add security redis support

Author: xlorne

README.md

@@ -18,7 +18,7 @@ v.3.x 为springboot 3.x版本,使用jdk17版本
 
 * springboot-starter | Springboot领域驱动框架
 * springboot-starter-data-fast | 快速数据呈现框架
-* springboot-starter-security-jwt | security&jwt权限框架
+* springboot-starter-security | security权限框架支持基于JWT的无状态权限认证与Redis的有状态权限认证
 
 ## SpringBoot DDD Architecture | SpringBoot DDD 框架图
 
@@ -44,7 +44,7 @@ v.3.x 为springboot 3.x版本,使用jdk17版本
      <!-- security&jwt权限框架 -->
      <dependency>
         <groupId>com.codingapi.springboot</groupId>
-        <artifactId>springboot-starter-security-jwt</artifactId>
+        <artifactId>springboot-starter-security</artifactId>
         <version>${last.version}</version>
      </dependency>
      

docs/wiki/springboot-starter-security-jwt.md renamed to docs/wiki/springboot-starter-security.md

@@ -1,18 +1,28 @@
-springboot-starter-security-jwt 功能介绍
+springboot-starter-security 功能介绍
+
+支持无状态的JWT和有状态的redis两种不同的token机制
 
 配置文件,默认参数即说明
 ```properties
+# JWT开关
+codingapi.security.jwt.enable=true
 # JWT密钥 需大于32位的字符串
-codingapi.security.jwt-secret=codingapi.security.jwt.secretkey
+codingapi.security.jwt.secret-key=codingapi.security.jwt.secretkey
+
+# JWT 有效时间(毫秒) 15分钟有效期 1000*60*15=900000
+codingapi.security.jwt.valid-time=900000
+# JWT 更换令牌时间(毫秒) 10分钟后更换令牌 1000*60*10=600000
+codingapi.security.jwt.rest-time=600000
+
 # JWT AES密钥
 codingapi.security.ase-key=QUNEWCQlXiYqJCNYQ1phc0FDRFgkJV4mKiQjWENaYXM=
 # JWT AES IV
-codingapi.security.aes-iv=QUNYRkdIQEVEUyNYQ1phcw==
+codingapi.security.ase-iv=QUNYRkdIQEVEUyNYQ1phcw==
 
-# JWT 有效时间(毫秒) 15分钟有效期 1000*60*15=900000
-codingapi.security.jwt-time=900000
-# JWT 更换令牌时间(毫秒) 10分钟后更换令牌 1000*60*10=600000
-codingapi.security.jwt-rest-time=600000
+# Redis开关
+#codingapi.security.redis.enable=true
+#spring.data.redis.host=localhost
+#spring.data.redis.port=6379
 
 # Security 配置 请求权限拦截地址
 codingapi.security.authenticated-urls=/api/**
@@ -52,7 +62,7 @@ security默认的账户密码为admin/admin，可以通过重写UserDetailsServi
 
 ## 登录拦截
 可以通过重写SecurityLoginHandler来实现自定义登录拦截，preHandle登录前的拦截处理，postHandle登录后的拦截处理
-```java
+```
     @Bean
     public SecurityLoginHandler securityLoginHandler() {
         return new SecurityLoginHandler() {
@@ -74,15 +84,15 @@ security默认的账户密码为admin/admin，可以通过重写UserDetailsServi
 通过TokenContext获取当前用户信息
 ```java
     @GetMapping("/user")
-    public String user(){
-        return TokenContext.current().getUsername();
-    }
+public String user(){
+    return TokenContext.current().getUsername();
+}
 ```
 
 可以通过Token的extra字段来存储用户的更多信息，然后通过TokenContext获取
 ```java
     @GetMapping("/user")
-    public String user(){
-        return TokenContext.current().getExtra("user");
-    }
+public String user(){
+    return TokenContext.current().getExtra("user");
+}
 ```

pom.xml

@@ -12,7 +12,7 @@
 
     <groupId>com.codingapi.springboot</groupId>
     <artifactId>springboot-parent</artifactId>
-    <version>2.7.10</version>
+    <version>2.8.0</version>
 
     <url>https://github.com/codingapi/springboot-framewrok</url>
     <name>springboot-parent</name>
@@ -32,7 +32,7 @@
         <maven.gpg.plugin>3.1.0</maven.gpg.plugin>
         <codingapi.framework.version>${project.version}</codingapi.framework.version>
         <fastjson.version>2.0.42</fastjson.version>
-        <jsonwebtoken.jjwt.version>0.12.3</jsonwebtoken.jjwt.version>
+        <jsonwebtoken.jjwt.version>0.12.5</jsonwebtoken.jjwt.version>
         <commons-io.version>2.15.0</commons-io.version>
         <commons-dbutils.version>1.8.1</commons-dbutils.version>
         <commons-text.version>1.11.0</commons-text.version>
@@ -143,7 +143,7 @@
 
             <dependency>
                 <groupId>com.codingapi.springboot</groupId>
-                <artifactId>springboot-starter-security-jwt</artifactId>
