From a54c8e385a9a8417e9f21b46add16e6cbd318ffe Mon Sep 17 00:00:00 2001
From: xlorne <1991wangliang@gmail.com>
Date: Thu, 28 Mar 2024 14:19:14 +0800
Subject: [PATCH 1/8] add #40
---
pom.xml | 10 ++--
springboot-starter-data-fast/pom.xml | 2 +-
.../crypto/MyCryptoConfiguration.java | 23 ---------
.../pom.xml | 8 +--
.../security/AutoConfiguration.java | 51 ++++++++-----------
.../configurer/HttpSecurityConfigurer.java | 12 ++---
.../configurer/WebSecurityConfigurer.java | 4 +-
.../controller/VersionController.java | 0
.../security/dto/request/LoginRequest.java | 0
.../dto/request/LoginRequestContext.java | 0
.../security/dto/response/LoginResponse.java | 0
.../exception/TokenExpiredException.java | 0
.../filter/AuthenticationTokenFilter.java | 0
.../filter/MyAccessDeniedHandler.java | 0
.../filter/MyAuthenticationFilter.java | 18 +++----
.../security/filter/MyLoginFilter.java | 16 +++---
.../security/filter/MyLogoutHandler.java | 0
.../filter/MyLogoutSuccessHandler.java | 0
.../filter/MyUnAuthenticationEntryPoint.java | 0
.../security/filter/SecurityLoginHandler.java | 2 +-
.../springboot/security/gateway}/Token.java | 4 +-
.../security/gateway}/TokenContext.java | 2 +-
.../security/gateway/TokenGateway.java | 11 ++++
.../jwt/JWTSecurityConfiguration.java | 39 ++++++++++++++
.../security/jwt/JWTTokenGatewayImpl.java | 25 +++++++++
.../springboot/security/jwt/Jwt.java | 3 +-
.../springboot/security/jwt}/MyAES.java | 2 +-
.../security/jwt/SecurityJWTProperties.java | 46 +++++++++++++++++
.../CodingApiSecurityProperties.java | 32 +-----------
.../main/resources/META-INF/spring.factories | 2 +-
...ot.autoconfigure.AutoConfiguration.imports | 2 +-
.../security/SecurityJwtApplication.java | 0
.../security/SecurityJwtApplicationTest.java | 0
.../security/controller/DemoController.java | 0
.../springboot/security/jwt/TestVO.java | 0
.../springboot/security/jwt/TokenTest.java | 1 +
.../src/test/resources/application.properties | 10 ++--
springboot-starter/pom.xml | 2 +-
38 files changed, 195 insertions(+), 132 deletions(-)
delete mode 100644 springboot-starter-security-jwt/src/main/java/com/codingapi/springboot/security/crypto/MyCryptoConfiguration.java
rename {springboot-starter-security-jwt => springboot-starter-security}/pom.xml (86%)
rename {springboot-starter-security-jwt => springboot-starter-security}/src/main/java/com/codingapi/springboot/security/AutoConfiguration.java (79%)
rename {springboot-starter-security-jwt => springboot-starter-security}/src/main/java/com/codingapi/springboot/security/configurer/HttpSecurityConfigurer.java (67%)
rename {springboot-starter-security-jwt => springboot-starter-security}/src/main/java/com/codingapi/springboot/security/configurer/WebSecurityConfigurer.java (80%)
rename {springboot-starter-security-jwt => springboot-starter-security}/src/main/java/com/codingapi/springboot/security/controller/VersionController.java (100%)
rename {springboot-starter-security-jwt => springboot-starter-security}/src/main/java/com/codingapi/springboot/security/dto/request/LoginRequest.java (100%)
rename {springboot-starter-security-jwt => springboot-starter-security}/src/main/java/com/codingapi/springboot/security/dto/request/LoginRequestContext.java (100%)
rename {springboot-starter-security-jwt => springboot-starter-security}/src/main/java/com/codingapi/springboot/security/dto/response/LoginResponse.java (100%)
rename {springboot-starter-security-jwt => springboot-starter-security}/src/main/java/com/codingapi/springboot/security/exception/TokenExpiredException.java (100%)
rename {springboot-starter-security-jwt => springboot-starter-security}/src/main/java/com/codingapi/springboot/security/filter/AuthenticationTokenFilter.java (100%)
rename {springboot-starter-security-jwt => springboot-starter-security}/src/main/java/com/codingapi/springboot/security/filter/MyAccessDeniedHandler.java (100%)
rename {springboot-starter-security-jwt => springboot-starter-security}/src/main/java/com/codingapi/springboot/security/filter/MyAuthenticationFilter.java (81%)
rename {springboot-starter-security-jwt => springboot-starter-security}/src/main/java/com/codingapi/springboot/security/filter/MyLoginFilter.java (88%)
rename {springboot-starter-security-jwt => springboot-starter-security}/src/main/java/com/codingapi/springboot/security/filter/MyLogoutHandler.java (100%)
rename {springboot-starter-security-jwt => springboot-starter-security}/src/main/java/com/codingapi/springboot/security/filter/MyLogoutSuccessHandler.java (100%)
rename {springboot-starter-security-jwt => springboot-starter-security}/src/main/java/com/codingapi/springboot/security/filter/MyUnAuthenticationEntryPoint.java (100%)
rename {springboot-starter-security-jwt => springboot-starter-security}/src/main/java/com/codingapi/springboot/security/filter/SecurityLoginHandler.java (89%)
rename {springboot-starter-security-jwt/src/main/java/com/codingapi/springboot/security/jwt => springboot-starter-security/src/main/java/com/codingapi/springboot/security/gateway}/Token.java (95%)
rename {springboot-starter-security-jwt/src/main/java/com/codingapi/springboot/security/jwt => springboot-starter-security/src/main/java/com/codingapi/springboot/security/gateway}/TokenContext.java (91%)
create mode 100644 springboot-starter-security/src/main/java/com/codingapi/springboot/security/gateway/TokenGateway.java
create mode 100644 springboot-starter-security/src/main/java/com/codingapi/springboot/security/jwt/JWTSecurityConfiguration.java
create mode 100644 springboot-starter-security/src/main/java/com/codingapi/springboot/security/jwt/JWTTokenGatewayImpl.java
rename {springboot-starter-security-jwt => springboot-starter-security}/src/main/java/com/codingapi/springboot/security/jwt/Jwt.java (96%)
rename {springboot-starter-security-jwt/src/main/java/com/codingapi/springboot/security/crypto => springboot-starter-security/src/main/java/com/codingapi/springboot/security/jwt}/MyAES.java (94%)
create mode 100644 springboot-starter-security/src/main/java/com/codingapi/springboot/security/jwt/SecurityJWTProperties.java
rename springboot-starter-security-jwt/src/main/java/com/codingapi/springboot/security/properties/SecurityJwtProperties.java => springboot-starter-security/src/main/java/com/codingapi/springboot/security/properties/CodingApiSecurityProperties.java (56%)
rename {springboot-starter-security-jwt => springboot-starter-security}/src/main/resources/META-INF/spring.factories (74%)
rename {springboot-starter-security-jwt => springboot-starter-security}/src/main/resources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports (65%)
rename {springboot-starter-security-jwt => springboot-starter-security}/src/test/java/com/codingapi/springboot/security/SecurityJwtApplication.java (100%)
rename {springboot-starter-security-jwt => springboot-starter-security}/src/test/java/com/codingapi/springboot/security/SecurityJwtApplicationTest.java (100%)
rename {springboot-starter-security-jwt => springboot-starter-security}/src/test/java/com/codingapi/springboot/security/controller/DemoController.java (100%)
rename {springboot-starter-security-jwt => springboot-starter-security}/src/test/java/com/codingapi/springboot/security/jwt/TestVO.java (100%)
rename {springboot-starter-security-jwt => springboot-starter-security}/src/test/java/com/codingapi/springboot/security/jwt/TokenTest.java (97%)
rename {springboot-starter-security-jwt => springboot-starter-security}/src/test/resources/application.properties (72%)
diff --git a/pom.xml b/pom.xml
index 0b05f8e4..6c79c3d5 100644
--- a/pom.xml
+++ b/pom.xml
@@ -12,7 +12,7 @@
com.codingapi.springboot
springboot-parent
- 3.1.10
+ 3.2.0.dev
https://github.com/codingapi/springboot-framewrok
springboot-parent
@@ -145,7 +145,7 @@
com.codingapi.springboot
- springboot-starter-security-jwt
+ springboot-starter-security
${codingapi.framework.version}
@@ -251,7 +251,7 @@
springboot-starter
- springboot-starter-security-jwt
+ springboot-starter-security
springboot-starter-data-fast
@@ -262,7 +262,7 @@
springboot-starter
- springboot-starter-security-jwt
+ springboot-starter-security
springboot-starter-data-fast
@@ -311,7 +311,7 @@
springboot-starter
- springboot-starter-security-jwt
+ springboot-starter-security
springboot-starter-data-fast
diff --git a/springboot-starter-data-fast/pom.xml b/springboot-starter-data-fast/pom.xml
index 1026a173..7d4f55d7 100644
--- a/springboot-starter-data-fast/pom.xml
+++ b/springboot-starter-data-fast/pom.xml
@@ -5,7 +5,7 @@
springboot-parent
com.codingapi.springboot
- 3.1.10
+ 3.2.0.dev
4.0.0
diff --git a/springboot-starter-security-jwt/src/main/java/com/codingapi/springboot/security/crypto/MyCryptoConfiguration.java b/springboot-starter-security-jwt/src/main/java/com/codingapi/springboot/security/crypto/MyCryptoConfiguration.java
deleted file mode 100644
index 0d4b2bd4..00000000
--- a/springboot-starter-security-jwt/src/main/java/com/codingapi/springboot/security/crypto/MyCryptoConfiguration.java
+++ /dev/null
@@ -1,23 +0,0 @@
-package com.codingapi.springboot.security.crypto;
-
-import com.codingapi.springboot.framework.crypto.AES;
-import com.codingapi.springboot.security.properties.SecurityJwtProperties;
-import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
-import org.springframework.context.annotation.Bean;
-import org.springframework.context.annotation.Configuration;
-
-import java.util.Base64;
-
-@Configuration
-public class MyCryptoConfiguration {
-
- @Bean
- @ConditionalOnMissingBean
- public AES aes(SecurityJwtProperties properties) throws Exception {
- AES aes = new AES(Base64.getDecoder().decode(properties.getAseKey().getBytes()),
- Base64.getDecoder().decode(properties.getAseIv()));
- MyAES.getInstance().init(aes);
- return aes;
- }
-
-}
diff --git a/springboot-starter-security-jwt/pom.xml b/springboot-starter-security/pom.xml
similarity index 86%
rename from springboot-starter-security-jwt/pom.xml
rename to springboot-starter-security/pom.xml
index 9fb6e94f..1907acd0 100644
--- a/springboot-starter-security-jwt/pom.xml
+++ b/springboot-starter-security/pom.xml
@@ -6,13 +6,13 @@
springboot-parent
com.codingapi.springboot
- 3.1.10
+ 3.2.0.dev
- springboot-starter-security-jwt
+ springboot-starter-security
- springboot-starter-security-jwt
- springboot-starter-security-jwt project for Spring Boot
+ springboot-starter-security
+ springboot-starter-security project for Spring Boot
17
diff --git a/springboot-starter-security-jwt/src/main/java/com/codingapi/springboot/security/AutoConfiguration.java b/springboot-starter-security/src/main/java/com/codingapi/springboot/security/AutoConfiguration.java
similarity index 79%
rename from springboot-starter-security-jwt/src/main/java/com/codingapi/springboot/security/AutoConfiguration.java
rename to springboot-starter-security/src/main/java/com/codingapi/springboot/security/AutoConfiguration.java
index 35d4c1a6..a3e37064 100644
--- a/springboot-starter-security-jwt/src/main/java/com/codingapi/springboot/security/AutoConfiguration.java
+++ b/springboot-starter-security/src/main/java/com/codingapi/springboot/security/AutoConfiguration.java
@@ -4,9 +4,9 @@
import com.codingapi.springboot.security.controller.VersionController;
import com.codingapi.springboot.security.dto.request.LoginRequest;
import com.codingapi.springboot.security.filter.*;
-import com.codingapi.springboot.security.jwt.Jwt;
-import com.codingapi.springboot.security.jwt.Token;
-import com.codingapi.springboot.security.properties.SecurityJwtProperties;
+import com.codingapi.springboot.security.gateway.Token;
+import com.codingapi.springboot.security.gateway.TokenGateway;
+import com.codingapi.springboot.security.properties.CodingApiSecurityProperties;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
@@ -60,23 +60,23 @@ public PasswordEncoder passwordEncoder() {
@Bean
@ConditionalOnMissingBean
- public SecurityLoginHandler securityLoginHandler(){
- return new SecurityLoginHandler() {
- @Override
- public void preHandle(HttpServletRequest request, HttpServletResponse response, LoginRequest handler) throws Exception {
+ public SecurityLoginHandler securityLoginHandler() {
+ return new SecurityLoginHandler() {
+ @Override
+ public void preHandle(HttpServletRequest request, HttpServletResponse response, LoginRequest handler) throws Exception {
- }
+ }
- @Override
- public void postHandle(HttpServletRequest request, HttpServletResponse response, LoginRequest handler, Token token) {
+ @Override
+ public void postHandle(HttpServletRequest request, HttpServletResponse response, LoginRequest handler, Token token) {
- }
- };
+ }
+ };
}
@Bean
@ConditionalOnMissingBean
- public AuthenticationTokenFilter authenticationTokenFilter(){
+ public AuthenticationTokenFilter authenticationTokenFilter() {
return (request, response, chain) -> {
};
@@ -85,17 +85,17 @@ public AuthenticationTokenFilter authenticationTokenFilter(){
@Bean
@ConditionalOnMissingBean
- public SecurityFilterChain filterChain(HttpSecurity security, Jwt jwt,SecurityLoginHandler loginHandler,
- SecurityJwtProperties properties,AuthenticationTokenFilter authenticationTokenFilter) throws Exception {
+ public SecurityFilterChain filterChain(HttpSecurity security, TokenGateway tokenGateway, SecurityLoginHandler loginHandler,
+ CodingApiSecurityProperties properties, AuthenticationTokenFilter authenticationTokenFilter) throws Exception {
//disable basic auth
security.httpBasic().disable();
//before add addCorsMappings to enable cors.
