加入oauth2

Author: saleson

pom.xml

@@ -42,6 +42,17 @@
         <module>spring-cloud-starter-gray-eureka-server</module>
     </modules>
 
+    <distributionManagement>
+        <repository>
+            <id>releases</id>
+            <url>http://maven.zmops.cc:8081/nexus/content/repositories/releases</url>
+        </repository>
+        <snapshotRepository>
+            <id>snapshots</id>
+            <url>http://maven.zmops.cc:8081/nexus/content/repositories/snapshots</url>
+        </snapshotRepository>
+    </distributionManagement>
+
 
     <licenses>
         <license>

spring-cloud-gray-client/src/main/java/cn/springcloud/gray/client/config/GrayDecisionFactoryConfiguration.java

@@ -53,6 +53,11 @@ public TrackAttributeGrayDecisionFactory trackAttributeGrayDecisionFactory() {
             return new TrackAttributeGrayDecisionFactory();
         }
 
+        @Bean
+        public TrackAttributesGrayDecisionFactory trackAttributesGrayDecisionFactory() {
+            return new TrackAttributesGrayDecisionFactory();
+        }
+
         @Bean
         public FlowRateGrayDecisionFactory flowRateGrayDecisionFactory(){
             return new FlowRateGrayDecisionFactory();

spring-cloud-gray-client/src/main/java/cn/springcloud/gray/decision/factory/TrackAttributesGrayDecisionFactory.java

@@ -0,0 +1,50 @@
+package cn.springcloud.gray.decision.factory;
+
+import cn.springcloud.gray.decision.GrayDecision;
+import cn.springcloud.gray.decision.compare.Comparators;
+import cn.springcloud.gray.decision.compare.PredicateComparator;
+import cn.springcloud.gray.request.GrayHttpTrackInfo;
+import lombok.Getter;
+import lombok.Setter;
+
+import java.util.Arrays;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.List;
+
+
+public class TrackAttributesGrayDecisionFactory extends CompareGrayDecisionFactory<TrackAttributesGrayDecisionFactory.Config> {
+
+    public TrackAttributesGrayDecisionFactory() {
+        super(Config.class);
+    }
+
+
+    @Override
+    public GrayDecision apply(Config configBean) {
+        return args -> {
+            GrayHttpTrackInfo grayTrackInfo = (GrayHttpTrackInfo) args.getGrayRequest().getGrayTrackInfo();
+            if (grayTrackInfo == null) {
+                return false;
+            }
+            PredicateComparator<Collection<String>> predicateComparator = Comparators.getCollectionStringComparator(configBean.getCompareMode());
+            if (predicateComparator == null) {
+                return false;
+            }
+            return predicateComparator.test(Arrays.asList(grayTrackInfo.getAttribute(configBean.getName())), configBean.getValues());
+        };
+    }
+
+    @Setter
+    @Getter
+    public static class Config extends CompareGrayDecisionFactory.CompareConfig {
+        private String name;
+        private List<String> values;
+
+        public void setValues(List<String> values) {
+            this.values = values;
+            Collections.sort(values);
+        }
+    }
+
+}

spring-cloud-gray-client/src/main/java/cn/springcloud/gray/web/tracker/HttpIPGrayInfoTracker.java

@@ -12,7 +12,9 @@ public class HttpIPGrayInfoTracker implements HttpGrayInfoTracker {
 
 
     public void call(GrayHttpTrackInfo trackInfo, HttpServletRequest request) {
-        trackInfo.setTraceIp(WebUtils.getIpAddr(request));
+        String ip = WebUtils.getIpAddr(request);
+        trackInfo.setTraceIp(ip);
+        trackInfo.setAttribute("track_ip", ip);
         log.debug("记录下ip:{}", trackInfo.getTraceIp());
     }
 

spring-cloud-gray-samples/spring-cloud-gray-server-sample/src/main/java/cn/springcloud/gray/server/app/web/domain/fo/LoginFO.java

@@ -1,5 +1,10 @@
 package cn.springcloud.gray.server.app.web.domain.fo;
 
+import lombok.Data;
+import lombok.NoArgsConstructor;
+
+@Data
+@NoArgsConstructor
 public class LoginFO {
     private String username;
     private String password;

spring-cloud-gray-samples/spring-cloud-gray-server-sample/src/main/java/cn/springcloud/gray/server/app/web/rest/UserResource.java

@@ -2,26 +2,50 @@
 
 import cn.springcloud.gray.server.app.web.domain.fo.LoginFO;
 import cn.springcloud.gray.server.app.web.domain.vo.LoginVO;
+import cn.springcloud.gray.server.oauth2.Oauth2Service;
+import cn.springcloud.gray.server.oauth2.TokenRequestInfo;
 import cn.springcloud.gray.server.resources.domain.ApiRes;
 import com.google.common.collect.ImmutableBiMap;
+import org.apache.commons.lang3.StringUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
+import org.springframework.security.core.userdetails.User;
+import org.springframework.security.oauth2.common.OAuth2AccessToken;
 import org.springframework.web.bind.annotation.*;
 
