认证中心登录接口

陈杰
1 parent 5b7afb68
Showing 37 changed files with 352 additions and 2128 deletions Show diff stats
cloud/autho/pom.xml
cloud/autho/src/main/java/com/sincere/autho/AuthoApplication.java
cloud/autho/src/main/java/com/sincere/autho/Swagger2.java
cloud/autho/src/main/java/com/sincere/autho/annotation/EnableLogging.java
cloud/autho/src/main/java/com/sincere/autho/annotation/datasource/DataSource.java
cloud/autho/src/main/java/com/sincere/autho/annotation/log/LogAnnotation.java
cloud/autho/src/main/java/com/sincere/autho/autoconfigure/LoggingConfigurationSelector.java
cloud/autho/src/main/java/com/sincere/autho/autoconfigure/datasource/DataSourceAspect.java
cloud/autho/src/main/java/com/sincere/autho/autoconfigure/log/LogAnnotationAspect.java
cloud/autho/src/main/java/com/sincere/autho/config/OAuth2ServerConfig.java
cloud/autho/src/main/java/com/sincere/autho/config/SecurityConfig.java
cloud/autho/src/main/java/com/sincere/autho/config/ValidateCodeSecurityConfig.java
cloud/autho/src/main/java/com/sincere/autho/control/LoginController.java
cloud/autho/src/main/java/com/sincere/autho/control/OAuth2Controller.java
cloud/autho/src/main/java/com/sincere/autho/control/UserController.java
cloud/autho/src/main/java/com/sincere/autho/dto/BaseDto.java
cloud/autho/src/main/java/com/sincere/autho/dto/req/LoginReqDto.java
cloud/autho/src/main/java/com/sincere/autho/handler/ExceptionHandlerAdvice.java
cloud/autho/src/main/java/com/sincere/autho/handler/OauthLogoutHandler.java
cloud/autho/src/main/java/com/sincere/autho/log/dao/LogDao.java
@@ -13,63 +13,142 @@
     <name>autho</name>
     <description>Demo project for Spring Boot</description>
  
-    <properties>
-        <java.version>1.8</java.version>
-        <spring-cloud.version>Greenwich.SR2</spring-cloud.version>
-    </properties>
-
     <dependencies>
         <dependency>
             <groupId>com.sincere</groupId>
             <artifactId>common</artifactId>
-            <version>0.0.1-SNAPSHOT</version>
+            <version>1.0.0</version>
         </dependency>
         <dependency>
-            <groupId>org.springframework.cloud</groupId>
-            <artifactId>spring-cloud-starter-oauth2</artifactId>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-test</artifactId>
+            <scope>test</scope>
         </dependency>
-
         <dependency>
             <groupId>org.springframework.cloud</groupId>
-            <artifactId>spring-cloud-starter-security</artifactId>
-            <version>2.1.3.RELEASE</version>
+            <artifactId>spring-cloud-starter-feign</artifactId>
+            <version>1.3.6.RELEASE</version>
         </dependency>
         <dependency>
             <groupId>org.springframework.cloud</groupId>
-            <artifactId>spring-cloud-starter-openfeign</artifactId>
+            <artifactId>spring-cloud-openfeign-core</artifactId>
+            <version>2.1.2.RELEASE</version>
         </dependency>
-
         <dependency>
-            <groupId>org.springframework.boot</groupId>
-            <artifactId>spring-boot-starter-data-redis</artifactId>
+            <groupId>org.apache.commons</groupId>
+            <artifactId>commons-lang3</artifactId>
+            <version>3.3.2</version>
         </dependency>
         <dependency>
-            <groupId>io.grpc</groupId>
-            <artifactId>grpc-core</artifactId>
-            <version>1.18.0</version>
+            <groupId>org.mybatis.spring.boot</groupId>
+            <artifactId>mybatis-spring-boot-starter</artifactId>
+            <version>1.3.0</version>
         </dependency>
-
         <dependency>
-            <groupId>io.springfox</groupId>
-            <artifactId>springfox-swagger2</artifactId>
-            <version>2.9.2</version>
+            <groupId>com.microsoft.sqlserver</groupId>
+            <artifactId>mssql-jdbc</artifactId>
+            <version>6.4.0.jre8</version>
         </dependency>
-
         <dependency>
-            <groupId>io.springfox</groupId>
-            <artifactId>springfox-swagger-ui</artifactId>
-            <version>2.9.2</version>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-web</artifactId>
         </dependency>
-
     </dependencies>
  