+                <artifactId>springboot-starter-security</artifactId>
                 <version>${codingapi.framework.version}</version>
             </dependency>
 
@@ -249,7 +249,7 @@
             </activation>
             <modules>
                 <module>springboot-starter</module>
-                <module>springboot-starter-security-jwt</module>
+                <module>springboot-starter-security</module>
                 <module>springboot-starter-data-fast</module>
             </modules>
         </profile>
@@ -260,7 +260,7 @@
 
             <modules>
                 <module>springboot-starter</module>
-                <module>springboot-starter-security-jwt</module>
+                <module>springboot-starter-security</module>
                 <module>springboot-starter-data-fast</module>
             </modules>
 
@@ -309,7 +309,7 @@
 
             <modules>
                 <module>springboot-starter</module>
-                <module>springboot-starter-security-jwt</module>
+                <module>springboot-starter-security</module>
                 <module>springboot-starter-data-fast</module>
             </modules>
 

springboot-starter-data-fast/pom.xml

@@ -5,7 +5,7 @@
     <parent>
         <artifactId>springboot-parent</artifactId>
         <groupId>com.codingapi.springboot</groupId>
-        <version>2.7.10</version>
+        <version>2.8.0</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
 

springboot-starter-security-jwt/src/main/resources/META-INF/spring.factories

@@ -6,13 +6,13 @@
     <parent>
         <artifactId>springboot-parent</artifactId>
         <groupId>com.codingapi.springboot</groupId>
-        <version>2.7.10</version>
+        <version>2.8.0</version>
     </parent>
 
-    <artifactId>springboot-starter-security-jwt</artifactId>
+    <artifactId>springboot-starter-security</artifactId>
 
-    <name>springboot-starter-security-jwt</name>
-    <description>springboot-starter-security-jwt project for Spring Boot</description>
+    <name>springboot-starter-security</name>
+    <description>springboot-starter-security project for Spring Boot</description>
 
     <properties>
         <java.version>8</java.version>
@@ -30,19 +30,28 @@
             <artifactId>spring-boot-starter-web</artifactId>
         </dependency>
 
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-data-redis</artifactId>
+            <scope>provided</scope>
+        </dependency>
+
         <dependency>
             <groupId>io.jsonwebtoken</groupId>
             <artifactId>jjwt-api</artifactId>
+            <scope>provided</scope>
         </dependency>
 
         <dependency>
             <groupId>io.jsonwebtoken</groupId>
             <artifactId>jjwt-impl</artifactId>
+            <scope>provided</scope>
         </dependency>
 
         <dependency>
             <groupId>io.jsonwebtoken</groupId>
             <artifactId>jjwt-jackson</artifactId>
+            <scope>provided</scope>
         </dependency>
 
         <dependency>

springboot-starter-security-jwt/src/main/resources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports

@@ -4,9 +4,9 @@
 import com.codingapi.springboot.security.controller.VersionController;
 import com.codingapi.springboot.security.dto.request.LoginRequest;
 import com.codingapi.springboot.security.filter.*;
-import com.codingapi.springboot.security.jwt.Jwt;
-import com.codingapi.springboot.security.jwt.Token;
-import com.codingapi.springboot.security.properties.SecurityJwtProperties;
+import com.codingapi.springboot.security.gateway.Token;
+import com.codingapi.springboot.security.gateway.TokenGateway;
+import com.codingapi.springboot.security.properties.CodingApiSecurityProperties;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
