Merge pull request apolloconfig#738 from nobodyiam/fix-spring-securit…

…y-auth fix for spring security auth table case issue
zhlei163 · Sep 7, 2017 · b9bca87 · b9bca87
2 parents d62ba3d + 4d0bf71
commit b9bca87
Show file tree

Hide file tree

Showing 11 changed files with 107 additions and 103 deletions.
diff --git a/...apollo/common/auth/WebSecurityConfig.java → ...rk/apollo/biz/auth/WebSecurityConfig.java b/...apollo/common/auth/WebSecurityConfig.java → ...rk/apollo/biz/auth/WebSecurityConfig.java
@@ -1,4 +1,6 @@
-package com.ctrip.framework.apollo.common.auth;
+package com.ctrip.framework.apollo.biz.auth;
+
+import com.ctrip.framework.apollo.common.condition.ConditionalOnMissingProfile;
 
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Configuration;
@@ -8,6 +10,7 @@
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 
+@ConditionalOnMissingProfile("auth")
 @Configuration
 @EnableWebSecurity
 @EnableGlobalMethodSecurity(prePostEnabled = true)

diff --git a/...onfigservice/src/test/java/com/ctrip/framework/apollo/ConfigServiceTestConfiguration.java b/...onfigservice/src/test/java/com/ctrip/framework/apollo/ConfigServiceTestConfiguration.java
@@ -1,6 +1,6 @@
 package com.ctrip.framework.apollo;
 
-import com.ctrip.framework.apollo.common.auth.WebSecurityConfig;
+import com.ctrip.framework.apollo.biz.auth.WebSecurityConfig;
 import com.ctrip.framework.apollo.configservice.ConfigServiceApplication;
 
 import org.springframework.boot.autoconfigure.EnableAutoConfiguration;

diff --git a/...portal/src/main/java/com/ctrip/framework/apollo/portal/component/RestTemplateFactory.java b/...portal/src/main/java/com/ctrip/framework/apollo/portal/component/RestTemplateFactory.java
@@ -1,17 +1,9 @@
 package com.ctrip.framework.apollo.portal.component;
 
-import com.google.common.io.BaseEncoding;
-
-
 import com.ctrip.framework.apollo.portal.component.config.PortalConfig;
 
-import org.apache.http.Header;
-import org.apache.http.auth.AuthScope;
-import org.apache.http.auth.UsernamePasswordCredentials;
-import org.apache.http.impl.client.BasicCredentialsProvider;
 import org.apache.http.impl.client.CloseableHttpClient;
 import org.apache.http.impl.client.HttpClientBuilder;
-import org.apache.http.message.BasicHeader;
 import org.springframework.beans.factory.FactoryBean;
 import org.springframework.beans.factory.InitializingBean;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -21,8 +13,6 @@
 import org.springframework.web.client.RestTemplate;
 
 import java.io.UnsupportedEncodingException;
-import java.util.ArrayList;
-import java.util.Collection;
 
 @Component
 public class RestTemplateFactory implements FactoryBean<RestTemplate>, InitializingBean {
@@ -47,18 +37,7 @@ public boolean isSingleton() {
   }
 
   public void afterPropertiesSet() throws UnsupportedEncodingException {
-    Collection<Header> defaultHeaders = new ArrayList<Header>();
-    Header header = new BasicHeader("Authorization",
-        "Basic " + BaseEncoding.base64().encode("apollo:".getBytes("UTF-8")));
-    defaultHeaders.add(header);
-
-    BasicCredentialsProvider credentialsProvider = new BasicCredentialsProvider();
-    credentialsProvider.setCredentials(AuthScope.ANY,
-        new UsernamePasswordCredentials("apollo", ""));
-    CloseableHttpClient httpClient =
-        HttpClientBuilder.create().setDefaultCredentialsProvider(credentialsProvider)
-            .setDefaultHeaders(defaultHeaders).build();
-
+    CloseableHttpClient httpClient = HttpClientBuilder.create().build();
 
     restTemplate = new RestTemplate(httpMessageConverters.getConverters());
     HttpComponentsClientHttpRequestFactory requestFactory =

diff --git a/apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/entity/po/UserPO.java b/apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/entity/po/UserPO.java
@@ -12,18 +12,18 @@
  * @author lepdou 2017-04-08
  */
 @Entity
-@Table(name = "users")
+@Table(name = "Users")
 public class UserPO {
 
