🎉 oauth2代码优化

blade-auth/pom.xml

@@ -61,11 +61,6 @@
             <artifactId>blade-starter-swagger</artifactId>
             <version>${bladex.tool.version}</version>
         </dependency>
-        <dependency>
-            <groupId>org.springblade</groupId>
-            <artifactId>blade-starter-redis</artifactId>
-            <version>${bladex.tool.version}</version>
-        </dependency>
         <dependency>
             <groupId>org.springframework.cloud</groupId>
             <artifactId>spring-cloud-starter-security</artifactId>

blade-auth/src/main/java/org/springblade/auth/config/BladeAuthorizationServerConfiguration.java

@@ -19,13 +19,11 @@ package org.springblade.auth.config;
 import lombok.AllArgsConstructor;
 import lombok.SneakyThrows;
 import org.springblade.auth.constant.AuthConstant;
-import org.springblade.auth.props.AuthProperties;
 import org.springblade.auth.service.BladeClientDetailsServiceImpl;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.core.annotation.Order;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.core.userdetails.UserDetailsService;
-import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
 import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
 import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
@@ -53,8 +51,6 @@ public class BladeAuthorizationServerConfiguration extends AuthorizationServerCo
 
 	private final DataSource dataSource;
 
-	private AuthProperties authProperties;
-
 	private AuthenticationManager authenticationManager;
 
 	private UserDetailsService userDetailsService;
@@ -65,8 +61,6 @@ public class BladeAuthorizationServerConfiguration extends AuthorizationServerCo
 
 	private TokenEnhancer jwtTokenEnhancer;
 
-	private PasswordEncoder passwordEncoder;
-
 	@Override
 	public void configure(AuthorizationServerEndpointsConfigurer endpoints) {
 		endpoints.tokenStore(tokenStore)
@@ -85,25 +79,6 @@ public class BladeAuthorizationServerConfiguration extends AuthorizationServerCo
 		}
 	}
 
-
-	/*@Override
-	@SneakyThrows
-	public void configure(ClientDetailsServiceConfigurer clients) {
-		InMemoryClientDetailsServiceBuilder build = clients.inMemory();
-		if (ArrayUtils.isNotEmpty(authProperties.getClients())) {
-			for (AuthClientProperties config : authProperties.getClients()) {
-				build.withClient(config.getClientId())
-					.secret("{noop}" + config.getClientSecret())
-					.accessTokenValiditySeconds(TokenUtil.getTokenValiditySecond())
-					.refreshTokenValiditySeconds(TokenUtil.getRefreshTokenValiditySeconds())
-					//OAuth2支持的验证模式
-					.authorizedGrantTypes("refresh_token", "password", "authorization_code")
-					.redirectUris("http://example.com")
-					.scopes("all");
-			}
-		}
-	}*/
-
 	/**
 	 * 配置客户端信息
 	 */

blade-auth/src/main/java/org/springblade/auth/config/JwtTokenStoreConfiguration.java

@@ -16,9 +16,8 @@
  */
 package org.springblade.auth.config;
 
-import lombok.AllArgsConstructor;
-import org.springblade.auth.props.AuthProperties;
 import org.springblade.auth.support.BladeJwtTokenEnhancer;
+import org.springblade.core.launch.constant.TokenConstant;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
 import org.springframework.context.annotation.Bean;
@@ -34,12 +33,9 @@ import org.springframework.security.oauth2.provider.token.store.JwtTokenStore;
  * @author Chill
  */
 @Configuration
-@AllArgsConstructor
 @ConditionalOnProperty(prefix = "blade.security.oauth2", name = "storeType", havingValue = "jwt", matchIfMissing = true)
 public class JwtTokenStoreConfiguration {
 
-	private AuthProperties authProperties;
-
 	/**
 	 * 使用jwtTokenStore存储token
 	 */
@@ -54,7 +50,7 @@ public class JwtTokenStoreConfiguration {
 	@Bean
 	public JwtAccessTokenConverter jwtAccessTokenConverter() {
 		JwtAccessTokenConverter accessTokenConverter = new JwtAccessTokenConverter();
-		accessTokenConverter.setSigningKey(authProperties.getJwtSigningKey());
+		accessTokenConverter.setSigningKey(TokenConstant.SIGN_KEY);
 		return accessTokenConverter;
 	}
 

blade-auth/src/main/java/org/springblade/auth/constant/AuthConstant.java

@@ -23,10 +23,11 @@ package org.springblade.auth.constant;
  */
 public interface AuthConstant {
 
