SpringBoot实例:医院统一信息平台(oauth2客户端)

在用户服务中,oauth2认证的时候,客户端是在代码中指定的。只有一个,这里将它移到数据库中。并提供API可以通过接口维护客户端。
之前项目中客户端这段是这么写的:

    @Override
    public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
        clients.inMemory()
            .withClient("client")
            .secret(new BCryptPasswordEncoder().encode("secret"))
            .authorizedGrantTypes("client_credentials", "password", "refresh_token", "authorization_code")
            .scopes("all", "user_info")
            .autoApprove(false) // true: 不会跳转到授权页面
            .redirectUris("http://localhost:8080/login");
    }

下面开始允许多个客户端,而且客户端是可配置的。

创建数据模型

client.java

@Data
@Entity
@Table(name = "bh_user_client")
public class Client implements Serializable {
    private static final long serialVersionUID = -6421664309310055644L;
    @Id
    @GeneratedValue(strategy = GenerationType.IDENTITY)
    private Integer id;
    @Column(name = "client_name")
    private String clientName; // 客户端名称
    @Column(name = "client_id")
    private String clientId; // 客户端ID
    @Column(name = "resource_ids")
    private String resourceIds;
    @Column(name = "client_secret")
    private String clientSecret; // 客户端密码
    private String scope; // 客户端权限范围
    @Column(name = "authorized_grant_types")
    private String authorizedGrantTypes; // 客户端可请求的认证类型
    @Column(name = "web_server_redirect_uri", length = 4096)
    private String webServerRedirectUri; // 跳转地址
    private String authorities; // 权限
    @Column(name = "access_token_validity")
    private Integer accessTokenValidity; // token有效时间
    @Column(name = "refresh_token_validity")
    private Integer refreshTokenValidity; // 刷新token有效时间
    @Column(name = "additional_infomation")
    private String additionalInformation; // 补充信息
    private String autoapprove;
    @Column(name = "registered_redirect_uri")
    private String registeredRedirectUri;
    @Column(name = "create_time")
    private Long createTime; // 创建时间
    private int self = 1; // 是不是自己平台的项目
}

ClientRepository.java

public interface ClientRepository extends CustomRepository<Client, Integer>   {

    Client findByClientNameAndIdNot(String name, Integer id);

    Client findByClientIdAndIdNot(String clientId, Integer id);

}

ClientService.java

public interface ClientService {
    /**
     * 添加/修改信息
     * 
     * @param client
     * @return
     * @throws EberException 
     */
    public Client save(Client client) throws BhException;

    /**
     * 根据id删除信息
     * 
     * @param id
     * @return
     * @throws EberException 
     */
    public Client delete(Integer id);

    /**
     * 根据客户端名称加载信息
     * 
     * @param name
     * @return
     */
    public Client load(Integer id, String name, String clientId);

    /**
     * 加载所有信息
     * 
     * @return
     */
    public List<Client> list();
    
    /**
     * 当前请求的客户端
     * @return
     * @throws EberException 
     */
    public Client current();
    
    public Set<GrantedAuthority> listClientGrantedAuthorities(String clientId);
}

实现service

package com.biboheart.huip.user.service.impl;

import java.util.HashSet;
import java.util.List;
import java.util.Set;
import java.util.UUID;

import org.apache.commons.codec.digest.DigestUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.oauth2.provider.OAuth2Authentication;
import org.springframework.stereotype.Service;

import com.biboheart.brick.exception.BhException;
import com.biboheart.brick.utils.CheckUtils;
import com.biboheart.brick.utils.TimeUtils;
import com.biboheart.huip.user.domain.Client;
import com.biboheart.huip.user.repository.ClientRepository;
import com.biboheart.huip.user.service.ClientService;

@Service
public class ClientServiceImpl implements ClientService {
    @Autowired
    private ClientRepository clientRepository;

