diff --git a/api-boot-project/api-boot-autoconfigure/pom.xml b/api-boot-project/api-boot-autoconfigure/pom.xml
index 851b1822..411b7c74 100644
--- a/api-boot-project/api-boot-autoconfigure/pom.xml
+++ b/api-boot-project/api-boot-autoconfigure/pom.xml
@@ -151,6 +151,11 @@
* If the value is set to false,
- * you need to implement the {@link ApiBootStoreDelegate} interface to complete the custom method of reading user data
+ * you need to implement the {@link org.minbox.framework.security.delegate.SecurityStoreDelegate} interface to complete the custom method of reading user data
*/
private boolean enableDefaultStoreDelegate = true;
/**
diff --git a/api-boot-project/api-boot-autoconfigure/src/main/java/org/minbox/framework/api/boot/autoconfigure/security/ApiBootWebSecurityAutoConfiguration.java b/api-boot-project/api-boot-autoconfigure/src/main/java/org/minbox/framework/api/boot/autoconfigure/security/ApiBootWebSecurityAutoConfiguration.java
index f1eb19c1..7cf8907f 100644
--- a/api-boot-project/api-boot-autoconfigure/src/main/java/org/minbox/framework/api/boot/autoconfigure/security/ApiBootWebSecurityAutoConfiguration.java
+++ b/api-boot-project/api-boot-autoconfigure/src/main/java/org/minbox/framework/api/boot/autoconfigure/security/ApiBootWebSecurityAutoConfiguration.java
@@ -16,9 +16,9 @@
package org.minbox.framework.api.boot.autoconfigure.security;
-import org.minbox.framework.api.boot.secuirty.ApiBootWebSecurityConfiguration;
-import org.minbox.framework.api.boot.secuirty.handler.ApiBootDefaultAccessDeniedHandler;
-import org.minbox.framework.api.boot.secuirty.point.ApiBootDefaultAuthenticationEntryPoint;
+import org.minbox.framework.security.WebSecurityConfiguration;
+import org.minbox.framework.security.handler.DefaultSecurityAccessDeniedHandler;
+import org.minbox.framework.security.point.DefaultSecurityAuthenticationEntryPoint;
import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.security.web.access.AccessDeniedHandler;
import org.springframework.util.ObjectUtils;
@@ -33,7 +33,7 @@
* @see ApiBootWebSecurityMemoryAutoConfiguration
* @see ApiBootWebSecurityJdbcAutoConfiguration
*/
-public class ApiBootWebSecurityAutoConfiguration extends ApiBootWebSecurityConfiguration {
+public class ApiBootWebSecurityAutoConfiguration extends WebSecurityConfiguration {
protected ApiBootSecurityProperties apiBootSecurityProperties;
private AccessDeniedHandler accessDeniedHandler;
@@ -63,12 +63,12 @@ protected List
- * DateTime:2019-03-14 16:13
- * Blog:http://blog.yuqiyu.com
- * WebSite:http://www.jianshu.com/u/092df3f77bca
- * Gitee:https://gitee.com/hengboy
- * GitHub:https://github.com/hengboy
- */
-@Getter
-public class LoadUserEvent extends ApplicationEvent {
- /**
- * 获取用户信息的用户名
- */
- private String username;
-
- public LoadUserEvent(Object source, String username) {
- super(source);
- this.username = username;
- }
-}
diff --git a/api-boot-project/api-boot-dependencies/pom.xml b/api-boot-project/api-boot-dependencies/pom.xml
index 55336b10..15a6105f 100644
--- a/api-boot-project/api-boot-dependencies/pom.xml
+++ b/api-boot-project/api-boot-dependencies/pom.xml
@@ -30,6 +30,7 @@
- * Set a list of paths to exclude security intercepts
- *
- * Password encryption method {@link #passwordEncoder()}
- *
- * This method is left to the implementation class to obtain the customized {@link AccessDeniedHandler} implementation class IOC instance from the project
- * If the implementation class does not return an instance,
- * the default {@link org.minbox.framework.api.boot.plugin.security.handler.ApiBootDefaultAccessDeniedHandler} is used to return
- *
- * This method is an abstract method, and the logic is implemented by subclasses
- *
- * This method is an abstract method, and the logic is implemented by subclasses
- *
- * Query {@link UserDetails} according to the agreed default table structure
- *
- * @author 恒宇少年
- */
-public class ApiBootDefaultStoreDelegate implements ApiBootStoreDelegate {
- /**
- * logger instance
- */
- static Logger logger = LoggerFactory.getLogger(ApiBootDefaultStoreDelegate.class);
- /**
- * Query {@link UserDetails} SQL by default
- *
- * @see ApiBootDefaultUserDetails
- * @see ApiBootDefaultUserEntity
- */
- static String DEFAULT_SELECT_USER_SQL = "SELECT UI_ID, UI_USER_NAME, UI_NICK_NAME, UI_PASSWORD, UI_EMAIL, UI_AGE, UI_ADDRESS, UI_IS_LOCKED, UI_IS_ENABLED, UI_STATUS, UI_CREATE_TIME FROM API_BOOT_USER_INFO WHERE UI_USER_NAME = ?";
- /**
- * DataSource Instance
- *
- * Get {@link Connection} read {@link UserDetails}
- */
- private DataSource dataSource;
-
- /**
- * Initialize {@link DataSource} with constructor
- *
- * @param dataSource {@link #dataSource}
- */
- public ApiBootDefaultStoreDelegate(DataSource dataSource) {
- this.dataSource = dataSource;
- }
-
- /**
- * Query {@link UserDetails}
- *
- * Query the user information in the "api_boot_user_info" table by default
- *
- * @param username {@link UserDetails#getUsername()}
- * @return {@link ApiBootDefaultUserDetails}
- * @throws UsernameNotFoundException Throw the exception when the user does not exist
- */
- @Override
- public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
- ApiBootDefaultUserDetails userDetails = findUser(username);
- logger.debug("Load user :{} complete.", username);
- return userDetails;
- }
-
- /**
- * Query User
- *
- * Query user information according to database link of data source
- *
- * @param username {@link UserDetails#getUsername()}
- * @return {@link ApiBootDefaultUserDetails}
- */
- private ApiBootDefaultUserDetails findUser(String username) {
- Connection connection = null;
- PreparedStatement ps = null;
- ResultSet resultSet = null;
- try {
- connection = dataSource.getConnection();
- ps = connection.prepareStatement(DEFAULT_SELECT_USER_SQL);
- ps.setString(1, username);
- resultSet = ps.executeQuery();
- return wrapperOneResult(ApiBootDefaultUserDetails.class, resultSet);
- } catch (Exception e) {
- throw new UsernameNotFoundException("Username:" + username + ",not found.");
- } finally {
- closeResultSet(resultSet);
- closeStatement(ps);
- closeConnection(connection);
- }
- }
-
- /**
- * Cleanup helper method that closes the given
- * Convention: return the field of the object to follow the rule of lowercase first letter,
- * uppercase first letter after '?' (corresponding column name)
- *
- * @param resultClass Result Object Class
- * @param rs {@link ResultSet}
- * @param
- * To integrate SpringSecurity with ApiBoot, you need to query the agent class of
- * Users use to authenticate SpringSecurity
- * When we use JDBC to store users, we need to query {@link UserDetails} from the database according to the {@link UserDetails#getUsername()}
- * If oauth2 is integrated, it corresponds to the {@link UserDetails#getUsername()} and {@link UserDetails#getPassword()}
- * of "grant_type=password" authorization mode
- *
- * It should be noted that:
- * do not use this method in memory mode
- *
- * @param username {@link UserDetails#getUsername()}
- * @return {@link UserDetails}
- * @throws UsernameNotFoundException Throw this exception if the user does not exist
- */
- UserDetails loadUserByUsername(String username) throws UsernameNotFoundException;
-}
diff --git a/api-boot-project/api-boot/src/main/java/org/minbox/framework/api/boot/secuirty/handler/ApiBootDefaultAccessDeniedHandler.java b/api-boot-project/api-boot/src/main/java/org/minbox/framework/api/boot/secuirty/handler/ApiBootDefaultAccessDeniedHandler.java
deleted file mode 100644
index 1eff8869..00000000
--- a/api-boot-project/api-boot/src/main/java/org/minbox/framework/api/boot/secuirty/handler/ApiBootDefaultAccessDeniedHandler.java
+++ /dev/null
@@ -1,40 +0,0 @@
-package org.minbox.framework.api.boot.secuirty.handler;
-
-import com.alibaba.fastjson.JSON;
-import org.minbox.framework.api.boot.common.model.ApiBootResult;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.http.HttpStatus;
-import org.springframework.http.MediaType;
-import org.springframework.security.access.AccessDeniedException;
-import org.springframework.security.web.access.AccessDeniedHandler;
-
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import java.io.IOException;
-
-/**
- * {@link AccessDeniedHandler} exception handler
- *
- * Implement authentication exception custom return format content to front end
- *
- * @author 恒宇少年
- */
-public class ApiBootDefaultAccessDeniedHandler implements AccessDeniedHandler {
- /**
- * logger instance
- */
- static Logger logger = LoggerFactory.getLogger(ApiBootDefaultAccessDeniedHandler.class);
-
- @Override
- public void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException e) throws IOException, ServletException {
- logger.error("ApiBoot Default AccessDeniedHandler.", e);
- response.setContentType(MediaType.APPLICATION_JSON_VALUE);
- response.setStatus(HttpStatus.OK.value());
- // ApiBoot Result
- ApiBootResult result = ApiBootResult.builder().errorMessage(HttpStatus.FORBIDDEN.getReasonPhrase()).errorCode(String.valueOf(HttpStatus.FORBIDDEN.value())).build();
- // return json
- response.getWriter().write(JSON.toJSONString(result));
- }
-}
diff --git a/api-boot-project/api-boot/src/main/java/org/minbox/framework/api/boot/secuirty/jdbc/ApiBootDefaultUserEntity.java b/api-boot-project/api-boot/src/main/java/org/minbox/framework/api/boot/secuirty/jdbc/ApiBootDefaultUserEntity.java
deleted file mode 100644
index bcf862f6..00000000
--- a/api-boot-project/api-boot/src/main/java/org/minbox/framework/api/boot/secuirty/jdbc/ApiBootDefaultUserEntity.java
+++ /dev/null
@@ -1,75 +0,0 @@
-/*
- * Copyright [2019] [恒宇少年 - 于起宇]
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.minbox.framework.api.boot.secuirty.jdbc;
-
-import lombok.Data;
-
-import java.sql.Timestamp;
-
-/**
- * Created with Code-Builder.
- * 表名: api_boot_user_info - ApiBoot默认的用户信息表 - 数据实体
- *
- * @author 恒宇少年
- */
-@Data
-public class ApiBootDefaultUserEntity {
- /**
- * UI_ID - 用户编号,主键自增
- */
- private Integer uiId;
- /**
- * UI_USER_NAME - 用户名
- */
- private String uiUserName;
- /**
- * UI_NICK_NAME - 用户昵称
- */
- private String uiNickName;
- /**
- * UI_PASSWORD - 用户密码
- */
- private String uiPassword;
- /**
- * UI_EMAIL - 用户邮箱地址
- */
- private String uiEmail;
- /**
- * UI_AGE - 用户年龄
- */
- private Integer uiAge;
- /**
- * UI_ADDRESS - 用户地址
- */
- private String uiAddress;
- /**
- * UI_IS_LOCKED - 是否锁定
- */
- private String uiIsLocked;
- /**
- * UI_IS_ENABLED - 是否启用
- */
- private String uiIsEnabled;
- /**
- * UI_STATUS - O:正常,D:已删除
- */
- private String uiStatus;
- /**
- * UI_CREATE_TIME - 用户创建时间
- */
- private Timestamp uiCreateTime;
-}
diff --git a/api-boot-project/api-boot/src/main/java/org/minbox/framework/api/boot/secuirty/point/ApiBootDefaultAuthenticationEntryPoint.java b/api-boot-project/api-boot/src/main/java/org/minbox/framework/api/boot/secuirty/point/ApiBootDefaultAuthenticationEntryPoint.java
deleted file mode 100644
index 596b1937..00000000
--- a/api-boot-project/api-boot/src/main/java/org/minbox/framework/api/boot/secuirty/point/ApiBootDefaultAuthenticationEntryPoint.java
+++ /dev/null
@@ -1,39 +0,0 @@
-package org.minbox.framework.api.boot.secuirty.point;
-
-import com.alibaba.fastjson.JSON;
-import org.minbox.framework.api.boot.common.model.ApiBootResult;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.http.HttpStatus;
-import org.springframework.http.MediaType;
-import org.springframework.security.core.AuthenticationException;
-import org.springframework.security.web.AuthenticationEntryPoint;
-
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import java.io.IOException;
-
-/**
- * The {@link AuthenticationEntryPoint} implement class
- *
- * The default implementation class of {@link AuthenticationEntryPoint} provided by ApiBoot
- * @author 恒宇少年
- */
-public class ApiBootDefaultAuthenticationEntryPoint implements AuthenticationEntryPoint {
- /**
- * logger instance
- */
- static Logger logger = LoggerFactory.getLogger(ApiBootDefaultAuthenticationEntryPoint.class);
-
- @Override
- public void commence(HttpServletRequest httpServletRequest, HttpServletResponse response, AuthenticationException e) throws IOException, ServletException {
- logger.error("Unauthorized", e);
- response.setContentType(MediaType.APPLICATION_JSON_VALUE);
- response.setStatus(HttpStatus.FORBIDDEN.value());
- // ApiBoot Result
- ApiBootResult result = ApiBootResult.builder().errorMessage(HttpStatus.UNAUTHORIZED.getReasonPhrase()).errorCode(String.valueOf(HttpStatus.UNAUTHORIZED.value())).build();
- // return json
- response.getWriter().write(JSON.toJSONString(result));
- }
-}
diff --git a/api-boot-project/api-boot/src/main/java/org/minbox/framework/api/boot/secuirty/userdetails/ApiBootDefaultUserDetails.java b/api-boot-project/api-boot/src/main/java/org/minbox/framework/api/boot/secuirty/userdetails/ApiBootDefaultUserDetails.java
deleted file mode 100644
index 40f280cc..00000000
--- a/api-boot-project/api-boot/src/main/java/org/minbox/framework/api/boot/secuirty/userdetails/ApiBootDefaultUserDetails.java
+++ /dev/null
@@ -1,75 +0,0 @@
-/*
- * Copyright [2019] [恒宇少年 - 于起宇]
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.minbox.framework.api.boot.secuirty.userdetails;
-
-import lombok.Data;
-import org.minbox.framework.api.boot.common.enums.YesOrNo;
-import org.minbox.framework.api.boot.secuirty.jdbc.ApiBootDefaultUserEntity;
-import org.minbox.framework.api.boot.secuirty.delegate.ApiBootDefaultStoreDelegate;
-import org.springframework.security.core.GrantedAuthority;
-import org.springframework.security.core.userdetails.UserDetails;
-
-import java.util.ArrayList;
-import java.util.Collection;
-
-/**
- * The default {@link UserDetails} implement class
- *
- * @author 恒宇少年
- * @see ApiBootDefaultStoreDelegate#loadUserByUsername(String)
- */
-@Data
-public class ApiBootDefaultUserDetails extends ApiBootDefaultUserEntity implements UserDetails {
- @Override
- public Collection extends GrantedAuthority> getAuthorities() {
- return new ArrayList() {
- {
- add((GrantedAuthority) () -> "ROLE_USER");
- }
- };
- }
-
- @Override
- public String getPassword() {
- return super.getUiPassword();
- }
-
- @Override
- public String getUsername() {
- return super.getUiUserName();
- }
-
- @Override
- public boolean isAccountNonExpired() {
- return true;
- }
-
- @Override
- public boolean isAccountNonLocked() {
- return YesOrNo.NO.getValue().equals(super.getUiIsLocked());
- }
-
- @Override
- public boolean isCredentialsNonExpired() {
- return true;
- }
-
- @Override
- public boolean isEnabled() {
- return YesOrNo.YES.getValue().equals(super.getUiIsEnabled());
- }
-}
diff --git a/api-boot-project/api-boot/src/main/java/org/minbox/framework/api/boot/secuirty/userdetails/ApiBootUserDetailsService.java b/api-boot-project/api-boot/src/main/java/org/minbox/framework/api/boot/secuirty/userdetails/ApiBootUserDetailsService.java
deleted file mode 100644
index 3abd9394..00000000
--- a/api-boot-project/api-boot/src/main/java/org/minbox/framework/api/boot/secuirty/userdetails/ApiBootUserDetailsService.java
+++ /dev/null
@@ -1,70 +0,0 @@
-/*
- * Copyright [2019] [恒宇少年 - 于起宇]
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.minbox.framework.api.boot.secuirty.userdetails;
-
-import org.minbox.framework.api.boot.common.event.LoadUserEvent;
-import org.minbox.framework.api.boot.secuirty.delegate.ApiBootStoreDelegate;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.context.ApplicationContext;
-import org.springframework.security.core.userdetails.UserDetails;
-import org.springframework.security.core.userdetails.UserDetailsService;
-import org.springframework.security.core.userdetails.UsernameNotFoundException;
-
-/**
- * The {@link UserDetailsService} implement class
- *
- * ApiBoot integrates spring security user query logic implementation
- *
- * @author 恒宇少年
- */
-public class ApiBootUserDetailsService implements UserDetailsService {
- /**
- * logger instance
- */
- static Logger logger = LoggerFactory.getLogger(ApiBootUserDetailsService.class);
- /**
- * Spring {@link ApplicationContext}
- */
- @Autowired
- private ApplicationContext applicationContext;
-
- /**
- * Query basic user information according to user name
- *
- * Publish load user event event event after querying user information
- *
- * @param username {@link UserDetails#getUsername()}
- * @return {@link UserDetails}
- * @throws UsernameNotFoundException Throw the exception when the user does not exist
- */
- @Override
- public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
- logger.info("Login user:[{}]", username);
-
- // find ApiBootStoreDelegate support instance
- // default is org.minbox.framework.api.boot.plugin.security.delegate.ApiBootDefaultStoreDelegate
- ApiBootStoreDelegate apiBootStoreDelegate = applicationContext.getBean(ApiBootStoreDelegate.class);
- UserDetails userDetails = apiBootStoreDelegate.loadUserByUsername(username);
-
- // publish loadUserEvent
- applicationContext.publishEvent(new LoadUserEvent(this, username));
-
- return userDetails;
- }
-}
diff --git a/api-boot-samples/api-boot-sample-security-oauth-jwt/src/main/java/org/minbox/framework/api/boot/sample/DisableDefaultUserTableStoreDelegate.java b/api-boot-samples/api-boot-sample-security-oauth-jwt/src/main/java/org/minbox/framework/api/boot/sample/DisableDefaultUserTableStoreDelegate.java
index bce3823b..331bf96f 100644
--- a/api-boot-samples/api-boot-sample-security-oauth-jwt/src/main/java/org/minbox/framework/api/boot/sample/DisableDefaultUserTableStoreDelegate.java
+++ b/api-boot-samples/api-boot-sample-security-oauth-jwt/src/main/java/org/minbox/framework/api/boot/sample/DisableDefaultUserTableStoreDelegate.java
@@ -1,6 +1,6 @@
package org.minbox.framework.api.boot.sample;
-import org.minbox.framework.api.boot.secuirty.delegate.ApiBootStoreDelegate;
+import org.minbox.framework.security.delegate.SecurityStoreDelegate;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
@@ -20,7 +20,7 @@
* GitHub:https://github.com/hengboy
*/
@Component
-public class DisableDefaultUserTableStoreDelegate implements ApiBootStoreDelegate {
+public class DisableDefaultUserTableStoreDelegate implements SecurityStoreDelegate {
@Autowired
private SystemUserMapper systemUserMapper;
{@link ResultSet}
- * while ignoring any errors.
- *
- * @param connection {@link Connection}
- */
- private static void closeConnection(Connection connection) {
- if (null != connection) {
- try {
- connection.close();
- } catch (SQLException ignore) {
- }
- }
- }
-
- /**
- * Cleanup helper method that closes the given {@link ResultSet}
- * while ignoring any errors.
- *
- * @param rs {@link ResultSet}
- */
- private static void closeResultSet(ResultSet rs) {
- if (null != rs) {
- try {
- rs.close();
- } catch (SQLException ignore) {
- }
- }
- }
-
- /**
- * Cleanup helper method that closes the given Statement
- * while ignoring any errors.
- *
- * @param statement {@link Statement}
- */
- private static void closeStatement(Statement statement) {
- if (null != statement) {
- try {
- statement.close();
- } catch (SQLException ignore) {
- }
- }
- }
-
- /**
- * Encapsulation handles individual results
- * {@link UserDetails}
- * Use {@link ApiBootDefaultStoreDelegate}
by default
- *
- * @author 恒宇少年
- */
-public interface ApiBootStoreDelegate extends Serializable {
- /**
- * Query user
- *