security.cors();
- if(properties.isDisableCsrf() ){
+ if (properties.isDisableCsrf()) {
security.csrf().disable();
}
- security.apply(new HttpSecurityConfigurer(jwt,loginHandler,properties,authenticationTokenFilter));
+ security.apply(new HttpSecurityConfigurer(tokenGateway, loginHandler, properties, authenticationTokenFilter));
security
.exceptionHandling()
.authenticationEntryPoint(new MyUnAuthenticationEntryPoint())
@@ -135,18 +135,11 @@ public AuthenticationProvider authenticationProvider(UserDetailsService userDeta
@Bean
- @ConditionalOnMissingBean
- public Jwt jwt(SecurityJwtProperties properties) {
- return new Jwt(properties.getJwtSecretKey(), properties.getJwtTime(), properties.getJwtRestTime());
- }
-
-
- @Bean
- public WebMvcConfigurer corsConfigurer(SecurityJwtProperties securityJwtProperties) {
+ public WebMvcConfigurer corsConfigurer(CodingApiSecurityProperties securityJwtProperties) {
return new WebMvcConfigurer() {
@Override
public void addCorsMappings(CorsRegistry registry) {
- if(securityJwtProperties.isDisableCors()) {
+ if (securityJwtProperties.isDisableCors()) {
registry.addMapping("/**")
.allowedHeaders("*")
.allowedMethods("*")
@@ -163,14 +156,14 @@ public void addCorsMappings(CorsRegistry registry) {
@Bean
@ConfigurationProperties(prefix = "codingapi.security")
- public SecurityJwtProperties securityJwtProperties() {
- return new SecurityJwtProperties();
+ public CodingApiSecurityProperties codingApiSecurityProperties() {
+ return new CodingApiSecurityProperties();
}
@Bean
@ConditionalOnMissingBean
- public VersionController versionController(Environment environment){
+ public VersionController versionController(Environment environment) {
return new VersionController(environment);
}
diff --git a/springboot-starter-security-jwt/src/main/java/com/codingapi/springboot/security/configurer/HttpSecurityConfigurer.java b/springboot-starter-security/src/main/java/com/codingapi/springboot/security/configurer/HttpSecurityConfigurer.java
similarity index 67%
rename from springboot-starter-security-jwt/src/main/java/com/codingapi/springboot/security/configurer/HttpSecurityConfigurer.java
rename to springboot-starter-security/src/main/java/com/codingapi/springboot/security/configurer/HttpSecurityConfigurer.java
index c95ec34e..c56fd5fc 100644
--- a/springboot-starter-security-jwt/src/main/java/com/codingapi/springboot/security/configurer/HttpSecurityConfigurer.java
+++ b/springboot-starter-security/src/main/java/com/codingapi/springboot/security/configurer/HttpSecurityConfigurer.java
@@ -4,8 +4,8 @@
import com.codingapi.springboot.security.filter.MyAuthenticationFilter;
import com.codingapi.springboot.security.filter.MyLoginFilter;
import com.codingapi.springboot.security.filter.SecurityLoginHandler;
-import com.codingapi.springboot.security.jwt.Jwt;
-import com.codingapi.springboot.security.properties.SecurityJwtProperties;
+import com.codingapi.springboot.security.gateway.TokenGateway;
+import com.codingapi.springboot.security.properties.CodingApiSecurityProperties;
import lombok.AllArgsConstructor;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
@@ -14,16 +14,16 @@
@AllArgsConstructor
public class HttpSecurityConfigurer extends AbstractHttpConfigurer {
- private final Jwt jwt;
+ private final TokenGateway tokenGateway;
private final SecurityLoginHandler securityLoginHandler;
- private final SecurityJwtProperties securityJwtProperties;
+ private final CodingApiSecurityProperties securityJwtProperties;
private final AuthenticationTokenFilter authenticationTokenFilter;
@Override
public void configure(HttpSecurity security) throws Exception {
AuthenticationManager manager = security.getSharedObject(AuthenticationManager.class);
- security.addFilter(new MyLoginFilter(manager, jwt,securityLoginHandler, securityJwtProperties));
- security.addFilter(new MyAuthenticationFilter(manager,securityJwtProperties,jwt,authenticationTokenFilter));
+ security.addFilter(new MyLoginFilter(manager, tokenGateway, securityLoginHandler, securityJwtProperties));
+ security.addFilter(new MyAuthenticationFilter(manager, securityJwtProperties, tokenGateway, authenticationTokenFilter));
}
}
diff --git a/springboot-starter-security-jwt/src/main/java/com/codingapi/springboot/security/configurer/WebSecurityConfigurer.java b/springboot-starter-security/src/main/java/com/codingapi/springboot/security/configurer/WebSecurityConfigurer.java
similarity index 80%
rename from springboot-starter-security-jwt/src/main/java/com/codingapi/springboot/security/configurer/WebSecurityConfigurer.java
rename to springboot-starter-security/src/main/java/com/codingapi/springboot/security/configurer/WebSecurityConfigurer.java
index 7e5f3e75..369ad328 100644
--- a/springboot-starter-security-jwt/src/main/java/com/codingapi/springboot/security/configurer/WebSecurityConfigurer.java
+++ b/springboot-starter-security/src/main/java/com/codingapi/springboot/security/configurer/WebSecurityConfigurer.java
@@ -1,6 +1,6 @@
package com.codingapi.springboot.security.configurer;
-import com.codingapi.springboot.security.properties.SecurityJwtProperties;
+import com.codingapi.springboot.security.properties.CodingApiSecurityProperties;
import lombok.AllArgsConstructor;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
@@ -10,7 +10,7 @@
@AllArgsConstructor
public class WebSecurityConfigurer implements WebSecurityCustomizer {
- private final SecurityJwtProperties securityJwtProperties;
+ private final CodingApiSecurityProperties securityJwtProperties;
@Override
public void customize(WebSecurity web) {
diff --git a/springboot-starter-security-jwt/src/main/java/com/codingapi/springboot/security/controller/VersionController.java b/springboot-starter-security/src/main/java/com/codingapi/springboot/security/controller/VersionController.java
similarity index 100%
rename from springboot-starter-security-jwt/src/main/java/com/codingapi/springboot/security/controller/VersionController.java
rename to springboot-starter-security/src/main/java/com/codingapi/springboot/security/controller/VersionController.java
diff --git a/springboot-starter-security-jwt/src/main/java/com/codingapi/springboot/security/dto/request/LoginRequest.java b/springboot-starter-security/src/main/java/com/codingapi/springboot/security/dto/request/LoginRequest.java
similarity index 100%
rename from springboot-starter-security-jwt/src/main/java/com/codingapi/springboot/security/dto/request/LoginRequest.java
rename to springboot-starter-security/src/main/java/com/codingapi/springboot/security/dto/request/LoginRequest.java
diff --git a/springboot-starter-security-jwt/src/main/java/com/codingapi/springboot/security/dto/request/LoginRequestContext.java b/springboot-starter-security/src/main/java/com/codingapi/springboot/security/dto/request/LoginRequestContext.java
similarity index 100%
rename from springboot-starter-security-jwt/src/main/java/com/codingapi/springboot/security/dto/request/LoginRequestContext.java
rename to springboot-starter-security/src/main/java/com/codingapi/springboot/security/dto/request/LoginRequestContext.java
diff --git a/springboot-starter-security-jwt/src/main/java/com/codingapi/springboot/security/dto/response/LoginResponse.java b/springboot-starter-security/src/main/java/com/codingapi/springboot/security/dto/response/LoginResponse.java
similarity index 100%
rename from springboot-starter-security-jwt/src/main/java/com/codingapi/springboot/security/dto/response/LoginResponse.java
rename to springboot-starter-security/src/main/java/com/codingapi/springboot/security/dto/response/LoginResponse.java
diff --git a/springboot-starter-security-jwt/src/main/java/com/codingapi/springboot/security/exception/TokenExpiredException.java b/springboot-starter-security/src/main/java/com/codingapi/springboot/security/exception/TokenExpiredException.java
similarity index 100%
rename from springboot-starter-security-jwt/src/main/java/com/codingapi/springboot/security/exception/TokenExpiredException.java
rename to springboot-starter-security/src/main/java/com/codingapi/springboot/security/exception/TokenExpiredException.java
diff --git a/springboot-starter-security-jwt/src/main/java/com/codingapi/springboot/security/filter/AuthenticationTokenFilter.java b/springboot-starter-security/src/main/java/com/codingapi/springboot/security/filter/AuthenticationTokenFilter.java
similarity index 100%
rename from springboot-starter-security-jwt/src/main/java/com/codingapi/springboot/security/filter/AuthenticationTokenFilter.java
rename to springboot-starter-security/src/main/java/com/codingapi/springboot/security/filter/AuthenticationTokenFilter.java
diff --git a/springboot-starter-security-jwt/src/main/java/com/codingapi/springboot/security/filter/MyAccessDeniedHandler.java b/springboot-starter-security/src/main/java/com/codingapi/springboot/security/filter/MyAccessDeniedHandler.java
similarity index 100%
rename from springboot-starter-security-jwt/src/main/java/com/codingapi/springboot/security/filter/MyAccessDeniedHandler.java
rename to springboot-starter-security/src/main/java/com/codingapi/springboot/security/filter/MyAccessDeniedHandler.java
diff --git a/springboot-starter-security-jwt/src/main/java/com/codingapi/springboot/security/filter/MyAuthenticationFilter.java b/springboot-starter-security/src/main/java/com/codingapi/springboot/security/filter/MyAuthenticationFilter.java
similarity index 81%
rename from springboot-starter-security-jwt/src/main/java/com/codingapi/springboot/security/filter/MyAuthenticationFilter.java
rename to springboot-starter-security/src/main/java/com/codingapi/springboot/security/filter/MyAuthenticationFilter.java
index e00964b3..cfad8d90 100644
--- a/springboot-starter-security-jwt/src/main/java/com/codingapi/springboot/security/filter/MyAuthenticationFilter.java
+++ b/springboot-starter-security/src/main/java/com/codingapi/springboot/security/filter/MyAuthenticationFilter.java
@@ -3,9 +3,9 @@
import com.alibaba.fastjson.JSONObject;
import com.codingapi.springboot.framework.dto.response.Response;
import com.codingapi.springboot.security.exception.TokenExpiredException;
-import com.codingapi.springboot.security.jwt.Jwt;
-import com.codingapi.springboot.security.jwt.Token;
-import com.codingapi.springboot.security.properties.SecurityJwtProperties;
+import com.codingapi.springboot.security.gateway.TokenGateway;
+import com.codingapi.springboot.security.gateway.Token;
+import com.codingapi.springboot.security.properties.CodingApiSecurityProperties;
import jakarta.servlet.FilterChain;
import jakarta.servlet.ServletException;
import jakarta.servlet.http.HttpServletRequest;
@@ -26,16 +26,16 @@ public class MyAuthenticationFilter extends BasicAuthenticationFilter {
private final static String TOKEN_KEY = "Authorization";
- private final Jwt jwt;
+ private final TokenGateway tokenGateway;
- private final SecurityJwtProperties securityJwtProperties;
+ private final CodingApiSecurityProperties securityJwtProperties;
private final AuthenticationTokenFilter authenticationTokenFilter;
private final AntPathMatcher antPathMatcher = new AntPathMatcher();
- public MyAuthenticationFilter(AuthenticationManager manager, SecurityJwtProperties securityJwtProperties, Jwt jwt,AuthenticationTokenFilter authenticationTokenFilter) {
+ public MyAuthenticationFilter(AuthenticationManager manager, CodingApiSecurityProperties securityJwtProperties, TokenGateway tokenGateway, AuthenticationTokenFilter authenticationTokenFilter) {
super(manager);
- this.jwt = jwt;
+ this.tokenGateway = tokenGateway;
this.securityJwtProperties = securityJwtProperties;
this.authenticationTokenFilter = authenticationTokenFilter;
}
@@ -53,9 +53,9 @@ protected void doFilterInternal(HttpServletRequest request, HttpServletResponse
return;
}
- Token token = jwt.parser(sign);
+ Token token = tokenGateway.parser(sign);
if (token.canRestToken()) {
- Token newSign = jwt.create(token.getUsername(), token.decodeIv(), token.getAuthorities(), token.getExtra());
+ Token newSign = tokenGateway.create(token.getUsername(), token.decodeIv(), token.getAuthorities(), token.getExtra());
