java source code of AuthorizationServerConfig

cloud-service-master
- log-center
  - sql
    - cloud_log.sql
  - src
    - main
      - resources
        bootstrap.yml
        .gitignore
        mybatis-mappers
        LogMapper.xml
      - java
        com
        cloud
        log
        dao
        LogDao.java
        config
        ElasticSearchConfig.java
        SwaggerConfig.java
        ResourceServerConfig.java
        AsycTaskExecutorConfig.java
        RabbitmqConfig.java
        service
        impl
        LogServiceImpl.java
        EsLogServiceImpl.java
        LogService.java
        LogCenterApplication.java
        consumer
        LogConsumer.java
        controller
        LogController.java
    - test
      - java
        com
        cloud
        log
        LogTest.java
  - pom.xml
  - README.md
  - .gitignore
- api-model
  - src
    - main
      - resources
        .gitignore
      - java
        com
        cloud
        model
        mail
        constants
        MailStatus.java
        Mail.java
        user
        WechatUserInfo.java
        AppUser.java
        SysRole.java
        constants
        UserCenterMq.java
        CredentialType.java
        UserType.java
        LoginAppUser.java
        WechatAccess.java
        WechatInfo.java
        UserCredential.java
        SysPermission.java
        log
        LogAnnotation.java
        Log.java
        constants
        LogQueue.java
        LogModule.java
        common
        Page.java
        oauth
        SystemClientInfo.java
  - pom.xml
  - .gitignore
- pom.xml
- log-starter
  - src
    - main
      - resources
        META-INF
        spring.factories
        .gitignore
      - java
        com
        cloud
        log
        autoconfigure
        LogMqClient.java
        LogAutoConfiguration.java
        LogAop.java
  - pom.xml
  - .gitignore
- LICENSE
- file-center
  - sql
    - cloud_file.sql
  - src
    - main
      - resources
        bootstrap.yml
        .gitignore
        mybatis-mappers
        FileMapper.xml
      - java
        com
        cloud
        file
        dao
        FileDao.java
        utils
        FileUtil.java
        config
        SwaggerConfig.java
        AliyunConfig.java
        ExceptionHandlerAdvice.java
        LocalFilePathConfig.java
        ResourceServerConfig.java
        FileServiceFactory.java
        service
        impl
        AbstractFileService.java
        AliyunFileServiceImpl.java
        LocalFileServiceImpl.java
        FileService.java
        model
        FileSource.java
        FileInfo.java
        FileCenterApplication.java
        controller
        FileController.java
  - pom.xml
  - README.md
  - .gitignore
- commons
  - src
    - main
      - resources
        .gitignore
      - java
        com
        cloud
        common
        utils
        PhoneUtil.java
        AppUserUtil.java
        PageUtil.java
        constants
        PermitAllUrl.java
  - pom.xml
  - .gitignore
- .gitattributes
- config-center
  - src
    - main
      - resources
        configs
        test
        manage-backend.yml
        user-center.yml
        file-center.yml
        log-center.yml
        gateway-zuul.yml
        oauth-center.yml
        notification-center.yml
        dev
        manage-backend.yml
        user-center.yml
        file-center.yml
        log-center.yml
        gateway-zuul.yml
        oauth-center.yml
        notification-center.yml
        prod
        manage-backend.yml
        user-center.yml
        file-center.yml
        log-center.yml
        gateway-zuul.yml
        oauth-center.yml
        notification-center.yml
        bootstrap.yml
      - java
        com
        cloud
        config
        ConfigCenterApplication.java
  - pom.xml
  - README.md
  - .gitignore
- register-center
  - src
    - main
      - resources
        bootstrap.yml
        .gitignore
      - java
        com
        cloud
        register
        RegisterCenterApplication.java
  - pom.xml
  - README.md
  - .gitignore
- notification-center
  - sql
    - cloud_notification.sql
  - src
    - main
      - resources
        bootstrap.yml
        .gitignore
        mybatis-mappers
        SmsMapper.xml
      - java
        com
        cloud
        notification
        NotificationCenterApplication.java
        dao
        SmsDao.java
        utils
        Util.java
        config
        SwaggerConfig.java
        ExceptionHandlerAdvice.java
        AliyunSmsConfig.java
        ResourceServerConfig.java
        AsycTaskExecutorConfig.java
        service
        impl
        VerificationCodeServiceImpl.java
        SmsServiceImpl.java
