6-09

imooc-security-app/src/main/java/com/imooc/security/app/ImoocAuthorizationServerConfig.java

@@ -3,6 +3,9 @@
  */
 package com.imooc.security.app;
 
+import java.util.ArrayList;
+import java.util.List;
+
 import org.apache.commons.lang.ArrayUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Configuration;
@@ -13,7 +16,10 @@
 import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
 import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
 import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
+import org.springframework.security.oauth2.provider.token.TokenEnhancer;
+import org.springframework.security.oauth2.provider.token.TokenEnhancerChain;
 import org.springframework.security.oauth2.provider.token.TokenStore;
+import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter;
 
 import com.imooc.security.core.properties.OAuth2ClientProperties;
 import com.imooc.security.core.properties.SecurityProperties;
@@ -34,6 +40,12 @@ public class ImoocAuthorizationServerConfig extends AuthorizationServerConfigure
 
 	@Autowired
 	private TokenStore tokenStore;
+
+	@Autowired(required = false)
+	private JwtAccessTokenConverter jwtAccessTokenConverter;
+
+	@Autowired(required = false)
+	private TokenEnhancer jwtTokenEnhancer;
 
 	@Autowired
 	private SecurityProperties securityProperties;
@@ -43,6 +55,17 @@ public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws E
 		endpoints.tokenStore(tokenStore)
 				.authenticationManager(authenticationManager)
 				.userDetailsService(userDetailsService);
+
+		if(jwtAccessTokenConverter != null && jwtTokenEnhancer != null){
+			TokenEnhancerChain enhancerChain = new TokenEnhancerChain();
+			List<TokenEnhancer> enhancers = new ArrayList<>();
+			enhancers.add(jwtTokenEnhancer);
+			enhancers.add(jwtAccessTokenConverter);
+			enhancerChain.setTokenEnhancers(enhancers);
+			endpoints.tokenEnhancer(enhancerChain)
+						.accessTokenConverter(jwtAccessTokenConverter);
+		}
+
 	}
 
 	@Override

imooc-security-app/src/main/java/com/imooc/security/app/TokenStoreConfig.java

@@ -4,12 +4,20 @@
 package com.imooc.security.app;
 
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnBean;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.data.redis.connection.RedisConnectionFactory;
+import org.springframework.security.oauth2.provider.token.TokenEnhancer;
 import org.springframework.security.oauth2.provider.token.TokenStore;
+import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter;
+import org.springframework.security.oauth2.provider.token.store.JwtTokenStore;
 import org.springframework.security.oauth2.provider.token.store.redis.RedisTokenStore;
 
+import com.imooc.security.app.jwt.ImoocJwtTokenEnhancer;
+import com.imooc.security.core.properties.SecurityProperties;
+
 /**
  * @author zhailiang
  *
@@ -21,8 +29,38 @@ public class TokenStoreConfig {
 	private RedisConnectionFactory redisConnectionFactory;
 
 	@Bean
+	@ConditionalOnProperty(prefix = "imooc.security.oauth2", name = "tokenStore", havingValue = "redis")
 	public TokenStore redisTokenStore() {
 		return new RedisTokenStore(redisConnectionFactory);
 	}
 
+	@Configuration
+	@ConditionalOnProperty(prefix = "imooc.security.oauth2", name = "tokenStore", havingValue = "jwt", matchIfMissing = true)
+	public static class JwtConfig {
+
+		@Autowired
+		private SecurityProperties securityProperties;
+
+		@Bean
+		public TokenStore jwtTokenStore() {
+			return new JwtTokenStore(jwtAccessTokenConverter());
+		}
+
+		@Bean
+		public JwtAccessTokenConverter jwtAccessTokenConverter(){
+			JwtAccessTokenConverter converter = new JwtAccessTokenConverter();
+	        converter.setSigningKey(securityProperties.getOauth2().getJwtSigningKey());
+	        return converter;
+		}
+
+		@Bean
+		@ConditionalOnBean(TokenEnhancer.class)
+		public TokenEnhancer jwtTokenEnhancer(){
+			return new ImoocJwtTokenEnhancer();
+		}
+
+	}
+
+
+
 }

imooc-security-app/src/main/java/com/imooc/security/app/jwt/ImoocJwtTokenEnhancer.java

@@ -0,0 +1,33 @@
+/**
+ * 
+ */
+package com.imooc.security.app.jwt;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import org.springframework.security.oauth2.common.DefaultOAuth2AccessToken;
+import org.springframework.security.oauth2.common.OAuth2AccessToken;
+import org.springframework.security.oauth2.provider.OAuth2Authentication;
+import org.springframework.security.oauth2.provider.token.TokenEnhancer;
+
+/**
+ * @author zhailiang
+ *
+ */
+public class ImoocJwtTokenEnhancer implements TokenEnhancer {
+
+	/* (non-Javadoc)
+	 * @see org.springframework.security.oauth2.provider.token.TokenEnhancer#enhance(org.springframework.security.oauth2.common.OAuth2AccessToken, org.springframework.security.oauth2.provider.OAuth2Authentication)
+	 */
+	@Override
+	public OAuth2AccessToken enhance(OAuth2AccessToken accessToken, OAuth2Authentication authentication) {
+		Map<String, Object> info = new HashMap<>();
+		info.put("company", "imooc");
+
+		((DefaultOAuth2AccessToken)accessToken).setAdditionalInformation(info);
+
+		return accessToken;
+	}
+
+}

imooc-security-app/src/main/java/com/imooc/security/app/jwt/package-info.java

@@ -0,0 +1,8 @@
+/**
+ * 
+ */
+/**
+ * @author zhailiang
+ *
+ */
+package com.imooc.security.app.jwt;

imooc-security-core/src/main/java/com/imooc/security/core/properties/OAuth2Properties.java