+	/**
+	 * 密码加密规则
+	 */
 	String ENCRYPT = "{blade}";
 
-	String CLIENT_DETAILS = "blade_oauth:client:details";
-
 	/**
 	 * blade_client表字段
 	 */
@@ -35,12 +36,12 @@ public interface AuthConstant {
 		"refresh_token_validity, additional_information, autoapprove";
 
 	/**
-	 * 查询语句
+	 * blade_client查询语句
 	 */
 	String BASE_STATEMENT = "select " + CLIENT_FIELDS + " from blade_client";
 
 	/**
-	 * 查询排序
+	 * blade_client查询排序
 	 */
 	String DEFAULT_FIND_STATEMENT = BASE_STATEMENT + " order by client_id";
 

blade-auth/src/main/java/org/springblade/auth/props/AuthClientProperties.java

@@ -1,34 +0,0 @@
-/*
- *      Copyright (c) 2018-2028, Chill Zhuang All rights reserved.
- *
- *  Redistribution and use in source and binary forms, with or without
- *  modification, are permitted provided that the following conditions are met:
- *
- *  Redistributions of source code must retain the above copyright notice,
- *  this list of conditions and the following disclaimer.
- *  Redistributions in binary form must reproduce the above copyright
- *  notice, this list of conditions and the following disclaimer in the
- *  documentation and/or other materials provided with the distribution.
- *  Neither the name of the dreamlu.net developer nor the names of its
- *  contributors may be used to endorse or promote products derived from
- *  this software without specific prior written permission.
- *  Author: Chill 庄骞 (smallchill@163.com)
- */
-package org.springblade.auth.props;
-
-import lombok.Data;
-
-/**
- * AuthClientProperties
- *
- * @author Chill
- */
-@Data
-public class AuthClientProperties {
-
-	private String clientId;
-
-	private String clientSecret;
-
-	private Integer accessTokenValiditySeconds = 7200;
-}

blade-auth/src/main/java/org/springblade/auth/props/AuthCoreConfig.java

@@ -1,30 +0,0 @@
-/*
- *      Copyright (c) 2018-2028, Chill Zhuang All rights reserved.
- *
- *  Redistribution and use in source and binary forms, with or without
- *  modification, are permitted provided that the following conditions are met:
- *
- *  Redistributions of source code must retain the above copyright notice,
- *  this list of conditions and the following disclaimer.
- *  Redistributions in binary form must reproduce the above copyright
- *  notice, this list of conditions and the following disclaimer in the
- *  documentation and/or other materials provided with the distribution.
- *  Neither the name of the dreamlu.net developer nor the names of its
- *  contributors may be used to endorse or promote products derived from
- *  this software without specific prior written permission.
- *  Author: Chill 庄骞 (smallchill@163.com)
- */
-package org.springblade.auth.props;
-
-import org.springframework.boot.context.properties.EnableConfigurationProperties;
-import org.springframework.context.annotation.Configuration;
-
-/**
- * AuthCoreConfig
- *
- * @author Chill
- */
-@Configuration
-@EnableConfigurationProperties(AuthProperties.class)
-public class AuthCoreConfig {
-}

blade-auth/src/main/java/org/springblade/auth/props/AuthProperties.java

@@ -1,34 +0,0 @@
-/*
- *      Copyright (c) 2018-2028, Chill Zhuang All rights reserved.
- *
- *  Redistribution and use in source and binary forms, with or without
- *  modification, are permitted provided that the following conditions are met:
- *
- *  Redistributions of source code must retain the above copyright notice,
- *  this list of conditions and the following disclaimer.
- *  Redistributions in binary form must reproduce the above copyright
- *  notice, this list of conditions and the following disclaimer in the
- *  documentation and/or other materials provided with the distribution.
- *  Neither the name of the dreamlu.net developer nor the names of its
- *  contributors may be used to endorse or promote products derived from
- *  this software without specific prior written permission.
- *  Author: Chill 庄骞 (smallchill@163.com)
- */
-package org.springblade.auth.props;
-
-import lombok.Data;
-import org.springframework.boot.context.properties.ConfigurationProperties;
-
-/**
- * AuthProperties
- *
- * @author Chill
- */
-@Data
-@ConfigurationProperties(prefix = "blade.security.oauth2")
-public class AuthProperties {
-
-	private String jwtSigningKey = "blade";
-
-	private AuthClientProperties[] clients = {};
-}

blade-auth/src/main/java/org/springblade/auth/support/BladePasswordEncoderFactories.java

