-client-sample/src/main/java/org/maxkey/springboot/oauthclient/SpringBootOauthClientApplication.java b/integrations/spring-boot-security-oauth-client-sample/src/main/java/org/maxkey/springboot/oauthclient/SpringBootOauthClientApplication.java new file mode 100644 index 000000000..e57df5bc7 --- /dev/null +++ b/integrations/spring-boot-security-oauth-client-sample/src/main/java/org/maxkey/springboot/oauthclient/SpringBootOauthClientApplication.java @@ -0,0 +1,14 @@ +package org.maxkey.springboot.oauthclient; + +import org.springframework.boot.SpringApplication; +import org.springframework.boot.autoconfigure.SpringBootApplication; + +@SpringBootApplication +public class SpringBootOauthClientApplication { + + public static void main(String[] args) { + SpringApplication.run(SpringBootOauthClientApplication.class, args); + } + +} + diff --git a/integrations/spring-boot-security-oauth-client-sample/src/main/java/org/maxkey/springboot/oauthclient/config/ResourceServerConfiguration.java b/integrations/spring-boot-security-oauth-client-sample/src/main/java/org/maxkey/springboot/oauthclient/config/ResourceServerConfiguration.java new file mode 100644 index 000000000..62b657a41 --- /dev/null +++ b/integrations/spring-boot-security-oauth-client-sample/src/main/java/org/maxkey/springboot/oauthclient/config/ResourceServerConfiguration.java @@ -0,0 +1,42 @@ +package org.maxkey.springboot.oauthclient.config; + +import org.maxkey.springboot.oauthclient.http.HttpsTrusts; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Value; +import org.springframework.boot.autoconfigure.security.oauth2.client.EnableOAuth2Sso; +import org.springframework.context.annotation.Configuration; +import org.springframework.security.config.annotation.web.builders.HttpSecurity; +import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; + +@Configuration +@EnableOAuth2Sso +public class ResourceServerConfiguration extends WebSecurityConfigurerAdapter { + Logger log = LoggerFactory.getLogger(ResourceServerConfiguration.class); + + @Value("${maxkey-auth-url}") + String maxkeyAuthUrl; + + @Value("${security.oauth2.client.user-authorization-uri}") + String userAuthorizationUri; + + @Value("${security.oauth2.client.access-token-uri}") + String accessTokenUri; + + @Value("${security.oauth2.resource.user-info-uri}") + String userInfoUri; + + @Override + public void configure(HttpSecurity http) throws Exception { + //http.antMatcher("/orgs/**").antMatcher("/userinfo").antMatcher("/login").authorizeRequests().anyRequest().authenticated(); + http.authorizeRequests().anyRequest().authenticated().and().csrf().disable(); + log.info("UserAuthorizationUri {}" ,userAuthorizationUri); + log.info("AccessTokenUri {}" ,accessTokenUri); + log.info("UserInfoUri {}" ,userInfoUri); + if(accessTokenUri.startsWith("https")) { + HttpsTrusts.beforeConnection(); + } + log.debug("ResourceServerConfiguration"); + + } +} diff --git a/integrations/spring-boot-security-oauth-client-sample/src/main/java/org/maxkey/springboot/oauthclient/controller/ResourceController.java b/integrations/spring-boot-security-oauth-client-sample/src/main/java/org/maxkey/springboot/oauthclient/controller/ResourceController.java new file mode 100644 index 000000000..c717cc5bc --- /dev/null +++ b/integrations/spring-boot-security-oauth-client-sample/src/main/java/org/maxkey/springboot/oauthclient/controller/ResourceController.java @@ -0,0 +1,20 @@ +package org.maxkey.springboot.oauthclient.controller; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.security.core.Authentication; +import org.springframework.security.core.context.SecurityContextHolder; +import org.springframework.web.bind.annotation.GetMapping; +import org.springframework.web.bind.annotation.RestController; + + +@RestController +public class ResourceController { + Logger log = LoggerFactory.getLogger(ResourceController.class); + + @GetMapping("/") + public String index() { + Authentication authentication = SecurityContextHolder.getContext().getAuthentication(); + return authentication.getPrincipal().toString(); + } +} diff --git a/integrations/spring-boot-security-oauth-client-sample/src/main/java/org/maxkey/springboot/oauthclient/http/HttpsTrusts.java