   @Id
   @GeneratedValue
   @Column(name = "Id")
   private long id;
-  @Column(name = "username", nullable = false)
+  @Column(name = "Username", nullable = false)
   private String username;
-  @Column(name = "password", nullable = false)
+  @Column(name = "Password", nullable = false)
   private String password;
-  @Column(name = "enabled", nullable = false)
+  @Column(name = "Enabled", nullable = false)
   private int enabled;
 
   public long getId() {
@@ -62,7 +62,7 @@ public UserInfo toUserInfo() {
     UserInfo userInfo = new UserInfo();
     userInfo.setName(this.getUsername());
     userInfo.setUserId(this.getUsername());
-    userInfo.setEmail("apollo@acme.com");
+    userInfo.setEmail(this.getUsername() + "@acme.com");
     return userInfo;
   }
 }
diff --git a/.../src/main/java/com/ctrip/framework/apollo/portal/spi/configuration/AuthConfiguration.java b/.../src/main/java/com/ctrip/framework/apollo/portal/spi/configuration/AuthConfiguration.java
@@ -34,7 +34,6 @@
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
-import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.security.provisioning.JdbcUserDetailsManager;
 import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint;
 
@@ -211,11 +210,11 @@ public LogoutHandler logoutHandler() {
     }
 
     @Bean
-    public JdbcUserDetailsManager jdbcUserDetailsManager(DataSource datasource) {
-      JdbcUserDetailsManager userDetailsService = new JdbcUserDetailsManager();
-      userDetailsService.setDataSource(datasource);
-
-      return userDetailsService;
+    public JdbcUserDetailsManager jdbcUserDetailsManager(AuthenticationManagerBuilder auth, DataSource datasource) throws Exception {
+      return auth.jdbcAuthentication().passwordEncoder(new BCryptPasswordEncoder()).dataSource(datasource)
+          .usersByUsernameQuery("select Username,Password,Enabled from `Users` where Username=?")
+          .authoritiesByUsernameQuery("select Username,Authority from `Authorities` where Username = ?")
+          .getUserDetailsService();
     }
 
     @Bean
@@ -224,42 +223,27 @@ public UserService springSecurityUserService() {
       return new SpringSecurityUserService();
     }
 
+  }
 
-    @Order(99)
-    @Configuration
-    @Profile("auth")
-    @EnableWebSecurity
-    @EnableGlobalMethodSecurity(prePostEnabled = true)
-    static class SpringSecurityConfigurer extends WebSecurityConfigurerAdapter {
-
-      public static final String USER_ROLE = "user";
-
-      @Autowired
-      private DataSource datasource;
-
-
-      @Override
-      protected void configure(HttpSecurity http) throws Exception {
-        http.csrf().disable();
-        http.headers().frameOptions().sameOrigin();
-        http.authorizeRequests()
-            .antMatchers("/openapi/*").permitAll()
-            .antMatchers("/*").hasAnyRole(USER_ROLE);
-        http.formLogin().loginPage("/signin").permitAll().failureUrl("/signin?#/error").and().httpBasic();
-        http.logout().invalidateHttpSession(true).clearAuthentication(true).logoutSuccessUrl("/signin?#/logout");
-        http.exceptionHandling().authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/signin"));
-      }
-
-      @Autowired
-      public void configureGlobal(AuthenticationManagerBuilder auth, JdbcUserDetailsManager userDetailsService)
-          throws Exception {
-        PasswordEncoder encoder = new BCryptPasswordEncoder();
-
-        auth.userDetailsService(userDetailsService).passwordEncoder(encoder);
-        auth.jdbcAuthentication().dataSource(datasource).usersByUsernameQuery(
-            "select username,password, enabled from users where username=?");
-      }
-
+  @Order(99)
+  @Profile("auth")
+  @Configuration
+  @EnableWebSecurity
+  @EnableGlobalMethodSecurity(prePostEnabled = true)
+  static class SpringSecurityConfigurer extends WebSecurityConfigurerAdapter {
+
+    public static final String USER_ROLE = "user";
+
+    @Override
+    protected void configure(HttpSecurity http) throws Exception {
+      http.csrf().disable();
+      http.headers().frameOptions().sameOrigin();
+      http.authorizeRequests()
+          .antMatchers("/openapi/*").permitAll()
+          .antMatchers("/*").hasAnyRole(USER_ROLE);
+      http.formLogin().loginPage("/signin").permitAll().failureUrl("/signin?#/error").and().httpBasic();
+      http.logout().invalidateHttpSession(true).clearAuthentication(true).logoutSuccessUrl("/signin?#/logout");
+      http.exceptionHandling().authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/signin"));
     }
 
