diff --git a/accompany-oauth2/accompany-oauth2-service/src/main/java/com/accompany/oauth2/service/account/SuperAdminGrantService.java b/accompany-oauth2/accompany-oauth2-service/src/main/java/com/accompany/oauth2/service/account/SuperAdminGrantService.java deleted file mode 100644 index 5ab2cf898..000000000 --- a/accompany-oauth2/accompany-oauth2-service/src/main/java/com/accompany/oauth2/service/account/SuperAdminGrantService.java +++ /dev/null @@ -1,93 +0,0 @@ -package com.accompany.oauth2.service.account; - -import com.accompany.common.constant.Constant; -import com.accompany.common.constant.SmsConstant; -import com.accompany.common.redis.RedisKey; -import com.accompany.common.utils.CommonUtil; -import com.accompany.core.model.Account; -import com.accompany.core.model.Users; -import com.accompany.core.service.account.AccountService; -import com.accompany.core.service.common.JedisService; -import com.accompany.core.service.user.UsersBaseService; -import com.accompany.oauth2.exception.CustomOAuth2Exception; -import org.apache.commons.lang3.StringUtils; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.stereotype.Service; - -import java.util.Objects; - -/** - * 超管登陆相关 - */ -@Service -public class SuperAdminGrantService { - - private static final transient Logger logger = LoggerFactory.getLogger(SuperAdminGrantService.class); - - @Autowired - private AccountService accountService; - @Autowired - private JedisService jedisService; - @Autowired - private UsersBaseService usersBaseService; - - public void grant(String phone,String sCode,String os,String version){ - Account account = accountService.getAccount(phone); - if(account == null){ - logger.error("account not exist,phone:{},sCode:{},os:{},version:{}",phone,sCode,os,version); - throw new CustomOAuth2Exception(CustomOAuth2Exception.INVALID_USER, "账号不存在"); - } - if(!isSuperAdmin(account.getUid())){ - return; - } - CustomOAuth2Exception exception = new CustomOAuth2Exception(CustomOAuth2Exception.INVALID_SUPER_USER, "Bad credentials"); - if(!CommonUtil.checkPhoneFormat(account.getPhoneAreaCode(),account.getPhone())){ - logger.error("super-admin login error.:{}",phone); - exception.addAdditionalInformation("msgWithValue","账号异常,未绑定手机号码"); - throw exception; - } - if(StringUtils.isBlank(sCode)){ - // 开启超管短信登录验证 - exception.addAdditionalInformation("superCodeVerify", "1"); - exception.addAdditionalInformation("msgWithValue","请输入超级管理员手机验证码"); - throw exception; - } - // 校验短信验证码 - if(!verifySmsCodeByCache(account.getPhone(),sCode, SmsConstant.SmsType.SUPER_ADMIN_LOGIN)){ - exception.addAdditionalInformation("superCodeVerify", "1"); - exception.addAdditionalInformation("msgWithValue","超级管理员验证码校验失败"); - throw exception; - } - - } - - public boolean verifySmsCodeByCache(String mobile, String code, Byte bizType){ - String codeStr = jedisService.get(getSmsKey(mobile, bizType)); - if(!StringUtils.isEmpty(codeStr) && codeStr.equals(code)){ - return true; - }else { - return false; - } - } - - public String getSmsKey(String mobile, Byte bizType) { - return RedisKey.sms.getKey(mobile + "_" + bizType); - } - - public boolean isSuperAdmin(Long uid){ - Users user = usersBaseService.getUsersByUid(uid); - return user != null && Objects.equals(user.getPlatformRole(), Constant.PlatformRole.superAdmin); - } - - public void ifSuperAdminNotAllow(Long uid){ - if(isSuperAdmin(uid)){ - CustomOAuth2Exception exception = new CustomOAuth2Exception(CustomOAuth2Exception.INVALID_SUPER_USER, "Bad credentials"); - logger.error("super-admin third-login error.uid:{}",uid); - exception.addAdditionalInformation("msgWithValue","超级管理员不允许第三方登陆"); - throw exception; - - } - } -} diff --git a/accompany-oauth2/accompany-oauth2-service/src/main/java/com/accompany/oauth2/util/HttpClient4Utils.java b/accompany-oauth2/accompany-oauth2-service/src/main/java/com/accompany/oauth2/util/HttpClient4Utils.java deleted file mode 100644 index e7bc54fe2..000000000 --- a/accompany-oauth2/accompany-oauth2-service/src/main/java/com/accompany/oauth2/util/HttpClient4Utils.java +++ /dev/null @@ -1,156 +0,0 @@ -package com.accompany.oauth2.util; - -import org.apache.commons.httpclient.methods.InputStreamRequestEntity; -import org.apache.commons.httpclient.methods.PostMethod; -import org.apache.commons.httpclient.methods.RequestEntity; -import org.apache.http.NameValuePair; -import org.apache.http.client.HttpClient; -import org.apache.http.client.config.RequestConfig; -import org.apache.http.client.entity.UrlEncodedFormEntity; -import org.apache.http.client.methods.CloseableHttpResponse; -import org.apache.http.client.methods.HttpPost; -import org.apache.http.impl.client.CloseableHttpClient; -import org.apache.http.impl.client.HttpClients; -import org.apache.http.impl.conn.PoolingHttpClientConnectionManager; -import org.apache.http.message.BasicNameValuePair; -import org.apache.http.util.EntityUtils; - -import java.io.ByteArrayInputStream; -import java.io.ByteArrayOutputStream; -import java.io.IOException; -import java.io.InputStream; -import java.nio.charset.Charset; -import java.util.ArrayList; -import java.util.Iterator; -import java.util.List; -import java.util.Map; - -public class HttpClient4Utils { - private static HttpClient defaultClient = createHttpClient(20, 20, 5000, 5000, 3000); - - /** - * 实例化HttpClient - * - * @param maxTotal - * @param maxPerRoute - * @param socketTimeout - * @param connectTimeout - * @param connectionRequestTimeout - * @return - */ - public static HttpClient createHttpClient(int maxTotal, int maxPerRoute, int socketTimeout, int connectTimeout, - int connectionRequestTimeout) { - RequestConfig defaultRequestConfig = RequestConfig.custom().setSocketTimeout(socketTimeout) - .setConnectTimeout(connectTimeout).setConnectionRequestTimeout(connectionRequestTimeout).build(); - PoolingHttpClientConnectionManager cm = new PoolingHttpClientConnectionManager(); - cm.setMaxTotal(maxTotal); - cm.setDefaultMaxPerRoute(maxPerRoute); - CloseableHttpClient httpClient = HttpClients.custom().setConnectionManager(cm) - .setDefaultRequestConfig(defaultRequestConfig).build(); - return httpClient; - } - - /** - * 发送post请求 - * - * @param httpClient - * @param url 请求地址 - * @param params 请求参数 - * @param encoding 编码 - * @return - */ - public static String sendPost(HttpClient httpClient, String url, Map params, Charset encoding) { - String resp = ""; - HttpPost httpPost = new HttpPost(url); - if (params != null && params.size() > 0) { - List formParams = new ArrayList(); - Iterator> itr = params.entrySet().iterator(); - while (itr.hasNext()) { - Map.Entry entry = itr.next(); - formParams.add(new BasicNameValuePair(entry.getKey(), entry.getValue())); - } - UrlEncodedFormEntity postEntity = new UrlEncodedFormEntity(formParams, encoding); - httpPost.setEntity(postEntity); - } - CloseableHttpResponse response = null; - try { - response = (CloseableHttpResponse) httpClient.execute(httpPost); - resp = EntityUtils.toString(response.getEntity(), encoding); - } catch (Exception e) { - // log - e.printStackTrace(); - } finally { - if (response != null) { - try { - response.close(); - } catch (IOException e) { - // log - e.printStackTrace(); - } - } - } - return resp; - } - - /** - * 发送post请求 - * @param url 请求地址 - * @param params 请求参数 - * @return - */ - public static String sendPost(String url, Map params) { - Charset encoding = Charset.forName("utf8"); - return sendPost(defaultClient, url, params, encoding); - } - - - public static String post(String params, String requestUrl) throws IOException { - // TODO Auto-generated method stub - // try { - //HttpRequester request = new HttpRequester(); - // request.setDefaultContentEncoding("utf-8"); - byte[] requestBytes = params.getBytes("utf-8"); // 将参数转为二进制流 - org.apache.commons.httpclient.HttpClient httpClient = new org.apache.commons.httpclient.HttpClient(); // 客户端实例化 - PostMethod postMethod = new PostMethod(requestUrl); - //设置请求头Authorization - // postMethod.setRequestHeader("Authorization", "Basic " + authorization); - // 设置请求头 Content-Type - postMethod.setRequestHeader("Content-Type", "application/json"); - InputStream inputStream = new ByteArrayInputStream(requestBytes, 0, requestBytes.length); - RequestEntity requestEntity = new InputStreamRequestEntity(inputStream, requestBytes.length, "application/json; charset=utf-8"); // 请求体 - postMethod.setRequestEntity(requestEntity); - httpClient.executeMethod(postMethod);// 执行请求 - InputStream soapResponseStream = postMethod.getResponseBodyAsStream();// 获取返回的流 - byte[] datas = null; - try { - datas = readInputStream(soapResponseStream);// 从输入流中读取数据 - } catch (Exception e) { - e.printStackTrace(); - } - String result = new String(datas, "UTF-8");// 将二进制流转为String - // 打印返回结果 - // System.out.println(result); - - return result; - } - - /** - * 从输入流中读取数据 - * - * @param inStream - * @return - * @throws Exception - */ - public static byte[] readInputStream(InputStream inStream) throws Exception { - ByteArrayOutputStream outStream = new ByteArrayOutputStream(); - byte[] buffer = new byte[1024]; - int len = 0; - while ((len = inStream.read(buffer)) != -1) { - outStream.write(buffer, 0, len); - } - byte[] data = outStream.toByteArray(); - outStream.close(); - inStream.close(); - return data; - } -} \ No newline at end of file diff --git a/accompany-oauth2/accompany-oauth2-service/src/main/java/com/accompany/oauth2/util/SignatureUtils.java b/accompany-oauth2/accompany-oauth2-service/src/main/java/com/accompany/oauth2/util/SignatureUtils.java deleted file mode 100644 index f9f917fb6..000000000 --- a/accompany-oauth2/accompany-oauth2-service/src/main/java/com/accompany/oauth2/util/SignatureUtils.java +++ /dev/null @@ -1,35 +0,0 @@ -package com.accompany.oauth2.util; - -import org.apache.commons.codec.digest.DigestUtils; - -import java.io.UnsupportedEncodingException; -import java.util.Arrays; -import java.util.Map; - -public class SignatureUtils { - - /** - * 生成签名信息 - * @param secretKey 产品私钥 - * @param params 接口请求参数名和参数值map,不包括signature参数名 - * @return - * @throws UnsupportedEncodingException - */ - public static String genSignature(String secretKey, Map params) throws UnsupportedEncodingException { - // 1. 参数名按照ASCII码表升序排序 - String[] keys = params.keySet().toArray(new String[0]); - Arrays.sort(keys); - - // 2. 按照排序拼接参数名与参数值 - StringBuffer paramBuffer = new StringBuffer(); - for (String key : keys) { - paramBuffer.append(key).append(params.get(key) == null ? "" : params.get(key)); - } - // 3. 将secretKey拼接到最后 - paramBuffer.append(secretKey); - - // 4. MD5是128位长度的摘要算法,用16进制表示,一个十六进制的字符能表示4个位,所以签名后的字符串长度固定为32个十六进制字符。 - return DigestUtils.md5Hex(paramBuffer.toString().getBytes("UTF-8")); - } - -} diff --git a/accompany-oauth2/accompany-oauth2-service/src/main/resources/META-INF/spring.handlers b/accompany-oauth2/accompany-oauth2-service/src/main/resources/META-INF/spring.handlers deleted file mode 100644 index b6c0b20db..000000000 --- a/accompany-oauth2/accompany-oauth2-service/src/main/resources/META-INF/spring.handlers +++ /dev/null @@ -1 +0,0 @@ -#http\://music.yy.com/schema/security/oauth2=com.accompany.oauth2.service.config.xml.OAuth2SecurityNamespaceHandler \ No newline at end of file diff --git a/accompany-oauth2/accompany-oauth2-service/src/main/resources/META-INF/spring.schemas b/accompany-oauth2/accompany-oauth2-service/src/main/resources/META-INF/spring.schemas deleted file mode 100644 index 6d5db22cc..000000000 --- a/accompany-oauth2/accompany-oauth2-service/src/main/resources/META-INF/spring.schemas +++ /dev/null @@ -1,3 +0,0 @@ -#http\://music.yy.com/schema/security/spring-security-oauth2-1.0.xsd=/xsd/spring-security-oauth2-1.0.xsd -#http\://music.yy.com/schema/security/spring-security-oauth2-2.0.xsd=/xsd/spring-security-oauth2-2.0.xsd -#http\://music.yy.com/schema/security/spring-security-oauth2.xsd=/xsd/spring-security-oauth2-2.0.xsd \ No newline at end of file diff --git a/accompany-oauth2/accompany-oauth2-service/src/main/resources/generatorConfig.xml b/accompany-oauth2/accompany-oauth2-service/src/main/resources/generatorConfig.xml deleted file mode 100644 index e5e1bfe6b..000000000 --- a/accompany-oauth2/accompany-oauth2-service/src/main/resources/generatorConfig.xml +++ /dev/null @@ -1,70 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - \ No newline at end of file diff --git a/accompany-oauth2/accompany-oauth2-service/src/main/resources/oauth2.properties b/accompany-oauth2/accompany-oauth2-service/src/main/resources/oauth2.properties deleted file mode 100644 index 08cad7cb4..000000000 --- a/accompany-oauth2/accompany-oauth2-service/src/main/resources/oauth2.properties +++ /dev/null @@ -1,23 +0,0 @@ - -#yidun -yidun.register.business-id=af43d0f8752147c48f8281800da6049e -yidun.register.secret-id=53ac2fc2d00e3ffc4eafbfe6305aed03 -yidun.register.switch=true -yidun.register.api-url=https://ac.dun.163yun.com/v2/register/check -yidun.register.secret-key=0b9cd0854bc6be2e5d709cc967f3fc38 - -yidun.login.business-id=67881c7a69764c058435ba93a51b1285 -yidun.login.api-url=https://ac.dun.163yun.com/v2/login/check -yidun.login.switch=true - - -#shumei -shumei.register.accessKey=kQ8QOffYuq79qys2JOsP -shumei.register.appId=default -shumei.register.api.url=http://api.fengkongcloud.com/v3/event -shumei.register.switch=true -shumei.login.switch=true - -register.opened=false - -login.opened=false \ No newline at end of file diff --git a/accompany-oauth2/accompany-oauth2-web/src/main/java/com/accompany/oauth2/config/WebMvcConfig.java b/accompany-oauth2/accompany-oauth2-web/src/main/java/com/accompany/oauth2/config/WebMvcConfig.java index fd1f926a1..559df494e 100644 --- a/accompany-oauth2/accompany-oauth2-web/src/main/java/com/accompany/oauth2/config/WebMvcConfig.java +++ b/accompany-oauth2/accompany-oauth2-web/src/main/java/com/accompany/oauth2/config/WebMvcConfig.java @@ -7,7 +7,6 @@ package com.accompany.oauth2.config; */ import com.accompany.oauth2.interceptor.LoginInterceptor; -import com.accompany.oauth2.interceptor.SecurityInterceptor; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.web.servlet.config.annotation.InterceptorRegistry; @@ -16,15 +15,6 @@ import org.springframework.web.servlet.config.annotation.WebMvcConfigurer; @Configuration public class WebMvcConfig implements WebMvcConfigurer{ - /** - * 自己定义的拦截器类 - * @return - */ - @Bean - public SecurityInterceptor getSecurityInterceptor() { - return new SecurityInterceptor(); - } - @Bean public LoginInterceptor getLoginInterceptor() { return new LoginInterceptor(); diff --git a/accompany-oauth2/accompany-oauth2-web/src/main/java/com/accompany/oauth2/interceptor/SecurityInterceptor.java b/accompany-oauth2/accompany-oauth2-web/src/main/java/com/accompany/oauth2/interceptor/SecurityInterceptor.java deleted file mode 100644 index 846d9ad64..000000000 --- a/accompany-oauth2/accompany-oauth2-web/src/main/java/com/accompany/oauth2/interceptor/SecurityInterceptor.java +++ /dev/null @@ -1,114 +0,0 @@ -package com.accompany.oauth2.interceptor; - -import com.accompany.common.constant.ApplicationConstant; -import com.accompany.common.redis.RedisKey; -import com.accompany.common.utils.StringUtils; -import com.accompany.core.service.common.JedisService; -import com.accompany.core.util.KeyStore; -import com.accompany.core.util.MD5; -import com.alibaba.fastjson.JSON; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.beans.factory.annotation.Autowired; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import java.util.Map; -import java.util.Set; -import java.util.TreeMap; -import java.util.regex.Matcher; -import java.util.regex.Pattern; - -/** - * @author yangziwen - * @description - * @date 2018/6/7 17:27 - */ -public class SecurityInterceptor extends BasicInterceptor { - - private static final Logger logger = LoggerFactory.getLogger(SecurityInterceptor.class); - - private static Pattern pattern = Pattern.compile("\\s*|\t|\r|\n"); - - @Autowired - private JedisService jedisService; - - @Override - public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object object) throws Exception { - // 校验是否开启签名,是否 URI 白名单 - if (!isSignEnable() || this.isExcludeUri(request.getRequestURI())) { - return true; - } - - // 检查 IP 是否被封禁 - /*String ip = IPUtils.getRealIpAddress(request); - if (this.jedisService.sismember(RedisKey.global_block_ip.getKey(), ip)){ - logger.warn("IP {} 被封禁,不允许访问", ip); - return false; - }*/ - - // 检查设备号是否被封禁 - /*String deviceId = request.getParameter("deviceId"); - if (StringUtils.isNotEmpty(deviceId) && this.jedisService.sismember(RedisKey.global_block_device.getKey(), deviceId)){ - logger.warn("设备号 {} 被封禁,不允许访问", deviceId); - return false; - }*/ - - // 验证签名 - if (this.isLegalRequest(request)) { - return true; - } - - this.writeResponse(response, 403, "Illegal Request"); - return false; - } - - public boolean isSignEnable() { - String sign = this.jedisService.get(RedisKey.sign_enable.getKey()); - return StringUtils.equalsIgnoreCase(sign, Boolean.TRUE.toString()); - } - - /** - * 校验请求是否合法 - * - * @param request - * @return - * @throws Exception - */ - private boolean isLegalRequest(HttpServletRequest request) { - TreeMap paramsMap = new TreeMap<>(request.getParameterMap()); - - StringBuilder builder = new StringBuilder(); - Set> entries = paramsMap.entrySet(); - for (Map.Entry entry : entries) { - String name = entry.getKey(); - if (ApplicationConstant.PUBLIC_PARAMTER_NAMES.contains(name)) { - continue; - } - - String param = String.join(",", entry.getValue()); - builder.append(name).append("=").append(param).append("&"); - } - - // 去除最后一个多余的连接符 - if (builder.length() > 0) { - builder.replace(builder.length() - 1, builder.length(), ""); - builder.append("&"); - } - - builder.append("key=").append(KeyStore.DES_SIGN_KEY); - String serverSign = MD5.getMD5(builder.toString()); - Matcher matcher = pattern.matcher(serverSign); - serverSign = matcher.replaceAll(""); - - String clientSign = request.getParameter(ApplicationConstant.PublicParameters.SIGN); - logger.warn("非法请求: uri={}, headers={}, parameters={}", - request.getRequestURI(), JSON.toJSONString(request.getHeaderNames()), JSON.toJSONString(request.getParameterMap())); - return StringUtils.equalsIgnoreCase(clientSign, serverSign); - } - - private boolean isExcludeUri(String url) { - String excludeUri = this.jedisService.hget(RedisKey.exclude_uri.getKey(), url); - return StringUtils.isNotEmpty(excludeUri) && StringUtils.equalsIgnoreCase(excludeUri, Boolean.TRUE.toString()); - } -} diff --git a/accompany-oauth2/accompany-oauth2-web/src/test/java/servicetest/CommonTest.java b/accompany-oauth2/accompany-oauth2-web/src/test/java/servicetest/CommonTest.java deleted file mode 100644 index 6610d5b4e..000000000 --- a/accompany-oauth2/accompany-oauth2-web/src/test/java/servicetest/CommonTest.java +++ /dev/null @@ -1,30 +0,0 @@ -package servicetest; - -import com.accompany.oauth2.OAuth2Application; -import com.accompany.oauth2.service.MyUserDetailsService; -import org.junit.Test; -import org.junit.runner.RunWith; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.boot.test.context.SpringBootTest; -import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; - -@RunWith(SpringJUnit4ClassRunner.class) -@SpringBootTest(classes = OAuth2Application.class, webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT) -public class CommonTest { - - @Autowired - private MyUserDetailsService myUserDetailsService; - - @Test - public void getUserClanInfoTest() { - - try { - myUserDetailsService.loadUserByPhone("8615626451870","86","111111",null,"127.0.0.1"); - myUserDetailsService.loadUserByPhone("8615626451870","86","122211",null,"127.2.2.1"); - } catch (Exception e) { - e.printStackTrace(); - } - - } - -} \ No newline at end of file