Merge pull request #732 from lepdou/auth

support spring security auth

Merge pull request #732 from lepdou/auth
c8ef52c4 · Jason Song · GitHub · 9721ba37 · b1d07450 · c8ef52c4
Commit c8ef52c4 authored Sep 05, 2017 by Jason Song Committed by GitHub Sep 05, 2017
28 changed files
--- a/apollo-biz/src/main/java/com/ctrip/framework/apollo/biz/service/BizDBPropertySource.java
+++ b/apollo-biz/src/main/java/com/ctrip/framework/apollo/biz/service/BizDBPropertySource.java
@@ -85,6 +85,7 @@ public class BizDBPropertySource extends RefreshablePropertySource {
      this.source.put(key, value);

    }
+
  }

 }
--- a/apollo-common/src/main/java/com/ctrip/framework/apollo/common/auth/WebSecurityConfig.java
+++ b/apollo-common/src/main/java/com/ctrip/framework/apollo/common/auth/WebSecurityConfig.java
@@ -25,4 +25,5 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
    auth.inMemoryAuthentication().withUser("user").password("").roles("USER").and()
        .withUser("apollo").password("").roles("USER", "ADMIN");
  }
+
 }
--- a/apollo-common/src/main/java/com/ctrip/framework/apollo/common/config/RefreshableConfig.java
+++ b/apollo-common/src/main/java/com/ctrip/framework/apollo/common/config/RefreshableConfig.java
 package com.ctrip.framework.apollo.common.config;

 import com.google.common.base.Splitter;
+import com.google.common.base.Strings;

 import com.ctrip.framework.apollo.core.utils.ApolloThreadFactory;
 import com.ctrip.framework.apollo.tracer.Tracer;

-import com.google.common.base.Strings;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;

--- a/apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/component/config/PortalConfig.java
+++ b/apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/component/config/PortalConfig.java
@@ -29,11 +29,9 @@ public class PortalConfig extends RefreshableConfig {
  private static final Type ORGANIZATION = new TypeToken<List<Organization>>() {
  }.getType();

-
  @Autowired
  private PortalDBPropertySource portalDBPropertySource;

-
  @Override
  public List<RefreshablePropertySource> getRefreshablePropertySources() {
    return Collections.singletonList(portalDBPropertySource);
@@ -102,7 +100,7 @@ public class PortalConfig extends RefreshableConfig {

    String[] emergencyPublishSupportedEnvs = getArrayProperty("emergencyPublish.supported.envs", new String[0]);

-    for (String supportedEnv: emergencyPublishSupportedEnvs) {
+    for (String supportedEnv : emergencyPublishSupportedEnvs) {
      if (Objects.equals(targetEnv, supportedEnv.toUpperCase().trim())) {
        return true;
      }

--- a/apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/controller/AppController.java
+++ b/apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/controller/AppController.java
@@ -56,7 +56,6 @@ public class AppController {
  @Autowired
  private RolePermissionService rolePermissionService;

-
  @RequestMapping(value = "", method = RequestMethod.GET)
  public List<App> findApps(@RequestParam(value = "appIds", required = false) String appIds) {
    if (StringUtils.isEmpty(appIds)) {

--- a/apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/controller/SignInController.java
+++ b/apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/controller/SignInController.java
+package com.ctrip.framework.apollo.portal.controller;
+
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
+import org.springframework.web.bind.annotation.RequestParam;
+
+/**
+ * @author lepdou 2017-08-30
+ */
+@Controller
+public class SignInController {
+
+  @RequestMapping(value = "/signin", method = RequestMethod.GET)
+  public String login(@RequestParam(value = "error", required = false) String error,
+                      @RequestParam(value = "logout", required = false) String logout) {
+    return "login.html";
+  }
+
+}
--- a/apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/controller/UserInfoController.java
+++ b/apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/controller/UserInfoController.java
 package com.ctrip.framework.apollo.portal.controller;

+import com.ctrip.framework.apollo.common.exception.BadRequestException;
+import com.ctrip.framework.apollo.core.utils.StringUtils;
+import com.ctrip.framework.apollo.portal.entity.bo.UserInfo;
 import com.ctrip.framework.apollo.portal.spi.LogoutHandler;
 import com.ctrip.framework.apollo.portal.spi.UserInfoHolder;
-import com.ctrip.framework.apollo.portal.entity.bo.UserInfo;
 import com.ctrip.framework.apollo.portal.spi.UserService;
+import com.ctrip.framework.apollo.portal.spi.springsecurity.SpringSecurityUserService;

