matrix.business.oauth2.properties.OAuth2Properties Maven / Gradle / Ivy
package matrix.business.oauth2.properties;
import lombok.Data;
import lombok.experimental.Accessors;
import matrix.business.oauth2.service.OAuthFilterService;
import matrix.business.oauth2.service.HttpSecurityService;
import matrix.business.oauth2.service.TokenEnhanceService;
import org.springframework.boot.context.properties.ConfigurationProperties;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.oauth2.provider.ClientDetailsService;
import org.springframework.security.oauth2.provider.token.AccessTokenConverter;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import java.io.Serializable;
import java.util.List;
/**
* 授权配置
*
* @author wangcheng
* 2021/8/27
**/
@ConfigurationProperties(prefix = "matrix.business.oauth2")
@Data
@Accessors(chain = true)
public class OAuth2Properties implements Serializable {
/**
* 是否开启
*/
private boolean enabled = false;
/**
* 选择的数据库(动态数据源需要选择,默认第一个数据库)
*/
private String db;
/**
* 认证服务配置
*/
private AuthorizationServerProperties authorizationServer;
/**
* 资源服务配置
*/
private ResourceServerProperties resourceServer;
@ConfigurationProperties(prefix = "matrix.business.oauth2.authorization-server")
@Data
@Accessors(chain = true)
public static class AuthorizationServerProperties implements Serializable {
/**
* 是否开启
*/
private boolean enabled = false;
/**
* jwt配置
*/
private Jwt jwt = new Jwt();
/**
* 创建客户端表
*/
private Boolean createClientTable = true;
/**
* 创建用户表
*/
private Boolean createUserTable = true;
/**
* 忽略验证uri列表
*/
private List ignoreAuthUris;
/**
* 表单登录配置
*/
private FormLogin formLogin;
/**
* 获取客户端类,需实现(org.springframework.security.oauth2.provider.ClientDetailsService)
*/
private Class clientDetailsClass;
/**
* 获取用户类,需实现(org.springframework.security.core.userdetails.UserDetailsService)
*/
private Class userDetailsClass;
/**
* token增强器
*/
private Class tokenEnhanceClass;
/**
* 安全配置类
*/
private Class httpSecurityClass;
/**
* 认证过滤器类
*/
private Class oauthFilterClass;
/**
* 默认token有效时间(s)
*/
private Integer defaultAccessTokenValiditySeconds = 3600;
/**
* 默认刷新token有效时间(s)
*/
private Integer defaultRefreshTokenValiditySeconds = 7200;
}
/**
* 资源服务配置
*/
@ConfigurationProperties(prefix = "matrix.business.oauth2.resource-server")
@Data
@Accessors(chain = true)
public static class ResourceServerProperties implements Serializable {
/**
* 是否开启
*/
private boolean enabled = false;
/**
* 资源标识
*/
private String resourceId;
/**
* 是否内部认证服务器
*/
private Boolean internalAuthServer = true;
/**
* 认证服务器地址
*/
private String authServerUrl;
/**
* jwt本地解析
*/
private boolean jwtLocalParse = false;
/**
* 客户端ID(如果同时开启认证无须填写)
*/
private String clientId;
/**
* 客户端密钥(如果同时开启认证无须填写)
*/
private String clientSecret;
/**
* 忽略验证uri列表
*/
private List ignoreAuthUris;
/**
* 安全配置
*/
private List securityConfig;
/**
* 安全配置类
*/
private Class httpSecurityClass;
/**
* access token转换器(用于转换用户数据,jwt转换附加用户信息)
*/
private Class jwtAccessTokenConverterClass;
/**
* 认证过滤器类
*/
private Class oauthFilterClass;
}
/**
* 安全配置
*/
@Data
@Accessors(chain = true)
public static class SecurityConfig implements Serializable {
/**
* uri地址,多个用逗号分隔,例如:/pay/**
*/
private String uris;
/**
* 范围,可选值: read,write,trust 逗号分隔
*/
private String clientScopes;
/**
* 角色,多个用逗号分隔
*/
private String clientRoles;
}
/**
* jwt配置
*/
@ConfigurationProperties(prefix = "matrix.business.oauth2.authorization-server.jwt")
@Data
@Accessors(chain = true)
public static class Jwt implements Serializable {
/**
* 是否开启
*/
private boolean enabled = false;
/**
* 密钥(优先使用rsa加密方式)
*/
private String secret = "vwkit.com";
/**
* 对称密钥classpath路径(classpath:jwt-rsa.jks)
* keytool -genkey -alias jwt-rsa -keyalg RSA -keysize 1024 -keystore jwt-rsa.jks -validity 36500 -keypass 123456 -storepass 456789
*/
private String rsaFilePath;
/**
* 对称密钥key密码
*/
private String rsaKeyPassword;
/**
* 对称密钥存储密码(如果storePassword不存在,则使用keyPassword)
*/
private String rsaStorePassword;
/**
* 对称密钥别名
*/
private String rsaAlias;
/**
* access token转换器(用于转换用户数据,jwt转换附加用户信息,resource配置后,此处必须配置)
*/
private Class jwtAccessTokenConverterClass;
}
/**
* 登录表单配置
*/
@ConfigurationProperties(prefix = "matrix.business.oauth2.authorization-server.form-login")
@Data
@Accessors(chain = true)
public static class FormLogin implements Serializable {
/**
* 登录页面地址
*/
private String loginUri;
/**
* 默认登录成功跳转页面
*/
private String defaultSuccessUri;
/**
* 失败处理类
*/
private AuthenticationFailureHandler failureHandler;
}
}