        SmsService.java
        VerificationCodeService.java
        model
        VerificationCode.java
        Sms.java
        controller
        SmsController.java
    - test
      - java
        com
        cloud
        notification
        T.java
  - pom.xml
  - README.md
  - .gitignore
- monitor-center
  - src
    - main
      - resources
        bootstrap.yml
      - java
        com
        admin
        cloud
        monitor
        MonitorApplication.java
  - pom.xml
  - README.md
  - .gitignore
- README.md
- user-center
  - sql
    - cloud_user.sql
  - src
    - main
      - resources
        bootstrap.yml
        .gitignore
        mybatis-mappers
        AppUserMapper.xml
        WechatMapper.xml
        SysPermissionMapper.xml
        RolePermissionMapper.xml
        UserRoleMapper.xml
        RoleMapper.xml
      - java
        com
        cloud
        user
        dao
        UserRoleDao.java
        AppUserDao.java
        WechatDao.java
        UserCredentialsDao.java
        SysPermissionDao.java
        RolePermissionDao.java
        SysRoleDao.java
        UserCenterApplication.java
        feign
        SmsClient.java
        config
        SwaggerConfig.java
        RestTemplateConfig.java
        ExceptionHandlerAdvice.java
        ResourceServerConfig.java
        AsycTaskExecutorConfig.java
        RabbitmqConfig.java
        WechatConfig.java
        SessionConfig.java
        service
        impl
        SysPermissionServiceImpl.java
        SysRoleServiceImpl.java
        WechatServiceImpl.java
        AppUserServiceImpl.java
        SysPermissionService.java
        SysRoleService.java
        AppUserService.java
        WechatService.java
        controller
        UserController.java
        WechatController.java
        SysPermissionController.java
        SysRoleController.java
    - test
      - java
        com
        cloud
        user
        UserTest.java
  - pom.xml
  - README.md
  - .gitignore
- manage-backend
  - sql
    - cloud_backend.sql
  - src
    - main
      - resources
        bootstrap.yml
        .gitignore
        static
        img
        logo
        avatars
        login
        pages
        mail
        detail.html
        updateMail.html
        addMail.html
        mailList.html
        user
        addUser.html
        userList.html
        setRoles.html
        bindingPhone.html
        updateUser.html
        updateHeadImg.html
        changePassword.html
        updateMyself.html
        menu
        icon.html
        updateMenu.html
        menuList.html
        addMenu.html
        client
        addClient.html
        updateClient.html
        clientList.html
        log
        logList.html
        blackIP
        addBlackIP.html
        blackIPList.html
        file
        fileList.html
        dashboard.html
        swagger
        api-doc.html
        permission
        updatePermission.html
        permissionList.html
        addPermission.html
        role
        roleList.html
        addRole.html
        setPermission.html
        updateRole.html
        setMenu.html
        sms
        smsList.html
        wechat
        binding.html
        index.html
        layui
        images
        face
        43.gif
        30.gif
        47.gif
        28.gif
        8.gif
        7.gif
        71.gif
        11.gif
        21.gif
        49.gif
        67.gif
        50.gif
        0.gif
        59.gif
        55.gif
        32.gif
        46.gif
        5.gif
        16.gif
        6.gif
        15.gif
        27.gif
        18.gif
        52.gif
        34.gif
        35.gif
        31.gif
        33.gif
        4.gif
        29.gif
        14.gif
        19.gif
        58.gif
        60.gif
        57.gif
        42.gif
        12.gif
        40.gif
        54.gif
        3.gif
        2.gif
        26.gif
        66.gif
        37.gif
        13.gif
        1.gif
        25.gif
        69.gif
        36.gif
        10.gif
        17.gif
        61.gif
        24.gif
        56.gif
        51.gif
        9.gif
        44.gif
        45.gif
        23.gif
        48.gif
        22.gif
        64.gif
        38.gif
        20.gif
        53.gif
        65.gif
        68.gif
        70.gif
        63.gif
        62.gif
        41.gif
        39.gif
        lay
        modules
        carousel.js
        jquery.js
        laytpl.js
        util.js
        laydate.js
        code.js
        rate.js
        element.js
        table.js
        upload.js
        layer.js
        laypage.js
        form.js
        mobile.js
        tree.js
        flow.js
        layedit.js
        font
