集成Authing登录

charts/README.md

@@ -54,7 +54,7 @@ helm install qing qing/qing
 | Name                 | Description                                                          | Value                   |
 |----------------------|----------------------------------------------------------------------|-------------------------|
 | `qingUsername`       | Qing username                                                        | `admin`                 |
-| `qingPassword`       | Qing user password                                                   | `""`                    |
+| `qingPassword`       | Qing qingUser password                                               | `""`                    |
 | `existingSecret`     | Name of existing secret containing Qing credentials                  | `""`                    |
 | `qingExternalUrl`    | 外部访问地址，请根据实际需要修改                                                     | `http://localhost:8090` |
 | `qingScheme`         | Scheme to use to generate Qing URLs                                  | `http`                  |
@@ -72,8 +72,8 @@ helm install qing qing/qing
 | `postgresql.architecture`                     | PostgreSQL architecture. Allowed values: `standalone` or `replication`            | `standalone` |
 | `postgresql.auth.rootPassword`                | PostgreSQL root password                                                          | `""`         |
 | `postgresql.auth.database`                    | PostgreSQL custom database                                                        | `qing`       |
-| `postgresql.auth.username`                    | PostgreSQL custom user name                                                       | `qing`       |
-| `postgresql.auth.password`                    | PostgreSQL custom user password                                                   | `""`         |
+| `postgresql.auth.username`                    | PostgreSQL custom qingUser name                                                   | `qing`       |
+| `postgresql.auth.password`                    | PostgreSQL custom qingUser password                                               | `""`         |
 | `postgresql.primary.persistence.enabled`      | Enable persistence on PostgreSQL using PVC(s)                                     | `true`       |
 | `postgresql.primary.persistence.storageClass` | Persistent Volume storage class                                                   | `""`         |
 | `postgresql.primary.persistence.accessModes`  | Persistent Volume access modes                                                    | `[]`         |
@@ -82,17 +82,17 @@ helm install qing qing/qing
 | `mysql.architecture`                          | MySQL architecture. Allowed values: `standalone` or `replication`                 | `standalone` |
 | `mysql.auth.rootPassword`                     | MySQL root password                                                               | `""`         |
 | `mysql.auth.database`                         | MySQL custom database                                                             | `qing`       |
-| `mysql.auth.username`                         | MySQL custom user name                                                            | `qing`       |
-| `mysql.auth.password`                         | MySQL custom user password                                                        | `""`         |
+| `mysql.auth.username`                         | MySQL custom qingUser name                                                        | `qing`       |
+| `mysql.auth.password`                         | MySQL custom qingUser password                                                    | `""`         |
 | `mysql.primary.persistence.enabled`           | Enable persistence on MySQL using PVC(s)                                          | `true`       |
 | `mysql.primary.persistence.storageClass`      | Persistent Volume storage class                                                   | `""`         |
 | `mysql.primary.persistence.accessModes`       | Persistent Volume access modes                                                    | `[]`         |
 | `mysql.primary.persistence.size`              | Persistent Volume size                                                            | `8Gi`        |
 | `externalDatabase.platform`                   | External Database platform                                                        | `postgresql` |
 | `externalDatabase.host`                       | External Database server host                                                     | `""`         |
 | `externalDatabase.port`                       | External Database server port                                                     | `""`         |
-| `externalDatabase.user`                       | External Database username                                                        | `""`         |
-| `externalDatabase.password`                   | External Database user password                                                   | `""`         |
+| `externalDatabase.qingUser`                   | External Database username                                                        | `""`         |
+| `externalDatabase.password`                   | External Database qingUser password                                               | `""`         |
 | `externalDatabase.database`                   | External Database database name                                                   | `""`         |
 | `externalDatabase.existingSecret`             | The name of an existing secret with database credentials. Evaluated as a template | `""`         |
 

mvnw.cmd

@@ -43,7 +43,7 @@ title %0
 @REM set %HOME% to equivalent of $HOME
 if "%HOME%" == "" (set "HOME=%HOMEDRIVE%%HOMEPATH%")
 
-@REM Execute a user defined script before this one
+@REM Execute a qingUser defined script before this one
 if not "%MAVEN_SKIP_RC%" == "" goto skipRcPre
 @REM check for pre script, once with legacy .bat ending and once with .cmd ending
 if exist "%HOME%\mavenrc_pre.bat" call "%HOME%\mavenrc_pre.bat"

qing-domain/src/main/java/cn/chenyunlong/qing/config/QingConfiguration.java

@@ -20,22 +20,26 @@
 import com.fasterxml.jackson.databind.ObjectMapper;
 import com.fasterxml.jackson.databind.SerializationFeature;
 import com.fasterxml.jackson.datatype.jsr310.JavaTimeModule;
-import java.security.KeyPair;
-import java.util.Collections;
-import javax.net.ssl.SSLContext;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
 import me.zhyd.oauth.config.AuthConfig;
 import me.zhyd.oauth.request.AuthGithubRequest;
 import org.apache.http.ssl.SSLContextBuilder;
 import org.springframework.beans.factory.InitializingBean;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
 import org.springframework.boot.context.properties.EnableConfigurationProperties;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.core.io.ClassPathResource;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.security.rsa.crypto.KeyStoreKeyFactory;
 import org.springframework.web.client.RestTemplate;
 