@@ -9,6 +9,8 @@
  */
 public class OAuth2Properties {
 
+	private String jwtSigningKey = "imooc";
+
 	private OAuth2ClientProperties[] clients = {};
 
 	public OAuth2ClientProperties[] getClients() {
@@ -19,4 +21,12 @@ public void setClients(OAuth2ClientProperties[] clients) {
 		this.clients = clients;
 	}
 
+	public String getJwtSigningKey() {
+		return jwtSigningKey;
+	}
+
+	public void setJwtSigningKey(String jwtSigningKey) {
+		this.jwtSigningKey = jwtSigningKey;
+	}
+
 }

imooc-security-demo/pom.xml

@@ -10,11 +10,8 @@
 	</parent>
 
 	<dependencies>
-		<!-- <dependency>
-			<groupId>com.imooc.security</groupId>
-			<artifactId>imooc-security-browser</artifactId>
-			<version>${imooc.security.version}</version>
-		</dependency> -->
+		<!-- <dependency> <groupId>com.imooc.security</groupId> <artifactId>imooc-security-browser</artifactId> 
+			<version>${imooc.security.version}</version> </dependency> -->
 		<dependency>
 			<groupId>com.imooc.security</groupId>
 			<artifactId>imooc-security-app</artifactId>
@@ -46,6 +43,11 @@
 			<groupId>com.github.tomakehurst</groupId>
 			<artifactId>wiremock</artifactId>
 		</dependency>
+		<dependency>
+			<groupId>io.jsonwebtoken</groupId>
+			<artifactId>jjwt</artifactId>
+			<version>0.7.0</version>
+		</dependency>
 	</dependencies>
 
 	<build>

imooc-security-demo/src/main/java/com/imooc/web/controller/UserController.java

@@ -3,19 +3,20 @@
  */
 package com.imooc.web.controller;
 
+import java.io.UnsupportedEncodingException;
 import java.util.ArrayList;
 import java.util.List;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.validation.Valid;
 
+import org.apache.commons.lang.StringUtils;
 import org.apache.commons.lang.builder.ReflectionToStringBuilder;
 import org.apache.commons.lang.builder.ToStringStyle;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.data.domain.Pageable;
 import org.springframework.data.web.PageableDefault;
-import org.springframework.security.core.annotation.AuthenticationPrincipal;
-import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.core.Authentication;
 import org.springframework.social.connect.web.ProviderSignInUtils;
 import org.springframework.validation.BindingResult;
 import org.springframework.web.bind.annotation.DeleteMapping;
@@ -32,7 +33,14 @@
 import com.imooc.dto.User;
 import com.imooc.dto.UserQueryCondition;
 import com.imooc.security.app.social.AppSingUpUtils;
-
+import com.imooc.security.core.properties.SecurityProperties;
+
+import io.jsonwebtoken.Claims;
+import io.jsonwebtoken.ExpiredJwtException;
+import io.jsonwebtoken.Jwts;
+import io.jsonwebtoken.MalformedJwtException;
+import io.jsonwebtoken.SignatureException;
+import io.jsonwebtoken.UnsupportedJwtException;
 import io.swagger.annotations.ApiOperation;
 import io.swagger.annotations.ApiParam;
 
@@ -50,6 +58,9 @@ public class UserController {
 	@Autowired
 	private AppSingUpUtils appSingUpUtils;
 
+	@Autowired
+	private SecurityProperties securityProperties;
+
 	@PostMapping("/regist")
 	public void regist(User user, HttpServletRequest request) {
 
@@ -60,7 +71,17 @@ public void regist(User user, HttpServletRequest request) {
 	}
 
 	@GetMapping("/me")
-	public Object getCurrentUser(@AuthenticationPrincipal UserDetails user) {
+	public Object getCurrentUser(Authentication user, HttpServletRequest request) throws ExpiredJwtException, UnsupportedJwtException, MalformedJwtException, SignatureException, IllegalArgumentException, UnsupportedEncodingException {
+
+		String token = StringUtils.substringAfter(request.getHeader("Authorization"), "bearer ");
+
+		Claims claims = Jwts.parser().setSigningKey(securityProperties.getOauth2().getJwtSigningKey().getBytes("UTF-8"))
+					.parseClaimsJws(token).getBody();
+
+		String company = (String) claims.get("company");
+
+		System.out.println(company);
+
 		return user;
 	}
 

imooc-security-demo/src/main/resources/application.properties

@@ -37,3 +37,5 @@ imooc.security.oauth2.clients[0].accessTokenValidateSeconds = 3600
 
 imooc.security.oauth2.clients[1].clientId = test
 imooc.security.oauth2.clients[1].clientSecret = test
+
+#imooc.security.oauth2.tokenStore = redis