        iconfont.eot
        iconfont.ttf
        iconfont.woff
        css
        layui.css
        modules
        layer
        default
        loading-0.gif
        layer.css
        loading-1.gif
        loading-2.gif
        laydate
        default
        laydate.css
        code.css
        layui.mobile.css
        layui.js
        fonts
        glyphicons-halflings-regular.woff2
        js
        common.js
        bootstrap
        bootstrap.min.js
        bootstrap-select.min.js
        libs
        jquery.form.min.js
        jquery.treetable.js
        jquery-3.3.1.min.js
        jquery.ztree.all-3.5.min.js
        jq.js
        plugin
        jquery-nestable
        jquery.nestable.min.js
        bootstraptree
        bootstrap-tree.min.js
        jquery-validate
        jquery.validate.min.js
        bootstrapvalidator
        bootstrapValidator.min.js
        datatables
        dataTables.colVis.min.js
        dataTables.bootstrap.min.js
        swf
        copy_csv_xls_pdf.swf
        copy_csv_xls.swf
        Chinese.lang
        dataTables.colReorder.min.js
        jquery.dataTables.min.js
        dataTables.tableTools.min.js
        dataTables.fixedColumns.min.js
        datatable-responsive
        datatables.responsive.min.js
        my
        permission.js
        ztree-menu.js
        main.js
        constant.js
        index.html
        login-sms.html
        css
        dataTables.bootstrap.min.css
        login.css
        ztree
        zTreeStyle
        zTreeStyle.css
        img
        line_conn.gif
        loading.gif
        zTreeStandard.gif
        diy
        demo.css
        font-awesome
        fonts
        fontawesome-webfont.woff2
        fontawesome-webfont.woff
        fontawesome-webfont.eot
        FontAwesome.otf
        fontawesome-webfont.ttf
        css
        font-awesome.css
        font-awesome.min.css
        bootstrap.min.css
        treetable
        screen.css
        jquery.treetable.theme.default.css
        jquery.treetable.css
        bootstrap-select.min.css
        global.css
        login.html
        mybatis-mappers
        RoleMenuMapper.xml
        BlackIPMapper.xml
        MailMapper.xml
        MenuMapper.xml
      - java
        com
        cloud
        backend
        dao
        MailDao.java
        BlackIPDao.java
        RoleMenuDao.java
        MenuDao.java
        config
        SwaggerConfig.java
        ExceptionHandlerAdvice.java
        ResourceServerConfig.java
        FeignInterceptorConfig.java
        AsycTaskExecutorConfig.java
        RabbitmqConfig.java
        service
        impl
        MailServiceImpl.java
        MenuServiceImpl.java
        BlackIPServiceImpl.java
        SendMailServiceImpl.java
        MailService.java
        BlackIPService.java
        MenuService.java
        SendMailService.java
        ManageBackendApplication.java
        consumer
        RoleDeleteConsumer.java
        model
        Menu.java
        BlackIP.java
        controller
        BlackIPController.java
        MailController.java
        MenuController.java
  - pom.xml
  - README.md
  - .gitignore
- oauth-center
  - sql
    - cloud_oauth.sql
  - src
    - main
      - resources
        bootstrap.yml
        .gitignore
      - java
        com
        cloud
        oauth
        feign
        SmsClient.java
        UserClient.java
        LogClient.java
        OAuthCenterApplication.java
        config
        PasswordEncoderConfig.java
        SwaggerConfig.java
        ResourceServerConfig.java
        SecurityConfig.java
        AuthorizationServerConfig.java
        SessionConfig.java
        service
        impl
        RedisClientDetailsService.java
        UserDetailServiceImpl.java
        RandomAuthenticationKeyGenerator.java
        RedisAuthorizationCodeServices.java
        controller
        OAuth2Controller.java
        ClientController.java
    - test
      - java
        com
        cloud
        oauth
        OauthTest.java
  - pom.xml
  - README.md
  - .gitignore
- .gitignore
- gateway-zuul
  - src
    - main
      - resources
        bootstrap.yml
        .gitignore
      - java
        com
        cloud
        gateway
        feign
        Oauth2Client.java
        BackendClient.java
        LogClient.java
        config
        SwaggerConfig.java
        ExceptionHandlerAdvice.java
        SecurityConfig.java
        CrossDomainConfig.java
        GatewayApplication.java
        filter
        InternalURIAccessFilter.java
        BlackIPAccessFilter.java
        controller
        TokenController.java
        ServiceInstanceController.java
  - pom.xml
  - README.md
  - .gitignore

