Merge pull request #738 from nobodyiam/fix-spring-security-auth

fix for spring security auth table case issue

Merge pull request #738 from nobodyiam/fix-spring-security-auth
b9bca870 · 张乐 · GitHub · d62ba3d1 · 4d0bf71d · b9bca870
Commit b9bca870 authored Sep 07, 2017 by 张乐 Committed by GitHub Sep 07, 2017
11 changed files
--- a/apollo-common/src/main/java/com/ctrip/framework/apollo/common/auth/WebSecurityConfig.java
+++ b/apollo-common/src/main/java/com/ctrip/framework/apollo/common/auth/WebSecurityConfig.java
-package com.ctrip.framework.apollo.common.auth;
+package com.ctrip.framework.apollo.biz.auth;
+
+import com.ctrip.framework.apollo.common.condition.ConditionalOnMissingProfile;

 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Configuration;
@@ -8,6 +10,7 @@ import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

+@ConditionalOnMissingProfile("auth")
 @Configuration
 @EnableWebSecurity
 @EnableGlobalMethodSecurity(prePostEnabled = true)

--- a/apollo-configservice/src/test/java/com/ctrip/framework/apollo/ConfigServiceTestConfiguration.java
+++ b/apollo-configservice/src/test/java/com/ctrip/framework/apollo/ConfigServiceTestConfiguration.java
 package com.ctrip.framework.apollo;

-import com.ctrip.framework.apollo.common.auth.WebSecurityConfig;
+import com.ctrip.framework.apollo.biz.auth.WebSecurityConfig;
 import com.ctrip.framework.apollo.configservice.ConfigServiceApplication;

 import org.springframework.boot.autoconfigure.EnableAutoConfiguration;

--- a/apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/component/RestTemplateFactory.java
+++ b/apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/component/RestTemplateFactory.java
 package com.ctrip.framework.apollo.portal.component;

-import com.google.common.io.BaseEncoding;
-
-
 import com.ctrip.framework.apollo.portal.component.config.PortalConfig;

-import org.apache.http.Header;
-import org.apache.http.auth.AuthScope;
-import org.apache.http.auth.UsernamePasswordCredentials;
-import org.apache.http.impl.client.BasicCredentialsProvider;
 import org.apache.http.impl.client.CloseableHttpClient;
 import org.apache.http.impl.client.HttpClientBuilder;
-import org.apache.http.message.BasicHeader;
 import org.springframework.beans.factory.FactoryBean;
 import org.springframework.beans.factory.InitializingBean;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -21,8 +13,6 @@ import org.springframework.stereotype.Component;
 import org.springframework.web.client.RestTemplate;

 import java.io.UnsupportedEncodingException;
-import java.util.ArrayList;
-import java.util.Collection;

 @Component
 public class RestTemplateFactory implements FactoryBean<RestTemplate>, InitializingBean {
@@ -47,18 +37,7 @@ public class RestTemplateFactory implements FactoryBean<RestTemplate>, Initializ
  }

  public void afterPropertiesSet() throws UnsupportedEncodingException {
-    Collection<Header> defaultHeaders = new ArrayList<Header>();
-    Header header = new BasicHeader("Authorization",
-        "Basic " + BaseEncoding.base64().encode("apollo:".getBytes("UTF-8")));
-    defaultHeaders.add(header);
-
-    BasicCredentialsProvider credentialsProvider = new BasicCredentialsProvider();
-    credentialsProvider.setCredentials(AuthScope.ANY,
-        new UsernamePasswordCredentials("apollo", ""));
-    CloseableHttpClient httpClient =
-        HttpClientBuilder.create().setDefaultCredentialsProvider(credentialsProvider)
-            .setDefaultHeaders(defaultHeaders).build();
-
+    CloseableHttpClient httpClient = HttpClientBuilder.create().build();

    restTemplate = new RestTemplate(httpMessageConverters.getConverters());
    HttpComponentsClientHttpRequestFactory requestFactory =

--- a/apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/entity/po/UserPO.java
+++ b/apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/entity/po/UserPO.java
@@ -12,18 +12,18 @@ import javax.persistence.Table;
 * @author lepdou 2017-04-08
 */
 @Entity
-@Table(name = "users")
+@Table(name = "Users")
 public class UserPO {

  @Id
  @GeneratedValue
  @Column(name = "Id")
  private long id;
-  @Column(name = "username", nullable = false)
+  @Column(name = "Username", nullable = false)
  private String username;
-  @Column(name = "password", nullable = false)
+  @Column(name = "Password", nullable = false)
  private String password;
-  @Column(name = "enabled", nullable = false)
+  @Column(name = "Enabled", nullable = false)
  private int enabled;

  public long getId() {
@@ -62,7 +62,7 @@ public class UserPO {
    UserInfo userInfo = new UserInfo();
    userInfo.setName(this.getUsername());
    userInfo.setUserId(this.getUsername());
-    userInfo.setEmail("apollo@acme.com");
+    userInfo.setEmail(this.getUsername() + "@acme.com");
    return userInfo;
  }
 }
--- a/apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/spi/configuration/AuthConfiguration.java
+++ b/apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/spi/configuration/AuthConfiguration.java
@@ -34,7 +34,6 @@ import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
-import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.security.provisioning.JdbcUserDetailsManager;
 import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint;

@@ -211,11 +210,11 @@ public class AuthConfiguration {
    }

    @Bean
-    public JdbcUserDetailsManager jdbcUserDetailsManager(DataSource datasource) {
-      JdbcUserDetailsManager userDetailsService = new JdbcUserDetailsManager();
-      userDetailsService.setDataSource(datasource);
-
-      return userDetailsService;
+    public JdbcUserDetailsManager jdbcUserDetailsManager(AuthenticationManagerBuilder auth, DataSource datasource) throws Exception {
+      return auth.jdbcAuthentication().passwordEncoder(new BCryptPasswordEncoder()).dataSource(datasource)
+          .usersByUsernameQuery("select Username,Password,Enabled from `Users` where Username=?")
+          .authoritiesByUsernameQuery("select Username,Authority from `Authorities` where Username = ?")
+          .getUserDetailsService();
    }

    @Bean
@@ -224,42 +223,27 @@ public class AuthConfiguration {
      return new SpringSecurityUserService();
    }

+  }

-    @Order(99)
-    @Configuration
-    @Profile("auth")
-    @EnableWebSecurity
-    @EnableGlobalMethodSecurity(prePostEnabled = true)
-    static class SpringSecurityConfigurer extends WebSecurityConfigurerAdapter {
-
-      public static final String USER_ROLE = "user";
-
-      @Autowired
-      private DataSource datasource;
-      
-
-      @Override
-      protected void configure(HttpSecurity http) throws Exception {
-        http.csrf().disable();
-        http.headers().frameOptions().sameOrigin();
-        http.authorizeRequests()
-            .antMatchers("/openapi/*").permitAll()
-            .antMatchers("/*").hasAnyRole(USER_ROLE);
-        http.formLogin().loginPage("/signin").permitAll().failureUrl("/signin?#/error").and().httpBasic();
-        http.logout().invalidateHttpSession(true).clearAuthentication(true).logoutSuccessUrl("/signin?#/logout");
-        http.exceptionHandling().authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/signin"));
-      }
-
-      @Autowired
-      public void configureGlobal(AuthenticationManagerBuilder auth, JdbcUserDetailsManager userDetailsService)
-          throws Exception {
-        PasswordEncoder encoder = new BCryptPasswordEncoder();
-
-        auth.userDetailsService(userDetailsService).passwordEncoder(encoder);
-        auth.jdbcAuthentication().dataSource(datasource).usersByUsernameQuery(
-            "select username,password, enabled from users where username=?");
-      }
-
+  @Order(99)
+  @Profile("auth")
+  @Configuration
+  @EnableWebSecurity
+  @EnableGlobalMethodSecurity(prePostEnabled = true)
+  static class SpringSecurityConfigurer extends WebSecurityConfigurerAdapter {
+
+    public static final String USER_ROLE = "user";
+
+    @Override
+    protected void configure(HttpSecurity http) throws Exception {
+      http.csrf().disable();
+      http.headers().frameOptions().sameOrigin();
+      http.authorizeRequests()
+          .antMatchers("/openapi/*").permitAll()
+          .antMatchers("/*").hasAnyRole(USER_ROLE);
+      http.formLogin().loginPage("/signin").permitAll().failureUrl("/signin?#/error").and().httpBasic();
+      http.logout().invalidateHttpSession(true).clearAuthentication(true).logoutSuccessUrl("/signin?#/logout");
+      http.exceptionHandling().authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/signin"));
    }

