# security-starter

**Repository Path**: enbool/security-starter

## Basic Information

- **Project Name**: security-starter
- **Description**: spring security oauth2 快速开发starter
- **Primary Language**: Java
- **License**: Not specified
- **Default Branch**: master
- **Homepage**: None
- **GVP Project**: No

## Statistics

- **Stars**: 0
- **Forks**: 1
- **Created**: 2020-06-15
- **Last Updated**: 2020-12-19

## Categories & Tags

**Categories**: Uncategorized

**Tags**: None

## README

# security-starter

#### 介绍
spring security oauth2 快速开发starter

#### 软件架构
软件架构说明


#### 安装教程

1.  下载源码
2.  mvn install 到本地仓库
3.  新项目添加依赖：
        <dependency>
			<groupId>cn.com.artemis</groupId>
			<artifactId>security-starter</artifactId>
			<version>1.0.0</version>
		</dependency>
4. 配置OAuth2，参见OAuth2Properties

#### 使用说明

    application.yml
    
    app:
      security:
          oauth2:
            jwt-signing-key: 
            store-type: jwt
            use-rbac: false
            clients:
              - client-id: 
                client-secret: 
                access-token-validity-seconds: 720000
                refresh-token-validity-seconds: 720000

    @ApiOperation("手登录")
    @PostMapping("/login")
        ResultModel<OAuth2AccessToken> login(@RequestHeader("Authorization") String authorization, @RequestBody PhoneLoginForm form){
        return userTemplate.loginByPhone(authorization, form);
    }
    
    public OAuth2AccessToken login(String username, String password)   {
        User user = userService.findByUsername(username);
        ApiAssert.notNull(GueErrorCode.USERNAME_OR_PASSWORD_ERROR, user);
        ApiAssert.isTrue(GueErrorCode.USERNAME_OR_PASSWORD_ERROR, passwordEncoder.matches(password, user.getPassword()));

        log.info("{}登录系统", username);
        return user2Token(user);
    }
    
    private OAuth2AccessToken user2Token(String authorization, User user){
    
        Authentication authentication = new UsernamePasswordAuthenticationToken(user, user.getPassword());

        try {
            return grantTokenService.grant(authorization, authentication);
        } catch (IOException e) {
            log.error("未知异常", e);
            throw new GueException(GueErrorCode.IO_EXCEPTION);
        }
    }
##### 配置白名单    
    @Component
    public class WhiteListConfig implements WhiteList {
    
        @Override
        public String[] permitAll() {
            return new String[]{"/api/**"};
        }
    
        @Override
        public String[] nonCheckPermission() {
            return new String[0];
        }
    }
######若要使用spring security自带的接口（/auth/token）登录系统，需实现UserDetailsService。
######若要使用RBAC进行权限控制，需要在配置文件里开启（use-rbac: true），并实现PermissionService。

#### 参与贡献

1.  Fork 本仓库
2.  新建 Feat_xxx 分支
3.  提交代码
4.  新建 Pull Request