+import java.util.ArrayList;
+import java.util.List;
 import java.util.Map;
 
-@RequestMapping("/user")
+@RequestMapping("/gray/user")
 @RestController
 public class UserResource {
 
     private static final Logger log = LoggerFactory.getLogger(UserResource.class);
 
+    @Autowired
+    private Oauth2Service oauth2Service;
 
     @PostMapping(value = "/login")
     public ApiRes<Map<String, String>> login(@RequestBody LoginFO fo) {
+        if(!StringUtils.equals("stu-admin", fo.getUsername())
+                || !StringUtils.equals("stu~!@345", fo.getPassword())){
+            return ApiRes.<Map<String, String>>builder()
+                    .code("1")
+                    .message("用户名或密码不正确")
+                    .build();
+        }
+
+        List<GrantedAuthority> authorities = new ArrayList<>();
+        User user =  new User(fo.getUsername(), fo.getPassword(), authorities);
+        OAuth2AccessToken oAuth2AccessToken = oauth2Service.getAccessToken(
+                TokenRequestInfo.builder().userDetails(user).build());
         return ApiRes.<Map<String, String>>builder()
                 .code("0")
-                .data(ImmutableBiMap.of("token", "admin-token"))
+                .data(ImmutableBiMap.of("token", oAuth2AccessToken.getValue()))
                 .build();
     }
 

spring-cloud-gray-server/pom.xml

@@ -119,6 +119,15 @@
 <!--            <optional>true</optional>-->
         </dependency>
 
+        <dependency>
+            <groupId>org.springframework.security.oauth</groupId>
+            <artifactId>spring-security-oauth2</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.security</groupId>
+            <artifactId>spring-security-jwt</artifactId>
+        </dependency>
+
     </dependencies>
 
 </project>

spring-cloud-gray-server/src/main/java/cn/springcloud/gray/server/configuration/OAuth2Config.java

