Commit b9bca870 by 张乐 Committed by GitHub

Merge pull request #738 from nobodyiam/fix-spring-security-auth

fix for spring security auth table case issue
parents d62ba3d1 4d0bf71d
package com.ctrip.framework.apollo.common.auth;
package com.ctrip.framework.apollo.biz.auth;
import com.ctrip.framework.apollo.common.condition.ConditionalOnMissingProfile;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
......@@ -8,6 +10,7 @@ import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
@ConditionalOnMissingProfile("auth")
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
......
package com.ctrip.framework.apollo;
import com.ctrip.framework.apollo.common.auth.WebSecurityConfig;
import com.ctrip.framework.apollo.biz.auth.WebSecurityConfig;
import com.ctrip.framework.apollo.configservice.ConfigServiceApplication;
import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
......
package com.ctrip.framework.apollo.portal.component;
import com.google.common.io.BaseEncoding;
import com.ctrip.framework.apollo.portal.component.config.PortalConfig;
import org.apache.http.Header;
import org.apache.http.auth.AuthScope;
import org.apache.http.auth.UsernamePasswordCredentials;
import org.apache.http.impl.client.BasicCredentialsProvider;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.message.BasicHeader;
import org.springframework.beans.factory.FactoryBean;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.beans.factory.annotation.Autowired;
......@@ -21,8 +13,6 @@ import org.springframework.stereotype.Component;
import org.springframework.web.client.RestTemplate;
import java.io.UnsupportedEncodingException;
import java.util.ArrayList;
import java.util.Collection;
@Component
public class RestTemplateFactory implements FactoryBean<RestTemplate>, InitializingBean {
......@@ -47,18 +37,7 @@ public class RestTemplateFactory implements FactoryBean<RestTemplate>, Initializ
}
public void afterPropertiesSet() throws UnsupportedEncodingException {
Collection<Header> defaultHeaders = new ArrayList<Header>();
Header header = new BasicHeader("Authorization",
"Basic " + BaseEncoding.base64().encode("apollo:".getBytes("UTF-8")));
defaultHeaders.add(header);
BasicCredentialsProvider credentialsProvider = new BasicCredentialsProvider();
credentialsProvider.setCredentials(AuthScope.ANY,
new UsernamePasswordCredentials("apollo", ""));
CloseableHttpClient httpClient =
HttpClientBuilder.create().setDefaultCredentialsProvider(credentialsProvider)
.setDefaultHeaders(defaultHeaders).build();
CloseableHttpClient httpClient = HttpClientBuilder.create().build();
restTemplate = new RestTemplate(httpMessageConverters.getConverters());
HttpComponentsClientHttpRequestFactory requestFactory =
......
......@@ -12,18 +12,18 @@ import javax.persistence.Table;
* @author lepdou 2017-04-08
*/
@Entity
@Table(name = "users")
@Table(name = "Users")
public class UserPO {
@Id
@GeneratedValue
@Column(name = "Id")
private long id;
@Column(name = "username", nullable = false)
@Column(name = "Username", nullable = false)
private String username;
@Column(name = "password", nullable = false)
@Column(name = "Password", nullable = false)
private String password;
@Column(name = "enabled", nullable = false)
@Column(name = "Enabled", nullable = false)
private int enabled;
public long getId() {
......@@ -62,7 +62,7 @@ public class UserPO {
UserInfo userInfo = new UserInfo();
userInfo.setName(this.getUsername());
userInfo.setUserId(this.getUsername());
userInfo.setEmail("apollo@acme.com");
userInfo.setEmail(this.getUsername() + "@acme.com");
return userInfo;
}
}
......@@ -34,7 +34,6 @@ import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.provisioning.JdbcUserDetailsManager;
import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint;
......@@ -211,11 +210,11 @@ public class AuthConfiguration {
}
@Bean
public JdbcUserDetailsManager jdbcUserDetailsManager(DataSource datasource) {
JdbcUserDetailsManager userDetailsService = new JdbcUserDetailsManager();
userDetailsService.setDataSource(datasource);
return userDetailsService;
public JdbcUserDetailsManager jdbcUserDetailsManager(AuthenticationManagerBuilder auth, DataSource datasource) throws Exception {
return auth.jdbcAuthentication().passwordEncoder(new BCryptPasswordEncoder()).dataSource(datasource)
.usersByUsernameQuery("select Username,Password,Enabled from `Users` where Username=?")
.authoritiesByUsernameQuery("select Username,Authority from `Authorities` where Username = ?")