    @Override
    public Client save(Client client) throws BhException {
        if(null == client.getId()) {
            client.setId(0);
        }
        if(CheckUtils.isEmpty(client.getClientName())) {
            throw new BhException("名称不能为空");
        }
        Client source = clientRepository.findByClientNameAndIdNot(client.getClientName(), client.getId());
        if (null != source && source.getId() != client.getId()) {
            throw new BhException("名称已存在");
        }
        if(CheckUtils.isEmpty(client.getCreateTime())) {
            client.setCreateTime(TimeUtils.getCurrentTimeInMillis());
        }
        if(null != source) {
            client.setClientId(source.getClientId());
            client.setClientSecret(source.getClientSecret());
        }
        if(CheckUtils.isEmpty(client.getClientId()) || CheckUtils.isEmpty(client.getClientSecret())) {
            client.setClientId(DigestUtils.md5Hex(client.getClientName() + "_client_" + UUID.randomUUID().toString()));
            client.setClientSecret(DigestUtils.md5Hex(client.getClientName() + "_secret_" + UUID.randomUUID().toString()));
        }
        client.setScope("read,write,trust");
        client = clientRepository.save(client);
        return client;
    }

    @Override
    public Client delete(Integer id) {
        Client client = null;
        if (CheckUtils.isEmpty(id)) {
            return null;
        }
        client = clientRepository.findById(id).get();
        if (null == client) {
            return null;
        }
        clientRepository.delete(client);
        return client;
    }

    @Override
    public Client load(Integer id, String name, String clientId) {
        Client client = null;
        if(!CheckUtils.isEmpty(id)) {
            client = clientRepository.findById(id).get();
        }
        if(null == client && !CheckUtils.isEmpty(name)) {
            client = clientRepository.findByClientNameAndIdNot(name, 0);
        }
        if(null == client && !CheckUtils.isEmpty(clientId)) {
            client = clientRepository.findByClientIdAndIdNot(clientId, 0);
        }
        return client;
    }

    @Override
    public List<Client> list() {
        List<Client> clients = clientRepository.findAll();
        return clients;
    }

    @Override
    public Client current() {
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        if(null == authentication) {
            return null;
        }
        String clientId = ((OAuth2Authentication) authentication).getOAuth2Request().getClientId();
        if(CheckUtils.isEmpty(clientId)) {
            return null;
        }
        Client client = clientRepository.findByClientIdAndIdNot(clientId, 0);
        return client;
    }
    
    @Override
    public Set<GrantedAuthority> listClientGrantedAuthorities(String clientId) {
        Set<GrantedAuthority> authorities = new HashSet<GrantedAuthority>();
        if(CheckUtils.isEmpty(clientId)) {
            return authorities;
        }
        authorities.add(new SimpleGrantedAuthority("ROLE_CLIENT"));
        return authorities;
    }

}

开放API

ClientController.java

package com.biboheart.huip.user.controller;

import java.util.List;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RestController;

import com.biboheart.brick.exception.BhException;
import com.biboheart.brick.model.BhResponseResult;
import com.biboheart.huip.user.domain.Client;
import com.biboheart.huip.user.service.ClientService;

@RestController
public class ClientController {
    @Autowired
    private ClientService clientService;
    
    /**
     * 保存客户端
     * @param client
     * @return
     * @throws EberException
     */
    @RequestMapping(value = "/userapi/client/save", method = {RequestMethod.POST})
    public BhResponseResult<?> save(Client client) throws BhException {
        client = clientService.save(client);
        return new BhResponseResult<>(0, "success", client);
    }
    /**
     * 更新客户端ID
     * @param id
     * @return
     * @throws EberException
     */
    @RequestMapping(value = "/userapi/client/update", method = {RequestMethod.POST, RequestMethod.GET})
    public BhResponseResult<?> update(Integer id) throws BhException {
        Client client = clientService.load(id, null, null);
        if (null == client) {
            throw new BhException("客户端不存在");
        }
        client.setClientId(null);
        client.setClientSecret(null);
        client = clientService.save(client);
        return new BhResponseResult<>(0, "success", client);
    }
    
    /**
     * 删除客户端
     * @param id
     * @return
     */
    @RequestMapping(value = "/userapi/client/delete", method = {RequestMethod.POST, RequestMethod.GET})
    public BhResponseResult<?> delete(Integer id) {
        Client client = clientService.delete(id);
        return new BhResponseResult<>(0, "success", client);
    }
    
    /**
     * 查询客户端
     * @param id
     * @param name
     * @param clientId
     * @return
     */
    @RequestMapping(value = "/userapi/client/load", method = {RequestMethod.POST, RequestMethod.GET})
    public BhResponseResult<?> load(Integer id, String name, String clientId) {
        Client client = clientService.load(id, name, clientId);
        return new BhResponseResult<>(0, "success", client);
    }
    
    /**
     * 客户端列表
     * @return
     */
    @RequestMapping(value = "/userapi/client/list", method = {RequestMethod.POST, RequestMethod.GET})
    public BhResponseResult<?> list() {
        List<Client> clients = clientService.list();
        return new BhResponseResult<>(0, "success", clients);
    }
}

在com.biboheart.huip.user.security包中创建CustomClientDetailsService实现ClientDetailsService

package com.biboheart.huip.user.security;

import java.util.HashMap;
import java.util.HashSet;
import java.util.Set;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.oauth2.provider.ClientDetails;
import org.springframework.security.oauth2.provider.ClientDetailsService;
import org.springframework.security.oauth2.provider.ClientRegistrationException;
import org.springframework.security.oauth2.provider.NoSuchClientException;
import org.springframework.security.oauth2.provider.client.BaseClientDetails;

import com.biboheart.brick.utils.CheckUtils;
import com.biboheart.huip.user.domain.Client;
import com.biboheart.huip.user.service.ClientService;

@Component("customClientDetailsService")
public class CustomClientDetailsService implements ClientDetailsService {
    @Autowired
    private ClientService clientService;

    @Override
    public ClientDetails loadClientByClientId(String clientId) throws ClientRegistrationException {
        ClientDetails details;
        Client client = clientService.load(null, null, clientId);
        if(null == client) {
            throw new NoSuchClientException("没有找到ID为:" + clientId + "的客户端");
        }
        details = clientToClientDetails(client);
        return details;
    }
    
    private ClientDetails clientToClientDetails(Client client) {
        if(null == client) {
            return null;
        }
        Set<GrantedAuthority> authorities = clientService.listClientGrantedAuthorities(client.getClientId());
        BaseClientDetails details = new BaseClientDetails(client.getClientId(), client.getResourceIds(), client.getScope(),
                client.getAuthorizedGrantTypes(), client.getAuthorities(), client.getRegisteredRedirectUri());
        details.setClientSecret(client.getClientSecret());
        details.setAccessTokenValiditySeconds(client.getAccessTokenValidity());
        details.setRefreshTokenValiditySeconds(client.getRefreshTokenValidity());
        details.setAuthorities(authorities);
        Set<String> autoApproveScopes = new HashSet<>();
        if (!CheckUtils.isEmpty(client.getSelf())) {
            autoApproveScopes.add("true");
        }
        details.setAutoApproveScopes(autoApproveScopes);
        details.setAdditionalInformation(new HashMap<String, Object>());
        return details;
    }

}

修改AuthorizationServerConfiguration

@Configuration
@EnableAuthorizationServer
public class AuthorizationServerConfiguration extends AuthorizationServerConfigurerAdapter {
    @Autowired
    @Qualifier("authenticationManagerBean")
    private AuthenticationManager authenticationManager;
    @Autowired
    @Qualifier("customClientDetailsService")
    private ClientDetailsService clientDetailsService;
    @Autowired
    private UserDetailsService customUserDetailsService;
    @Autowired
    private TokenStore tokenStore;

    @Override
    public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
        clients.withClientDetails(clientDetailsService);
    }
    
    ...略...
}

这样就可以根据数据库中的客户端进行权限认证及授权。

最后编辑于
©著作权归作者所有,转载或内容合作请联系作者
  • 序言:七十年代末,一起剥皮案震惊了整个滨河市,随后出现的几起案子,更是在滨河造成了极大的恐慌,老刑警刘岩,带你破解...
    沈念sama阅读 220,492评论 6 513
  • 序言:滨河连续发生了三起死亡事件,死亡现场离奇诡异,居然都是意外死亡,警方通过查阅死者的电脑和手机,发现死者居然都...
    沈念sama阅读 94,048评论 3 396
  • 文/潘晓璐 我一进店门,熙熙楼的掌柜王于贵愁眉苦脸地迎上来,“玉大人,你说我怎么就摊上这事。” “怎么了?”我有些...
    开封第一讲书人阅读 166,927评论 0 358
  • 文/不坏的土叔 我叫张陵,是天一观的道长。 经常有香客问我,道长,这世上最难降的妖魔是什么? 我笑而不...
    开封第一讲书人阅读 59,293评论 1 295
  • 正文 为了忘掉前任,我火速办了婚礼,结果婚礼上,老公的妹妹穿的比我还像新娘。我一直安慰自己,他们只是感情好,可当我...
    茶点故事阅读 68,309评论 6 397
  • 文/花漫 我一把揭开白布。 她就那样静静地躺着,像睡着了一般。 火红的嫁衣衬着肌肤如雪。 梳的纹丝不乱的头发上,一...
    开封第一讲书人阅读 52,024评论 1 308
  • 那天,我揣着相机与录音,去河边找鬼。 笑死,一个胖子当着我的面吹牛,可吹牛的内容都是我干的。 我是一名探鬼主播,决...
    沈念sama阅读 40,638评论 3 420
  • 文/苍兰香墨 我猛地睁开眼,长吁一口气:“原来是场噩梦啊……” “哼!你这毒妇竟也来了?” 一声冷哼从身侧响起,我...
    开封第一讲书人阅读 39,546评论 0 276
  • 序言:老挝万荣一对情侣失踪,失踪者是张志新(化名)和其女友刘颖,没想到半个月后,有当地人在树林里发现了一具尸体,经...
    沈念sama阅读 46,073评论 1 319
  • 正文 独居荒郊野岭守林人离奇死亡,尸身上长有42处带血的脓包…… 初始之章·张勋 以下内容为张勋视角 年9月15日...
    茶点故事阅读 38,188评论 3 340
  • 正文 我和宋清朗相恋三年,在试婚纱的时候发现自己被绿了。 大学时的朋友给我发了我未婚夫和他白月光在一起吃饭的照片。...
    茶点故事阅读 40,321评论 1 352
  • 序言:一个原本活蹦乱跳的男人离奇死亡,死状恐怖,灵堂内的尸体忽然破棺而出,到底是诈尸还是另有隐情,我是刑警宁泽,带...
    沈念sama阅读 35,998评论 5 347
  • 正文 年R本政府宣布,位于F岛的核电站,受9级特大地震影响,放射性物质发生泄漏。R本人自食恶果不足惜,却给世界环境...
    茶点故事阅读 41,678评论 3 331
  • 文/蒙蒙 一、第九天 我趴在偏房一处隐蔽的房顶上张望。 院中可真热闹,春花似锦、人声如沸。这庄子的主人今日做“春日...
    开封第一讲书人阅读 32,186评论 0 23
  • 文/苍兰香墨 我抬头看了看天上的太阳。三九已至,却和暖如春,着一层夹袄步出监牢的瞬间,已是汗流浃背。 一阵脚步声响...
    开封第一讲书人阅读 33,303评论 1 272
  • 我被黑心中介骗来泰国打工, 没想到刚下飞机就差点儿被人妖公主榨干…… 1. 我叫王不留,地道东北人。 一个月前我还...
    沈念sama阅读 48,663评论 3 375
  • 正文 我出身青楼,却偏偏与公主长得像,于是被迫代替她去往敌国和亲。 传闻我的和亲对象是个残疾皇子,可洞房花烛夜当晚...
    茶点故事阅读 45,330评论 2 358

推荐阅读更多精彩内容