Zuul 网关统一token校验

auth-center/src/main/java/com/microservice/skeleton/auth/config/AuthorizationServerConfig.java

@@ -4,6 +4,7 @@ import com.microservice.skeleton.auth.service.impl.UserDetailsServiceImpl;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Primary;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
 import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
@@ -13,7 +14,6 @@ import org.springframework.security.oauth2.config.annotation.web.configurers.Aut
 import org.springframework.security.oauth2.provider.ClientDetailsService;
 import org.springframework.security.oauth2.provider.client.JdbcClientDetailsService;
 import org.springframework.security.oauth2.provider.token.DefaultTokenServices;
-import org.springframework.security.oauth2.provider.token.store.InMemoryTokenStore;
 import org.springframework.security.oauth2.provider.token.store.JdbcTokenStore;
 
 import javax.sql.DataSource;
@@ -54,13 +54,22 @@ public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdap
         endpoints.tokenStore(jdbcTokenStore())
                 .userDetailsService(userDetailsService)
                 .authenticationManager(authenticationManager);
+        endpoints.tokenServices(defaultTokenServices());
+    }
+
+    /**
+     * <p>注意，自定义TokenServices的时候，需要设置@Primary，否则报错，</p>
+     * @return
+     */
+    @Primary
+    @Bean
+    public DefaultTokenServices defaultTokenServices(){
         DefaultTokenServices tokenServices = new DefaultTokenServices();
-        tokenServices.setTokenStore(endpoints.getTokenStore());
+        tokenServices.setTokenStore(jdbcTokenStore());
         tokenServices.setSupportRefreshToken(true);
-        tokenServices.setClientDetailsService(endpoints.getClientDetailsService());
-        tokenServices.setTokenEnhancer(endpoints.getTokenEnhancer());
+        tokenServices.setClientDetailsService(clientDetails());
 //        tokenServices.setAccessTokenValiditySeconds( (int) TimeUnit.DAYS.toSeconds(30)); // token有效期自定义设置，默认12小时
-        endpoints.tokenServices(tokenServices);
+        return tokenServices;
     }
 
     @Override

auth-center/src/main/java/com/microservice/skeleton/auth/config/ResourceServerConfig.java

@@ -12,8 +12,8 @@ import org.springframework.security.oauth2.config.annotation.web.configuration.R
  * Time:10:46
  * ProjectName:Mirco-Service-Skeleton
  */
-//@Configuration
-//@EnableResourceServer
+@Configuration
+@EnableResourceServer
 public class ResourceServerConfig extends ResourceServerConfigurerAdapter{
     @Override
     public void configure(HttpSecurity http) throws Exception {

auth-center/src/main/java/com/microservice/skeleton/auth/config/WebSecurityConfig.java

@@ -53,4 +53,5 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
     public void configure(WebSecurity web) throws Exception {
         web.ignoring().antMatchers("/favor.ioc");
     }
+
 }

auth-center/src/main/java/com/microservice/skeleton/auth/repository/PermissionRepository.java

+package com.microservice.skeleton.auth.repository;
+
+import com.microservice.skeleton.auth.entity.RcMenuEntity;
+import org.springframework.data.jpa.repository.JpaRepository;
+import org.springframework.data.jpa.repository.Query;
+import org.springframework.stereotype.Repository;
+
+import java.util.List;
+
+/**
+ * Created by Mr.Yangxiufeng on 2017/12/29.
+ * Time:12:39
+ * ProjectName:Mirco-Service-Skeleton
+ */
+@Repository
+public interface PermissionRepository extends JpaRepository<RcMenuEntity,Integer> {
+    @Query(value = "select menu.* from rc_menu menu,rc_privilege p where menu.id=p.menu_id and p.role_id=?1",nativeQuery = true)
+    List<RcMenuEntity> getPermissionsByRoleId(Integer roleId);
+}

auth-center/src/main/java/com/microservice/skeleton/auth/repository/RoleRepository.java

@@ -2,8 +2,11 @@ package com.microservice.skeleton.auth.repository;
 
 import com.microservice.skeleton.auth.entity.RcRoleEntity;
 import org.springframework.data.jpa.repository.JpaRepository;
+import org.springframework.data.jpa.repository.Query;
 import org.springframework.stereotype.Repository;
 
+import java.util.List;
+
 /**
  * Created by Mr.Yangxiufeng on 2017/12/27.
  * Time:16:09
@@ -11,4 +14,7 @@ import org.springframework.stereotype.Repository;
  */
 @Repository
 public interface RoleRepository extends JpaRepository<RcRoleEntity,Integer>{
+
+    @Query(value = "select role.* from rc_role role,rc_user_role ur where role.id=ur.role_id and ur.user_id=?1",nativeQuery = true)
+    List<RcRoleEntity> getRoleValuesByUserId(Integer userId);
 }

auth-center/src/main/java/com/microservice/skeleton/auth/service/PermissionService.java