package com.cloud.oauth.config;

import com.cloud.model.user.LoginAppUser;
import com.cloud.oauth.service.impl.RandomAuthenticationKeyGenerator;
import com.cloud.oauth.service.impl.RedisAuthorizationCodeServices;
import com.cloud.oauth.service.impl.RedisClientDetailsService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.data.redis.connection.RedisConnectionFactory;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.oauth2.common.DefaultOAuth2AccessToken;
import org.springframework.security.oauth2.common.OAuth2AccessToken;
import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;
import org.springframework.security.oauth2.provider.OAuth2Authentication;
import org.springframework.security.oauth2.provider.token.DefaultAccessTokenConverter;
import org.springframework.security.oauth2.provider.token.DefaultUserAuthenticationConverter;
import org.springframework.security.oauth2.provider.token.TokenStore;
import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter;
import org.springframework.security.oauth2.provider.token.store.JwtTokenStore;
import org.springframework.security.oauth2.provider.token.store.redis.RedisTokenStore;

import java.util.HashMap;
import java.util.Map;

/**
 * 授权服务器配置
 *
 * @author allen [email protected]
 */
@Configuration
@EnableAuthorizationServer
public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {

    /**
     * 认证管理器
     *
     * @see SecurityConfig 的authenticationManagerBean()
     */
    @Autowired
    private AuthenticationManager authenticationManager;
    @Autowired
    private RedisConnectionFactory redisConnectionFactory;
    /**
     * 使用jwt或者redis<br>
     * 默认redis
     */
    @Value("${access_token.store-jwt:false}")
    private boolean storeWithJwt;
    /**
     * 登陆后返回的json数据是否追加当前用户信息<br>
     * 默认false
     */
    @Value("${access_token.add-userinfo:false}")
    private boolean addUserInfo;
    @Autowired
    private RedisAuthorizationCodeServices redisAuthorizationCodeServices;
    @Autowired
    private RedisClientDetailsService redisClientDetailsService;

    /**
     * 令牌存储
     */
    @Bean
    public TokenStore tokenStore() {
        if (storeWithJwt) {
            return new JwtTokenStore(accessTokenConverter());
        }
        RedisTokenStore redisTokenStore = new RedisTokenStore(redisConnectionFactory);
        // 解决同一username每次登陆access_token都相同的问题
        redisTokenStore.setAuthenticationKeyGenerator(new RandomAuthenticationKeyGenerator());

        return redisTokenStore;
    }

    @Override
    public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
        endpoints.authenticationManager(this.authenticationManager);
        endpoints.tokenStore(tokenStore());
        // 授权码模式下，code存储
//		endpoints.authorizationCodeServices(new JdbcAuthorizationCodeServices(dataSource));
        endpoints.authorizationCodeServices(redisAuthorizationCodeServices);
        if (storeWithJwt) {
            endpoints.accessTokenConverter(accessTokenConverter());
        } else {
            // 2019.07.13 将当前用户信息追加到登陆后返回数据里
            endpoints.tokenEnhancer((accessToken, authentication) -> {
                addLoginUserInfo(accessToken, authentication);
                return accessToken;
            });
        }
    }