 import org.springframework.boot.context.properties.ConfigurationProperties;
 import org.springframework.context.annotation.Bean;
@@ -86,8 +86,8 @@ public void postHandle(HttpServletRequest request, HttpServletResponse response,
 
     @Bean
     @ConditionalOnMissingBean
-    public SecurityFilterChain filterChain(HttpSecurity security, Jwt jwt, SecurityLoginHandler loginHandler,
-                                           SecurityJwtProperties properties, AuthenticationTokenFilter authenticationTokenFilter) throws Exception {
+    public SecurityFilterChain filterChain(HttpSecurity security, TokenGateway tokenGateway, SecurityLoginHandler loginHandler,
+                                           CodingApiSecurityProperties properties, AuthenticationTokenFilter authenticationTokenFilter) throws Exception {
         //disable basic auth
         security.httpBasic().disable();
 
@@ -96,7 +96,7 @@ public SecurityFilterChain filterChain(HttpSecurity security, Jwt jwt, SecurityL
         if (properties.isDisableCsrf()) {
             security.csrf().disable();
         }
-        security.apply(new HttpSecurityConfigurer(jwt, loginHandler, properties, authenticationTokenFilter));
+        security.apply(new HttpSecurityConfigurer(tokenGateway, loginHandler, properties, authenticationTokenFilter));
         security
                 .exceptionHandling()
                 .authenticationEntryPoint(new MyUnAuthenticationEntryPoint())
@@ -135,19 +135,13 @@ public AuthenticationProvider authenticationProvider(UserDetailsService userDeta
     }
 
 
-    @Bean
-    @ConditionalOnMissingBean
-    public Jwt jwt(SecurityJwtProperties properties) {
-        return new Jwt(properties.getJwtSecretKey(), properties.getJwtTime(), properties.getJwtRestTime());
-    }
-
 
     @Bean
-    public WebMvcConfigurer corsConfigurer(SecurityJwtProperties securityJwtProperties) {
+    public WebMvcConfigurer corsConfigurer(CodingApiSecurityProperties securityProperties) {
         return new WebMvcConfigurer() {
             @Override
             public void addCorsMappings(CorsRegistry registry) {
-                if (securityJwtProperties.isDisableCors()) {
+                if (securityProperties.isDisableCors()) {
                     registry.addMapping("/**")
                             .allowedHeaders("*")
                             .allowedMethods("*")
@@ -164,8 +158,8 @@ public void addCorsMappings(CorsRegistry registry) {
 
     @Bean
     @ConfigurationProperties(prefix = "codingapi.security")
-    public SecurityJwtProperties securityJwtProperties() {
-        return new SecurityJwtProperties();
+    public CodingApiSecurityProperties codingApiSecurityProperties() {
+        return new CodingApiSecurityProperties();
     }
 
 

springboot-starter-security-jwt/pom.xml renamed to springboot-starter-security/pom.xml

@@ -4,8 +4,8 @@
 import com.codingapi.springboot.security.filter.MyAuthenticationFilter;
 import com.codingapi.springboot.security.filter.MyLoginFilter;
 import com.codingapi.springboot.security.filter.SecurityLoginHandler;
-import com.codingapi.springboot.security.jwt.Jwt;
-import com.codingapi.springboot.security.properties.SecurityJwtProperties;
+import com.codingapi.springboot.security.gateway.TokenGateway;
+import com.codingapi.springboot.security.properties.CodingApiSecurityProperties;
 import lombok.AllArgsConstructor;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
@@ -14,16 +14,16 @@
 @AllArgsConstructor
 public class HttpSecurityConfigurer extends AbstractHttpConfigurer<HttpSecurityConfigurer, HttpSecurity> {
 
-    private final Jwt jwt;
+    private final TokenGateway tokenGateway;
 
     private final SecurityLoginHandler securityLoginHandler;
-    private final SecurityJwtProperties securityJwtProperties;