@@ -39,6 +39,7 @@ public class BladePasswordEncoderFactories {
 	 * updates should not impact users. The mappings current are:
 	 *
 	 * <ul>
+	 * <li>blade - {@link BladePasswordEncoder} (sha1(md5("password")))</li>
 	 * <li>bcrypt - {@link BCryptPasswordEncoder} (Also used for encoding)</li>
 	 * <li>ldap - {@link org.springframework.security.crypto.password.LdapShaPasswordEncoder}</li>
 	 * <li>MD4 - {@link org.springframework.security.crypto.password.Md4PasswordEncoder}</li>

blade-auth/src/main/java/org/springblade/auth/utils/TokenUtil.java

@@ -38,7 +38,9 @@ public class TokenUtil {
 	public final static String USER_NAME = TokenConstant.USER_NAME;
 	public final static String ROLE_NAME = TokenConstant.ROLE_NAME;
 	public final static String TENANT_CODE = TokenConstant.TENANT_CODE;
-	public final static String LICENSE = "license";
+	public final static String LICENSE = TokenConstant.LICENSE;
+	public final static String LICENSE_NAME = TokenConstant.LICENSE_NAME;
+
 
 	public final static String TENANT_HEADER_KEY = "Tenant-Code";
 	public final static String DEFAULT_TENANT_CODE = "000000";
@@ -46,8 +48,6 @@ public class TokenUtil {
 	public final static String HEADER_KEY = "Authorization";
 	public final static String HEADER_PREFIX = "Basic ";
 	public final static String DEFAULT_AVATAR = "https://gw.alipayobjects.com/zos/rmsportal/BiazfanxmamNRoxxVxka.png";
-	public final static String LICENSE_NAME = "powered by bladex";
-
 	/**
 	 * 解码
 	 *

blade-auth/src/main/resources/bootstrap.yml

@@ -1,11 +1,2 @@
 server:
   port: 8100
-
-blade:
-  security:
-    oauth2:
-      storeType: jwt
-      jwtSigningKey: BladeX
-      clients[0]:
-        clientId: sword
-        clientSecret: sword_secret

blade-common/src/main/java/org/springblade/common/cache/CacheNames.java

@@ -28,4 +28,6 @@ public interface CacheNames {
 	String DICT_VALUE = "blade_dict:dict:value";
 	String DICT_LIST = "blade_dict:dict:list";
 
+	String AUTH_ROUTES = "blade_menu:auth_routes";
+
 }

blade-service/blade-system/src/main/java/org/springblade/system/controller/MenuController.java

@@ -29,6 +29,7 @@ import org.springblade.system.feign.IDictClient;
 import org.springblade.system.service.IMenuService;
 import org.springblade.system.vo.MenuVO;
 import org.springblade.system.wrapper.MenuWrapper;
+import org.springframework.cache.annotation.CacheEvict;
 import org.springframework.web.bind.annotation.*;
 import springfox.documentation.annotations.ApiIgnore;
 
@@ -36,6 +37,8 @@ import javax.validation.Valid;
 import java.util.List;
 import java.util.Map;
 
+import static org.springblade.common.cache.CacheNames.AUTH_ROUTES;
+
 /**
  * 控制器
  *
@@ -130,6 +133,7 @@ public class MenuController extends BladeController {
 	 * 新增或修改
 	 */
 	@PostMapping("/submit")
+	@CacheEvict(cacheNames = {AUTH_ROUTES})
 	@ApiOperation(value = "新增或修改", notes = "传入menu", position = 8)
 	public R submit(@Valid @RequestBody Menu menu) {
 		return R.status(menuService.saveOrUpdate(menu));
@@ -140,6 +144,7 @@ public class MenuController extends BladeController {
 	 * 删除
 	 */
 	@PostMapping("/remove")
+	@CacheEvict(cacheNames = {AUTH_ROUTES})
 	@ApiOperation(value = "删除", notes = "传入ids", position = 9)
 	public R remove(@ApiParam(value = "主键集合", required = true) @RequestParam String ids) {
 		return R.status(menuService.removeByIds(Func.toIntList(ids)));

blade-service/blade-system/src/main/java/org/springblade/system/service/impl/MenuServiceImpl.java