+import javax.net.ssl.SSLContext;
+import java.security.KeyPair;
+import java.util.Collections;
+
 /**
  * 全局配置
  *
@@ -103,4 +107,10 @@ public KeyPair keyPair() {
             new KeyStoreKeyFactory(new ClassPathResource("jwt.jks"), "123456".toCharArray());
         return keyStoreKeyFactory.getKeyPair("jwt", "123456".toCharArray());
     }
+
+    @Bean
+    @ConditionalOnMissingBean(PasswordEncoder.class)
+    public PasswordEncoder passwordEncoder() {
+        return new BCryptPasswordEncoder();
+    }
 }

qing-domain/src/main/java/cn/chenyunlong/qing/config/security/SecurityConfig.java

@@ -13,11 +13,9 @@
 
 package cn.chenyunlong.qing.config.security;
 
-import cn.chenyunlong.security.base.JwtAuthenticationTokenFilter;
 import cn.chenyunlong.security.base.extension.DummyUserContextAware;
 import cn.chenyunlong.security.base.extension.UserContextAware;
 import cn.chenyunlong.security.config.SecurityCommonProperties;
-import cn.chenyunlong.security.config.security.entrypoint.CustomAuthenticationEntryPoint;
 import cn.chenyunlong.security.configures.authing.AuthingLoginConfigurer;
 import cn.chenyunlong.security.configures.authing.properties.AuthingProperties;
 import jakarta.annotation.Resource;
@@ -29,7 +27,6 @@
 import org.springframework.http.HttpMethod;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
-import org.springframework.security.web.AuthenticationEntryPoint;
 import org.springframework.security.web.SecurityFilterChain;
 
 /**
@@ -64,13 +61,4 @@ public SecurityFilterChain userLoginFilterChain(HttpSecurity http) throws Except
         return http.build();
     }
 
-    @Bean
-    public JwtAuthenticationTokenFilter authenticationTokenFilterBean() {
-        return new JwtAuthenticationTokenFilter();
-    }
-
-    @Bean
-    public AuthenticationEntryPoint entrypoint() {
-        return new CustomAuthenticationEntryPoint();
-    }
 }

qing-starters/qing-security-spring-boot-starter/src/main/java/cn/chenyunlong/security/config/security/handler/CustomAuthenticationFailureHandler.java → qing-domain/src/main/java/cn/chenyunlong/qing/config/security/handler/CustomAuthenticationFailureHandler.java

@@ -1,5 +1,6 @@
-package cn.chenyunlong.security.config.security.handler;
+package cn.chenyunlong.qing.config.security.handler;
 
+import cn.chenyunlong.common.model.JsonResult;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import jakarta.servlet.ServletException;
 import jakarta.servlet.http.HttpServletRequest;
@@ -16,8 +17,7 @@ public class CustomAuthenticationFailureHandler implements AuthenticationFailure
     @Override
     public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response, AuthenticationException exception) throws IOException, ServletException {
         ObjectMapper mapper = new ObjectMapper();
-        response.setStatus(200);
-        response.getWriter().write("{构建成功}");
-        response.setContentType("application/json;charset=utf-8");
+        response.setStatus(HttpServletResponse.SC_BAD_GATEWAY);
+        response.getWriter().write(mapper.writeValueAsString(JsonResult.fail(null, "登录失败：" + exception.getMessage())));
     }
 }

qing-domain/src/main/java/cn/chenyunlong/qing/config/security/handler/CustomAuthenticationSuccessHandler.java

@@ -0,0 +1,38 @@
+package cn.chenyunlong.qing.config.security.handler;
+
+import cn.chenyunlong.common.model.JsonResult;
+import cn.chenyunlong.security.userdetails.TemporaryUser;
+import com.fasterxml.jackson.databind.ObjectMapper;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import org.springframework.http.MediaType;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
+import org.springframework.stereotype.Component;
+
+import java.io.IOException;
+
+/**
+ * 定制成功处理器
+ */
+@Component
+public class CustomAuthenticationSuccessHandler implements AuthenticationSuccessHandler {
+
+    @Override
+    public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response,
+                                        Authentication authentication) throws IOException {
+
+        ObjectMapper mapper = new ObjectMapper();
+
+        // start: 判断是否为临时用户, 进行相关逻辑的处理
+        final Object principal = authentication.getPrincipal();
+        response.setContentType(MediaType.APPLICATION_JSON_VALUE);
+        if (principal instanceof TemporaryUser temporaryUser) {
+            // 自己的处理逻辑, 如返回 json 数据
+            // ...
+            response.getWriter().write(mapper.writeValueAsString(JsonResult.success(temporaryUser.toString())));
+        } else {
+            response.getWriter().write(mapper.writeValueAsString(JsonResult.success(principal)));
+        }
+    }
+}