+    private final CodingApiSecurityProperties securityProperties;
     private final AuthenticationTokenFilter authenticationTokenFilter;
 
     @Override
     public void configure(HttpSecurity security) throws Exception {
         AuthenticationManager manager = security.getSharedObject(AuthenticationManager.class);
-        security.addFilter(new MyLoginFilter(manager, jwt,securityLoginHandler, securityJwtProperties));
-        security.addFilter(new MyAuthenticationFilter(manager,securityJwtProperties,jwt,authenticationTokenFilter));
+        security.addFilter(new MyLoginFilter(manager, tokenGateway,securityLoginHandler, securityProperties));
+        security.addFilter(new MyAuthenticationFilter(manager,securityProperties,tokenGateway,authenticationTokenFilter));
     }
 }

springboot-starter-security-jwt/src/main/java/com/codingapi/springboot/security/AutoConfiguration.java renamed to springboot-starter-security/src/main/java/com/codingapi/springboot/security/AutoConfiguration.java

@@ -1,6 +1,6 @@
 package com.codingapi.springboot.security.configurer;
 
-import com.codingapi.springboot.security.properties.SecurityJwtProperties;
+import com.codingapi.springboot.security.properties.CodingApiSecurityProperties;
 import lombok.AllArgsConstructor;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.web.builders.WebSecurity;
@@ -10,12 +10,12 @@
 @AllArgsConstructor
 public class WebSecurityConfigurer implements WebSecurityCustomizer {
 
-    private final SecurityJwtProperties securityJwtProperties;
+    private final CodingApiSecurityProperties securityProperties;
 
     @Override
     public void customize(WebSecurity web) {
         //ignoring security filters request url
-        web.ignoring().antMatchers(securityJwtProperties.getIgnoreUrls());
+        web.ignoring().antMatchers(securityProperties.getIgnoreUrls());
     }
 
 }

springboot-starter-security-jwt/src/main/java/com/codingapi/springboot/security/configurer/HttpSecurityConfigurer.java renamed to springboot-starter-security/src/main/java/com/codingapi/springboot/security/configurer/HttpSecurityConfigurer.java

@@ -6,20 +6,20 @@
 import java.nio.charset.StandardCharsets;
 import java.util.Base64;
 
-public class MyAES {
+public class AESTools {
 
-    private final static MyAES instance = new MyAES();
+    private final static AESTools instance = new AESTools();
 
     private AES aes;
 
-    private MyAES() {
+    private AESTools() {
     }
 
     void init(AES aes) {
         this.aes = aes;
     }
 
-    public static MyAES getInstance() {
+    public static AESTools getInstance() {
         return instance;
     }
 

springboot-starter-security-jwt/src/main/java/com/codingapi/springboot/security/configurer/WebSecurityConfigurer.java renamed to springboot-starter-security/src/main/java/com/codingapi/springboot/security/configurer/WebSecurityConfigurer.java

@@ -1,23 +1,22 @@
 package com.codingapi.springboot.security.crypto;
 
 import com.codingapi.springboot.framework.crypto.AES;
-import com.codingapi.springboot.security.properties.SecurityJwtProperties;
+import com.codingapi.springboot.security.properties.CodingApiSecurityProperties;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 
 import java.util.Base64;
 
 @Configuration
-public class MyCryptoConfiguration {
+public class SecurityCryptoConfiguration {
 
     @Bean
     @ConditionalOnMissingBean
-    public AES aes(SecurityJwtProperties properties) throws Exception {
+    public AES aes(CodingApiSecurityProperties properties) throws Exception {
         AES aes = new AES(Base64.getDecoder().decode(properties.getAseKey().getBytes()),
                 Base64.getDecoder().decode(properties.getAseIv()));
-        MyAES.getInstance().init(aes);
+        AESTools.getInstance().init(aes);
         return aes;
     }
-
 }