SSO

c8d0db66 · ManongJu · 4227b85a · c8d0db66 · c8d0db66 · c8d0db66
12 changed file
--- a/auth-center/src/main/java/com/microservice/skeleton/auth/AuthCenterApplication.java
+++ b/auth-center/src/main/java/com/microservice/skeleton/auth/AuthCenterApplication.java
@@ -3,10 +3,10 @@ package com.microservice.skeleton.auth;
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
 import org.springframework.cloud.client.discovery.EnableDiscoveryClient;
-import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
+import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
 @SpringBootApplication
-//@EnableDiscoveryClient
+@EnableDiscoveryClient
 public class AuthCenterApplication {
 	public static void main(String[] args) {

--- a/auth-center/src/main/java/com/microservice/skeleton/auth/config/ResourceServerConfig.java
+++ b/auth-center/src/main/java/com/microservice/skeleton/auth/config/ResourceServerConfig.java
+package com.microservice.skeleton.auth.config;
+import org.springframework.boot.autoconfigure.security.Http401AuthenticationEntryPoint;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
+import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
+/**
+ * <p>参看：https://github.com/spring-guides/tut-spring-security-and-angular-js/blob/master/oauth2-vanilla/README.adoc</p>
+ * Created by Mr.Yangxiufeng on 2017/12/29.
+ * Time:10:46
+ * ProjectName:Mirco-Service-Skeleton
+ */
+//@Configuration
+//@EnableResourceServer
+public class ResourceServerConfig extends ResourceServerConfigurerAdapter{
+    @Override
+    public void configure(HttpSecurity http) throws Exception {
+        http.
+                csrf().disable()
+                .exceptionHandling()
+                .authenticationEntryPoint(new Http401AuthenticationEntryPoint("Bearer realm=\"webrealm\""))
+                .and()
+                .authorizeRequests().anyRequest().authenticated()
+                .and()
+                .httpBasic();
+    }
+}
--- a/auth-center/src/main/java/com/microservice/skeleton/auth/controller/UserController.java
+++ b/auth-center/src/main/java/com/microservice/skeleton/auth/controller/UserController.java
+package com.microservice.skeleton.auth.controller;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+import java.security.Principal;
+/**
+ * <p>必须要有，做验证</p>
+ * Created by Mr.Yangxiufeng on 2017/12/29.
+ * Time:10:43
+ * ProjectName:Mirco-Service-Skeleton
+ */
+@RestController
+public class UserController {
+    @RequestMapping("/user")
+    public Principal user(Principal user) {
+        return user;
+    }
+}
--- a/gateway/pom.xml
+++ b/gateway/pom.xml
@@ -34,6 +34,15 @@
 			<groupId>org.springframework.boot</groupId>
 			<artifactId>spring-boot-starter-actuator</artifactId>
 		</dependency>
+		<dependency>
+			<groupId>org.springframework.cloud</groupId>
+			<artifactId>spring-cloud-starter-security</artifactId>
+		</dependency>
+		<dependency>
+			<groupId>org.springframework.cloud</groupId>
+			<artifactId>spring-cloud-starter-oauth2</artifactId>
+		</dependency>
 	</dependencies>
 	<build>

--- a/gateway/src/main/java/com/microservice/skeleton/gateway/config/SecurityConfig.java
+++ b/gateway/src/main/java/com/microservice/skeleton/gateway/config/SecurityConfig.java
+package com.microservice.skeleton.gateway.config;
+import org.springframework.boot.autoconfigure.security.oauth2.client.EnableOAuth2Sso;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+/**
+ * Created by Mr.Yangxiufeng on 2017/12/29.
+ * Time:10:08
+ * ProjectName:Mirco-Service-Skeleton
+ */
+@Configuration
+@EnableOAuth2Sso
+public class SecurityConfig extends WebSecurityConfigurerAdapter{
+    @Override
+    protected void configure(HttpSecurity http) throws Exception {
+        http.csrf().disable();
+    }
+}
--- a/gateway/src/main/resources/application.yml
+++ b/gateway/src/main/resources/application.yml
@@ -25,4 +25,26 @@ management:
    enabled: false
 ###actuator监控点 end####
-##ZipKin
+###如下配置参考##
+###https://stackoverflow.com/questions/30327269/spring-oauth-authorization-server-behind-spring-cloud-zuul-proxy##
+###https://github.com/spring-guides/tut-spring-security-and-angular-js/blob/master/oauth2-vanilla/README.adoc##
+###http://wiselyman.iteye.com/blog/2379419##
+#######
+zuul:
+  routes:
+    uaa:
+      path: /uaa/**
+      strip-prefix: true
+      sensitiveHeaders:
+      serviceId: auth2.0-center
+security:
+  basic:
+    enabled: false
+  oauth2:
+    client:
+      access-token-uri: http://10.10.8.2:9030/uaa/oauth/token ##网关的地址
+      user-authorization-uri: http://10.10.8.2:9030/uaa/oauth/token
+    resource:
+      user-info-uri:  http://10.10.8.2:9030/uaa/user
+      prefer-token-info: false
+##############end#####################
\ No newline at end of file
--- a/resource/pom.xml
+++ b/resource/pom.xml
@@ -27,7 +27,10 @@
 			<groupId>org.springframework.cloud</groupId>
 			<artifactId>spring-cloud-starter-security</artifactId>
 		</dependency>
+		<dependency>
+			<groupId>org.springframework.boot</groupId>
+			<artifactId>spring-boot-starter-actuator</artifactId>
+		</dependency>
 		<dependency>
 			<groupId>org.springframework.boot</groupId>
 			<artifactId>spring-boot-starter-test</artifactId>