log.info("reset token ");
response.setHeader(TOKEN_KEY, newSign.getToken());
}
diff --git a/springboot-starter-security-jwt/src/main/java/com/codingapi/springboot/security/filter/MyLoginFilter.java b/springboot-starter-security/src/main/java/com/codingapi/springboot/security/filter/MyLoginFilter.java
similarity index 88%
rename from springboot-starter-security-jwt/src/main/java/com/codingapi/springboot/security/filter/MyLoginFilter.java
rename to springboot-starter-security/src/main/java/com/codingapi/springboot/security/filter/MyLoginFilter.java
index eb7e02ab..962aca1c 100644
--- a/springboot-starter-security-jwt/src/main/java/com/codingapi/springboot/security/filter/MyLoginFilter.java
+++ b/springboot-starter-security/src/main/java/com/codingapi/springboot/security/filter/MyLoginFilter.java
@@ -6,10 +6,10 @@
import com.codingapi.springboot.security.dto.request.LoginRequest;
import com.codingapi.springboot.security.dto.request.LoginRequestContext;
import com.codingapi.springboot.security.dto.response.LoginResponse;
-import com.codingapi.springboot.security.jwt.Jwt;
-import com.codingapi.springboot.security.jwt.Token;
-import com.codingapi.springboot.security.jwt.TokenContext;
-import com.codingapi.springboot.security.properties.SecurityJwtProperties;
+import com.codingapi.springboot.security.gateway.TokenGateway;
+import com.codingapi.springboot.security.gateway.Token;
+import com.codingapi.springboot.security.gateway.TokenContext;
+import com.codingapi.springboot.security.properties.CodingApiSecurityProperties;
import lombok.extern.slf4j.Slf4j;
import org.apache.commons.io.IOUtils;
import org.springframework.security.authentication.AuthenticationManager;
@@ -33,13 +33,13 @@
@Slf4j
public class MyLoginFilter extends UsernamePasswordAuthenticationFilter {
- private final Jwt jwt;
+ private final TokenGateway tokenGateway;
private final SecurityLoginHandler loginHandler;
- public MyLoginFilter(AuthenticationManager authenticationManager, Jwt jwt, SecurityLoginHandler loginHandler, SecurityJwtProperties securityJwtProperties) {
+ public MyLoginFilter(AuthenticationManager authenticationManager, TokenGateway tokenGateway, SecurityLoginHandler loginHandler, CodingApiSecurityProperties securityJwtProperties) {
super(authenticationManager);
- this.jwt = jwt;
+ this.tokenGateway = tokenGateway;
this.loginHandler = loginHandler;
this.setRequiresAuthenticationRequestMatcher(new AntPathRequestMatcher(securityJwtProperties.getLoginProcessingUrl(), "POST"));
}
@@ -72,7 +72,7 @@ protected void successfulAuthentication(HttpServletRequest request, HttpServletR
User user = (User) authResult.getPrincipal();
LoginRequest loginRequest = LoginRequestContext.getInstance().get();
- Token token = jwt.create(user.getUsername(), loginRequest.getPassword(),
+ Token token = tokenGateway.create(user.getUsername(), loginRequest.getPassword(),
user.getAuthorities().stream().map(GrantedAuthority::getAuthority).collect(Collectors.toList()),
TokenContext.getExtra());
diff --git a/springboot-starter-security-jwt/src/main/java/com/codingapi/springboot/security/filter/MyLogoutHandler.java b/springboot-starter-security/src/main/java/com/codingapi/springboot/security/filter/MyLogoutHandler.java
similarity index 100%
rename from springboot-starter-security-jwt/src/main/java/com/codingapi/springboot/security/filter/MyLogoutHandler.java
rename to springboot-starter-security/src/main/java/com/codingapi/springboot/security/filter/MyLogoutHandler.java
diff --git a/springboot-starter-security-jwt/src/main/java/com/codingapi/springboot/security/filter/MyLogoutSuccessHandler.java b/springboot-starter-security/src/main/java/com/codingapi/springboot/security/filter/MyLogoutSuccessHandler.java
similarity index 100%
rename from springboot-starter-security-jwt/src/main/java/com/codingapi/springboot/security/filter/MyLogoutSuccessHandler.java
rename to springboot-starter-security/src/main/java/com/codingapi/springboot/security/filter/MyLogoutSuccessHandler.java
diff --git a/springboot-starter-security-jwt/src/main/java/com/codingapi/springboot/security/filter/MyUnAuthenticationEntryPoint.java b/springboot-starter-security/src/main/java/com/codingapi/springboot/security/filter/MyUnAuthenticationEntryPoint.java
similarity index 100%
rename from springboot-starter-security-jwt/src/main/java/com/codingapi/springboot/security/filter/MyUnAuthenticationEntryPoint.java
rename to springboot-starter-security/src/main/java/com/codingapi/springboot/security/filter/MyUnAuthenticationEntryPoint.java
diff --git a/springboot-starter-security-jwt/src/main/java/com/codingapi/springboot/security/filter/SecurityLoginHandler.java b/springboot-starter-security/src/main/java/com/codingapi/springboot/security/filter/SecurityLoginHandler.java
similarity index 89%
rename from springboot-starter-security-jwt/src/main/java/com/codingapi/springboot/security/filter/SecurityLoginHandler.java
rename to springboot-starter-security/src/main/java/com/codingapi/springboot/security/filter/SecurityLoginHandler.java
index 25611828..e73dda67 100644
--- a/springboot-starter-security-jwt/src/main/java/com/codingapi/springboot/security/filter/SecurityLoginHandler.java
+++ b/springboot-starter-security/src/main/java/com/codingapi/springboot/security/filter/SecurityLoginHandler.java
@@ -1,7 +1,7 @@
package com.codingapi.springboot.security.filter;
import com.codingapi.springboot.security.dto.request.LoginRequest;
-import com.codingapi.springboot.security.jwt.Token;
+import com.codingapi.springboot.security.gateway.Token;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
diff --git a/springboot-starter-security-jwt/src/main/java/com/codingapi/springboot/security/jwt/Token.java b/springboot-starter-security/src/main/java/com/codingapi/springboot/security/gateway/Token.java
similarity index 95%
rename from springboot-starter-security-jwt/src/main/java/com/codingapi/springboot/security/jwt/Token.java
rename to springboot-starter-security/src/main/java/com/codingapi/springboot/security/gateway/Token.java
index a3fd6345..212bfc97 100644
--- a/springboot-starter-security-jwt/src/main/java/com/codingapi/springboot/security/jwt/Token.java
+++ b/springboot-starter-security/src/main/java/com/codingapi/springboot/security/gateway/Token.java
@@ -1,8 +1,8 @@
-package com.codingapi.springboot.security.jwt;
+package com.codingapi.springboot.security.gateway;
import com.alibaba.fastjson.JSONObject;
import com.codingapi.springboot.framework.serializable.JsonSerializable;
-import com.codingapi.springboot.security.crypto.MyAES;
+import com.codingapi.springboot.security.jwt.MyAES;
import com.codingapi.springboot.security.exception.TokenExpiredException;
import lombok.Getter;
import lombok.NoArgsConstructor;
diff --git a/springboot-starter-security-jwt/src/main/java/com/codingapi/springboot/security/jwt/TokenContext.java b/springboot-starter-security/src/main/java/com/codingapi/springboot/security/gateway/TokenContext.java
similarity index 91%
rename from springboot-starter-security-jwt/src/main/java/com/codingapi/springboot/security/jwt/TokenContext.java
rename to springboot-starter-security/src/main/java/com/codingapi/springboot/security/gateway/TokenContext.java
index 99b37a7c..e3ecaa8f 100644
--- a/springboot-starter-security-jwt/src/main/java/com/codingapi/springboot/security/jwt/TokenContext.java
+++ b/springboot-starter-security/src/main/java/com/codingapi/springboot/security/gateway/TokenContext.java
@@ -1,4 +1,4 @@
-package com.codingapi.springboot.security.jwt;
+package com.codingapi.springboot.security.gateway;
import org.springframework.security.core.context.SecurityContextHolder;
diff --git a/springboot-starter-security/src/main/java/com/codingapi/springboot/security/gateway/TokenGateway.java b/springboot-starter-security/src/main/java/com/codingapi/springboot/security/gateway/TokenGateway.java
new file mode 100644
index 00000000..a2a95d01
--- /dev/null
+++ b/springboot-starter-security/src/main/java/com/codingapi/springboot/security/gateway/TokenGateway.java
@@ -0,0 +1,11 @@
+package com.codingapi.springboot.security.gateway;
+
+import java.util.List;
+
+public interface TokenGateway {
+
+ Token create(String username, String password, List authorities, String extra);
+
+ Token parser(String sign);
+
+}
diff --git a/springboot-starter-security/src/main/java/com/codingapi/springboot/security/jwt/JWTSecurityConfiguration.java b/springboot-starter-security/src/main/java/com/codingapi/springboot/security/jwt/JWTSecurityConfiguration.java
new file mode 100644
index 00000000..aa5cb9b4
--- /dev/null
+++ b/springboot-starter-security/src/main/java/com/codingapi/springboot/security/jwt/JWTSecurityConfiguration.java
@@ -0,0 +1,39 @@
+package com.codingapi.springboot.security.jwt;
+
+import com.codingapi.springboot.framework.crypto.AES;
+import com.codingapi.springboot.security.gateway.TokenGateway;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
+import org.springframework.boot.context.properties.ConfigurationProperties;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+
+import java.util.Base64;
+
+@Configuration
+@ConditionalOnProperty(prefix = "codingapi.security.jwt", name = "enable", havingValue = "true", matchIfMissing = true)
+public class JWTSecurityConfiguration {
+
+ @Bean
+ @ConditionalOnMissingBean
+ public AES aes(SecurityJWTProperties properties) throws Exception {
+ AES aes = new AES(Base64.getDecoder().decode(properties.getAseKey().getBytes()),
+ Base64.getDecoder().decode(properties.getAseIv()));
+ MyAES.getInstance().init(aes);
+ return aes;
+ }
+
+ @Bean
+ @ConfigurationProperties(prefix = "codingapi.security.jwt")
+ public SecurityJWTProperties securityJWTProperties() {
+ return new SecurityJWTProperties();
+ }
+
+
+ @Bean
+ @ConditionalOnMissingBean
+ public TokenGateway jwtTokenGateway(SecurityJWTProperties properties) {
+ return new JWTTokenGatewayImpl(properties);
+ }
+
+}
diff --git a/springboot-starter-security/src/main/java/com/codingapi/springboot/security/jwt/JWTTokenGatewayImpl.java b/springboot-starter-security/src/main/java/com/codingapi/springboot/security/jwt/JWTTokenGatewayImpl.java
new file mode 100644
index 00000000..5522d408
--- /dev/null
+++ b/springboot-starter-security/src/main/java/com/codingapi/springboot/security/jwt/JWTTokenGatewayImpl.java
@@ -0,0 +1,25 @@
+package com.codingapi.springboot.security.jwt;
+
+import com.codingapi.springboot.security.gateway.Token;
+import com.codingapi.springboot.security.gateway.TokenGateway;
+
+import java.util.List;
+
+public class JWTTokenGatewayImpl implements TokenGateway {
+
+ private final Jwt jwt;
+
+ public JWTTokenGatewayImpl(SecurityJWTProperties properties) {
+ this.jwt = new Jwt(properties.getSecretKey(), properties.getJwtTime(), properties.getJwtRestTime());
+ }
+
+ @Override
+ public Token create(String username, String password, List authorities, String extra) {
+ return jwt.create(username, authorities, extra);
+ }
+
+ @Override
+ public Token parser(String sign) {
+ return jwt.parser(sign);
+ }
+}
diff --git a/springboot-starter-security-jwt/src/main/java/com/codingapi/springboot/security/jwt/Jwt.java b/springboot-starter-security/src/main/java/com/codingapi/springboot/security/jwt/Jwt.java
similarity index 96%
rename from springboot-starter-security-jwt/src/main/java/com/codingapi/springboot/security/jwt/Jwt.java
rename to springboot-starter-security/src/main/java/com/codingapi/springboot/security/jwt/Jwt.java
index 611ba04e..c975ecf4 100644
--- a/springboot-starter-security-jwt/src/main/java/com/codingapi/springboot/security/jwt/Jwt.java
+++ b/springboot-starter-security/src/main/java/com/codingapi/springboot/security/jwt/Jwt.java
@@ -2,6 +2,7 @@
import com.alibaba.fastjson.JSONObject;
import com.codingapi.springboot.framework.exception.LocaleMessageException;
+import com.codingapi.springboot.security.gateway.Token;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.Jws;
import io.jsonwebtoken.Jwts;
@@ -23,7 +24,7 @@ public Jwt(String secretKey, int jwtTime, int jwtRestTime) {
this.jwtRestTime = jwtRestTime;