@@ -33,11 +33,14 @@ import org.springblade.system.service.IMenuService;
 import org.springblade.system.service.IRoleMenuService;
 import org.springblade.system.vo.MenuVO;
 import org.springblade.system.wrapper.MenuWrapper;
+import org.springframework.cache.annotation.Cacheable;
 import org.springframework.stereotype.Service;
 
 import java.util.*;
 import java.util.stream.Collectors;
 
+import static org.springblade.common.cache.CacheNames.AUTH_ROUTES;
+
 /**
  * 服务实现类
  *
@@ -98,6 +101,7 @@ public class MenuServiceImpl extends ServiceImpl<MenuMapper, Menu> implements IM
 	}
 
 	@Override
+	@Cacheable(cacheNames = AUTH_ROUTES, key = "#user.roleId")
 	public List<Kv> authRoutes(BladeUser user) {
 		if (Func.isEmpty(user)) {
 			return null;

doc/sql/bladex-mysql-oauth2-client-upadte.sql

@@ -47,7 +47,7 @@ CREATE TABLE `blade_client`  (
 -- Records of blade_client
 -- ----------------------------
 BEGIN;
-INSERT INTO `blade_client` VALUES (1, 'sword', 'sword_secret', NULL, 'all', 'refresh_token,password,authorization_code', 'http://localhost:8888', NULL, 3600, 36000, NULL, NULL, 1, '2019-03-24 10:40:55', 1, '2019-03-24 10:40:59', 1, 0), (2, 'saber', 'saber_secret', NULL, 'all', 'refresh_token,password,authorization_code', 'http://localhost:8080', NULL, 3600, 36000, NULL, NULL, 1, '2019-03-24 10:42:29', 1, '2019-03-24 10:42:32', 1, 0);
+INSERT INTO `blade_client` VALUES (1, 'sword', 'sword_secret', NULL, 'all', 'refresh_token,password,authorization_code', 'http://localhost:8888', NULL, 3600, 604800, NULL, NULL, 1, '2019-03-24 10:40:55', 1, '2019-03-24 10:40:59', 1, 0), (2, 'saber', 'saber_secret', NULL, 'all', 'refresh_token,password,authorization_code', 'http://localhost:8080', NULL, 3600, 604800, NULL, NULL, 1, '2019-03-24 10:42:29', 1, '2019-03-24 10:42:32', 1, 0);
 COMMIT;
 
 SET FOREIGN_KEY_CHECKS = 1;

doc/sql/bladex-sword-mysql.sql

@@ -47,7 +47,7 @@ CREATE TABLE `blade_client`  (
 -- Records of blade_client
 -- ----------------------------
 BEGIN;
-INSERT INTO `blade_client` VALUES (1, 'sword', 'sword_secret', NULL, 'all', 'refresh_token,password,authorization_code', 'http://localhost:8888', NULL, 3600, 36000, NULL, NULL, 1, '2019-03-24 10:40:55', 1, '2019-03-24 10:40:59', 1, 0), (2, 'saber', 'saber_secret', NULL, 'all', 'refresh_token,password,authorization_code', 'http://localhost:8080', NULL, 3600, 36000, NULL, NULL, 1, '2019-03-24 10:42:29', 1, '2019-03-24 10:42:32', 1, 0);
+INSERT INTO `blade_client` VALUES (1, 'sword', 'sword_secret', NULL, 'all', 'refresh_token,password,authorization_code', 'http://localhost:8888', NULL, 3600, 604800, NULL, NULL, 1, '2019-03-24 10:40:55', 1, '2019-03-24 10:40:59', 1, 0), (2, 'saber', 'saber_secret', NULL, 'all', 'refresh_token,password,authorization_code', 'http://localhost:8080', NULL, 3600, 604800, NULL, NULL, 1, '2019-03-24 10:42:29', 1, '2019-03-24 10:42:32', 1, 0);
 COMMIT;
 
 -- ----------------------------