.getUserDetailsService();
}
@Bean
......@@ -224,20 +223,17 @@ public class AuthConfiguration {
return new SpringSecurityUserService();
}
}
@Order(99)
@Configuration
@Profile("auth")
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
static class SpringSecurityConfigurer extends WebSecurityConfigurerAdapter {
public static final String USER_ROLE = "user";
@Autowired
private DataSource datasource;
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable();
......@@ -250,18 +246,6 @@ public class AuthConfiguration {
http.exceptionHandling().authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/signin"));
}
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth, JdbcUserDetailsManager userDetailsService)
throws Exception {
PasswordEncoder encoder = new BCryptPasswordEncoder();
auth.userDetailsService(userDetailsService).passwordEncoder(encoder);
auth.jdbcAuthentication().dataSource(datasource).usersByUsernameQuery(
"select username,password, enabled from users where username=?");
}
}
}
/**
......@@ -296,4 +280,16 @@ public class AuthConfiguration {
}
}
@ConditionalOnMissingProfile("auth")
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
static class DefaultWebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable();
http.headers().frameOptions().sameOrigin();
}
}
}
package com.ctrip.framework.apollo.portal.spi.configuration;
import com.ctrip.framework.apollo.common.condition.ConditionalOnMissingProfile;
import com.ctrip.framework.apollo.portal.spi.EmailService;
import com.ctrip.framework.apollo.portal.spi.ctrip.CtripEmailService;
import com.ctrip.framework.apollo.portal.spi.ctrip.CtripEmailRequestBuilder;
......@@ -36,7 +37,7 @@ public class EmailConfiguration {
* spring.profiles.active != ctrip
*/
@Configuration
@Profile({"!ctrip"})
@ConditionalOnMissingProfile({"ctrip"})
public static class DefaultEmailConfiguration {
@Bean
@ConditionalOnMissingBean(EmailService.class)
......
package com.ctrip.framework.apollo.portal.spi.configuration;
import com.ctrip.framework.apollo.common.condition.ConditionalOnMissingProfile;
import com.ctrip.framework.apollo.portal.spi.ctrip.CtripMQService;
import com.ctrip.framework.apollo.portal.spi.defaultimpl.DefaultMQService;
......@@ -24,7 +25,7 @@ public class MQConfiguration {
* spring.profiles.active != ctrip
*/
@Configuration
@Profile({"!ctrip"})
@ConditionalOnMissingProfile({"ctrip"})
public static class DefaultMQConfiguration {
@Bean
......
......@@ -276,29 +276,29 @@ CREATE TABLE `UserRole` (
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COMMENT='用户和role的绑定表';
# Dump of table users
# Dump of table Users
# ------------------------------------------------------------
DROP TABLE IF EXISTS `users`;
DROP TABLE IF EXISTS `Users`;
CREATE TABLE `users` (
CREATE TABLE `Users` (
`Id` int(10) unsigned NOT NULL AUTO_INCREMENT COMMENT '自增Id',
`username` varchar(64) NOT NULL DEFAULT 'default' COMMENT '用户名',
`password` varchar(64) NOT NULL DEFAULT 'default' COMMENT '密码',
`enabled` tinyint(4) DEFAULT NULL COMMENT '是否有效',
`Username` varchar(64) NOT NULL DEFAULT 'default' COMMENT '用户名',
`Password` varchar(64) NOT NULL DEFAULT 'default' COMMENT '密码',
`Enabled` tinyint(4) DEFAULT NULL COMMENT '是否有效',
PRIMARY KEY (`Id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COMMENT='用户表';
# Dump of table authorities
# Dump of table Authorities
# ------------------------------------------------------------
DROP TABLE IF EXISTS `authorities`;
DROP TABLE IF EXISTS `Authorities`;
CREATE TABLE `authorities` (
CREATE TABLE `Authorities` (
`Id` int(11) unsigned NOT NULL AUTO_INCREMENT COMMENT '自增Id',
`username` varchar(50) NOT NULL,
`authority` varchar(50) NOT NULL,
`Username` varchar(50) NOT NULL,
`Authority` varchar(50) NOT NULL,
PRIMARY KEY (`Id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
......@@ -309,15 +309,15 @@ INSERT INTO `ServerConfig` (`Key`, `Value`, `Comment`)
VALUES
('apollo.portal.envs', 'dev', '可支持的环境列表'),
('organizations', '[{\"orgId\":\"全辅导\",\"orgName\":\"全辅导\"},{\"orgId\":\"全课云\",\"orgName\":\"全课云\"}]', '部门列表'),
('superAdmin', 'admin', 'Portal超级管理员'),
('superAdmin', 'apollo', 'Portal超级管理员'),
('api.readTimeout', '10000', 'http接口read timeout'),
('consumer.token.salt', 'someSalt', 'consumer token salt');
INSERT INTO `users` ( `username`, `password`, `enabled`)
INSERT INTO `Users` (`Username`, `Password`, `Enabled`)
VALUES
('admin', '$2a$10$7r20uS.BQ9uBpf3Baj3uQOZvMVvB1RN3PYoKE94gtz2.WAOuiiwXS', 1);
('apollo', '$2a$10$7r20uS.BQ9uBpf3Baj3uQOZvMVvB1RN3PYoKE94gtz2.WAOuiiwXS', 1);
INSERT INTO `authorities` (`username`, `authority`) VALUES ('admin', 'ROLE_user');
INSERT INTO `Authorities` (`Username`, `Authority`) VALUES ('apollo', 'ROLE_user');
/*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */;
/*!40101 SET SQL_MODE=@OLD_SQL_MODE */;
......