}
- public Token create(String username, List authorities,String extra){
+ public Token create(String username, List authorities, String extra){
return create(username, null,authorities, extra);
}
diff --git a/springboot-starter-security-jwt/src/main/java/com/codingapi/springboot/security/crypto/MyAES.java b/springboot-starter-security/src/main/java/com/codingapi/springboot/security/jwt/MyAES.java
similarity index 94%
rename from springboot-starter-security-jwt/src/main/java/com/codingapi/springboot/security/crypto/MyAES.java
rename to springboot-starter-security/src/main/java/com/codingapi/springboot/security/jwt/MyAES.java
index b3536ca8..2397e66f 100644
--- a/springboot-starter-security-jwt/src/main/java/com/codingapi/springboot/security/crypto/MyAES.java
+++ b/springboot-starter-security/src/main/java/com/codingapi/springboot/security/jwt/MyAES.java
@@ -1,4 +1,4 @@
-package com.codingapi.springboot.security.crypto;
+package com.codingapi.springboot.security.jwt;
import com.codingapi.springboot.framework.crypto.AES;
import lombok.SneakyThrows;
diff --git a/springboot-starter-security/src/main/java/com/codingapi/springboot/security/jwt/SecurityJWTProperties.java b/springboot-starter-security/src/main/java/com/codingapi/springboot/security/jwt/SecurityJWTProperties.java
new file mode 100644
index 00000000..1875a9f3
--- /dev/null
+++ b/springboot-starter-security/src/main/java/com/codingapi/springboot/security/jwt/SecurityJWTProperties.java
@@ -0,0 +1,46 @@
+package com.codingapi.springboot.security.jwt;
+
+import lombok.Getter;
+import lombok.Setter;
+
+@Setter
+@Getter
+public class SecurityJWTProperties {
+
+
+ /**
+ * 是否启用JWT
+ */
+ private boolean enable = true;
+
+ /**
+ * JWT密钥
+ * 需大于32位的字符串
+ */
+ private String secretKey = "codingapi.security.jwt.secretkey";
+
+
+ /**
+ * aes key
+ */
+ private String aseKey = "QUNEWCQlXiYqJCNYQ1phc0FDRFgkJV4mKiQjWENaYXM=";
+
+ /**
+ * aes iv
+ */
+ private String aseIv = "QUNYRkdIQEVEUyNYQ1phcw==";
+
+
+ /**
+ * JWT 有效时间(毫秒)
+ * 15分钟有效期 1000*60*15=900000
+ */
+ private int jwtTime = 900000;
+
+ /**
+ * JWT 更换令牌时间(毫秒)
+ * 10分钟后更换令牌 1000*60*10=600000
+ */
+ private int jwtRestTime = 600000;
+
+}
diff --git a/springboot-starter-security-jwt/src/main/java/com/codingapi/springboot/security/properties/SecurityJwtProperties.java b/springboot-starter-security/src/main/java/com/codingapi/springboot/security/properties/CodingApiSecurityProperties.java
similarity index 56%
rename from springboot-starter-security-jwt/src/main/java/com/codingapi/springboot/security/properties/SecurityJwtProperties.java
rename to springboot-starter-security/src/main/java/com/codingapi/springboot/security/properties/CodingApiSecurityProperties.java
index 5c296e80..ff8df11b 100644
--- a/springboot-starter-security-jwt/src/main/java/com/codingapi/springboot/security/properties/SecurityJwtProperties.java
+++ b/springboot-starter-security/src/main/java/com/codingapi/springboot/security/properties/CodingApiSecurityProperties.java
@@ -5,37 +5,7 @@
@Setter
@Getter
-public class SecurityJwtProperties {
-
- /**
- * JWT密钥
- * 需大于32位的字符串
- */
- private String jwtSecretKey = "codingapi.security.jwt.secretkey";
-
-
- /**
- * aes key
- */
- private String aseKey = "QUNEWCQlXiYqJCNYQ1phc0FDRFgkJV4mKiQjWENaYXM=";
-
- /**
- * aes iv
- */
- private String aseIv = "QUNYRkdIQEVEUyNYQ1phcw==";
-
-
- /**
- * JWT 有效时间(毫秒)
- * 15分钟有效期 1000*60*15=900000
- */
- private int jwtTime = 900000;
-
- /**
- * JWT 更换令牌时间(毫秒)
- * 10分钟后更换令牌 1000*60*10=600000
- */
- private int jwtRestTime = 600000;
+public class CodingApiSecurityProperties {
/**
* 权限拦截URL
diff --git a/springboot-starter-security-jwt/src/main/resources/META-INF/spring.factories b/springboot-starter-security/src/main/resources/META-INF/spring.factories
similarity index 74%
rename from springboot-starter-security-jwt/src/main/resources/META-INF/spring.factories
rename to springboot-starter-security/src/main/resources/META-INF/spring.factories
index b7882c59..f5306ce0 100644
--- a/springboot-starter-security-jwt/src/main/resources/META-INF/spring.factories
+++ b/springboot-starter-security/src/main/resources/META-INF/spring.factories
@@ -1,4 +1,4 @@
org.springframework.boot.autoconfigure.EnableAutoConfiguration=\
com.codingapi.springboot.security.configurer.WebSecurityConfigurer,\
-com.codingapi.springboot.security.crypto.MyCryptoConfiguration,\
+com.codingapi.springboot.security.jwt.JWTSecurityConfiguration,\
com.codingapi.springboot.security.AutoConfiguration
\ No newline at end of file
diff --git a/springboot-starter-security-jwt/src/main/resources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports b/springboot-starter-security/src/main/resources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports
similarity index 65%
rename from springboot-starter-security-jwt/src/main/resources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports
rename to springboot-starter-security/src/main/resources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports
index 69b9af0d..b02ad6b8 100644
--- a/springboot-starter-security-jwt/src/main/resources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports
+++ b/springboot-starter-security/src/main/resources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports
@@ -1,3 +1,3 @@
com.codingapi.springboot.security.configurer.WebSecurityConfigurer
-com.codingapi.springboot.security.crypto.MyCryptoConfiguration
+com.codingapi.springboot.security.jwt.JWTSecurityConfiguration
com.codingapi.springboot.security.AutoConfiguration
\ No newline at end of file
diff --git a/springboot-starter-security-jwt/src/test/java/com/codingapi/springboot/security/SecurityJwtApplication.java b/springboot-starter-security/src/test/java/com/codingapi/springboot/security/SecurityJwtApplication.java
similarity index 100%
rename from springboot-starter-security-jwt/src/test/java/com/codingapi/springboot/security/SecurityJwtApplication.java
rename to springboot-starter-security/src/test/java/com/codingapi/springboot/security/SecurityJwtApplication.java
diff --git a/springboot-starter-security-jwt/src/test/java/com/codingapi/springboot/security/SecurityJwtApplicationTest.java b/springboot-starter-security/src/test/java/com/codingapi/springboot/security/SecurityJwtApplicationTest.java
similarity index 100%
rename from springboot-starter-security-jwt/src/test/java/com/codingapi/springboot/security/SecurityJwtApplicationTest.java
rename to springboot-starter-security/src/test/java/com/codingapi/springboot/security/SecurityJwtApplicationTest.java
diff --git a/springboot-starter-security-jwt/src/test/java/com/codingapi/springboot/security/controller/DemoController.java b/springboot-starter-security/src/test/java/com/codingapi/springboot/security/controller/DemoController.java
similarity index 100%
rename from springboot-starter-security-jwt/src/test/java/com/codingapi/springboot/security/controller/DemoController.java
rename to springboot-starter-security/src/test/java/com/codingapi/springboot/security/controller/DemoController.java
diff --git a/springboot-starter-security-jwt/src/test/java/com/codingapi/springboot/security/jwt/TestVO.java b/springboot-starter-security/src/test/java/com/codingapi/springboot/security/jwt/TestVO.java
similarity index 100%
rename from springboot-starter-security-jwt/src/test/java/com/codingapi/springboot/security/jwt/TestVO.java
rename to springboot-starter-security/src/test/java/com/codingapi/springboot/security/jwt/TestVO.java
diff --git a/springboot-starter-security-jwt/src/test/java/com/codingapi/springboot/security/jwt/TokenTest.java b/springboot-starter-security/src/test/java/com/codingapi/springboot/security/jwt/TokenTest.java
similarity index 97%
rename from springboot-starter-security-jwt/src/test/java/com/codingapi/springboot/security/jwt/TokenTest.java
rename to springboot-starter-security/src/test/java/com/codingapi/springboot/security/jwt/TokenTest.java
index 3010f7fb..fa1ac1af 100644
--- a/springboot-starter-security-jwt/src/test/java/com/codingapi/springboot/security/jwt/TokenTest.java
+++ b/springboot-starter-security/src/test/java/com/codingapi/springboot/security/jwt/TokenTest.java
@@ -1,6 +1,7 @@
package com.codingapi.springboot.security.jwt;
import com.codingapi.springboot.security.exception.TokenExpiredException;
+import com.codingapi.springboot.security.gateway.Token;
import org.junit.jupiter.api.Test;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.test.context.SpringBootTest;
diff --git a/springboot-starter-security-jwt/src/test/resources/application.properties b/springboot-starter-security/src/test/resources/application.properties
similarity index 72%
rename from springboot-starter-security-jwt/src/test/resources/application.properties
rename to springboot-starter-security/src/test/resources/application.properties
index 3848c355..33fd9ea2 100644
--- a/springboot-starter-security-jwt/src/test/resources/application.properties
+++ b/springboot-starter-security/src/test/resources/application.properties
@@ -1,14 +1,14 @@
server.port=8088
-codingapi.security.jwt-time=10000
-codingapi.security.jwt-rest-time=5000
+codingapi.security.jwt.jwt-time=10000
+codingapi.security.jwt.jwt-rest-time=5000
# JWT密钥 需大于32位的字符串
-codingapi.security.jwt-secret=codingapi.security.jwt.secretkey
+codingapi.security.jwt.secret-key=codingapi.security.jwt.secretkey
# JWT AES密钥
-codingapi.security.ase-key=QUNEWCQlXiYqJCNYQ1phc0FDRFgkJV4mKiQjWENaYXM=
+codingapi.security.jwt.ase-key=QUNEWCQlXiYqJCNYQ1phc0FDRFgkJV4mKiQjWENaYXM=
# JWT AES IV
-codingapi.security.aes-iv=QUNYRkdIQEVEUyNYQ1phcw==
+codingapi.security.jwt.ase-iv=QUNYRkdIQEVEUyNYQ1phcw==
# JWT 有效时间(毫秒) 15分钟有效期 1000*60*15=900000
#codingapi.security.jwt-time=900000
diff --git a/springboot-starter/pom.xml b/springboot-starter/pom.xml
index 432a5763..6ce9dedc 100644
--- a/springboot-starter/pom.xml
+++ b/springboot-starter/pom.xml
@@ -5,7 +5,7 @@
com.codingapi.springboot
springboot-parent
- 3.1.10
+ 3.2.0.dev
springboot-starter
From 2e9092bb2be9a82ff8071beb4f418debaf5c9d7a Mon Sep 17 00:00:00 2001
From: xlorne <1991wangliang@gmail.com>
Date: Thu, 28 Mar 2024 14:41:51 +0800
Subject: [PATCH 2/8] add #40
---
pom.xml | 2 +-
springboot-starter-security/pom.xml | 3 +++
.../springboot/security/gateway/TokenGateway.java | 12 ++++++++++++
.../security/jwt/JWTTokenGatewayImpl.java | 2 +-
.../springboot/security/jwt/TokenTest.java | 15 ++++++++-------
.../src/test/resources/application.properties | 3 +++
6 files changed, 28 insertions(+), 9 deletions(-)
diff --git a/pom.xml b/pom.xml
index 6c79c3d5..3fa40c35 100644
--- a/pom.xml
+++ b/pom.xml
@@ -32,7 +32,7 @@
3.1.0
${project.version}
2.0.42
- 0.12.3
+ 0.12.5
2.15.0
1.8.1
1.11.0
diff --git a/springboot-starter-security/pom.xml b/springboot-starter-security/pom.xml
index 1907acd0..0d594859 100644
--- a/springboot-starter-security/pom.xml
+++ b/springboot-starter-security/pom.xml
@@ -33,16 +33,19 @@
io.jsonwebtoken
jjwt-api
+ provided
io.jsonwebtoken
jjwt-impl
+ provided
io.jsonwebtoken
jjwt-jackson
+ provided
diff --git a/springboot-starter-security/src/main/java/com/codingapi/springboot/security/gateway/TokenGateway.java b/springboot-starter-security/src/main/java/com/codingapi/springboot/security/gateway/TokenGateway.java
index a2a95d01..ac0782d7 100644
--- a/springboot-starter-security/src/main/java/com/codingapi/springboot/security/gateway/TokenGateway.java
+++ b/springboot-starter-security/src/main/java/com/codingapi/springboot/security/gateway/TokenGateway.java
@@ -6,6 +6,18 @@ public interface TokenGateway {
Token create(String username, String password, List authorities, String extra);
+ default Token create(String username, String password, List authorities) {
+ return create(username, password, authorities, null);
+ }
+
+ default Token create(String username, List authorities) {
+ return create(username, null, authorities, null);
+ }
+
+ default Token create(String username, List authorities, String extra) {
+ return create(username, null, authorities, extra);
+ }
+
Token parser(String sign);
}