b/integrations/spring-boot-security-oauth-client-sample/src/main/java/org/maxkey/springboot/oauthclient/http/HttpsTrusts.java new file mode 100644 index 000000000..00023810a --- /dev/null +++ b/integrations/spring-boot-security-oauth-client-sample/src/main/java/org/maxkey/springboot/oauthclient/http/HttpsTrusts.java @@ -0,0 +1,75 @@ +/* + * Copyright [2020] [MaxKey of copyright http://www.maxkey.top] + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + + +package org.maxkey.springboot.oauthclient.http; + +import javax.net.ssl.HostnameVerifier; +import javax.net.ssl.HttpsURLConnection; +import javax.net.ssl.SSLSession; + +public class HttpsTrusts { + + private static void trustAllHttpsCertificates() throws Exception { + javax.net.ssl.TrustManager[] trustAllCerts = new javax.net.ssl.TrustManager[1]; + javax.net.ssl.TrustManager tm = new HttpsTrustsTM(); + trustAllCerts[0] = tm; + javax.net.ssl.SSLContext sc = javax.net.ssl.SSLContext.getInstance("SSL"); + sc.init(null, trustAllCerts, null); + javax.net.ssl.HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory()); + } + /* + * https ssl auto trust + */ + public static void beforeConnection() { + try { + trustAllHttpsCertificates(); + HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() { + public boolean verify(String urlHostName, SSLSession session) { + System.out.println("Warning: URL Host: " + urlHostName + " vs. " + session.getPeerHost()); + return true; + } + }); + } catch(Exception e) { + e.printStackTrace(); + } + } + + static class HttpsTrustsTM implements javax.net.ssl.TrustManager,javax.net.ssl.X509TrustManager { + public java.security.cert.X509Certificate[] getAcceptedIssuers() { + return null; + } + + public boolean isServerTrusted(java.security.cert.X509Certificate[] certs) { + return true; + } + + public boolean isClientTrusted(java.security.cert.X509Certificate[] certs) { + return true; + } + + public void checkServerTrusted(java.security.cert.X509Certificate[] certs, String authType) + throws java.security.cert.CertificateException { + return; + } + + public void checkClientTrusted(java.security.cert.X509Certificate[] certs, String authType) + throws java.security.cert.CertificateException { + return; + } + } + +} diff --git a/integrations/spring-boot-security-oauth-client-sample/src/main/resources/application.yml b/integrations/spring-boot-security-oauth-client-sample/src/main/resources/application.yml new file mode 100644 index 000000000..1de2d37f9 --- /dev/null +++ b/integrations/spring-boot-security-oauth-client-sample/src/main/resources/application.yml @@ -0,0 +1,22 @@ +server: + port: 9001 +# 授权服务地址 +maxkey-auth-url: http://sso.maxkey.top/sign + +security: + oauth2: + client: + client-id: 1000185112135991296 + client-secret: 8Nv7MTcwNjIwMjQyMDU5Mzg5MDU65R + scope: all + user-authorization-uri: ${maxkey-auth-url}/authz/oauth/v20/authorize + access-token-uri: ${maxkey-auth-url}/authz/oauth/v20/token + resource: + # 检查令牌 + #token-info-uri: ${maxkey-auth-url}/authz/oauth/v20/token + # 用户信息 + user-info-uri: ${maxkey-auth-url}/api/oauth/v20/me + +spring: + main: + allow-bean-definition-overriding: true \ No newline at end of file diff --git a/integrations/spring-boot-security-oauth-client-sample/src/main/resources/log4j.properties b/integrations/spring-boot-security-oauth-client-sample/src/main/resources/log4j.properties new file mode 100644 index 000000000..7c350e043 --- /dev/null +++ b/integrations/spring-boot-security-oauth-client-sample/src/main/resources/log4j.properties @@ -0,0 +1,13 @@ +log4j.rootLogger=info,Console,File +log4j.appender.Console=org.apache.log4j.ConsoleAppender +log4j.appender.Console.Target=System.out +log4j.appender.Console.layout = org.apache.log4j.PatternLayout +log4j.appender.Console.layout.ConversionPattern=[%p] [%d{yyyy-MM-dd HH\:mm\:ss}][%c - %L]%m%n + +log4j.appender.File = org.apache.log4j.RollingFileAppender +log4j.appender.File.File = logs/info.log +log4j.appender.File.MaxFileSize = 10MB + +log4j.appender.File.Threshold = ALL +log4j.appender.File.layout = org.apache.log4j.PatternLayout +log4j.appender.File.layout.ConversionPattern =[%p] [%d{yyyy-MM-dd HH\:mm\:ss}][%c - %L]%m%n \ No newline at end of file