   }
@@ -296,4 +280,16 @@ public UserService defaultUserService() {
     }
   }
 
+  @ConditionalOnMissingProfile("auth")
+  @Configuration
+  @EnableWebSecurity
+  @EnableGlobalMethodSecurity(prePostEnabled = true)
+  static class DefaultWebSecurityConfig extends WebSecurityConfigurerAdapter {
+
+    @Override
+    protected void configure(HttpSecurity http) throws Exception {
+      http.csrf().disable();
+      http.headers().frameOptions().sameOrigin();
+    }
+  }
 }
diff --git a/...src/main/java/com/ctrip/framework/apollo/portal/spi/configuration/EmailConfiguration.java b/...src/main/java/com/ctrip/framework/apollo/portal/spi/configuration/EmailConfiguration.java
@@ -1,6 +1,7 @@
 package com.ctrip.framework.apollo.portal.spi.configuration;
 
 
+import com.ctrip.framework.apollo.common.condition.ConditionalOnMissingProfile;
 import com.ctrip.framework.apollo.portal.spi.EmailService;
 import com.ctrip.framework.apollo.portal.spi.ctrip.CtripEmailService;
 import com.ctrip.framework.apollo.portal.spi.ctrip.CtripEmailRequestBuilder;
@@ -36,7 +37,7 @@ public CtripEmailRequestBuilder emailRequestBuilder() {
    * spring.profiles.active != ctrip
    */
   @Configuration
-  @Profile({"!ctrip"})
+  @ConditionalOnMissingProfile({"ctrip"})
   public static class DefaultEmailConfiguration {
     @Bean
     @ConditionalOnMissingBean(EmailService.class)

diff --git a/...al/src/main/java/com/ctrip/framework/apollo/portal/spi/configuration/MQConfiguration.java b/...al/src/main/java/com/ctrip/framework/apollo/portal/spi/configuration/MQConfiguration.java
@@ -1,5 +1,6 @@
 package com.ctrip.framework.apollo.portal.spi.configuration;
 
+import com.ctrip.framework.apollo.common.condition.ConditionalOnMissingProfile;
 import com.ctrip.framework.apollo.portal.spi.ctrip.CtripMQService;
 import com.ctrip.framework.apollo.portal.spi.defaultimpl.DefaultMQService;
 
@@ -24,7 +25,7 @@ public CtripMQService mqService() {
    * spring.profiles.active != ctrip
    */
   @Configuration
-  @Profile({"!ctrip"})
+  @ConditionalOnMissingProfile({"ctrip"})
   public static class DefaultMQConfiguration {
 
     @Bean

diff --git a/scripts/sql-docker/apolloportaldb.sql b/scripts/sql-docker/apolloportaldb.sql
@@ -276,29 +276,29 @@ CREATE TABLE `UserRole` (
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COMMENT='用户和role的绑定表';
 
 
-# Dump of table users
+# Dump of table Users
 # ------------------------------------------------------------
 
-DROP TABLE IF EXISTS `users`;
+DROP TABLE IF EXISTS `Users`;
 
-CREATE TABLE `users` (
+CREATE TABLE `Users` (
   `Id` int(10) unsigned NOT NULL AUTO_INCREMENT COMMENT '自增Id',
-  `username` varchar(64) NOT NULL DEFAULT 'default' COMMENT '用户名',
-  `password` varchar(64) NOT NULL DEFAULT 'default' COMMENT '密码',
-  `enabled` tinyint(4) DEFAULT NULL COMMENT '是否有效',
+  `Username` varchar(64) NOT NULL DEFAULT 'default' COMMENT '用户名',
+  `Password` varchar(64) NOT NULL DEFAULT 'default' COMMENT '密码',
+  `Enabled` tinyint(4) DEFAULT NULL COMMENT '是否有效',
   PRIMARY KEY (`Id`)
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COMMENT='用户表';
 
 
-# Dump of table authorities
+# Dump of table Authorities
 # ------------------------------------------------------------
 
-DROP TABLE IF EXISTS `authorities`;
+DROP TABLE IF EXISTS `Authorities`;
 
-CREATE TABLE `authorities` (
+CREATE TABLE `Authorities` (
   `Id` int(11) unsigned NOT NULL AUTO_INCREMENT COMMENT '自增Id',
-  `username` varchar(50) NOT NULL,
-  `authority` varchar(50) NOT NULL,
+  `Username` varchar(50) NOT NULL,
+  `Authority` varchar(50) NOT NULL,
   PRIMARY KEY (`Id`)
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
 
@@ -309,15 +309,15 @@ INSERT INTO `ServerConfig` (`Key`, `Value`, `Comment`)
 VALUES
     ('apollo.portal.envs', 'dev', '可支持的环境列表'),
     ('organizations', '[{\"orgId\":\"全辅导\",\"orgName\":\"全辅导\"},{\"orgId\":\"全课云\",\"orgName\":\"全课云\"}]', '部门列表'),
-    ('superAdmin', 'admin', 'Portal超级管理员'),
+    ('superAdmin', 'apollo', 'Portal超级管理员'),
     ('api.readTimeout', '10000', 'http接口read timeout'),
     ('consumer.token.salt', 'someSalt', 'consumer token salt');
 
-INSERT INTO `users` ( `username`, `password`, `enabled`)
+INSERT INTO `Users` (`Username`, `Password`, `Enabled`)
 VALUES
-	('admin', '$2a$10$7r20uS.BQ9uBpf3Baj3uQOZvMVvB1RN3PYoKE94gtz2.WAOuiiwXS', 1);
+	('apollo', '$2a$10$7r20uS.BQ9uBpf3Baj3uQOZvMVvB1RN3PYoKE94gtz2.WAOuiiwXS', 1);
 
-INSERT INTO `authorities` (`username`, `authority`) VALUES ('admin', 'ROLE_user');
+INSERT INTO `Authorities` (`Username`, `Authority`) VALUES ('apollo', 'ROLE_user');
 
 /*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */;
 /*!40101 SET SQL_MODE=@OLD_SQL_MODE */;

diff --git a/scripts/sql/apolloportaldb.sql b/scripts/sql/apolloportaldb.sql
@@ -275,29 +275,29 @@ CREATE TABLE `UserRole` (
   KEY `IX_UserId_RoleId` (`UserId`,`RoleId`)
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COMMENT='用户和role的绑定表';
 
-# Dump of table users
+# Dump of table Users
 # ------------------------------------------------------------
 
-DROP TABLE IF EXISTS `users`;
+DROP TABLE IF EXISTS `Users`;
 
-CREATE TABLE `users` (
+CREATE TABLE `Users` (
   `Id` int(10) unsigned NOT NULL AUTO_INCREMENT COMMENT '自增Id',
-  `username` varchar(64) NOT NULL DEFAULT 'default' COMMENT '用户名',
-  `password` varchar(64) NOT NULL DEFAULT 'default' COMMENT '密码',
-  `enabled` tinyint(4) DEFAULT NULL COMMENT '是否有效',
+  `Username` varchar(64) NOT NULL DEFAULT 'default' COMMENT '用户名',
+  `Password` varchar(64) NOT NULL DEFAULT 'default' COMMENT '密码',
+  `Enabled` tinyint(4) DEFAULT NULL COMMENT '是否有效',
   PRIMARY KEY (`Id`)
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COMMENT='用户表';
 
 
-# Dump of table authorities
+# Dump of table Authorities
 # ------------------------------------------------------------
 