diff --git a/springboot-starter-security/src/main/java/com/codingapi/springboot/security/jwt/JWTTokenGatewayImpl.java b/springboot-starter-security/src/main/java/com/codingapi/springboot/security/jwt/JWTTokenGatewayImpl.java
index 5522d408..5179c0e8 100644
--- a/springboot-starter-security/src/main/java/com/codingapi/springboot/security/jwt/JWTTokenGatewayImpl.java
+++ b/springboot-starter-security/src/main/java/com/codingapi/springboot/security/jwt/JWTTokenGatewayImpl.java
@@ -15,7 +15,7 @@ public JWTTokenGatewayImpl(SecurityJWTProperties properties) {
@Override
public Token create(String username, String password, List authorities, String extra) {
- return jwt.create(username, authorities, extra);
+ return jwt.create(username, password, authorities, extra);
}
@Override
diff --git a/springboot-starter-security/src/test/java/com/codingapi/springboot/security/jwt/TokenTest.java b/springboot-starter-security/src/test/java/com/codingapi/springboot/security/jwt/TokenTest.java
index fa1ac1af..b5611674 100644
--- a/springboot-starter-security/src/test/java/com/codingapi/springboot/security/jwt/TokenTest.java
+++ b/springboot-starter-security/src/test/java/com/codingapi/springboot/security/jwt/TokenTest.java
@@ -2,6 +2,7 @@
import com.codingapi.springboot.security.exception.TokenExpiredException;
import com.codingapi.springboot.security.gateway.Token;
+import com.codingapi.springboot.security.gateway.TokenGateway;
import org.junit.jupiter.api.Test;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.test.context.SpringBootTest;
@@ -15,7 +16,7 @@
class TokenTest {
@Autowired
- private Jwt jwt;
+ private TokenGateway tokenGateway;
@Test
void verify1() throws TokenExpiredException {
@@ -23,10 +24,10 @@ void verify1() throws TokenExpiredException {
String iv = "123456";
List authorities = Collections.singletonList("ADMIN");
- Token token =jwt.create(username,iv,authorities);
+ Token token =tokenGateway.create(username,iv,authorities);
token.verify();
- Token data = jwt.parser(token.getToken());
+ Token data = tokenGateway.parser(token.getToken());
assertEquals(data.decodeIv(),iv);
assertEquals(data.getAuthorities(),authorities);
}
@@ -36,10 +37,10 @@ void verify2() throws TokenExpiredException {
String username = "admin";
List authorities = Collections.singletonList("ADMIN");
- Token token =jwt.create(username,authorities);
+ Token token =tokenGateway.create(username,authorities);
token.verify();
- Token data = jwt.parser(token.getToken());
+ Token data = tokenGateway.parser(token.getToken());
assertEquals(data.getUsername(),username);
assertEquals(data.getAuthorities(),authorities);
}
@@ -53,10 +54,10 @@ void verify3() throws TokenExpiredException {
String extra = testVO.toJson();
List authorities = Collections.singletonList("ADMIN");
- Token token =jwt.create(username,authorities,extra);
+ Token token =tokenGateway.create(username,authorities,extra);
token.verify();
- Token data = jwt.parser(token.getToken());
+ Token data = tokenGateway.parser(token.getToken());
assertEquals(data.parseExtra(TestVO.class).getName(), testVO.getName());
assertEquals(data.getAuthorities(),authorities);
}
diff --git a/springboot-starter-security/src/test/resources/application.properties b/springboot-starter-security/src/test/resources/application.properties
index 33fd9ea2..44e19258 100644
--- a/springboot-starter-security/src/test/resources/application.properties
+++ b/springboot-starter-security/src/test/resources/application.properties
@@ -3,6 +3,7 @@ server.port=8088
codingapi.security.jwt.jwt-time=10000
codingapi.security.jwt.jwt-rest-time=5000
+codingapi.security.jwt.enable=true
# JWT密钥 需大于32位的字符串
codingapi.security.jwt.secret-key=codingapi.security.jwt.secretkey
# JWT AES密钥
@@ -27,3 +28,5 @@ codingapi.security.ignore-urls=/open/**
codingapi.security.disable-csrf=true
# 禁用CORS
codingapi.security.disable-cors=true
+
+spring.main.allow-bean-definition-overriding=true
\ No newline at end of file
From 327e5420434a99d8d671e84baee3b542f7523f0e Mon Sep 17 00:00:00 2001
From: xlorne <1991wangliang@gmail.com>
Date: Thu, 28 Mar 2024 15:11:07 +0800
Subject: [PATCH 3/8] add #40
---
springboot-starter-security/pom.xml | 6 ++++
.../{jwt/MyAES.java => crypto/AESTools.java} | 10 +++---
.../crypto/SecurityCryptoConfiguration.java | 22 ++++++++++++
.../filter/MyAuthenticationFilter.java | 8 +++--
.../springboot/security/gateway/Token.java | 6 ++--
.../security/gateway/TokenGateway.java | 6 ++--
.../jwt/JWTSecurityConfiguration.java | 11 ------
.../security/jwt/JWTTokenGatewayImpl.java | 2 +-
.../springboot/security/jwt/Jwt.java | 12 +++----
.../security/jwt/SecurityJWTProperties.java | 15 ++------
.../CodingApiSecurityProperties.java | 11 ++++++
.../redis/RedisSecurityConfiguration.java | 30 ++++++++++++++++
.../security/redis/RedisTokenGatewayImpl.java | 36 +++++++++++++++++++
.../redis/SecurityRedisProperties.java | 27 ++++++++++++++
.../main/resources/META-INF/spring.factories | 2 ++
...ot.autoconfigure.AutoConfiguration.imports | 2 ++
.../src/test/resources/application.properties | 8 ++---
17 files changed, 166 insertions(+), 48 deletions(-)
rename springboot-starter-security/src/main/java/com/codingapi/springboot/security/{jwt/MyAES.java => crypto/AESTools.java} (79%)
create mode 100644 springboot-starter-security/src/main/java/com/codingapi/springboot/security/crypto/SecurityCryptoConfiguration.java
create mode 100644 springboot-starter-security/src/main/java/com/codingapi/springboot/security/redis/RedisSecurityConfiguration.java
create mode 100644 springboot-starter-security/src/main/java/com/codingapi/springboot/security/redis/RedisTokenGatewayImpl.java
create mode 100644 springboot-starter-security/src/main/java/com/codingapi/springboot/security/redis/SecurityRedisProperties.java
diff --git a/springboot-starter-security/pom.xml b/springboot-starter-security/pom.xml
index 0d594859..f91192b4 100644
--- a/springboot-starter-security/pom.xml
+++ b/springboot-starter-security/pom.xml
@@ -30,6 +30,12 @@
spring-boot-starter-web
+
+ org.springframework.boot
+ spring-boot-starter-data-redis
+ provided
+
+
io.jsonwebtoken
jjwt-api
diff --git a/springboot-starter-security/src/main/java/com/codingapi/springboot/security/jwt/MyAES.java b/springboot-starter-security/src/main/java/com/codingapi/springboot/security/crypto/AESTools.java
similarity index 79%
rename from springboot-starter-security/src/main/java/com/codingapi/springboot/security/jwt/MyAES.java
rename to springboot-starter-security/src/main/java/com/codingapi/springboot/security/crypto/AESTools.java
index 2397e66f..efe4a7a8 100644
--- a/springboot-starter-security/src/main/java/com/codingapi/springboot/security/jwt/MyAES.java
+++ b/springboot-starter-security/src/main/java/com/codingapi/springboot/security/crypto/AESTools.java
@@ -1,4 +1,4 @@
-package com.codingapi.springboot.security.jwt;
+package com.codingapi.springboot.security.crypto;
import com.codingapi.springboot.framework.crypto.AES;
import lombok.SneakyThrows;
@@ -6,20 +6,20 @@
import java.nio.charset.StandardCharsets;
import java.util.Base64;
-public class MyAES {
+public class AESTools {
- private final static MyAES instance = new MyAES();
+ private final static AESTools instance = new AESTools();
private AES aes;
- private MyAES() {
+ private AESTools() {
}
void init(AES aes) {
this.aes = aes;
}
- public static MyAES getInstance() {
+ public static AESTools getInstance() {
return instance;
}
diff --git a/springboot-starter-security/src/main/java/com/codingapi/springboot/security/crypto/SecurityCryptoConfiguration.java b/springboot-starter-security/src/main/java/com/codingapi/springboot/security/crypto/SecurityCryptoConfiguration.java
new file mode 100644
index 00000000..6820dc5c
--- /dev/null
+++ b/springboot-starter-security/src/main/java/com/codingapi/springboot/security/crypto/SecurityCryptoConfiguration.java
@@ -0,0 +1,22 @@
+package com.codingapi.springboot.security.crypto;
+
+import com.codingapi.springboot.framework.crypto.AES;
+import com.codingapi.springboot.security.properties.CodingApiSecurityProperties;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+
+import java.util.Base64;
+
+@Configuration
+public class SecurityCryptoConfiguration {
+
+ @Bean
+ @ConditionalOnMissingBean
+ public AES aes(CodingApiSecurityProperties properties) throws Exception {
+ AES aes = new AES(Base64.getDecoder().decode(properties.getAseKey().getBytes()),
+ Base64.getDecoder().decode(properties.getAseIv()));
+ AESTools.getInstance().init(aes);
+ return aes;
+ }
+}
diff --git a/springboot-starter-security/src/main/java/com/codingapi/springboot/security/filter/MyAuthenticationFilter.java b/springboot-starter-security/src/main/java/com/codingapi/springboot/security/filter/MyAuthenticationFilter.java
index cfad8d90..c4305aaa 100644
--- a/springboot-starter-security/src/main/java/com/codingapi/springboot/security/filter/MyAuthenticationFilter.java
+++ b/springboot-starter-security/src/main/java/com/codingapi/springboot/security/filter/MyAuthenticationFilter.java
@@ -3,8 +3,8 @@
import com.alibaba.fastjson.JSONObject;
import com.codingapi.springboot.framework.dto.response.Response;
import com.codingapi.springboot.security.exception.TokenExpiredException;
-import com.codingapi.springboot.security.gateway.TokenGateway;
import com.codingapi.springboot.security.gateway.Token;
+import com.codingapi.springboot.security.gateway.TokenGateway;
import com.codingapi.springboot.security.properties.CodingApiSecurityProperties;
import jakarta.servlet.FilterChain;
import jakarta.servlet.ServletException;
@@ -45,7 +45,7 @@ public MyAuthenticationFilter(AuthenticationManager manager, CodingApiSecurityPr
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException, ServletException {
log.debug("token authentication ~");
for (String antUrl : securityJwtProperties.getAuthenticatedUrls()) {
- if(antPathMatcher.match(antUrl,request.getRequestURI())) {
+ if (antPathMatcher.match(antUrl, request.getRequestURI())) {
String sign = request.getHeader(TOKEN_KEY);
if (!StringUtils.hasLength(sign)) {
@@ -54,6 +54,10 @@ protected void doFilterInternal(HttpServletRequest request, HttpServletResponse
}
Token token = tokenGateway.parser(sign);
+ if (token == null) {
+ writeResponse(response, Response.buildFailure("token.expire", "token expire."));
+ return;
+ }
if (token.canRestToken()) {
Token newSign = tokenGateway.create(token.getUsername(), token.decodeIv(), token.getAuthorities(), token.getExtra());
log.info("reset token ");
diff --git a/springboot-starter-security/src/main/java/com/codingapi/springboot/security/gateway/Token.java b/springboot-starter-security/src/main/java/com/codingapi/springboot/security/gateway/Token.java
index 212bfc97..9579a9b3 100644
--- a/springboot-starter-security/src/main/java/com/codingapi/springboot/security/gateway/Token.java
+++ b/springboot-starter-security/src/main/java/com/codingapi/springboot/security/gateway/Token.java
@@ -2,7 +2,7 @@
import com.alibaba.fastjson.JSONObject;
import com.codingapi.springboot.framework.serializable.JsonSerializable;
-import com.codingapi.springboot.security.jwt.MyAES;
+import com.codingapi.springboot.security.crypto.AESTools;
import com.codingapi.springboot.security.exception.TokenExpiredException;
import lombok.Getter;
import lombok.NoArgsConstructor;
@@ -34,7 +34,7 @@ public Token(String username, String iv,String extra, List authorities,
this.username = username;
this.extra = extra;
if(iv!=null) {
- this.iv = MyAES.getInstance().encode(iv);
+ this.iv = AESTools.getInstance().encode(iv);
}
this.authorities = authorities;
this.expireTime = System.currentTimeMillis() + expireValue;
@@ -56,7 +56,7 @@ public String decodeIv(){
if(iv==null){
return null;
}
- return MyAES.getInstance().decode(iv);
+ return AESTools.getInstance().decode(iv);
}
diff --git a/springboot-starter-security/src/main/java/com/codingapi/springboot/security/gateway/TokenGateway.java b/springboot-starter-security/src/main/java/com/codingapi/springboot/security/gateway/TokenGateway.java
index ac0782d7..b339079d 100644
--- a/springboot-starter-security/src/main/java/com/codingapi/springboot/security/gateway/TokenGateway.java