 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.access.prepost.PreAuthorize;
+import org.springframework.security.core.userdetails.User;
 import org.springframework.web.bind.annotation.PathVariable;
+import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
 import org.springframework.web.bind.annotation.RequestParam;
@@ -29,6 +35,22 @@ public class UserInfoController {
  @Autowired
  private UserService userService;

+
+  @PreAuthorize(value = "@permissionValidator.isSuperAdmin()")
+  @RequestMapping(value = "/users", method = RequestMethod.POST)
+  public void createOrUpdateUser(@RequestBody User user) {
+    if (StringUtils.isContainEmpty(user.getUsername(), user.getPassword())) {
+      throw new BadRequestException("Username and password can not be empty.");
+    }
+
+    if (userService instanceof SpringSecurityUserService) {
+      ((SpringSecurityUserService) userService).createOrUpdate(user);
+    } else {
+      throw new UnsupportedOperationException("Create or update user operation is unsupported");
+    }
+
+  }
+
  @RequestMapping(value = "/user", method = RequestMethod.GET)
  public UserInfo getCurrentUserName() {
    return userInfoHolder.getUser();
@@ -50,4 +72,6 @@ public class UserInfoController {
  public UserInfo getUserByUserId(@PathVariable String userId) {
    return userService.findByUserId(userId);
  }
+
+
 }
--- a/apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/entity/bo/UserInfo.java
+++ b/apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/entity/bo/UserInfo.java
 package com.ctrip.framework.apollo.portal.entity.bo;

 public class UserInfo {
+  public static final UserInfo DEFAULT_USER = new UserInfo("apollo");

  private String userId;
  private String name;
  private String email;

+  public UserInfo() {
+
+  }
+
+  public UserInfo(String userId) {
+    this.userId = userId;
+  }
+
  public String getUserId() {
    return userId;
  }

--- a/apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/entity/po/UserPO.java
+++ b/apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/entity/po/UserPO.java
+package com.ctrip.framework.apollo.portal.entity.po;
+
+import com.ctrip.framework.apollo.portal.entity.bo.UserInfo;
+
+import javax.persistence.Column;
+import javax.persistence.Entity;
+import javax.persistence.GeneratedValue;
+import javax.persistence.Id;
+import javax.persistence.Table;
+
+/**
+ * @author lepdou 2017-04-08
+ */
+@Entity
+@Table(name = "users")
+public class UserPO {
+
+  @Id
+  @GeneratedValue
+  @Column(name = "Id")
+  private long id;
+  @Column(name = "username", nullable = false)
+  private String username;
+  @Column(name = "password", nullable = false)
+  private String password;
+  @Column(name = "enabled", nullable = false)
+  private int enabled;
+
+  public long getId() {
+    return id;
+  }
+
+  public void setId(long id) {
+    this.id = id;
+  }
+
+  public String getUsername() {
+    return username;
+  }
+
+  public void setUsername(String username) {
+    this.username = username;
+  }
+
+  public String getPassword() {
+    return password;
+  }
+
+  public void setPassword(String password) {
+    this.password = password;
+  }
+
+  public int getEnabled() {
+    return enabled;
+  }
+
+  public void setEnabled(int enabled) {
+    this.enabled = enabled;
+  }
+
+  public UserInfo toUserInfo() {
+    UserInfo userInfo = new UserInfo();
+    userInfo.setName(this.getUsername());
+    userInfo.setUserId(this.getUsername());
+    userInfo.setEmail("apollo@acme.com");
+    return userInfo;
+  }
+}
--- a/apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/repository/UserRepository.java
+++ b/apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/repository/UserRepository.java
+package com.ctrip.framework.apollo.portal.repository;
+
+import com.ctrip.framework.apollo.portal.entity.po.UserPO;
+
+import org.springframework.data.repository.PagingAndSortingRepository;
+
+import java.util.List;
+
+/**
+ * @author lepdou 2017-04-08
+ */
+public interface UserRepository extends PagingAndSortingRepository<UserPO, Long> {
+
+  List<UserPO> findByUsernameLike(String username);
+
+  UserPO findByUsername(String username);
+}
--- a/apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/spi/configuration/AuthConfiguration.java
+++ b/apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/spi/configuration/AuthConfiguration.java
 package com.ctrip.framework.apollo.portal.spi.configuration;