qing-starters/qing-security-spring-boot-starter/src/main/java/cn/chenyunlong/security/config/security/handler/CustomLogoutSuccessHandler.java → qing-domain/src/main/java/cn/chenyunlong/qing/config/security/handler/CustomLogoutSuccessHandler.java

@@ -11,7 +11,7 @@
  *
  */
 
-package cn.chenyunlong.security.config.security.handler;
+package cn.chenyunlong.qing.config.security.handler;
 
 import cn.chenyunlong.common.model.ApiResult;
 import cn.hutool.json.JSONUtil;
@@ -20,7 +20,6 @@
 import org.springframework.http.MediaType;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;
-import org.springframework.stereotype.Component;
 
 import java.io.IOException;
 import java.nio.charset.StandardCharsets;
@@ -30,7 +29,6 @@
  *
  * @author 陈云龙
  */
-@Component
 public class CustomLogoutSuccessHandler implements LogoutSuccessHandler {
 
     @Override

qing-domain/src/main/java/cn/chenyunlong/qing/config/security/handler/DemoSignUpUrlAuthenticationSuccessHandler.java

@@ -0,0 +1,103 @@
+/*
+ * MIT License
+ * Copyright (c) 2020-2029 YongWu zheng (dcenter.top and gitee.com/pcore and github.com/ZeroOrInfinity)
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+package cn.chenyunlong.qing.config.security.handler;
+
+import cn.chenyunlong.security.userdetails.TemporaryUser;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
+import org.springframework.security.web.savedrequest.HttpSessionRequestCache;
+import org.springframework.security.web.savedrequest.RequestCache;
+import org.springframework.security.web.savedrequest.SavedRequest;
+
+import java.io.IOException;
+
+import static org.springframework.util.StringUtils.hasText;
+
+/**
+ * 演示 signUpUrl 设置为 null 时的一种处理方式
+ *
+ * @author YongWu zheng
+ * @version V2.0  Created by 2020/10/30 10:19
+ */
+public class DemoSignUpUrlAuthenticationSuccessHandler extends SavedRequestAwareAuthenticationSuccessHandler {
+    private RequestCache requestCache = new HttpSessionRequestCache();
+
+    @Override
+    public void onAuthenticationSuccess(HttpServletRequest request,
+                                        HttpServletResponse response, Authentication authentication)
+            throws IOException {
+
+
+        // start: 判断是否为临时用户, 进行相关逻辑的处理
+        final Object principal = authentication.getPrincipal();
+        if (principal instanceof TemporaryUser) {
+            TemporaryUser temporaryUser = ((TemporaryUser) principal);
+            // 自己的处理逻辑, 如返回 json 数据
+            // ...
+
+            return;
+        }
+        // end: 判断是否为临时用户, 进行相关逻辑的处理
+
+        String targetUrl = null;
+        if (isAlwaysUseDefaultTargetUrl()) {
+            targetUrl = getDefaultTargetUrl();
+        } else {
+            String targetUrlParameter = getTargetUrlParameter();
+            if (targetUrlParameter != null && hasText(request.getParameter(targetUrlParameter))) {
+                String parameterUrl = request.getParameter(targetUrlParameter);
+                if (hasText(parameterUrl)) {
+                    targetUrl = parameterUrl;
+                }
+            } else {
+                // Use the DefaultSavedRequest URL
+                SavedRequest savedRequest = requestCache.getRequest(request, response);
+                if (savedRequest != null) {
+                    targetUrl = savedRequest.getRedirectUrl();
+                }
+            }
+        }
+
+        clearAuthenticationAttributes(request);
+
+        if (!hasText(targetUrl)) {
+            targetUrl = getDefaultTargetUrl();
+        }
+
+        logger.debug("Redirecting to DefaultSavedRequest Url: " + targetUrl);
+
+//        if (isAjaxOrJson(request)) {
+//            responseWithJson(response, HttpStatus.OK.value(), toJsonString(ResponseResult.success("url", targetUrl)));
+//            return;
+//        }
+
+        getRedirectStrategy().sendRedirect(request, response, targetUrl);
+    }
+
+    @Override
+    public void setRequestCache(RequestCache requestCache) {
+        this.requestCache = requestCache;
+    }
+}