+package com.microservice.skeleton.auth.service;
+
+import com.microservice.skeleton.auth.entity.RcMenuEntity;
+
+import java.util.List;
+
+/**
+ * Created by Mr.Yangxiufeng on 2017/12/29.
+ * Time:12:37
+ * ProjectName:Mirco-Service-Skeleton
+ */
+public interface PermissionService {
+    List<RcMenuEntity> getPermissionsByRoleId(Integer roleId);
+}

auth-center/src/main/java/com/microservice/skeleton/auth/service/RoleService.java

+package com.microservice.skeleton.auth.service;
+
+import com.microservice.skeleton.auth.entity.RcRoleEntity;
+
+import java.util.List;
+
+/**
+ * Created by Mr.Yangxiufeng on 2017/12/29.
+ * Time:12:30
+ * ProjectName:Mirco-Service-Skeleton
+ */
+public interface RoleService {
+    List<RcRoleEntity> getRoleValuesByUserId(Integer userId);
+}

auth-center/src/main/java/com/microservice/skeleton/auth/service/impl/PermissionServiceImpl.java

+package com.microservice.skeleton.auth.service.impl;
+
+import com.microservice.skeleton.auth.entity.RcMenuEntity;
+import com.microservice.skeleton.auth.repository.PermissionRepository;
+import com.microservice.skeleton.auth.service.PermissionService;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Service;
+
+import java.util.List;
+
+/**
+ * Created by Mr.Yangxiufeng on 2017/12/29.
+ * Time:12:38
+ * ProjectName:Mirco-Service-Skeleton
+ */
+@Service
+public class PermissionServiceImpl implements PermissionService {
+    @Autowired
+    private PermissionRepository permissionRepository;
+    @Override
+    public List<RcMenuEntity> getPermissionsByRoleId(Integer roleId) {
+        return permissionRepository.getPermissionsByRoleId(roleId);
+    }
+}

auth-center/src/main/java/com/microservice/skeleton/auth/service/impl/RoleServiceImpl.java

+package com.microservice.skeleton.auth.service.impl;
+
+import com.microservice.skeleton.auth.entity.RcRoleEntity;
+import com.microservice.skeleton.auth.repository.RoleRepository;
+import com.microservice.skeleton.auth.service.RoleService;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Service;
+
+import java.util.List;
+
+/**
+ * Created by Mr.Yangxiufeng on 2017/12/29.
+ * Time:12:31
+ * ProjectName:Mirco-Service-Skeleton
+ */
+@Service
+public class RoleServiceImpl implements RoleService {
+    @Autowired
+    private RoleRepository roleRepository;
+    @Override
+    public List<RcRoleEntity> getRoleValuesByUserId(Integer userId) {
+        return roleRepository.getRoleValuesByUserId(userId);
+    }
+}

auth-center/src/main/java/com/microservice/skeleton/auth/service/impl/UserDetailsServiceImpl.java

 package com.microservice.skeleton.auth.service.impl;
 
+import com.microservice.skeleton.auth.entity.RcMenuEntity;
+import com.microservice.skeleton.auth.entity.RcRoleEntity;
 import com.microservice.skeleton.auth.entity.RcUserEntity;
+import com.microservice.skeleton.auth.service.PermissionService;
+import com.microservice.skeleton.auth.service.RoleService;
 import com.microservice.skeleton.auth.service.UserService;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.security.core.userdetails.User;
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.core.userdetails.UsernameNotFoundException;
 import org.springframework.stereotype.Service;
 
+import java.util.ArrayList;
 import java.util.HashSet;
+import java.util.List;
 import java.util.Set;
 
 /**
@@ -22,6 +29,10 @@ import java.util.Set;
 public class UserDetailsServiceImpl implements UserDetailsService {
     @Autowired
     private UserService userService;
+    @Autowired
+    private RoleService roleService;
+    @Autowired
+    private PermissionService permissionService;
 
     @Override
     public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
@@ -34,6 +45,19 @@ public class UserDetailsServiceImpl implements UserDetailsService {
         boolean accountNonExpired = true; // 过期性 :true:没过期 false:过期
         boolean credentialsNonExpired = true; // 有效性 :true:凭证有效 false:凭证无效
         boolean accountNonLocked = true; // 锁定性 :true:未锁定 false:已锁定
+        List<RcRoleEntity> roleValues = roleService.getRoleValuesByUserId(userEntity.getId());
+        for (RcRoleEntity role:roleValues){
+            //角色必须是ROLE_开头，可以在数据库中设置
+            GrantedAuthority grantedAuthority = new SimpleGrantedAuthority("ROLE_"+role.getValue());
+            grantedAuthorities.add(grantedAuthority);
+            //获取权限
+            List<RcMenuEntity> permissionList = permissionService.getPermissionsByRoleId(role.getId());
+            for (RcMenuEntity menu:permissionList
+                 ) {
+                GrantedAuthority authority = new SimpleGrantedAuthority(menu.getCode());
+                grantedAuthorities.add(authority);
+            }
+        }
         User user = new User(userEntity.getUsername(), userEntity.getPassword(),
                 enabled, accountNonExpired, credentialsNonExpired, accountNonLocked, grantedAuthorities);
         return user;