+import com.google.common.collect.Maps;
+
+import com.ctrip.framework.apollo.common.condition.ConditionalOnMissingProfile;
 import com.ctrip.framework.apollo.portal.component.config.PortalConfig;
 import com.ctrip.framework.apollo.portal.spi.LogoutHandler;
 import com.ctrip.framework.apollo.portal.spi.SsoHeartbeatHandler;
@@ -13,7 +16,10 @@ import com.ctrip.framework.apollo.portal.spi.defaultimpl.DefaultLogoutHandler;
 import com.ctrip.framework.apollo.portal.spi.defaultimpl.DefaultSsoHeartbeatHandler;
 import com.ctrip.framework.apollo.portal.spi.defaultimpl.DefaultUserInfoHolder;
 import com.ctrip.framework.apollo.portal.spi.defaultimpl.DefaultUserService;
-import com.google.common.collect.Maps;
+import com.ctrip.framework.apollo.portal.spi.springsecurity.SpringSecurityUserInfoHolder;
+import com.ctrip.framework.apollo.portal.spi.springsecurity.SpringSecurityUserService;
+
+import org.apache.tomcat.jdbc.pool.DataSource;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
 import org.springframework.boot.context.embedded.FilterRegistrationBean;
@@ -21,6 +27,16 @@ import org.springframework.boot.context.embedded.ServletListenerRegistrationBean
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.Profile;
+import org.springframework.core.annotation.Order;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.security.provisioning.JdbcUserDetailsManager;
+import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint;

 import javax.servlet.Filter;
 import java.util.EventListener;
@@ -170,10 +186,89 @@ public class AuthConfiguration {


  /**
-   * spring.profiles.active != ctrip
+   * spring.profiles.active = auth
   */
  @Configuration
-  @Profile({"!ctrip"})
+  @Profile("auth")
+  static class SpringSecurityAuthAutoConfiguration {
+
+    @Bean
+    @ConditionalOnMissingBean(SsoHeartbeatHandler.class)
+    public SsoHeartbeatHandler defaultSsoHeartbeatHandler() {
+      return new DefaultSsoHeartbeatHandler();
+    }
+
+    @Bean
+    @ConditionalOnMissingBean(UserInfoHolder.class)
+    public UserInfoHolder springSecurityUserInfoHolder() {
+      return new SpringSecurityUserInfoHolder();
+    }
+
+    @Bean
+    @ConditionalOnMissingBean(LogoutHandler.class)
+    public LogoutHandler logoutHandler() {
+      return new DefaultLogoutHandler();
+    }
+
+    @Bean
+    public JdbcUserDetailsManager jdbcUserDetailsManager(DataSource datasource) {
+      JdbcUserDetailsManager userDetailsService = new JdbcUserDetailsManager();
+      userDetailsService.setDataSource(datasource);
+
+      return userDetailsService;
+    }
+
+    @Bean
+    @ConditionalOnMissingBean(UserService.class)
+    public UserService springSecurityUserService() {
+      return new SpringSecurityUserService();
+    }
+
+
+    @Order(99)
+    @Configuration
+    @Profile("auth")
+    @EnableWebSecurity
+    @EnableGlobalMethodSecurity(prePostEnabled = true)
+    static class SpringSecurityConfigurer extends WebSecurityConfigurerAdapter {
+
+      public static final String USER_ROLE = "user";
+
+      @Autowired
+      private DataSource datasource;
+      
+
+      @Override
+      protected void configure(HttpSecurity http) throws Exception {
+        http.csrf().disable();
+        http.headers().frameOptions().sameOrigin();
+        http.authorizeRequests()
+            .antMatchers("/openapi/*").permitAll()
+            .antMatchers("/*").hasAnyRole(USER_ROLE);
+        http.formLogin().loginPage("/signin").permitAll().failureUrl("/signin?#/error").and().httpBasic();
+        http.logout().invalidateHttpSession(true).clearAuthentication(true).logoutSuccessUrl("/signin?#/logout");
+        http.exceptionHandling().authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/signin"));
+      }
+
+      @Autowired
+      public void configureGlobal(AuthenticationManagerBuilder auth, JdbcUserDetailsManager userDetailsService)
+          throws Exception {
+        PasswordEncoder encoder = new BCryptPasswordEncoder();
+
+        auth.userDetailsService(userDetailsService).passwordEncoder(encoder);
+        auth.jdbcAuthentication().dataSource(datasource).usersByUsernameQuery(
+            "select username,password, enabled from users where username=?");
+      }
+
+    }
+
+  }
+
+  /**
+   * default profile
+   */
+  @Configuration
+  @ConditionalOnMissingProfile({"ctrip", "auth"})
  static class DefaultAuthAutoConfiguration {