--- a/resource/src/main/java/com/microservice/skeleton/resource/ResourceApplication.java
+++ b/resource/src/main/java/com/microservice/skeleton/resource/ResourceApplication.java
@@ -4,9 +4,11 @@ import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
 import org.springframework.boot.autoconfigure.security.oauth2.client.EnableOAuth2Sso;
 import org.springframework.cloud.client.discovery.EnableDiscoveryClient;
+import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
 @SpringBootApplication
 @EnableDiscoveryClient
+@EnableGlobalMethodSecurity(prePostEnabled = true)
 public class ResourceApplication {
 	public static void main(String[] args) {

--- a/resource/src/main/java/com/microservice/skeleton/resource/config/ResourceServerConfig.java
+++ b/resource/src/main/java/com/microservice/skeleton/resource/config/ResourceServerConfig.java
+package com.microservice.skeleton.resource.config;
+import org.springframework.boot.autoconfigure.security.Http401AuthenticationEntryPoint;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
+import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
+/**
+ * Created by Mr.Yangxiufeng on 2017/12/29.
+ * Time:9:41
+ * ProjectName:Mirco-Service-Skeleton
+ */
+@Configuration
+@EnableResourceServer
+public class ResourceServerConfig extends ResourceServerConfigurerAdapter {
+    @Override
+    public void configure(HttpSecurity http) throws Exception {
+        http.
+                csrf().disable()
+                .exceptionHandling()
+                .authenticationEntryPoint(new Http401AuthenticationEntryPoint("Bearer realm=\"webrealm\""))
+                .and()
+                .authorizeRequests().anyRequest().authenticated()
+                .and()
+                .httpBasic();
+    }
+}
--- a/resource/src/main/java/com/microservice/skeleton/resource/controller/UserController.java
+++ b/resource/src/main/java/com/microservice/skeleton/resource/controller/UserController.java
+package com.microservice.skeleton.resource.controller;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RestController;
+/**
+ * Created by Mr.Yangxiufeng on 2017/12/29.
+ * Time:9:23
+ * ProjectName:Mirco-Service-Skeleton
+ */
+@RestController
+public class UserController {
+    @GetMapping(value = "getUser")
+    public String getUser(){
+        return "hello";
+    }
+}
--- a/resource/src/main/resources/application.properties
+++ b/resource/src/main/resources/application.properties
--- a/resource/src/main/resources/application.yml
+++ b/resource/src/main/resources/application.yml
+server:
+  port: 9023
+spring:
+  application:
+    name: resource
+  zipkin:
+      base-url: http://10.10.8.2:9050
+eureka:
+  instance:
+    prefer-ip-address: true #使用IP注册
+    instance-id: ${spring.cloud.client.ipAddress}:${server.port}
+    lease-renewal-interval-in-seconds: 5 ##为了能够快速删除
+    lease-expiration-duration-in-seconds: 10 ##为了能够快速删除
+  client:
+      service-url:
+        defaultZone: http://register1:9010/eureka/,http://register2:9011/eureka/
+###actuator监控点 start####
+endpoints:
+  health:
+    sensitive: false
+    enabled: true
+##默认情况下很多端点是不允许访问的，会返回401:Unauthorized
+management:
+  security:
+    enabled: false
+###actuator监控点 end####
+security:
+  oauth2:
+    resource:
+      id: resource
+      user-info-uri: http://10.10.8.2:9030/uaa/user
+      prefer-token-info: false
\ No newline at end of file