    /**
     * 将当前用户信息追加到登陆后返回的json数据里<br>
     * 通过参数access_token.add-userinfo控制<br>
     * 2019.07.13
     *
     * @param accessToken
     * @param authentication
     */
    private void addLoginUserInfo(OAuth2AccessToken accessToken, OAuth2Authentication authentication) {
        if (!addUserInfo) {
            return;
        }

        if (accessToken instanceof DefaultOAuth2AccessToken) {
            DefaultOAuth2AccessToken defaultOAuth2AccessToken = (DefaultOAuth2AccessToken) accessToken;

            Authentication userAuthentication = authentication.getUserAuthentication();
            Object principal = userAuthentication.getPrincipal();
            if (principal instanceof LoginAppUser) {
                LoginAppUser loginUser = (LoginAppUser) principal;

                Map<String, Object> map = new HashMap<>(defaultOAuth2AccessToken.getAdditionalInformation()); // 旧的附加参数
                map.put("loginUser", loginUser); // 追加当前登陆用户

                defaultOAuth2AccessToken.setAdditionalInformation(map);
            }
        }
    }

    @Override
    public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
        security.allowFormAuthenticationForClients(); // 允许表单形式的认证
    }

//    @Autowired
//    private BCryptPasswordEncoder bCryptPasswordEncoder;

    /**
     * 我们将client信息存储到oauth_client_details表里<br>
     * 并将数据缓存到redis
     *
     * @param clients
     * @throws Exception
     */
    @Override
    public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
//		clients.inMemory().withClient("system").secret(bCryptPasswordEncoder.encode("system"))
//				.authorizedGrantTypes("password", "authorization_code", "refresh_token").scopes("app")
//				.accessTokenValiditySeconds(3600);

//		clients.jdbc(dataSource);
        // 2019.06.06，这里优化一下，详细看下redisClientDetailsService这个实现类
        clients.withClientDetails(redisClientDetailsService);
        redisClientDetailsService.loadAllClientToCache();
    }

    @Autowired
    public UserDetailsService userDetailsService;
    /**
     * jwt签名key，可随意指定<br>
     * 如配置文件里不设置的话，冒号后面的是默认值
     */
    @Value("${access_token.jwt-signing-key:lucy_lun}")
    private String signingKey;

    /**
     * Jwt资源令牌转换器<br>
     * 参数access_token.store-jwt为true时用到
     *
     * @return accessTokenConverter
     */
    @Bean
    public JwtAccessTokenConverter accessTokenConverter() {
        JwtAccessTokenConverter jwtAccessTokenConverter = new JwtAccessTokenConverter() {
            @Override
            public OAuth2AccessToken enhance(OAuth2AccessToken accessToken, OAuth2Authentication authentication) {
                OAuth2AccessToken oAuth2AccessToken = super.enhance(accessToken, authentication);
                addLoginUserInfo(oAuth2AccessToken, authentication); // 2019.07.13 将当前用户信息追加到登陆后返回数据里
                return oAuth2AccessToken;
            }
        };
        DefaultAccessTokenConverter defaultAccessTokenConverter = (DefaultAccessTokenConverter) jwtAccessTokenConverter
                .getAccessTokenConverter();
        DefaultUserAuthenticationConverter userAuthenticationConverter = new DefaultUserAuthenticationConverter();
        userAuthenticationConverter.setUserDetailsService(userDetailsService);

        defaultAccessTokenConverter.setUserTokenConverter(userAuthenticationConverter);
        // 2019.06.29 这里务必设置一个，否则多台认证中心的话，一旦使用jwt方式，access_token将解析错误
        jwtAccessTokenConverter.setSigningKey(signingKey);

        return jwtAccessTokenConverter;
    }

}