    @Bean
@@ -184,7 +279,7 @@ public class AuthConfiguration {

    @Bean
    @ConditionalOnMissingBean(UserInfoHolder.class)
-    public DefaultUserInfoHolder notCtripUserInfoHolder() {
+    public DefaultUserInfoHolder defaultUserInfoHolder() {
      return new DefaultUserInfoHolder();
    }

@@ -199,8 +294,6 @@ public class AuthConfiguration {
    public UserService defaultUserService() {
      return new DefaultUserService();
    }
-
  }

-
 }
--- a/apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/spi/defaultimpl/DefaultUserService.java
+++ b/apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/spi/defaultimpl/DefaultUserService.java
@@ -5,13 +5,8 @@ import com.google.common.collect.Lists;
 import com.ctrip.framework.apollo.portal.entity.bo.UserInfo;
 import com.ctrip.framework.apollo.portal.spi.UserService;

-import org.springframework.util.CollectionUtils;
-
 import java.util.Arrays;
-import java.util.Collections;
-import java.util.HashSet;
 import java.util.List;
-import java.util.Set;

 /**
 * @author Jason Song(song_s@ctrip.com)

--- a/apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/spi/springsecurity/SpringSecurityUserInfoHolder.java
+++ b/apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/spi/springsecurity/SpringSecurityUserInfoHolder.java
+package com.ctrip.framework.apollo.portal.spi.springsecurity;
+
+import com.ctrip.framework.apollo.portal.entity.bo.UserInfo;
+import com.ctrip.framework.apollo.portal.spi.UserInfoHolder;
+
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.security.core.userdetails.User;
+
+public class SpringSecurityUserInfoHolder implements UserInfoHolder {
+
+  @Override
+  public UserInfo getUser() {
+    UserInfo userInfo = new UserInfo();
+    String userId = ((User) SecurityContextHolder.getContext().getAuthentication().getPrincipal()).getUsername();
+    userInfo.setUserId(userId);
+    return userInfo;
+  }
+}
--- a/apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/spi/springsecurity/SpringSecurityUserService.java
+++ b/apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/spi/springsecurity/SpringSecurityUserService.java
+package com.ctrip.framework.apollo.portal.spi.springsecurity;
+
+import com.google.common.collect.Lists;
+
+import com.ctrip.framework.apollo.core.utils.StringUtils;
+import com.ctrip.framework.apollo.portal.entity.bo.UserInfo;
+import com.ctrip.framework.apollo.portal.entity.po.UserPO;
+import com.ctrip.framework.apollo.portal.repository.UserRepository;
+import com.ctrip.framework.apollo.portal.spi.UserService;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
+import org.springframework.security.core.userdetails.User;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.security.provisioning.JdbcUserDetailsManager;
+import org.springframework.util.CollectionUtils;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+import java.util.stream.Collectors;
+
+import javax.annotation.PostConstruct;
+
+/**
+ * @author lepdou 2017-03-10
+ */
+public class SpringSecurityUserService implements UserService {
+
+  private PasswordEncoder encoder = new BCryptPasswordEncoder();
+  private List<GrantedAuthority> authorities;
+
+  @Autowired
+  private JdbcUserDetailsManager userDetailsManager;
+  @Autowired
+  private UserRepository userRepository;
+
+  @PostConstruct
+  public void init() {
+    authorities = new ArrayList<>();
+    authorities.add(new SimpleGrantedAuthority("ROLE_user"));
+  }
+
+  public void createOrUpdate(User user) {
+    String username = user.getUsername();
+
+    User userDetails = new User(username, encoder.encode(user.getPassword()), authorities);
+
+    if (userDetailsManager.userExists(username)) {
+      userDetailsManager.updateUser(userDetails);
+    } else {
+      userDetailsManager.createUser(userDetails);
+    }
+
+  }
+
+  @Override
+  public List<UserInfo> searchUsers(String keyword, int offset, int limit) {
+    if (StringUtils.isEmpty(keyword)) {
+      return Collections.emptyList();
+    }
+
+    List<UserPO> userPOs = userRepository.findByUsernameLike("%" + keyword + "%");
+
+    List<UserInfo> result = Lists.newArrayList();
+    if (CollectionUtils.isEmpty(userPOs)) {
+      return result;
+    }
+
+    result.addAll(userPOs.stream().map(UserPO::toUserInfo).collect(Collectors.toList()));
+
+    return result;
+  }
+
+  @Override
+  public UserInfo findByUserId(String userId) {
+    UserPO userPO = userRepository.findByUsername(userId);
+    return userPO == null ? null : userPO.toUserInfo();
+  }
+
+  @Override
+  public List<UserInfo> findByUserIds(List<String> userIds) {
+    return null;
+  }
+
+
+}
--- a/apollo-portal/src/main/resources/static/index.html
+++ b/apollo-portal/src/main/resources/static/index.html
@@ -30,7 +30,8 @@
                    <h5>创建项目</h5>
                </div>
            </div>
-            <div class="app-panel col-md-2 text-center" ng-repeat="app in createdApps" ng-click="goToAppHomePage(app.appId)">
+            <div class="app-panel col-md-2 text-center" ng-repeat="app in createdApps"
+                 ng-click="goToAppHomePage(app.appId)">
                <div href="#" class="thumbnail hover cursor-pointer">
                    <h4 ng-bind="app.appId"></h4>
                    <h5 ng-bind="app.name"></h5>