......@@ -275,29 +275,29 @@ CREATE TABLE `UserRole` (
KEY `IX_UserId_RoleId` (`UserId`,`RoleId`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COMMENT='用户和role的绑定表';
# Dump of table users
# Dump of table Users
# ------------------------------------------------------------
DROP TABLE IF EXISTS `users`;
DROP TABLE IF EXISTS `Users`;
CREATE TABLE `users` (
CREATE TABLE `Users` (
`Id` int(10) unsigned NOT NULL AUTO_INCREMENT COMMENT '自增Id',
`username` varchar(64) NOT NULL DEFAULT 'default' COMMENT '用户名',
`password` varchar(64) NOT NULL DEFAULT 'default' COMMENT '密码',
`enabled` tinyint(4) DEFAULT NULL COMMENT '是否有效',
`Username` varchar(64) NOT NULL DEFAULT 'default' COMMENT '用户名',
`Password` varchar(64) NOT NULL DEFAULT 'default' COMMENT '密码',
`Enabled` tinyint(4) DEFAULT NULL COMMENT '是否有效',
PRIMARY KEY (`Id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COMMENT='用户表';
# Dump of table authorities
# Dump of table Authorities
# ------------------------------------------------------------
DROP TABLE IF EXISTS `authorities`;
DROP TABLE IF EXISTS `Authorities`;
CREATE TABLE `authorities` (
CREATE TABLE `Authorities` (
`Id` int(11) unsigned NOT NULL AUTO_INCREMENT COMMENT '自增Id',
`username` varchar(50) NOT NULL,
`authority` varchar(50) NOT NULL,
`Username` varchar(50) NOT NULL,
`Authority` varchar(50) NOT NULL,
PRIMARY KEY (`Id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
......@@ -308,15 +308,15 @@ INSERT INTO `ServerConfig` (`Key`, `Value`, `Comment`)
VALUES
('apollo.portal.envs', 'dev', '可支持的环境列表'),
('organizations', '[{\"orgId\":\"TEST1\",\"orgName\":\"样例部门1\"},{\"orgId\":\"TEST2\",\"orgName\":\"样例部门2\"}]', '部门列表'),
('superAdmin', 'admin', 'Portal超级管理员'),
('superAdmin', 'apollo', 'Portal超级管理员'),
('api.readTimeout', '10000', 'http接口read timeout'),
('consumer.token.salt', 'someSalt', 'consumer token salt');
INSERT INTO `users` ( `username`, `password`, `enabled`)
INSERT INTO `Users` (`Username`, `Password`, `Enabled`)
VALUES
('admin', '$2a$10$7r20uS.BQ9uBpf3Baj3uQOZvMVvB1RN3PYoKE94gtz2.WAOuiiwXS', 1);
('apollo', '$2a$10$7r20uS.BQ9uBpf3Baj3uQOZvMVvB1RN3PYoKE94gtz2.WAOuiiwXS', 1);
INSERT INTO `authorities` (`username`, `authority`) VALUES ('admin', 'ROLE_user');
INSERT INTO `Authorities` (`Username`, `Authority`) VALUES ('apollo', 'ROLE_user');
/*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */;
/*!40101 SET SQL_MODE=@OLD_SQL_MODE */;
......
# delta schema to upgrade apollo config db from v0.6.0 to v0.6.2
# delta schema to upgrade apollo portal db from v0.6.0 to v0.6.2
Use ApolloPortalDB;
......
# delta schema to upgrade apollo portal db from v0.8.0 to v0.9.0
Use ApolloPortalDB;
CREATE TABLE `Users` (
`Id` int(10) unsigned NOT NULL AUTO_INCREMENT COMMENT '自增Id',
`Username` varchar(64) NOT NULL DEFAULT 'default' COMMENT '用户名',
`Password` varchar(64) NOT NULL DEFAULT 'default' COMMENT '密码',
`Enabled` tinyint(4) DEFAULT NULL COMMENT '是否有效',
PRIMARY KEY (`Id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COMMENT='用户表';
CREATE TABLE `Authorities` (
`Id` int(11) unsigned NOT NULL AUTO_INCREMENT COMMENT '自增Id',
`Username` varchar(50) NOT NULL,
`Authority` varchar(50) NOT NULL,
PRIMARY KEY (`Id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
INSERT INTO `Users` (`Username`, `Password`, `Enabled`)
VALUES
('apollo', '$2a$10$7r20uS.BQ9uBpf3Baj3uQOZvMVvB1RN3PYoKE94gtz2.WAOuiiwXS', 1);
INSERT INTO `Authorities` (`Username`, `Authority`) VALUES ('apollo', 'ROLE_user');
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment