feat: dev security

achobeta-infra-common/src/main/java/com/achobeta/www/common/entity/BaseAssignIDEntity.java

@@ -5,6 +5,7 @@
 import lombok.Setter;
 import org.springframework.format.annotation.DateTimeFormat;
 
+import java.io.Serializable;
 import java.time.LocalDateTime;
 
 /**
@@ -18,12 +19,11 @@
  */
 @Getter
 @Setter
-public class BaseAssignIDEntity {
+public class BaseAssignIDEntity implements Serializable {
  /**
  * id, incr
  */
- @TableField("c_id")
- @TableId(type = IdType.ASSIGN_ID)
+ @TableId(type = IdType.ASSIGN_ID, value = "c_id")
  private Long id;
 
  /**

achobeta-infra-common/src/main/java/com/achobeta/www/common/entity/BaseIncrIDEntity.java

@@ -5,6 +5,7 @@
 import lombok.Setter;
 import org.springframework.format.annotation.DateTimeFormat;
 
+import java.io.Serializable;
 import java.time.LocalDateTime;
 
 /**
@@ -17,12 +18,11 @@
  */
 @Getter
 @Setter
-public class BaseIncrIDEntity {
+public class BaseIncrIDEntity implements Serializable {
  /**
  * id, incr
  */
- @TableField("c_id")
- @TableId(type = IdType.AUTO)
+ @TableId(type = IdType.AUTO, value = "c_id")
  private Long id;
 
  /**

achobeta-infra-oauth/pom.xml

@@ -16,9 +16,9 @@
  </properties>
  <dependencies>
  <dependency>
- <groupId>com.mysql</groupId>
- <artifactId>mysql-connector-j</artifactId>
- <scope>runtime</scope>
+ <groupId>com.achobeta.www</groupId>
+ <artifactId>achobeta-infra-common</artifactId>
+ <version>0.0.1-SNAPSHOT</version>
  </dependency>
  <dependency>
  <groupId>org.springframework.boot</groupId>
@@ -39,6 +39,52 @@
  <artifactId>logstash-logback-encoder</artifactId>
  <version>7.1.1</version>
  </dependency>
+ <!-- https://mvnrepository.com/artifact/org.springframework.boot/spring-boot-starter-security -->
+ <dependency>
+ <groupId>org.springframework.boot</groupId>
+ <artifactId>spring-boot-starter-security</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>com.baomidou</groupId>
+ <artifactId>mybatis-plus-boot-starter</artifactId>
+ <version>3.5.3.1</version>
+ </dependency>
+ <dependency>
+ <groupId>com.mysql</groupId>
+ <artifactId>mysql-connector-j</artifactId>
+ <scope>runtime</scope>
+ </dependency>
+ <dependency>
+ <groupId>cn.hutool</groupId>
+ <artifactId>hutool-all</artifactId>
+ <version>5.7.21</version>
+ </dependency>
+ <!-- fast json -->
+ <dependency>
+ <groupId>com.alibaba.fastjson2</groupId>
+ <artifactId>fastjson2-extension-spring6</artifactId>
+ <version>${fastjson.version}</version>
+ </dependency>
+ <!-- spring session-->
+ <dependency>
+ <groupId>org.springframework.boot</groupId>
+ <artifactId>spring-boot-starter-data-redis</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.commons</groupId>
+ <artifactId>commons-pool2</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.springframework.session</groupId>
+ <artifactId>spring-session-data-redis</artifactId>
+ <version>3.1.3</version>
+ </dependency>
+ <dependency>
+ <groupId>jakarta.servlet</groupId>
+ <artifactId>jakarta.servlet-api</artifactId>
+ <version>6.0.0</version>
+ <scope>provided</scope>
+ </dependency>
  </dependencies>
 
  <build>
@@ -47,6 +93,15 @@
  <groupId>org.springframework.boot</groupId>
  <artifactId>spring-boot-maven-plugin</artifactId>
  </plugin>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-compiler-plugin</artifactId>
+ <configuration>
+ <source>21</source>
+ <target>21</target>
+ <compilerArgs>--enable-preview</compilerArgs>
+ </configuration>
+ </plugin>
  </plugins>
  </build>
 

achobeta-infra-oauth/src/main/java/com/achobeta/www/oauth/config/AchoBetaWebSecurityConfig.java

@@ -0,0 +1,72 @@
+package com.achobeta.www.oauth.config;
+
+import com.achobeta.www.oauth.config.handler.AuthenticationFailureHandler;
+import com.achobeta.www.oauth.config.handler.logout.AuthenticationLogoutHandler;
+import com.achobeta.www.oauth.config.handler.logout.AuthenticationLogoutSuccessHandler;
+import com.achobeta.www.oauth.config.handler.AuthenticationSuccessHandler;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity;
+import org.springframework.security.config.web.server.ServerHttpSecurity;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.security.web.server.SecurityWebFilterChain;
+
+import static org.springframework.security.authorization.AuthorityReactiveAuthorizationManager.hasRole;
+
+/**
+ * <span>
+ * security config
+ * </span>
+ *
+ * @author jettcc in 2023/10/18
+ * @version 1.0
+ */
+@Configuration
+@EnableWebFluxSecurity
+public class AchoBetaWebSecurityConfig {
+ @Autowired
+ private AuthenticationWhitelistConfig whitelistConfig;
+ @Bean
+ public SecurityWebFilterChain defaultSecurityFilterChain(ServerHttpSecurity http) {
+ String[] urls = whitelistConfig.getUrls().toArray(new String[0]);
+ http
+ .authorizeExchange((authorize) -> authorize
+ // 白名单路径
+ .pathMatchers(urls)
+ .permitAll()
+ .pathMatchers("/admin/**")
+ .hasRole("ADMIN")
+ .pathMatchers("/db/**")
+ .access((authentication, context) ->
+ hasRole("ADMIN").check(authentication, context)
+ .filter(decision -> !decision.isGranted())
+ .switchIfEmpty(hasRole("DBA").check(authentication, context))
+ )
+ .anyExchange().denyAll()
+ ).formLogin(fl ->
+ fl.authenticationSuccessHandler(new AuthenticationSuccessHandler())
+ .authenticationFailureHandler(new AuthenticationFailureHandler()))
+ .logout(logoutSpec -> logoutSpec.logoutHandler(new AuthenticationLogoutHandler())
+ .logoutSuccessHandler(new AuthenticationLogoutSuccessHandler())
+ )
+// .httpBasic(basicSpec -> {
+// basicSpec.
+// })
+ ;
+
+
+ http.csrf(ServerHttpSecurity.CsrfSpec::disable);
+ return http.build();
+ }
+
+ /**
+ * this bean is encryptor
+ */
+ @Bean
+ public PasswordEncoder passwordEncoder() {
+ return new BCryptPasswordEncoder();
+ }
+}
+

achobeta-infra-oauth/src/main/java/com/achobeta/www/oauth/config/AuthenticationWhitelistConfig.java

@@ -0,0 +1,24 @@
+package com.achobeta.www.oauth.config;
+
+import lombok.Getter;
+import lombok.Setter;
+import org.springframework.boot.context.properties.ConfigurationProperties;
+import org.springframework.stereotype.Component;
+
+import java.util.List;
+
+/**
+ * <span>
+ * Whitelist request URL list
+ * </span>
+ *
+ * @author jettcc in 2023/10/31
+ * @version 1.0
+ */
+@Getter
+@Setter
+@Component
+@ConfigurationProperties(prefix = "achobeta.auth.whitelist")
+public class AuthenticationWhitelistConfig {
+ private List<String> urls;
+}

achobeta-infra-oauth/src/main/java/com/achobeta/www/oauth/config/MybatisFillConfig.java

@@ -0,0 +1,34 @@
+package com.achobeta.www.oauth.config;
+
+import com.baomidou.mybatisplus.core.handlers.MetaObjectHandler;
+import org.apache.ibatis.reflection.MetaObject;
+import org.springframework.stereotype.Component;
+import org.springframework.transaction.annotation.EnableTransactionManagement;
+
+import java.time.LocalDateTime;
+import java.util.UUID;
+
+/**
+ * <span>
+ * Mybatis fill config
+ * </span>
+ *
+ * @author jettcc in 2023/10/18
+ * @version 1.0
+ */
+@Component
+@EnableTransactionManagement
+public class MybatisFillConfig implements MetaObjectHandler {
+ @Override
+ public void insertFill(MetaObject metaObject) {
+ this.strictInsertFill(metaObject, "uuid", String.class, UUID.randomUUID().toString());
+ this.strictInsertFill(metaObject, "createTime", LocalDateTime.class, LocalDateTime.now());
+ this.strictInsertFill(metaObject, "version", Integer.class, 1);
+ this.strictInsertFill(metaObject, "deleted", Integer.class, 0);
+ }
+
+ @Override
+ public void updateFill(MetaObject metaObject) {
+ this.strictUpdateFill(metaObject, "updateTime", LocalDateTime.class, LocalDateTime.now());
+ }
+}

achobeta-infra-oauth/src/main/java/com/achobeta/www/oauth/config/RedisConfig.java

@@ -0,0 +1,37 @@
+package com.achobeta.www.oauth.config;
+
+import com.alibaba.fastjson2.support.spring6.data.redis.GenericFastJsonRedisSerializer;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.data.redis.connection.lettuce.LettuceConnectionFactory;
+import org.springframework.data.redis.core.RedisTemplate;
+import org.springframework.data.redis.serializer.RedisSerializer;
+
+/**
+ * <span>
+ * redis config
+ * </span>
+ *
+ * @author jettcc in 2023/10/31
+ * @version 1.0
+ */
+@Configuration
+public class RedisConfig {
+ @Bean
+ public RedisSerializer<Object> springSessionDefaultRedisSerializer() {
+ return new GenericFastJsonRedisSerializer();
+ }
+
+ @Bean
+ public RedisTemplate<String, Object> redisTemplate(LettuceConnectionFactory factory) {
+ RedisTemplate<String,Object> redisTemplate = new RedisTemplate<>();
+ redisTemplate.setConnectionFactory(factory);
+ redisTemplate.setKeySerializer(RedisSerializer.string());
+ redisTemplate.setValueSerializer(RedisSerializer.json());
+ redisTemplate.setHashKeySerializer(RedisSerializer.string());
+ redisTemplate.setHashValueSerializer(RedisSerializer.json());
+ redisTemplate.afterPropertiesSet();
+ return redisTemplate;
+ }
+
+}

achobeta-infra-oauth/src/main/java/com/achobeta/www/oauth/config/SpringSessionConfig.java

@@ -0,0 +1,25 @@
+package com.achobeta.www.oauth.config;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.data.redis.connection.lettuce.LettuceConnectionFactory;
+import org.springframework.session.SaveMode;
+import org.springframework.session.data.redis.config.annotation.web.server.EnableRedisWebSession;
+
+/**
+ * <span>
+ * spring session config
+ * </span>
+ *
+ * @author jettcc in 2023/11/1
+ * @version 1.0
+ */
+@Configuration(proxyBeanMethods = false)
+@EnableRedisWebSession(redisNamespace = "achobeta:infra", saveMode = SaveMode.ALWAYS)
+public class SpringSessionConfig {
+ @Bean
+ public LettuceConnectionFactory redisConnectionFactory() {
+ return new LettuceConnectionFactory();
+ }
+
+}

achobeta-infra-oauth/src/main/java/com/achobeta/www/oauth/config/handler/AuthenticationFailureHandler.java

@@ -0,0 +1,26 @@
+package com.achobeta.www.oauth.config.handler;
+
+import com.achobeta.www.common.util.GlobalServiceStatusCode;
+import org.springframework.http.server.reactive.ServerHttpResponse;
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.web.server.WebFilterExchange;
+import org.springframework.security.web.server.authentication.ServerAuthenticationFailureHandler;
+import reactor.core.publisher.Mono;
+
+import static com.achobeta.www.oauth.utils.ResponseUtil.createAccessDeniedResponse;
+
+/**
+ * <span>
+ * handler authentication failure
+ * </span>
+ *
+ * @author jettcc in 2023/10/23
+ * @version 1.0
+ */
+public class AuthenticationFailureHandler implements ServerAuthenticationFailureHandler {
+ @Override
+ public Mono<Void> onAuthenticationFailure(WebFilterExchange webFilterExchange, AuthenticationException exception) {
+ ServerHttpResponse response = webFilterExchange.getExchange().getResponse();
+ return createAccessDeniedResponse(response, GlobalServiceStatusCode.USER_NO_PERMISSION);
+ }
+}

achobeta-infra-oauth/src/main/java/com/achobeta/www/oauth/config/handler/AuthenticationSuccessHandler.java

@@ -0,0 +1,31 @@
+package com.achobeta.www.oauth.config.handler;
+
+import com.achobeta.www.common.util.GlobalServiceStatusCode;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.http.server.reactive.ServerHttpResponse;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.web.server.WebFilterExchange;
+import org.springframework.security.web.server.authentication.ServerAuthenticationSuccessHandler;
+import reactor.core.publisher.Mono;
+
+import static com.achobeta.www.oauth.utils.ResponseUtil.createAccessDeniedResponse;
+
+/**
+ * <span>
+ * authentication success handler
+ * </span>
+ *
+ * @author jettcc in 2023/10/23
+ * @version 1.0
+ */
+@Slf4j
+public class AuthenticationSuccessHandler implements ServerAuthenticationSuccessHandler {
+
+ @Override
+ public Mono<Void> onAuthenticationSuccess(WebFilterExchange webFilterExchange,
+ Authentication authentication) {
+ ServerHttpResponse response = webFilterExchange.getExchange().getResponse();
+ return createAccessDeniedResponse(response, GlobalServiceStatusCode.SYSTEM_SUCCESS);
+ }
+
+}