--- a/apollo-portal/src/main/resources/static/login.html
+++ b/apollo-portal/src/main/resources/static/login.html
--- a/apollo-portal/src/main/resources/static/scripts/app.js
+++ b/apollo-portal/src/main/resources/static/scripts/app.js
@@ -30,7 +30,10 @@ var cluster_module = angular.module('cluster', ['app.service', 'apollo.directive
 var release_history_module = angular.module('release_history', ['app.service', 'apollo.directive', 'app.util', 'toastr', 'angular-loading-bar']);
 //open manage
 var open_manage_module = angular.module('open_manage', ['app.service', 'apollo.directive', 'app.util', 'toastr', 'angular-loading-bar']);
-
+//user
+var user_module = angular.module('user', ['apollo.directive', 'toastr', 'app.service', 'app.util', 'angular-loading-bar', 'valdr']);
+//login
+var login_module = angular.module('login', ['toastr', 'app.util']);



--- a/apollo-portal/src/main/resources/static/scripts/controller/LoginController.js
+++ b/apollo-portal/src/main/resources/static/scripts/controller/LoginController.js
+login_module.controller('LoginController',
+                       ['$scope', '$window', '$location', 'toastr', 'AppUtil',
+                        LoginController]);
+
+function LoginController($scope, $window, $location, toastr, AppUtil) {
+    if ($location.$$url) {
+        var params = AppUtil.parseParams($location.$$url);
+        if (params.error) {
+            $scope.info = "用户名或密码错误";
+        }
+        if (params.logout) {
+            $scope.info = "登出成功";
+        }
+    }
+
+}
--- a/apollo-portal/src/main/resources/static/scripts/controller/UserController.js
+++ b/apollo-portal/src/main/resources/static/scripts/controller/UserController.js
+user_module.controller('UserController',
+                      ['$scope', '$window', 'toastr', 'AppUtil', 'UserService',
+                       UserController]);
+
+function UserController($scope, $window, toastr, AppUtil, UserService) {
+
+    $scope.user = {};
+    
+    $scope.createOrUpdateUser = function () {
+        UserService.createOrUpdateUser($scope.user).then(function (result) {
+            toastr.success("创建用户成功");
+        }, function (result) {
+            AppUtil.showErrorMsg(result, "创建用户失败");
+        })
+
+    }
+}
--- a/apollo-portal/src/main/resources/static/scripts/services/UserService.js
+++ b/apollo-portal/src/main/resources/static/scripts/services/UserService.js
@@ -7,6 +7,10 @@ appService.service('UserService', ['$resource', '$q', function ($resource, $q) {
        find_users: {
            method: 'GET',
            url: '/users'
+        },
+        create_or_update_user: {
+            method: 'POST',
+            url: '/users'
        }
    });
    return {
@@ -36,6 +40,17 @@ appService.service('UserService', ['$resource', '$q', function ($resource, $q) {
                                         d.reject(result);
                                     });
            return d.promise;
+        },
+        createOrUpdateUser: function (user) {
+            var d = $q.defer();
+            user_resource.create_or_update_user({}, user,
+                                     function (result) {
+                                         d.resolve(result);
+                                     },
+                                     function (result) {
+                                         d.reject(result);
+                                     });
+            return d.promise;   
        }
    }
 }]);
--- a/apollo-portal/src/main/resources/static/user-manage.html
+++ b/apollo-portal/src/main/resources/static/user-manage.html
+<!doctype html>
+<html ng-app="user">
+<head>
+    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+    <link rel="icon" href="./img/config.png">
+    <!-- styles -->
+    <link rel="stylesheet" type="text/css" href="vendor/bootstrap/css/bootstrap.min.css">
+    <link rel="stylesheet" type="text/css" href="vendor/angular/angular-toastr-1.4.1.min.css">
+    <link rel="stylesheet" type="text/css" href="vendor/select2/select2.min.css">
+    <link rel="stylesheet" type="text/css" media='all' href="vendor/angular/loading-bar.min.css">
+    <link rel="stylesheet" type="text/css" href="styles/common-style.css">
+
+    <title>用户管理</title>
+</head>
+
+<body>
+
+<apollonav></apollonav>
+<div class="container-fluid apollo-container">
+
+    <div class="row">
+        <div class="col-md-8 col-md-offset-2">
+            <div class="panel">
+                <header class="panel-heading">
+                    用户管理
+                </header>
+
+                <form class="form-horizontal panel-body" name="appForm" ng-controller="UserController"
+                      valdr-type="App"
+                      ng-submit="createOrUpdateUser()">
+                    <div class="form-group" valdr-form-group>
+                        <label class="col-sm-2 control-label">
+                            <apollorequiredfield></apollorequiredfield>
+                            用户名</label>
+                        <div class="col-sm-4">
+                            <input type="text" class="form-control" name="username" ng-model="user.username">
+                        </div>
+                    </div>
+                    <div class="form-group" valdr-form-group>
+                        <label class="col-sm-2 control-label">
+                            <apollorequiredfield></apollorequiredfield>
+                            密码</label>
+                        <div class="col-sm-4">
+                            <input type="text" class="form-control" name="password" ng-model="user.password">
+                        </div>
+                    </div>
+
+                    <div class="form-group">
+                        <div class="col-sm-offset-2 col-sm-9">
+
+                            <button type="submit" class="btn btn-primary"
+                                    ng-disabled="appForm.$invalid || submitBtnDisabled">提交
+                            </button>
+                        </div>
+                    </div>
+                </form>
+
+            </div>
+        </div>
+    </div>
+</div>
+
+<div ng-include="'views/common/footer.html'"></div>
+
+<!--angular-->
+<script src="vendor/angular/angular.min.js"></script>
+<script src="vendor/angular/angular-resource.min.js"></script>
+<script src="vendor/angular/angular-toastr-1.4.1.tpls.min.js"></script>
+<script src="vendor/angular/loading-bar.min.js"></script>
+
+<!-- jquery.js -->
+<script src="vendor/jquery.min.js" type="text/javascript"></script>
+<script src="vendor/select2/select2.min.js" type="text/javascript"></script>
+
+<!-- bootstrap.js -->
+<script src="vendor/bootstrap/js/bootstrap.min.js" type="text/javascript"></script>
+
+<!--valdr-->
+<script src="vendor/valdr/valdr.min.js" type="text/javascript"></script>
+<script src="vendor/valdr/valdr-message.min.js" type="text/javascript"></script>
+
+<script type="application/javascript" src="scripts/app.js"></script>
+<script type="application/javascript" src="scripts/services/AppService.js"></script>
+<script type="application/javascript" src="scripts/services/EnvService.js"></script>
+<script type="application/javascript" src="scripts/services/UserService.js"></script>
+<script type="application/javascript" src="scripts/services/CommonService.js"></script>
+<script type="application/javascript" src="scripts/AppUtils.js"></script>
+<script type="application/javascript" src="scripts/services/OrganizationService.js"></script>
+<script type="application/javascript" src="scripts/directive/directive.js"></script>
+
+<script type="application/javascript" src="scripts/controller/UserController.js"></script>
+
+<script src="scripts/valdr.js" type="text/javascript"></script>
+</body>
+</html>
--- a/apollo-portal/src/main/resources/static/views/common/nav.html
+++ b/apollo-portal/src/main/resources/static/views/common/nav.html
@@ -25,16 +25,15 @@
                        <span class="glyphicon glyphicon-question-sign"></span> 帮助
                    </a>
                </li>
-
                <li class="dropdown">
-
-                    <a class="dropdown-toggle" data-toggle="dropdown" role="button" aria-haspopup="true"
-                       aria-expanded="false"><span class="glyphicon glyphicon-user"></span> {{userName}} <span
-                            class="caret"></span></a>
+                    <a href="#" class="dropdown-toggle" data-toggle="dropdown" role="button" aria-haspopup="true" aria-expanded="false">
+                        <span class="glyphicon glyphicon-user"></span>&nbsp;{{userName}}
+                        <span class="caret"></span></a>
                    <ul class="dropdown-menu">
-                        <li><a href="/user/logout">退出</a></li>
+                        <li><a href="/logout">退出</a></li>
                    </ul>
                </li>
+
            </ul>

            <div class="navbar-form navbar-right form-inline" role="search">

--- a/apollo-portal/src/main/scripts/startup.sh
+++ b/apollo-portal/src/main/scripts/startup.sh
--- a/apollo-portal/src/test/java/com/ctrip/framework/apollo/portal/AbstractIntegrationTest.java
+++ b/apollo-portal/src/test/java/com/ctrip/framework/apollo/portal/AbstractIntegrationTest.java
@@ -18,9 +18,10 @@ import javax.annotation.PostConstruct;
 public abstract class AbstractIntegrationTest {

  RestTemplate restTemplate = new TestRestTemplate("apollo", "");
-
+ 
  @PostConstruct
  private void postConstruct() {
+    System.setProperty("spring.profiles.active", "test");
    restTemplate.setErrorHandler(new DefaultResponseErrorHandler());
  }


--- a/apollo-portal/src/test/java/com/ctrip/framework/apollo/portal/service/FavoriteServiceTest.java
+++ b/apollo-portal/src/test/java/com/ctrip/framework/apollo/portal/service/FavoriteServiceTest.java
@@ -6,6 +6,7 @@ import com.ctrip.framework.apollo.portal.entity.po.Favorite;
 import com.ctrip.framework.apollo.portal.repository.FavoriteRepository;

 import org.junit.Assert;
+import org.junit.Before;
 import org.junit.Test;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.data.domain.PageRequest;
@@ -22,6 +23,10 @@ public class FavoriteServiceTest extends AbstractIntegrationTest {

  private String testUser = "apollo";

+  @Before
+  public void before() {
+
+  }

  @Test
  @Sql(scripts = "/sql/cleanup.sql", executionPhase = Sql.ExecutionPhase.AFTER_TEST_METHOD)

--- a/scripts/build.sh
+++ b/scripts/build.sh
@@ -30,7 +30,7 @@ echo "==== building config-service and admin-service finished ===="

 echo "==== starting to build portal ===="

-mvn clean package -DskipTests -pl apollo-portal -am -Dapollo_profile=github -Dspring_datasource_url=$apollo_portal_db_url -Dspring_datasource_username=$apollo_portal_db_username -Dspring_datasource_password=$apollo_portal_db_password $META_SERVERS_OPTS
+mvn clean package -DskipTests -pl apollo-portal -am -Dapollo_profile=github,auth -Dspring_datasource_url=$apollo_portal_db_url -Dspring_datasource_username=$apollo_portal_db_username -Dspring_datasource_password=$apollo_portal_db_password $META_SERVERS_OPTS

 echo "==== building portal finished ===="


--- a/scripts/sql-docker/apolloportaldb.sql
+++ b/scripts/sql-docker/apolloportaldb.sql
@@ -275,16 +275,50 @@ CREATE TABLE `UserRole` (
  KEY `IX_UserId_RoleId` (`UserId`,`RoleId`)
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COMMENT='用户和role的绑定表';

+
+# Dump of table users
+# ------------------------------------------------------------
+
+DROP TABLE IF EXISTS `users`;
+
+CREATE TABLE `users` (
+  `Id` int(10) unsigned NOT NULL AUTO_INCREMENT COMMENT '自增Id',
+  `username` varchar(64) NOT NULL DEFAULT 'default' COMMENT '用户名',
+  `password` varchar(64) NOT NULL DEFAULT 'default' COMMENT '密码',
+  `enabled` tinyint(4) DEFAULT NULL COMMENT '是否有效',
+  PRIMARY KEY (`Id`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8 COMMENT='用户表';
+
+
+# Dump of table authorities
+# ------------------------------------------------------------
+
+DROP TABLE IF EXISTS `authorities`;
+
+CREATE TABLE `authorities` (
+  `Id` int(11) unsigned NOT NULL AUTO_INCREMENT COMMENT '自增Id',
+  `username` varchar(50) NOT NULL,
+  `authority` varchar(50) NOT NULL,
+  PRIMARY KEY (`Id`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
+
+
 # Config
 # ------------------------------------------------------------
 INSERT INTO `ServerConfig` (`Key`, `Value`, `Comment`)
 VALUES
    ('apollo.portal.envs', 'dev', '可支持的环境列表'),
    ('organizations', '[{\"orgId\":\"全辅导\",\"orgName\":\"全辅导\"},{\"orgId\":\"全课云\",\"orgName\":\"全课云\"}]', '部门列表'),
-    ('superAdmin', 'apollo', 'Portal超级管理员'),
+    ('superAdmin', 'admin', 'Portal超级管理员'),
    ('api.readTimeout', '10000', 'http接口read timeout'),
    ('consumer.token.salt', 'someSalt', 'consumer token salt');

+INSERT INTO `users` ( `username`, `password`, `enabled`)
+VALUES
+	('admin', '$2a$10$7r20uS.BQ9uBpf3Baj3uQOZvMVvB1RN3PYoKE94gtz2.WAOuiiwXS', 1);
+
+INSERT INTO `authorities` (`username`, `authority`) VALUES ('admin', 'ROLE_user');
+
 /*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */;
 /*!40101 SET SQL_MODE=@OLD_SQL_MODE */;
 /*!40014 SET FOREIGN_KEY_CHECKS=@OLD_FOREIGN_KEY_CHECKS */;

--- a/scripts/sql/apolloportaldb.sql
+++ b/scripts/sql/apolloportaldb.sql
@@ -275,16 +275,49 @@ CREATE TABLE `UserRole` (
  KEY `IX_UserId_RoleId` (`UserId`,`RoleId`)
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COMMENT='用户和role的绑定表';

+# Dump of table users
+# ------------------------------------------------------------
+
+DROP TABLE IF EXISTS `users`;
+
+CREATE TABLE `users` (
+  `Id` int(10) unsigned NOT NULL AUTO_INCREMENT COMMENT '自增Id',
+  `username` varchar(64) NOT NULL DEFAULT 'default' COMMENT '用户名',
+  `password` varchar(64) NOT NULL DEFAULT 'default' COMMENT '密码',
+  `enabled` tinyint(4) DEFAULT NULL COMMENT '是否有效',
+  PRIMARY KEY (`Id`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8 COMMENT='用户表';
+
+
+# Dump of table authorities
+# ------------------------------------------------------------
+
+DROP TABLE IF EXISTS `authorities`;
+
+CREATE TABLE `authorities` (
+  `Id` int(11) unsigned NOT NULL AUTO_INCREMENT COMMENT '自增Id',
+  `username` varchar(50) NOT NULL,
+  `authority` varchar(50) NOT NULL,
+  PRIMARY KEY (`Id`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
+
+
 # Config
 # ------------------------------------------------------------
 INSERT INTO `ServerConfig` (`Key`, `Value`, `Comment`)
 VALUES
    ('apollo.portal.envs', 'dev', '可支持的环境列表'),
    ('organizations', '[{\"orgId\":\"TEST1\",\"orgName\":\"样例部门1\"},{\"orgId\":\"TEST2\",\"orgName\":\"样例部门2\"}]', '部门列表'),
-    ('superAdmin', 'apollo', 'Portal超级管理员'),
+    ('superAdmin', 'admin', 'Portal超级管理员'),
    ('api.readTimeout', '10000', 'http接口read timeout'),
    ('consumer.token.salt', 'someSalt', 'consumer token salt');

+INSERT INTO `users` ( `username`, `password`, `enabled`)
+VALUES
+	('admin', '$2a$10$7r20uS.BQ9uBpf3Baj3uQOZvMVvB1RN3PYoKE94gtz2.WAOuiiwXS', 1);
+
+INSERT INTO `authorities` (`username`, `authority`) VALUES ('admin', 'ROLE_user');
+
 /*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */;
 /*!40101 SET SQL_MODE=@OLD_SQL_MODE */;
 /*!40014 SET FOREIGN_KEY_CHECKS=@OLD_FOREIGN_KEY_CHECKS */;