|
|
@@ -18,6 +18,8 @@
|
|
|
package com.pig4cloud.pigx.common.security.component;
|
|
|
|
|
|
import org.springframework.beans.factory.annotation.Autowired;
|
|
|
+import org.springframework.cloud.client.loadbalancer.LoadBalanced;
|
|
|
+import org.springframework.context.annotation.Bean;
|
|
|
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
|
|
import org.springframework.security.core.userdetails.UserDetailsService;
|
|
|
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
|
|
|
@@ -25,10 +27,14 @@ import org.springframework.security.oauth2.config.annotation.web.configurers.Res
|
|
|
import org.springframework.security.oauth2.provider.token.DefaultAccessTokenConverter;
|
|
|
import org.springframework.security.oauth2.provider.token.DefaultUserAuthenticationConverter;
|
|
|
import org.springframework.security.oauth2.provider.token.RemoteTokenServices;
|
|
|
+import org.springframework.web.client.RestTemplate;
|
|
|
|
|
|
/**
|
|
|
* @author lengleng
|
|
|
* @date 2018/6/22
|
|
|
+ * <p>
|
|
|
+ * 1. 支持remoteTokenServices 负载均衡
|
|
|
+ * 2. 支持 获取用户全部信息
|
|
|
*/
|
|
|
public abstract class BaseResourceServerConfigurerAdapter extends ResourceServerConfigurerAdapter {
|
|
|
@Autowired
|
|
|
@@ -40,21 +46,49 @@ public abstract class BaseResourceServerConfigurerAdapter extends ResourceServer
|
|
|
@Autowired
|
|
|
protected UserDetailsService userDetailsService;
|
|
|
|
|
|
+
|
|
|
+ /**
|
|
|
+ * 默认的配置,对外暴露
|
|
|
+ *
|
|
|
+ * @param http
|
|
|
+ * @throws Exception
|
|
|
+ */
|
|
|
@Override
|
|
|
public abstract void configure(HttpSecurity http) throws Exception;
|
|
|
|
|
|
/**
|
|
|
- * why add resourceId
|
|
|
- * https://stackoverflow.com/questions/28703847/how-do-you-set-a-resource-id-for-a-token
|
|
|
+ * 提供子类重写
|
|
|
+ * <p>
|
|
|
+ * 1. 不重写,默认支持获取雍熙
|
|
|
+ * 2. 重写notGetUser,提供性能
|
|
|
+ * <p>
|
|
|
+ * see codegen ResourceServerConfigurer
|
|
|
*
|
|
|
* @param resources
|
|
|
*/
|
|
|
@Override
|
|
|
public void configure(ResourceServerSecurityConfigurer resources) {
|
|
|
+ canGetUser(resources);
|
|
|
+ }
|
|
|
+
|
|
|
+ @Bean
|
|
|
+ @LoadBalanced
|
|
|
+ public RestTemplate lbRestTemplate() {
|
|
|
+ return new RestTemplate();
|
|
|
+ }
|
|
|
+
|
|
|
+
|
|
|
+ /**
|
|
|
+ * 不获取用户详细 只有用户名
|
|
|
+ *
|
|
|
+ * @param resources
|
|
|
+ */
|
|
|
+ protected void notGetUser(ResourceServerSecurityConfigurer resources) {
|
|
|
DefaultAccessTokenConverter accessTokenConverter = new DefaultAccessTokenConverter();
|
|
|
DefaultUserAuthenticationConverter userTokenConverter = new DefaultUserAuthenticationConverter();
|
|
|
- userTokenConverter.setUserDetailsService(userDetailsService);
|
|
|
accessTokenConverter.setUserTokenConverter(userTokenConverter);
|
|
|
+
|
|
|
+ remoteTokenServices.setRestTemplate(lbRestTemplate());
|
|
|
remoteTokenServices.setAccessTokenConverter(accessTokenConverter);
|
|
|
resources.authenticationEntryPoint(resourceAuthExceptionEntryPoint)
|
|
|
.accessDeniedHandler(pigAccessDeniedHandler)
|
|
|
@@ -62,4 +96,22 @@ public abstract class BaseResourceServerConfigurerAdapter extends ResourceServer
|
|
|
}
|
|
|
|
|
|
|
|
|
+ /**
|
|
|
+ * 上下文中获取用户全部信息,两次调用userDetailsService,影响性能
|
|
|
+ *
|
|
|
+ * @param resources
|
|
|
+ */
|
|
|
+ private void canGetUser(ResourceServerSecurityConfigurer resources) {
|
|
|
+ DefaultAccessTokenConverter accessTokenConverter = new DefaultAccessTokenConverter();
|
|
|
+ DefaultUserAuthenticationConverter userTokenConverter = new DefaultUserAuthenticationConverter();
|
|
|
+ userTokenConverter.setUserDetailsService(userDetailsService);
|
|
|
+ accessTokenConverter.setUserTokenConverter(userTokenConverter);
|
|
|
+
|
|
|
+ remoteTokenServices.setRestTemplate(lbRestTemplate());
|
|
|
+ remoteTokenServices.setAccessTokenConverter(accessTokenConverter);
|
|
|
+ resources.authenticationEntryPoint(resourceAuthExceptionEntryPoint)
|
|
|
+ .accessDeniedHandler(pigAccessDeniedHandler)
|
|
|
+ .tokenServices(remoteTokenServices);
|
|
|
+ }
|
|
|
+
|
|
|
}
|
冷冷