+++ b/springboot-starter-security/src/main/java/com/codingapi/springboot/security/gateway/TokenGateway.java
@@ -4,10 +4,10 @@
public interface TokenGateway {
- Token create(String username, String password, List authorities, String extra);
+ Token create(String username, String iv, List authorities, String extra);
- default Token create(String username, String password, List authorities) {
- return create(username, password, authorities, null);
+ default Token create(String username, String iv, List authorities) {
+ return create(username, iv, authorities, null);
}
default Token create(String username, List authorities) {
diff --git a/springboot-starter-security/src/main/java/com/codingapi/springboot/security/jwt/JWTSecurityConfiguration.java b/springboot-starter-security/src/main/java/com/codingapi/springboot/security/jwt/JWTSecurityConfiguration.java
index aa5cb9b4..90fcdc13 100644
--- a/springboot-starter-security/src/main/java/com/codingapi/springboot/security/jwt/JWTSecurityConfiguration.java
+++ b/springboot-starter-security/src/main/java/com/codingapi/springboot/security/jwt/JWTSecurityConfiguration.java
@@ -1,6 +1,5 @@
package com.codingapi.springboot.security.jwt;
-import com.codingapi.springboot.framework.crypto.AES;
import com.codingapi.springboot.security.gateway.TokenGateway;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
@@ -8,20 +7,10 @@
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
-import java.util.Base64;
-
@Configuration
@ConditionalOnProperty(prefix = "codingapi.security.jwt", name = "enable", havingValue = "true", matchIfMissing = true)
public class JWTSecurityConfiguration {
- @Bean
- @ConditionalOnMissingBean
- public AES aes(SecurityJWTProperties properties) throws Exception {
- AES aes = new AES(Base64.getDecoder().decode(properties.getAseKey().getBytes()),
- Base64.getDecoder().decode(properties.getAseIv()));
- MyAES.getInstance().init(aes);
- return aes;
- }
@Bean
@ConfigurationProperties(prefix = "codingapi.security.jwt")
diff --git a/springboot-starter-security/src/main/java/com/codingapi/springboot/security/jwt/JWTTokenGatewayImpl.java b/springboot-starter-security/src/main/java/com/codingapi/springboot/security/jwt/JWTTokenGatewayImpl.java
index 5179c0e8..8693ca9d 100644
--- a/springboot-starter-security/src/main/java/com/codingapi/springboot/security/jwt/JWTTokenGatewayImpl.java
+++ b/springboot-starter-security/src/main/java/com/codingapi/springboot/security/jwt/JWTTokenGatewayImpl.java
@@ -10,7 +10,7 @@ public class JWTTokenGatewayImpl implements TokenGateway {
private final Jwt jwt;
public JWTTokenGatewayImpl(SecurityJWTProperties properties) {
- this.jwt = new Jwt(properties.getSecretKey(), properties.getJwtTime(), properties.getJwtRestTime());
+ this.jwt = new Jwt(properties.getSecretKey(), properties.getValidTime(), properties.getRestTime());
}
@Override
diff --git a/springboot-starter-security/src/main/java/com/codingapi/springboot/security/jwt/Jwt.java b/springboot-starter-security/src/main/java/com/codingapi/springboot/security/jwt/Jwt.java
index c975ecf4..7bdbdb14 100644
--- a/springboot-starter-security/src/main/java/com/codingapi/springboot/security/jwt/Jwt.java
+++ b/springboot-starter-security/src/main/java/com/codingapi/springboot/security/jwt/Jwt.java
@@ -15,13 +15,13 @@
public class Jwt {
private final SecretKey key;
- private final int jwtTime;
- private final int jwtRestTime;
+ private final int validTime;
+ private final int restTime;
- public Jwt(String secretKey, int jwtTime, int jwtRestTime) {
+ public Jwt(String secretKey, int validTime, int restTime) {
this.key = Keys.hmacShaKeyFor(secretKey.getBytes(StandardCharsets.UTF_8));
- this.jwtTime = jwtTime;
- this.jwtRestTime = jwtRestTime;
+ this.validTime = validTime;
+ this.restTime = restTime;
}
public Token create(String username, List authorities, String extra){
@@ -37,7 +37,7 @@ public Token create(String username, String iv, List authorities){
}
public Token create(String username, String iv,List authorities,String extra){
- Token token = new Token(username, iv,extra, authorities, jwtTime, jwtRestTime);
+ Token token = new Token(username, iv,extra, authorities, validTime, restTime);
String jwt = Jwts.builder().subject(token.toJson()).signWith(key).compact();
token.setToken(jwt);
return token;
diff --git a/springboot-starter-security/src/main/java/com/codingapi/springboot/security/jwt/SecurityJWTProperties.java b/springboot-starter-security/src/main/java/com/codingapi/springboot/security/jwt/SecurityJWTProperties.java
index 1875a9f3..d4ca0537 100644
--- a/springboot-starter-security/src/main/java/com/codingapi/springboot/security/jwt/SecurityJWTProperties.java
+++ b/springboot-starter-security/src/main/java/com/codingapi/springboot/security/jwt/SecurityJWTProperties.java
@@ -20,27 +20,16 @@ public class SecurityJWTProperties {
private String secretKey = "codingapi.security.jwt.secretkey";
- /**
- * aes key
- */
- private String aseKey = "QUNEWCQlXiYqJCNYQ1phc0FDRFgkJV4mKiQjWENaYXM=";
-
- /**
- * aes iv
- */
- private String aseIv = "QUNYRkdIQEVEUyNYQ1phcw==";
-
-
/**
* JWT 有效时间(毫秒)
* 15分钟有效期 1000*60*15=900000
*/
- private int jwtTime = 900000;
+ private int validTime = 900000;
/**
* JWT 更换令牌时间(毫秒)
* 10分钟后更换令牌 1000*60*10=600000
*/
- private int jwtRestTime = 600000;
+ private int restTime = 600000;
}
diff --git a/springboot-starter-security/src/main/java/com/codingapi/springboot/security/properties/CodingApiSecurityProperties.java b/springboot-starter-security/src/main/java/com/codingapi/springboot/security/properties/CodingApiSecurityProperties.java
index ff8df11b..4a33d91b 100644
--- a/springboot-starter-security/src/main/java/com/codingapi/springboot/security/properties/CodingApiSecurityProperties.java
+++ b/springboot-starter-security/src/main/java/com/codingapi/springboot/security/properties/CodingApiSecurityProperties.java
@@ -28,6 +28,17 @@ public class CodingApiSecurityProperties {
*/
private String ignoreUrls = "/open/**";
+ /**
+ * aes key
+ */
+ private String aseKey = "QUNEWCQlXiYqJCNYQ1phc0FDRFgkJV4mKiQjWENaYXM=";
+
+ /**
+ * aes iv
+ */
+ private String aseIv = "QUNYRkdIQEVEUyNYQ1phcw==";
+
+
/**
* 启用禁用CSRF
*/
diff --git a/springboot-starter-security/src/main/java/com/codingapi/springboot/security/redis/RedisSecurityConfiguration.java b/springboot-starter-security/src/main/java/com/codingapi/springboot/security/redis/RedisSecurityConfiguration.java
new file mode 100644
index 00000000..2ce14c1d
--- /dev/null
+++ b/springboot-starter-security/src/main/java/com/codingapi/springboot/security/redis/RedisSecurityConfiguration.java
@@ -0,0 +1,30 @@
+package com.codingapi.springboot.security.redis;
+
+import com.codingapi.springboot.security.gateway.Token;
+import com.codingapi.springboot.security.gateway.TokenGateway;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
+import org.springframework.boot.context.properties.ConfigurationProperties;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.data.redis.core.RedisTemplate;
+
+@Configuration
+@ConditionalOnProperty(prefix = "codingapi.security.redis", name = "enable", havingValue = "true")
+public class RedisSecurityConfiguration {
+
+
+ @Bean
+ @ConfigurationProperties(prefix = "codingapi.security.redis")
+ public SecurityRedisProperties securityRedisProperties() {
+ return new SecurityRedisProperties();
+ }
+
+
+ @Bean
+ @ConditionalOnMissingBean
+ public TokenGateway redisTokenGateway(RedisTemplate redisTemplate, SecurityRedisProperties properties) {
+ return new RedisTokenGatewayImpl(redisTemplate, properties);
+ }
+
+}
diff --git a/springboot-starter-security/src/main/java/com/codingapi/springboot/security/redis/RedisTokenGatewayImpl.java b/springboot-starter-security/src/main/java/com/codingapi/springboot/security/redis/RedisTokenGatewayImpl.java
new file mode 100644
index 00000000..af2312bf
--- /dev/null
+++ b/springboot-starter-security/src/main/java/com/codingapi/springboot/security/redis/RedisTokenGatewayImpl.java
@@ -0,0 +1,36 @@
+package com.codingapi.springboot.security.redis;
+
+import com.codingapi.springboot.security.gateway.Token;
+import com.codingapi.springboot.security.gateway.TokenGateway;
+import org.springframework.data.redis.core.RedisTemplate;
+
+import java.util.List;
+import java.util.UUID;
+
+public class RedisTokenGatewayImpl implements TokenGateway {
+
+ private final RedisTemplate redisTemplate;
+ private final int validTime;
+ private final int restTime;
+
+ public RedisTokenGatewayImpl(RedisTemplate redisTemplate, SecurityRedisProperties properties) {
+ this.redisTemplate = redisTemplate;
+ this.validTime = properties.getValidTime();
+ this.restTime = properties.getRestTime();
+ }
+
+ @Override
+ public Token create(String username, String iv, List authorities, String extra) {
+ Token token = new Token(username, iv, extra, authorities, validTime, restTime);
+ String key = String.format("%s:%s", username, UUID.randomUUID().toString().replaceAll("-", ""));
+ token.setToken(key);
+ redisTemplate.opsForValue().set(key, token);
+ return token;
+ }
+
+ @Override
+ public Token parser(String sign) {
+ return redisTemplate.opsForValue().get(sign);
+ }
+
+}
diff --git a/springboot-starter-security/src/main/java/com/codingapi/springboot/security/redis/SecurityRedisProperties.java b/springboot-starter-security/src/main/java/com/codingapi/springboot/security/redis/SecurityRedisProperties.java
new file mode 100644
index 00000000..14eae9ac
--- /dev/null
+++ b/springboot-starter-security/src/main/java/com/codingapi/springboot/security/redis/SecurityRedisProperties.java
@@ -0,0 +1,27 @@
+package com.codingapi.springboot.security.redis;
+
+import lombok.Getter;
+import lombok.Setter;
+
+@Setter
+@Getter
+public class SecurityRedisProperties {
+
+
+ /**
+ * 是否启用redis
+ */
+ private boolean enable = true;
+
+ /**
+ * 15分钟有效期 1000*60*15=900000
+ */
+ private int validTime = 900000;
+
+ /**
+ * 10分钟后更换令牌 1000*60*10=600000
+ */
+ private int restTime = 600000;
+
+
+}
diff --git a/springboot-starter-security/src/main/resources/META-INF/spring.factories b/springboot-starter-security/src/main/resources/META-INF/spring.factories
index f5306ce0..ef66f5b0 100644
--- a/springboot-starter-security/src/main/resources/META-INF/spring.factories
+++ b/springboot-starter-security/src/main/resources/META-INF/spring.factories
@@ -1,4 +1,6 @@
org.springframework.boot.autoconfigure.EnableAutoConfiguration=\
com.codingapi.springboot.security.configurer.WebSecurityConfigurer,\
com.codingapi.springboot.security.jwt.JWTSecurityConfiguration,\
+com.codingapi.springboot.security.redis.RedisSecurityConfiguration,\
+com.codingapi.springboot.security.crypto.SecurityCryptoConfiguration,\
com.codingapi.springboot.security.AutoConfiguration
\ No newline at end of file
diff --git a/springboot-starter-security/src/main/resources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports b/springboot-starter-security/src/main/resources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports
index b02ad6b8..59324754 100644
--- a/springboot-starter-security/src/main/resources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports
+++ b/springboot-starter-security/src/main/resources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports
@@ -1,3 +1,5 @@
com.codingapi.springboot.security.configurer.WebSecurityConfigurer
+com.codingapi.springboot.security.crypto.SecurityCryptoConfiguration
com.codingapi.springboot.security.jwt.JWTSecurityConfiguration
+com.codingapi.springboot.security.redis.RedisSecurityConfiguration
com.codingapi.springboot.security.AutoConfiguration
\ No newline at end of file
diff --git a/springboot-starter-security/src/test/resources/application.properties b/springboot-starter-security/src/test/resources/application.properties
index 44e19258..fe90d5f8 100644
--- a/springboot-starter-security/src/test/resources/application.properties
+++ b/springboot-starter-security/src/test/resources/application.properties
@@ -1,15 +1,15 @@
server.port=8088
-codingapi.security.jwt.jwt-time=10000
-codingapi.security.jwt.jwt-rest-time=5000
+codingapi.security.jwt.valid-time=10000
+codingapi.security.jwt.rest-time=5000
codingapi.security.jwt.enable=true
# JWT密钥 需大于32位的字符串
codingapi.security.jwt.secret-key=codingapi.security.jwt.secretkey
# JWT AES密钥
-codingapi.security.jwt.ase-key=QUNEWCQlXiYqJCNYQ1phc0FDRFgkJV4mKiQjWENaYXM=
+codingapi.security.ase-key=QUNEWCQlXiYqJCNYQ1phc0FDRFgkJV4mKiQjWENaYXM=
# JWT AES IV
-codingapi.security.jwt.ase-iv=QUNYRkdIQEVEUyNYQ1phcw==
+codingapi.security.ase-iv=QUNYRkdIQEVEUyNYQ1phcw==
# JWT 有效时间(毫秒) 15分钟有效期 1000*60*15=900000
#codingapi.security.jwt-time=900000
From a87b9d8ba4e9c28d4f11348a95dc2078087d2d79 Mon Sep 17 00:00:00 2001
From: xlorne <1991wangliang@gmail.com>
Date: Thu, 28 Mar 2024 15:27:11 +0800
Subject: [PATCH 4/8] add #40
---
.../security/jwt/JWTSecurityConfiguration.java | 2 +-
.../security/redis/RedisSecurityConfiguration.java | 3 +--
.../security/redis/RedisTokenGatewayImpl.java | 14 ++++++++++----
3 files changed, 12 insertions(+), 7 deletions(-)
diff --git a/springboot-starter-security/src/main/java/com/codingapi/springboot/security/jwt/JWTSecurityConfiguration.java b/springboot-starter-security/src/main/java/com/codingapi/springboot/security/jwt/JWTSecurityConfiguration.java
index 90fcdc13..3991ae9a 100644
--- a/springboot-starter-security/src/main/java/com/codingapi/springboot/security/jwt/JWTSecurityConfiguration.java
+++ b/springboot-starter-security/src/main/java/com/codingapi/springboot/security/jwt/JWTSecurityConfiguration.java
@@ -8,7 +8,7 @@
import org.springframework.context.annotation.Configuration;
@Configuration
-@ConditionalOnProperty(prefix = "codingapi.security.jwt", name = "enable", havingValue = "true", matchIfMissing = true)
+@ConditionalOnProperty(prefix = "codingapi.security.jwt", name = "enable", havingValue = "true")
public class JWTSecurityConfiguration {
diff --git a/springboot-starter-security/src/main/java/com/codingapi/springboot/security/redis/RedisSecurityConfiguration.java b/springboot-starter-security/src/main/java/com/codingapi/springboot/security/redis/RedisSecurityConfiguration.java
index 2ce14c1d..682bed72 100644
--- a/springboot-starter-security/src/main/java/com/codingapi/springboot/security/redis/RedisSecurityConfiguration.java
+++ b/springboot-starter-security/src/main/java/com/codingapi/springboot/security/redis/RedisSecurityConfiguration.java
@@ -1,6 +1,5 @@
package com.codingapi.springboot.security.redis;
-import com.codingapi.springboot.security.gateway.Token;
import com.codingapi.springboot.security.gateway.TokenGateway;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
@@ -23,7 +22,7 @@ public SecurityRedisProperties securityRedisProperties() {
@Bean
@ConditionalOnMissingBean
- public TokenGateway redisTokenGateway(RedisTemplate redisTemplate, SecurityRedisProperties properties) {
+ public TokenGateway redisTokenGateway(RedisTemplate redisTemplate, SecurityRedisProperties properties) {
return new RedisTokenGatewayImpl(redisTemplate, properties);
}
diff --git a/springboot-starter-security/src/main/java/com/codingapi/springboot/security/redis/RedisTokenGatewayImpl.java b/springboot-starter-security/src/main/java/com/codingapi/springboot/security/redis/RedisTokenGatewayImpl.java
index af2312bf..f1e5be18 100644
--- a/springboot-starter-security/src/main/java/com/codingapi/springboot/security/redis/RedisTokenGatewayImpl.java
+++ b/springboot-starter-security/src/main/java/com/codingapi/springboot/security/redis/RedisTokenGatewayImpl.java
@@ -1,19 +1,21 @@
package com.codingapi.springboot.security.redis;
+import com.alibaba.fastjson2.JSONObject;
import com.codingapi.springboot.security.gateway.Token;
import com.codingapi.springboot.security.gateway.TokenGateway;
import org.springframework.data.redis.core.RedisTemplate;
import java.util.List;
import java.util.UUID;
+import java.util.concurrent.TimeUnit;
public class RedisTokenGatewayImpl implements TokenGateway {
- private final RedisTemplate redisTemplate;
+ private final RedisTemplate redisTemplate;
private final int validTime;
private final int restTime;
- public RedisTokenGatewayImpl(RedisTemplate redisTemplate, SecurityRedisProperties properties) {
+ public RedisTokenGatewayImpl(RedisTemplate redisTemplate, SecurityRedisProperties properties) {
this.redisTemplate = redisTemplate;
this.validTime = properties.getValidTime();
this.restTime = properties.getRestTime();
@@ -24,13 +26,17 @@ public Token create(String username, String iv, List authorities, String
Token token = new Token(username, iv, extra, authorities, validTime, restTime);
String key = String.format("%s:%s", username, UUID.randomUUID().toString().replaceAll("-", ""));
token.setToken(key);
- redisTemplate.opsForValue().set(key, token);
+ redisTemplate.opsForValue().set(key, token.toJson(), validTime, TimeUnit.MILLISECONDS);
return token;
}
@Override
public Token parser(String sign) {
- return redisTemplate.opsForValue().get(sign);
+ String json = redisTemplate.opsForValue().get(sign);
+ if (json == null) {
+ return null;
+ }
+ return JSONObject.parseObject(json, Token.class);
}
}
From 9507080d78a107c33e51b0333cd1e047469c276c Mon Sep 17 00:00:00 2001
From: xlorne <1991wangliang@gmail.com>
Date: Thu, 28 Mar 2024 15:47:36 +0800
Subject: [PATCH 5/8] fix #40
---
.../jwt/JWTSecurityConfiguration.java | 11 +++-
.../security/jwt/JWTTokenGatewayImpl.java | 10 ++--
.../jwt/{Jwt.java => JwtTokenGateway.java} | 10 ++--
.../redis/RedisSecurityConfiguration.java | 10 +++-
.../security/redis/RedisTokenGateway.java | 52 +++++++++++++++++++
.../security/redis/RedisTokenGatewayImpl.java | 26 ++--------
6 files changed, 84 insertions(+), 35 deletions(-)
rename springboot-starter-security/src/main/java/com/codingapi/springboot/security/jwt/{Jwt.java => JwtTokenGateway.java} (86%)
create mode 100644 springboot-starter-security/src/main/java/com/codingapi/springboot/security/redis/RedisTokenGateway.java
diff --git a/springboot-starter-security/src/main/java/com/codingapi/springboot/security/jwt/JWTSecurityConfiguration.java b/springboot-starter-security/src/main/java/com/codingapi/springboot/security/jwt/JWTSecurityConfiguration.java
index 3991ae9a..54df5b3c 100644
--- a/springboot-starter-security/src/main/java/com/codingapi/springboot/security/jwt/JWTSecurityConfiguration.java
+++ b/springboot-starter-security/src/main/java/com/codingapi/springboot/security/jwt/JWTSecurityConfiguration.java
@@ -21,8 +21,15 @@ public SecurityJWTProperties securityJWTProperties() {
@Bean
@ConditionalOnMissingBean
- public TokenGateway jwtTokenGateway(SecurityJWTProperties properties) {
- return new JWTTokenGatewayImpl(properties);
+ public JwtTokenGateway jwtTokenGateway(SecurityJWTProperties properties) {
+ return new JwtTokenGateway(properties);
+ }
+
+
+ @Bean
+ @ConditionalOnMissingBean
+ public TokenGateway jwtTokenGatewayImpl(JwtTokenGateway jwtTokenGateway) {
+ return new JWTTokenGatewayImpl(jwtTokenGateway);
}
}
diff --git a/springboot-starter-security/src/main/java/com/codingapi/springboot/security/jwt/JWTTokenGatewayImpl.java b/springboot-starter-security/src/main/java/com/codingapi/springboot/security/jwt/JWTTokenGatewayImpl.java
index 8693ca9d..4a890ab7 100644
--- a/springboot-starter-security/src/main/java/com/codingapi/springboot/security/jwt/JWTTokenGatewayImpl.java
+++ b/springboot-starter-security/src/main/java/com/codingapi/springboot/security/jwt/JWTTokenGatewayImpl.java
@@ -7,19 +7,19 @@
public class JWTTokenGatewayImpl implements TokenGateway {
- private final Jwt jwt;
+ private final JwtTokenGateway jwtTokenGateway;
- public JWTTokenGatewayImpl(SecurityJWTProperties properties) {
- this.jwt = new Jwt(properties.getSecretKey(), properties.getValidTime(), properties.getRestTime());
+ public JWTTokenGatewayImpl(JwtTokenGateway jwtTokenGateway) {
+ this.jwtTokenGateway = jwtTokenGateway;
}
@Override
public Token create(String username, String password, List authorities, String extra) {
- return jwt.create(username, password, authorities, extra);
+ return jwtTokenGateway.create(username, password, authorities, extra);
}
@Override
public Token parser(String sign) {
- return jwt.parser(sign);
+ return jwtTokenGateway.parser(sign);
}
}
diff --git a/springboot-starter-security/src/main/java/com/codingapi/springboot/security/jwt/Jwt.java b/springboot-starter-security/src/main/java/com/codingapi/springboot/security/jwt/JwtTokenGateway.java
similarity index 86%
rename from springboot-starter-security/src/main/java/com/codingapi/springboot/security/jwt/Jwt.java
rename to springboot-starter-security/src/main/java/com/codingapi/springboot/security/jwt/JwtTokenGateway.java
index 7bdbdb14..57dab485 100644
--- a/springboot-starter-security/src/main/java/com/codingapi/springboot/security/jwt/Jwt.java
+++ b/springboot-starter-security/src/main/java/com/codingapi/springboot/security/jwt/JwtTokenGateway.java
@@ -12,16 +12,16 @@
import java.nio.charset.StandardCharsets;
import java.util.List;
-public class Jwt {
+public class JwtTokenGateway {
private final SecretKey key;
private final int validTime;
private final int restTime;
- public Jwt(String secretKey, int validTime, int restTime) {
- this.key = Keys.hmacShaKeyFor(secretKey.getBytes(StandardCharsets.UTF_8));
- this.validTime = validTime;
- this.restTime = restTime;
+ public JwtTokenGateway(SecurityJWTProperties properties) {
+ this.key = Keys.hmacShaKeyFor(properties.getSecretKey().getBytes(StandardCharsets.UTF_8));
+ this.validTime = properties.getValidTime();
+ this.restTime = properties.getRestTime();
}
public Token create(String username, List authorities, String extra){
diff --git a/springboot-starter-security/src/main/java/com/codingapi/springboot/security/redis/RedisSecurityConfiguration.java b/springboot-starter-security/src/main/java/com/codingapi/springboot/security/redis/RedisSecurityConfiguration.java
index 682bed72..c4bf141b 100644
--- a/springboot-starter-security/src/main/java/com/codingapi/springboot/security/redis/RedisSecurityConfiguration.java
+++ b/springboot-starter-security/src/main/java/com/codingapi/springboot/security/redis/RedisSecurityConfiguration.java
@@ -22,8 +22,14 @@ public SecurityRedisProperties securityRedisProperties() {
@Bean
@ConditionalOnMissingBean
- public TokenGateway redisTokenGateway(RedisTemplate redisTemplate, SecurityRedisProperties properties) {
- return new RedisTokenGatewayImpl(redisTemplate, properties);
+ public RedisTokenGateway redisTokenGateway(RedisTemplate redisTemplate, SecurityRedisProperties properties) {
+ return new RedisTokenGateway(redisTemplate, properties);
+ }
+
+ @Bean
+ @ConditionalOnMissingBean
+ public TokenGateway redisTokenGatewayImpl(RedisTokenGateway redisTokenGateway) {
+ return new RedisTokenGatewayImpl(redisTokenGateway);
}
}
diff --git a/springboot-starter-security/src/main/java/com/codingapi/springboot/security/redis/RedisTokenGateway.java b/springboot-starter-security/src/main/java/com/codingapi/springboot/security/redis/RedisTokenGateway.java
new file mode 100644
index 00000000..6b7b0ad4
--- /dev/null
+++ b/springboot-starter-security/src/main/java/com/codingapi/springboot/security/redis/RedisTokenGateway.java
@@ -0,0 +1,52 @@
+package com.codingapi.springboot.security.redis;
+
+import com.alibaba.fastjson2.JSONObject;
+import com.codingapi.springboot.security.gateway.Token;
+import org.springframework.data.redis.core.RedisTemplate;
+
+import java.util.List;
+import java.util.Set;
+import java.util.UUID;
+import java.util.concurrent.TimeUnit;
+
+public class RedisTokenGateway {
+
+ private final RedisTemplate redisTemplate;
+ private final int validTime;
+ private final int restTime;
+
+ public RedisTokenGateway(RedisTemplate redisTemplate, SecurityRedisProperties properties) {
+ this.redisTemplate = redisTemplate;
+ this.validTime = properties.getValidTime();
+ this.restTime = properties.getRestTime();
+ }
+
+ public Token create(String username, String iv, List authorities, String extra) {
+ Token token = new Token(username, iv, extra, authorities, validTime, restTime);
+ String key = String.format("%s:%s", username, UUID.randomUUID().toString().replaceAll("-", ""));
+ token.setToken(key);
+ redisTemplate.opsForValue().set(key, token.toJson(), validTime, TimeUnit.MILLISECONDS);
+ return token;
+ }
+
+ public Token parser(String sign) {
+ String json = redisTemplate.opsForValue().get(sign);
+ if (json == null) {
+ return null;
+ }
+ return JSONObject.parseObject(json, Token.class);
+ }
+
+ public void removeToken(String token) {
+ redisTemplate.delete(token);
+ }
+
+ public void removeUsername(String username) {
+ Set keys = redisTemplate.keys(username + ":*");
+ if (keys != null && !keys.isEmpty()) {
+ redisTemplate.delete(keys);
+ }
+ }
+
+
+}
diff --git a/springboot-starter-security/src/main/java/com/codingapi/springboot/security/redis/RedisTokenGatewayImpl.java b/springboot-starter-security/src/main/java/com/codingapi/springboot/security/redis/RedisTokenGatewayImpl.java
index f1e5be18..19453d66 100644
--- a/springboot-starter-security/src/main/java/com/codingapi/springboot/security/redis/RedisTokenGatewayImpl.java
+++ b/springboot-starter-security/src/main/java/com/codingapi/springboot/security/redis/RedisTokenGatewayImpl.java
@@ -1,42 +1,26 @@
package com.codingapi.springboot.security.redis;
-import com.alibaba.fastjson2.JSONObject;
import com.codingapi.springboot.security.gateway.Token;
import com.codingapi.springboot.security.gateway.TokenGateway;
-import org.springframework.data.redis.core.RedisTemplate;
import java.util.List;
-import java.util.UUID;
-import java.util.concurrent.TimeUnit;
public class RedisTokenGatewayImpl implements TokenGateway {
- private final RedisTemplate redisTemplate;
- private final int validTime;
- private final int restTime;
+ private final RedisTokenGateway redisTokenGateway;
- public RedisTokenGatewayImpl(RedisTemplate redisTemplate, SecurityRedisProperties properties) {
- this.redisTemplate = redisTemplate;
- this.validTime = properties.getValidTime();
- this.restTime = properties.getRestTime();
+ public RedisTokenGatewayImpl(RedisTokenGateway redisTokenGateway) {
+ this.redisTokenGateway = redisTokenGateway;
}
@Override
public Token create(String username, String iv, List authorities, String extra) {
- Token token = new Token(username, iv, extra, authorities, validTime, restTime);
- String key = String.format("%s:%s", username, UUID.randomUUID().toString().replaceAll("-", ""));
- token.setToken(key);
- redisTemplate.opsForValue().set(key, token.toJson(), validTime, TimeUnit.MILLISECONDS);
- return token;
+ return redisTokenGateway.create(username, iv, authorities, extra);
}
@Override
public Token parser(String sign) {
- String json = redisTemplate.opsForValue().get(sign);
- if (json == null) {
- return null;
- }
- return JSONObject.parseObject(json, Token.class);
+ return redisTokenGateway.parser(sign);
}
}
From c8543dd680c4c0d2ab0edae26cda445505754604 Mon Sep 17 00:00:00 2001
From: xlorne <1991wangliang@gmail.com>
Date: Thu, 28 Mar 2024 16:13:34 +0800
Subject: [PATCH 6/8] fix #40
---
.../security/redis/RedisTokenGateway.java | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/springboot-starter-security/src/main/java/com/codingapi/springboot/security/redis/RedisTokenGateway.java b/springboot-starter-security/src/main/java/com/codingapi/springboot/security/redis/RedisTokenGateway.java
index 6b7b0ad4..d4eb4257 100644
--- a/springboot-starter-security/src/main/java/com/codingapi/springboot/security/redis/RedisTokenGateway.java
+++ b/springboot-starter-security/src/main/java/com/codingapi/springboot/security/redis/RedisTokenGateway.java
@@ -8,6 +8,7 @@
import java.util.Set;
import java.util.UUID;
import java.util.concurrent.TimeUnit;
+import java.util.function.Predicate;
public class RedisTokenGateway {
@@ -48,5 +49,17 @@ public void removeUsername(String username) {
}
}
+ public void removeUsername(String username, Predicate predicate) {
+ Set keys = redisTemplate.keys(username + ":*");
+ if (keys != null && !keys.isEmpty()) {
+ for (String key : keys) {
+ Token token = parser(key);
+ if (token != null && predicate.test(token)) {
+ redisTemplate.delete(key);
+ }
+ }
+ }
+ }
+
}
From d0ca7a3139f0343638327657d0774a792f588607 Mon Sep 17 00:00:00 2001
From: xlorne <1991wangliang@gmail.com>
Date: Fri, 29 Mar 2024 08:32:33 +0800
Subject: [PATCH 7/8] update readme
---
README.md | 4 ++--
...-jwt.md => springboot-starter-security.md} | 22 ++++++++++++++-----
2 files changed, 18 insertions(+), 8 deletions(-)
rename docs/wiki/{springboot-starter-security-jwt.md => springboot-starter-security.md} (86%)
diff --git a/README.md b/README.md
index a1d30c5d..c731df8e 100644
--- a/README.md
+++ b/README.md
@@ -18,7 +18,7 @@ v.3.x 为springboot 3.x版本,使用jdk17版本
* springboot-starter | Springboot领域驱动框架
* springboot-starter-data-fast | 快速数据呈现框架
-* springboot-starter-security-jwt | security&jwt权限框架
+* springboot-starter-security | security&jwt权限框架
## SpringBoot DDD Architecture | SpringBoot DDD 框架图
@@ -44,7 +44,7 @@ v.3.x 为springboot 3.x版本,使用jdk17版本
com.codingapi.springboot
- springboot-starter-security-jwt
+ springboot-starter-security
${last.version}
diff --git a/docs/wiki/springboot-starter-security-jwt.md b/docs/wiki/springboot-starter-security.md
similarity index 86%
rename from docs/wiki/springboot-starter-security-jwt.md
rename to docs/wiki/springboot-starter-security.md
index 2cad32e0..9f7e7481 100644
--- a/docs/wiki/springboot-starter-security-jwt.md
+++ b/docs/wiki/springboot-starter-security.md
@@ -1,18 +1,28 @@
-springboot-starter-security-jwt 功能介绍
+springboot-starter-security 功能介绍
+
+支持无状态的JWT和有状态的redis两种不同的token机制
配置文件,默认参数即说明
```properties
+# JWT开关
+codingapi.security.jwt.enable=true
# JWT密钥 需大于32位的字符串
-codingapi.security.jwt-secret=codingapi.security.jwt.secretkey
+codingapi.security.jwt.secret-key=codingapi.security.jwt.secretkey
+
+# JWT 有效时间(毫秒) 15分钟有效期 1000*60*15=900000
+codingapi.security.jwt.valid-time=900000
+# JWT 更换令牌时间(毫秒) 10分钟后更换令牌 1000*60*10=600000
+codingapi.security.jwt.rest-time=600000
+
# JWT AES密钥
codingapi.security.ase-key=QUNEWCQlXiYqJCNYQ1phc0FDRFgkJV4mKiQjWENaYXM=
# JWT AES IV
codingapi.security.aes-iv=QUNYRkdIQEVEUyNYQ1phcw==
-# JWT 有效时间(毫秒) 15分钟有效期 1000*60*15=900000
-codingapi.security.jwt-time=900000
-# JWT 更换令牌时间(毫秒) 10分钟后更换令牌 1000*60*10=600000
-codingapi.security.jwt-rest-time=600000
+# Redis开关
+#codingapi.security.redis.enable=true
+#spring.data.redis.host=localhost
+#spring.data.redis.port=6379
# Security 配置 请求权限拦截地址
codingapi.security.authenticated-urls=/api/**
From 43b0693348d761f34c576aef094cb587cfb46a6c Mon Sep 17 00:00:00 2001
From: xlorne <1991wangliang@gmail.com>
Date: Fri, 29 Mar 2024 09:14:27 +0800
Subject: [PATCH 8/8] update springboot 3.2.4
---
pom.xml | 4 +-
springboot-starter-data-fast/pom.xml | 2 +-
springboot-starter-security/pom.xml | 2 +-
.../security/AutoConfiguration.java | 45 +++++++++++--------
.../configurer/HttpSecurityConfigurer.java | 7 +--
springboot-starter/pom.xml | 2 +-
6 files changed, 35 insertions(+), 27 deletions(-)
diff --git a/pom.xml b/pom.xml
index 3fa40c35..64d1be66 100644
--- a/pom.xml
+++ b/pom.xml
@@ -6,13 +6,13 @@
org.springframework.boot
spring-boot-starter-parent
- 3.1.8
+ 3.2.4
com.codingapi.springboot
springboot-parent
- 3.2.0.dev
+ 3.2.0
https://github.com/codingapi/springboot-framewrok
springboot-parent
diff --git a/springboot-starter-data-fast/pom.xml b/springboot-starter-data-fast/pom.xml
index 7d4f55d7..0f757bed 100644
--- a/springboot-starter-data-fast/pom.xml
+++ b/springboot-starter-data-fast/pom.xml
@@ -5,7 +5,7 @@
springboot-parent
com.codingapi.springboot
- 3.2.0.dev
+ 3.2.0
4.0.0
diff --git a/springboot-starter-security/pom.xml b/springboot-starter-security/pom.xml
index f91192b4..cd0e09e4 100644
--- a/springboot-starter-security/pom.xml
+++ b/springboot-starter-security/pom.xml
@@ -6,7 +6,7 @@
springboot-parent
com.codingapi.springboot
- 3.2.0.dev
+ 3.2.0
springboot-starter-security
diff --git a/springboot-starter-security/src/main/java/com/codingapi/springboot/security/AutoConfiguration.java b/springboot-starter-security/src/main/java/com/codingapi/springboot/security/AutoConfiguration.java
index a3e37064..b89cfe79 100644
--- a/springboot-starter-security/src/main/java/com/codingapi/springboot/security/AutoConfiguration.java
+++ b/springboot-starter-security/src/main/java/com/codingapi/springboot/security/AutoConfiguration.java
@@ -16,8 +16,10 @@
import org.springframework.core.env.Environment;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
+import org.springframework.security.config.Customizer;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
@@ -88,19 +90,26 @@ public AuthenticationTokenFilter authenticationTokenFilter() {
public SecurityFilterChain filterChain(HttpSecurity security, TokenGateway tokenGateway, SecurityLoginHandler loginHandler,
CodingApiSecurityProperties properties, AuthenticationTokenFilter authenticationTokenFilter) throws Exception {
//disable basic auth
- security.httpBasic().disable();
+ security.httpBasic(AbstractHttpConfigurer::disable);
//before add addCorsMappings to enable cors.
- security.cors();
- if (properties.isDisableCsrf()) {
- security.csrf().disable();
- }
- security.apply(new HttpSecurityConfigurer(tokenGateway, loginHandler, properties, authenticationTokenFilter));
- security
- .exceptionHandling()
- .authenticationEntryPoint(new MyUnAuthenticationEntryPoint())
- .accessDeniedHandler(new MyAccessDeniedHandler())
- .and()
+ security.cors(httpSecurityCorsConfigurer -> {
+ if (properties.isDisableCors()) {
+ httpSecurityCorsConfigurer.disable();
+ }
+ });
+
+ security.csrf(httpSecurityCsrfConfigurer -> {
+ if (properties.isDisableCsrf()) {
+ httpSecurityCsrfConfigurer.disable();
+ }
+ });
+
+
+ security.with(new HttpSecurityConfigurer(tokenGateway, loginHandler, properties, authenticationTokenFilter), Customizer.withDefaults());
+ security.exceptionHandling(httpSecurityExceptionHandlingConfigurer ->
+ httpSecurityExceptionHandlingConfigurer.authenticationEntryPoint(new MyUnAuthenticationEntryPoint())
+ .accessDeniedHandler(new MyAccessDeniedHandler()))
.authorizeHttpRequests(
registry -> {
registry.requestMatchers(properties.getIgnoreUrls()).permitAll()
@@ -109,15 +118,13 @@ public SecurityFilterChain filterChain(HttpSecurity security, TokenGateway token
}
)
//default login url :/login
- .formLogin()
- .loginProcessingUrl(properties.getLoginProcessingUrl())
- .permitAll()
- .and()
+ .formLogin(httpSecurityFormLoginConfigurer ->
+ httpSecurityFormLoginConfigurer.loginPage(properties.getLoginProcessingUrl())
+ )
//default logout url :/logout
- .logout()
- .logoutUrl(properties.getLogoutUrl())
- .addLogoutHandler(new MyLogoutHandler())
- .logoutSuccessHandler(new MyLogoutSuccessHandler());
+ .logout(httpSecurityLogoutConfigurer -> httpSecurityLogoutConfigurer.logoutUrl(properties.getLogoutUrl())
+ .addLogoutHandler(new MyLogoutHandler())
+ .logoutSuccessHandler(new MyLogoutSuccessHandler()));
return security.build();
}
diff --git a/springboot-starter-security/src/main/java/com/codingapi/springboot/security/configurer/HttpSecurityConfigurer.java b/springboot-starter-security/src/main/java/com/codingapi/springboot/security/configurer/HttpSecurityConfigurer.java
index c56fd5fc..a1ca9ecc 100644
--- a/springboot-starter-security/src/main/java/com/codingapi/springboot/security/configurer/HttpSecurityConfigurer.java
+++ b/springboot-starter-security/src/main/java/com/codingapi/springboot/security/configurer/HttpSecurityConfigurer.java
@@ -8,11 +8,12 @@
import com.codingapi.springboot.security.properties.CodingApiSecurityProperties;
import lombok.AllArgsConstructor;
import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.config.annotation.SecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
+import org.springframework.security.web.DefaultSecurityFilterChain;
@AllArgsConstructor
-public class HttpSecurityConfigurer extends AbstractHttpConfigurer {
+public class HttpSecurityConfigurer extends SecurityConfigurerAdapter {
private final TokenGateway tokenGateway;
@@ -23,7 +24,7 @@ public class HttpSecurityConfigurer extends AbstractHttpConfigurer
com.codingapi.springboot
springboot-parent
- 3.2.0.dev
+ 3.2.0
springboot-starter