@@ -0,0 +1,196 @@
+package cn.springcloud.gray.server.configuration;
+
+import cn.springcloud.gray.server.oauth2.DefaultTokenGranter;
+import cn.springcloud.gray.server.oauth2.Oauth2Service;
+import cn.springcloud.gray.server.resources.domain.ApiRes;
+import cn.springcloud.gray.server.utils.WebHelper;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.core.io.ClassPathResource;
+import org.springframework.http.HttpMethod;
+import org.springframework.security.access.AccessDeniedException;
+import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
+import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
+import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
+import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
+import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
+import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
+import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;
+import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;
+import org.springframework.security.oauth2.provider.ClientDetailsService;
+import org.springframework.security.oauth2.provider.OAuth2RequestFactory;
+import org.springframework.security.oauth2.provider.refresh.RefreshTokenGranter;
+import org.springframework.security.oauth2.provider.request.DefaultOAuth2RequestFactory;
+import org.springframework.security.oauth2.provider.token.AuthorizationServerTokenServices;
+import org.springframework.security.oauth2.provider.token.TokenStore;
+import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter;
+import org.springframework.security.oauth2.provider.token.store.JwtTokenStore;
+import org.springframework.security.oauth2.provider.token.store.KeyStoreKeyFactory;
+import org.springframework.security.web.AuthenticationEntryPoint;
+import org.springframework.security.web.access.AccessDeniedHandler;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+import java.security.KeyPair;
+
+@ConditionalOnProperty(value = "gray.server.security.oauth2.enabled", matchIfMissing = true)
+@Configuration
+public class OAuth2Config {
+
+    private static final Logger log = LoggerFactory.getLogger(OAuth2Config.class);
+
+    @Bean
+    public JwtTokenStore tokenStore() {
+        return new JwtTokenStore(jwtAccessTokenConverter());
+    }
+
+    /**
+     * This bean generates an token enhancer, which manages the exchange between JWT acces tokens and Authentication
+     * in both direction.
+     *
+     * @return an access token converter configured with the authorization server's public/private keys
+     */
+    @Bean
+    public JwtAccessTokenConverter jwtAccessTokenConverter() {
+        JwtAccessTokenConverter converter = new JwtAccessTokenConverter();
+        KeyPair keyPair = new KeyStoreKeyFactory(
+                new ClassPathResource("keystore.jks"), "password".toCharArray())
+                .getKeyPair("selfsigned");
+        converter.setKeyPair(keyPair);
+        return converter;
+    }
+
+    @Bean
+    public OAuth2RequestFactory requestFactory(ClientDetailsService clientDetailsService) {
+        return new DefaultOAuth2RequestFactory(clientDetailsService);
+    }
+
+    @Bean
+    public RefreshTokenGranter refreshTokenGranter(AuthorizationServerTokenServices tokenServices,
+                                                   ClientDetailsService clientDetailsService,
+                                                   OAuth2RequestFactory requestFactory) {
+        return new RefreshTokenGranter(tokenServices, clientDetailsService, requestFactory);
+    }
+
+    @Bean
+    public DefaultTokenGranter defaultTokenGranter(AuthorizationServerTokenServices tokenServices,
+                                                   ClientDetailsService clientDetailsService,
+                                                   OAuth2RequestFactory requestFactory) {
+        return new DefaultTokenGranter(tokenServices, clientDetailsService, requestFactory);
+    }
+
+
+    @Bean
+    public Oauth2Service oauth2Service(
+            ClientDetailsService clientDetailsService,
+            OAuth2RequestFactory requestFactory,
+            DefaultTokenGranter defaultTokenGranter){
+        return new Oauth2Service(clientDetailsService, requestFactory, defaultTokenGranter);
+    }
+
+
+    @Configuration
+    @EnableResourceServer
+    public static class ResourceServerConfiguration extends ResourceServerConfigurerAdapter {
+
+        @Autowired
+        private TokenStore tokenStore;
+
+        @Override
+        public void configure(HttpSecurity http) throws Exception {
+            http.formLogin().and()
+                    .authorizeRequests()
+                    .antMatchers("/gray/user/login").permitAll()
+                    .antMatchers("/gray/user/login").permitAll()
+                    .antMatchers("/gray/instances/enable").permitAll()
+                    .antMatchers("/gray/instances").permitAll()
+                    .antMatchers("/gray/trackDefinitions").permitAll()
+
+                    .antMatchers(HttpMethod.OPTIONS, "/gray/**").permitAll()
+                    .antMatchers("/gray/service/**").authenticated()
+                    .antMatchers("/gray/track/**").authenticated()
+                    .anyRequest().permitAll()
+                    .and()
+                    .csrf().disable();
+        }
+
+        @Override
+        public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
+            resources.authenticationEntryPoint(new AuthenticationEntryPoint() {
+                @Override
+                public void commence(HttpServletRequest request, HttpServletResponse response,
+                                     AuthenticationException authException)
+                        throws IOException {
+                    log.debug("path:{} -> {}", request.getServletPath(), authException.getMessage());
+
+                    response.setContentType("application/json");
+                    response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
+
+                    ApiRes<Void> res = ApiRes.<Void>builder()
+                            .code(String.valueOf(HttpServletResponse.SC_UNAUTHORIZED)).message("无权访问").build();
+                    WebHelper.response(response, res);
+                }
+            }).accessDeniedHandler(new AccessDeniedHandler() {
+                @Override
+                public void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException accessDeniedException) throws IOException {
+                    log.debug("path:{} -> {}", request.getServletPath(), accessDeniedException.getMessage());
+
+                    response.setContentType("application/json");
+                    response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
+                    ApiRes<Void> res = ApiRes.<Void>builder()
+                            .code(String.valueOf(HttpServletResponse.SC_BAD_REQUEST)).message("无权访问").build();
+                    WebHelper.response(response, res);
+                }
+            });
+        }
+    }
+
+
+    @Configuration
+    @EnableAuthorizationServer
+    public static class OAuth2Config2 extends AuthorizationServerConfigurerAdapter {
+        @Autowired
+        private AuthenticationManager authenticationManager;
+        @Autowired
+        private JwtTokenStore tokenStore;
+        @Autowired
+        private JwtAccessTokenConverter jwtAccessTokenConverter;
+
+
+        @Override
+        public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
+            clients.inMemory()
+                    .withClient("gray-server")
+                    .secret("V@JA-#i+6BkDhhq9")
+                    .authorizedGrantTypes("client_credentials", "refresh_token", "default")
+                    .accessTokenValiditySeconds(3600 * 24 * 30)
+                    .refreshTokenValiditySeconds(3600 * 24 * 30 * 2)
+            ;
+        }
+
+
+        @Override
+        public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
+            security.tokenKeyAccess("permitAll()").checkTokenAccess(
+                    "isAuthenticated()");
+        }
+
+        @Override
+        public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
+//        super.configure(endpoints);
+            endpoints.tokenStore(tokenStore).tokenEnhancer(jwtAccessTokenConverter).authenticationManager(authenticationManager);
+            endpoints.exceptionTranslator(null);
+
+//            endpoints.getFrameworkEndpointHandlerMapping().setMappings("/oauth/confirm_access", "/oauth/confirm_access2"); //oatuh2 授权码确认页面
+
+        }
+    }
+}