-DROP TABLE IF EXISTS `authorities`;
+DROP TABLE IF EXISTS `Authorities`;
 
-CREATE TABLE `authorities` (
+CREATE TABLE `Authorities` (
   `Id` int(11) unsigned NOT NULL AUTO_INCREMENT COMMENT '自增Id',
-  `username` varchar(50) NOT NULL,
-  `authority` varchar(50) NOT NULL,
+  `Username` varchar(50) NOT NULL,
+  `Authority` varchar(50) NOT NULL,
   PRIMARY KEY (`Id`)
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
 
@@ -308,15 +308,15 @@ INSERT INTO `ServerConfig` (`Key`, `Value`, `Comment`)
 VALUES
     ('apollo.portal.envs', 'dev', '可支持的环境列表'),
     ('organizations', '[{\"orgId\":\"TEST1\",\"orgName\":\"样例部门1\"},{\"orgId\":\"TEST2\",\"orgName\":\"样例部门2\"}]', '部门列表'),
-    ('superAdmin', 'admin', 'Portal超级管理员'),
+    ('superAdmin', 'apollo', 'Portal超级管理员'),
     ('api.readTimeout', '10000', 'http接口read timeout'),
     ('consumer.token.salt', 'someSalt', 'consumer token salt');
 
-INSERT INTO `users` ( `username`, `password`, `enabled`)
+INSERT INTO `Users` (`Username`, `Password`, `Enabled`)
 VALUES
-	('admin', '$2a$10$7r20uS.BQ9uBpf3Baj3uQOZvMVvB1RN3PYoKE94gtz2.WAOuiiwXS', 1);
+	('apollo', '$2a$10$7r20uS.BQ9uBpf3Baj3uQOZvMVvB1RN3PYoKE94gtz2.WAOuiiwXS', 1);
 
-INSERT INTO `authorities` (`username`, `authority`) VALUES ('admin', 'ROLE_user');
+INSERT INTO `Authorities` (`Username`, `Authority`) VALUES ('apollo', 'ROLE_user');
 
 /*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */;
 /*!40101 SET SQL_MODE=@OLD_SQL_MODE */;

diff --git a/scripts/sql/delta/v060-v062/apolloportaldb-v060-v062.sql b/scripts/sql/delta/v060-v062/apolloportaldb-v060-v062.sql
@@ -1,4 +1,4 @@
-# delta schema to upgrade apollo config db from v0.6.0 to v0.6.2
+# delta schema to upgrade apollo portal db from v0.6.0 to v0.6.2
 
 Use ApolloPortalDB;
 

diff --git a/scripts/sql/delta/v080-v090/apolloportaldb-v080-v090.sql b/scripts/sql/delta/v080-v090/apolloportaldb-v080-v090.sql
@@ -0,0 +1,24 @@
+# delta schema to upgrade apollo portal db from v0.8.0 to v0.9.0
+
+Use ApolloPortalDB;
+
+CREATE TABLE `Users` (
+  `Id` int(10) unsigned NOT NULL AUTO_INCREMENT COMMENT '自增Id',
+  `Username` varchar(64) NOT NULL DEFAULT 'default' COMMENT '用户名',
+  `Password` varchar(64) NOT NULL DEFAULT 'default' COMMENT '密码',
+  `Enabled` tinyint(4) DEFAULT NULL COMMENT '是否有效',
+  PRIMARY KEY (`Id`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8 COMMENT='用户表';
+
+CREATE TABLE `Authorities` (
+  `Id` int(11) unsigned NOT NULL AUTO_INCREMENT COMMENT '自增Id',
+  `Username` varchar(50) NOT NULL,
+  `Authority` varchar(50) NOT NULL,
+  PRIMARY KEY (`Id`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
+
+INSERT INTO `Users` (`Username`, `Password`, `Enabled`)
+VALUES
+	('apollo', '$2a$10$7r20uS.BQ9uBpf3Baj3uQOZvMVvB1RN3PYoKE94gtz2.WAOuiiwXS', 1);
+
+INSERT INTO `Authorities` (`Username`, `Authority`) VALUES ('apollo', 'ROLE_user');