  }
@@ -296,4 +280,16 @@ public class AuthConfiguration {
    }
  }

+  @ConditionalOnMissingProfile("auth")
+  @Configuration
+  @EnableWebSecurity
+  @EnableGlobalMethodSecurity(prePostEnabled = true)
+  static class DefaultWebSecurityConfig extends WebSecurityConfigurerAdapter {
+
+    @Override
+    protected void configure(HttpSecurity http) throws Exception {
+      http.csrf().disable();
+      http.headers().frameOptions().sameOrigin();
+    }
+  }
 }
--- a/apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/spi/configuration/EmailConfiguration.java
+++ b/apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/spi/configuration/EmailConfiguration.java
 package com.ctrip.framework.apollo.portal.spi.configuration;


+import com.ctrip.framework.apollo.common.condition.ConditionalOnMissingProfile;
 import com.ctrip.framework.apollo.portal.spi.EmailService;
 import com.ctrip.framework.apollo.portal.spi.ctrip.CtripEmailService;
 import com.ctrip.framework.apollo.portal.spi.ctrip.CtripEmailRequestBuilder;
@@ -36,7 +37,7 @@ public class EmailConfiguration {
   * spring.profiles.active != ctrip
   */
  @Configuration
-  @Profile({"!ctrip"})
+  @ConditionalOnMissingProfile({"ctrip"})
  public static class DefaultEmailConfiguration {
    @Bean
    @ConditionalOnMissingBean(EmailService.class)

--- a/apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/spi/configuration/MQConfiguration.java
+++ b/apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/spi/configuration/MQConfiguration.java
 package com.ctrip.framework.apollo.portal.spi.configuration;

+import com.ctrip.framework.apollo.common.condition.ConditionalOnMissingProfile;
 import com.ctrip.framework.apollo.portal.spi.ctrip.CtripMQService;
 import com.ctrip.framework.apollo.portal.spi.defaultimpl.DefaultMQService;

@@ -24,7 +25,7 @@ public class MQConfiguration {
   * spring.profiles.active != ctrip
   */
  @Configuration
-  @Profile({"!ctrip"})
+  @ConditionalOnMissingProfile({"ctrip"})
  public static class DefaultMQConfiguration {

    @Bean

--- a/scripts/sql-docker/apolloportaldb.sql
+++ b/scripts/sql-docker/apolloportaldb.sql
@@ -276,29 +276,29 @@ CREATE TABLE `UserRole` (
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COMMENT='用户和role的绑定表';


-# Dump of table users
+# Dump of table Users
 # ------------------------------------------------------------

-DROP TABLE IF EXISTS `users`;
+DROP TABLE IF EXISTS `Users`;

-CREATE TABLE `users` (
+CREATE TABLE `Users` (
  `Id` int(10) unsigned NOT NULL AUTO_INCREMENT COMMENT '自增Id',
-  `username` varchar(64) NOT NULL DEFAULT 'default' COMMENT '用户名',
-  `password` varchar(64) NOT NULL DEFAULT 'default' COMMENT '密码',
-  `enabled` tinyint(4) DEFAULT NULL COMMENT '是否有效',
+  `Username` varchar(64) NOT NULL DEFAULT 'default' COMMENT '用户名',
+  `Password` varchar(64) NOT NULL DEFAULT 'default' COMMENT '密码',
+  `Enabled` tinyint(4) DEFAULT NULL COMMENT '是否有效',
  PRIMARY KEY (`Id`)
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COMMENT='用户表';


-# Dump of table authorities
+# Dump of table Authorities
 # ------------------------------------------------------------

-DROP TABLE IF EXISTS `authorities`;
+DROP TABLE IF EXISTS `Authorities`;

-CREATE TABLE `authorities` (
+CREATE TABLE `Authorities` (
  `Id` int(11) unsigned NOT NULL AUTO_INCREMENT COMMENT '自增Id',
-  `username` varchar(50) NOT NULL,
-  `authority` varchar(50) NOT NULL,
+  `Username` varchar(50) NOT NULL,
+  `Authority` varchar(50) NOT NULL,
  PRIMARY KEY (`Id`)
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;

@@ -309,15 +309,15 @@ INSERT INTO `ServerConfig` (`Key`, `Value`, `Comment`)
 VALUES
    ('apollo.portal.envs', 'dev', '可支持的环境列表'),
    ('organizations', '[{\"orgId\":\"全辅导\",\"orgName\":\"全辅导\"},{\"orgId\":\"全课云\",\"orgName\":\"全课云\"}]', '部门列表'),
-    ('superAdmin', 'admin', 'Portal超级管理员'),
+    ('superAdmin', 'apollo', 'Portal超级管理员'),
    ('api.readTimeout', '10000', 'http接口read timeout'),
    ('consumer.token.salt', 'someSalt', 'consumer token salt');

-INSERT INTO `users` ( `username`, `password`, `enabled`)
+INSERT INTO `Users` (`Username`, `Password`, `Enabled`)
 VALUES
-	('admin', '$2a$10$7r20uS.BQ9uBpf3Baj3uQOZvMVvB1RN3PYoKE94gtz2.WAOuiiwXS', 1);
+	('apollo', '$2a$10$7r20uS.BQ9uBpf3Baj3uQOZvMVvB1RN3PYoKE94gtz2.WAOuiiwXS', 1);

-INSERT INTO `authorities` (`username`, `authority`) VALUES ('admin', 'ROLE_user');
+INSERT INTO `Authorities` (`Username`, `Authority`) VALUES ('apollo', 'ROLE_user');

 /*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */;
 /*!40101 SET SQL_MODE=@OLD_SQL_MODE */;

--- a/scripts/sql/apolloportaldb.sql
+++ b/scripts/sql/apolloportaldb.sql
@@ -275,29 +275,29 @@ CREATE TABLE `UserRole` (
  KEY `IX_UserId_RoleId` (`UserId`,`RoleId`)
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COMMENT='用户和role的绑定表';

-# Dump of table users
+# Dump of table Users
 # ------------------------------------------------------------

-DROP TABLE IF EXISTS `users`;
+DROP TABLE IF EXISTS `Users`;

-CREATE TABLE `users` (
+CREATE TABLE `Users` (
  `Id` int(10) unsigned NOT NULL AUTO_INCREMENT COMMENT '自增Id',
-  `username` varchar(64) NOT NULL DEFAULT 'default' COMMENT '用户名',
-  `password` varchar(64) NOT NULL DEFAULT 'default' COMMENT '密码',
-  `enabled` tinyint(4) DEFAULT NULL COMMENT '是否有效',
+  `Username` varchar(64) NOT NULL DEFAULT 'default' COMMENT '用户名',
+  `Password` varchar(64) NOT NULL DEFAULT 'default' COMMENT '密码',
+  `Enabled` tinyint(4) DEFAULT NULL COMMENT '是否有效',
  PRIMARY KEY (`Id`)
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COMMENT='用户表';


-# Dump of table authorities
+# Dump of table Authorities
 # ------------------------------------------------------------

-DROP TABLE IF EXISTS `authorities`;
+DROP TABLE IF EXISTS `Authorities`;

-CREATE TABLE `authorities` (
+CREATE TABLE `Authorities` (
  `Id` int(11) unsigned NOT NULL AUTO_INCREMENT COMMENT '自增Id',
-  `username` varchar(50) NOT NULL,
-  `authority` varchar(50) NOT NULL,
+  `Username` varchar(50) NOT NULL,
+  `Authority` varchar(50) NOT NULL,
  PRIMARY KEY (`Id`)
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;

@@ -308,15 +308,15 @@ INSERT INTO `ServerConfig` (`Key`, `Value`, `Comment`)
 VALUES
    ('apollo.portal.envs', 'dev', '可支持的环境列表'),
    ('organizations', '[{\"orgId\":\"TEST1\",\"orgName\":\"样例部门1\"},{\"orgId\":\"TEST2\",\"orgName\":\"样例部门2\"}]', '部门列表'),
-    ('superAdmin', 'admin', 'Portal超级管理员'),
+    ('superAdmin', 'apollo', 'Portal超级管理员'),
    ('api.readTimeout', '10000', 'http接口read timeout'),
    ('consumer.token.salt', 'someSalt', 'consumer token salt');

-INSERT INTO `users` ( `username`, `password`, `enabled`)
+INSERT INTO `Users` (`Username`, `Password`, `Enabled`)
 VALUES
-	('admin', '$2a$10$7r20uS.BQ9uBpf3Baj3uQOZvMVvB1RN3PYoKE94gtz2.WAOuiiwXS', 1);
+	('apollo', '$2a$10$7r20uS.BQ9uBpf3Baj3uQOZvMVvB1RN3PYoKE94gtz2.WAOuiiwXS', 1);

-INSERT INTO `authorities` (`username`, `authority`) VALUES ('admin', 'ROLE_user');
+INSERT INTO `Authorities` (`Username`, `Authority`) VALUES ('apollo', 'ROLE_user');

 /*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */;
 /*!40101 SET SQL_MODE=@OLD_SQL_MODE */;

--- a/scripts/sql/delta/v060-v062/apolloportaldb-v060-v062.sql
+++ b/scripts/sql/delta/v060-v062/apolloportaldb-v060-v062.sql
-# delta schema to upgrade apollo config db from v0.6.0 to v0.6.2
+# delta schema to upgrade apollo portal db from v0.6.0 to v0.6.2

 Use ApolloPortalDB;


--- a/scripts/sql/delta/v080-v090/apolloportaldb-v080-v090.sql
+++ b/scripts/sql/delta/v080-v090/apolloportaldb-v080-v090.sql
+# delta schema to upgrade apollo portal db from v0.8.0 to v0.9.0
+
+Use ApolloPortalDB;
+
+CREATE TABLE `Users` (
+  `Id` int(10) unsigned NOT NULL AUTO_INCREMENT COMMENT '自增Id',
+  `Username` varchar(64) NOT NULL DEFAULT 'default' COMMENT '用户名',
+  `Password` varchar(64) NOT NULL DEFAULT 'default' COMMENT '密码',
+  `Enabled` tinyint(4) DEFAULT NULL COMMENT '是否有效',
+  PRIMARY KEY (`Id`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8 COMMENT='用户表';
+
+CREATE TABLE `Authorities` (
+  `Id` int(11) unsigned NOT NULL AUTO_INCREMENT COMMENT '自增Id',
+  `Username` varchar(50) NOT NULL,
+  `Authority` varchar(50) NOT NULL,
+  PRIMARY KEY (`Id`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
+
+INSERT INTO `Users` (`Username`, `Password`, `Enabled`)
+VALUES
+	('apollo', '$2a$10$7r20uS.BQ9uBpf3Baj3uQOZvMVvB1RN3PYoKE94gtz2.WAOuiiwXS', 1);
+
+INSERT INTO `Authorities` (`Username`, `Authority`) VALUES ('apollo', 'ROLE_user');