+    <dependencyManagement>
+        <dependencies>
+            <dependency>
+                <groupId>org.springframework.cloud</groupId>
+                <artifactId>spring-cloud-dependencies</artifactId>
+                <version>${spring-cloud.version}</version>
+                <type>pom</type>
+                <scope>import</scope>
+            </dependency>
+        </dependencies>
+    </dependencyManagement>
+
     <build>
+        <!--打包文件名-->
+        <finalName>quartz_server</finalName>
+        <!--打包方式-->
         <plugins>
+            <!-- 设置编译版本 -->
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-compiler-plugin</artifactId>
+                <version>3.1</version>
+                <configuration>
+                    <source>1.8</source>
+                    <target>1.8</target>
+                    <encoding>UTF-8</encoding>
+                </configuration>
+            </plugin>
+            <!-- 打包jar文件时，配置manifest文件，加入lib包的jar依赖 -->
+            <!-- 本地启动需要注释-->
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-jar-plugin</artifactId>
+                <configuration>
+                    <archive>
+                        <manifest>
+                            <mainClass>com.sincere.userSearch.UserApplication</mainClass>
+                            <addClasspath>true</addClasspath>
+                            <classpathPrefix>lib/</classpathPrefix>
+                        </manifest>
+                        <manifestEntries>
+                            <Class-Path>./config/</Class-Path>
+                        </manifestEntries>
+                    </archive>
+                    <excludes>
+                        <exclude>config/**</exclude>
+                    </excludes>
+                    <classesDirectory></classesDirectory>
+                </configuration>
+            </plugin>
+            <!-- 拷贝依赖的jar包到lib目录 -->
             <plugin>
-                <groupId>org.springframework.boot</groupId>
-                <artifactId>spring-boot-maven-plugin</artifactId>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-dependency-plugin</artifactId>
+                <executions>
+                    <execution>
+                        <id>copy</id>
+                        <phase>package</phase>
+                        <goals>
+                            <goal>copy-dependencies</goal>
+                        </goals>
+                        <configuration>
+                            <outputDirectory>
+                                ${project.build.directory}/lib
+                            </outputDirectory>
+                        </configuration>
+                    </execution>
+                </executions>
+            </plugin>
+            <!-- 解决资源文件的编码问题 -->
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-resources-plugin</artifactId>
+                <version>2.5</version>
+                <configuration>
+                    <encoding>UTF-8</encoding>
+                </configuration>
+            </plugin>
+            <!-- 打包source文件为jar文件 -->
+            <plugin>
+                <artifactId>maven-source-plugin</artifactId>
+                <version>2.2</version>
+                <configuration>
+                    <attach>true</attach>
+                </configuration>
+                <executions>
+                    <execution>
+                        <phase>compile</phase>
+                        <goals>
+                            <goal>jar</goal>
+                        </goals>
+                    </execution>
+                </executions>
             </plugin>
         </plugins>
     </build>
-
 </project>
 package com.sincere.autho;
  
+import org.mybatis.spring.annotation.MapperScan;
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
 import org.springframework.cloud.client.discovery.EnableDiscoveryClient;
  
 @EnableDiscoveryClient
 @SpringBootApplication
+@MapperScan("com.sincere.autho.mapper")
 public class AuthoApplication {
  
     public static void main(String[] args) {
@@ -0,0 +1,52 @@
+package com.sincere.autho;
+
+import io.swagger.annotations.ApiOperation;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import springfox.documentation.builders.ApiInfoBuilder;
+import springfox.documentation.builders.ParameterBuilder;
+import springfox.documentation.builders.PathSelectors;
+import springfox.documentation.builders.RequestHandlerSelectors;
+import springfox.documentation.schema.ModelRef;
+import springfox.documentation.service.ApiInfo;
+import springfox.documentation.service.Parameter;
+import springfox.documentation.spi.DocumentationType;
+import springfox.documentation.spring.web.plugins.Docket;
+import springfox.documentation.swagger2.annotations.EnableSwagger2;
+
+import java.util.ArrayList;
+import java.util.List;
+
+@EnableSwagger2
+@Configuration      //让Spring来加载该类配置
+public class Swagger2 {
+
+    @Bean
+   public Docket createRestApi() {
+        ParameterBuilder ticketPar = new ParameterBuilder();
+        List<Parameter> pars = new ArrayList<Parameter>();
+        ticketPar.name("X-Authorization").description("user token")
+                .modelRef(new ModelRef("string")).parameterType("header")
+                .required(false).build(); //header中的ticket参数非必填，传空也可以
+        pars.add(ticketPar.build());
+
+
+        return new Docket(DocumentationType.SWAGGER_2)
+                .apiInfo(apiInfo())
+                .enableUrlTemplating(true)
+                .select()
+                // 扫描所有有注解的api，用这种方式更灵活
+                .apis(RequestHandlerSelectors.basePackage("com.sincere.autho.control"))
+                .paths(PathSelectors.any())
+                .build().globalOperationParameters(pars);
+
+    }
+     private ApiInfo apiInfo() {
+        return new ApiInfoBuilder()
+               .title("Spring Boot中使用Swagger2构建RESTful APIs")
+                 .description("接口文档")
+                 .termsOfServiceUrl("")
+                .version("1.0")
+              .build();
+     }
+}
@@ -1,22 +0,0 @@
-package com.sincere.autho.annotation;
-
-import com.sincere.autho.autoconfigure.LoggingConfigurationSelector;
-import org.springframework.context.annotation.Import;
-
-import java.lang.annotation.*;
-
-
-/**
- * 启动日志框架支持
- * @author owen
- * @create 2017年7月2日
- */
-
-@Target(ElementType.TYPE)
-@Retention(RetentionPolicy.RUNTIME)
-@Documented
-//自动装配starter
-@Import(LoggingConfigurationSelector.class)
-public @interface EnableLogging{
-//	String name() ;
-}
 \ No newline at end of file
@@ -1,16 +0,0 @@
-package com.sincere.autho.annotation.datasource;
-
-import java.lang.annotation.*;
-
-
-/**
- * 数据源选择
- * @author owen
- * @create 2017年7月2日
- */
-@Target({ElementType.METHOD, ElementType.TYPE})
-@Retention(RetentionPolicy.RUNTIME)
-@Documented
-public @interface DataSource {
-    String name();
-}
 \ No newline at end of file
@@ -1,26 +0,0 @@
-package com.sincere.autho.annotation.log;
-
-import java.lang.annotation.*;
-
-/**
- * 日志注解
- * @author owen
- * @create 2017年7月2日
- */
-@Target({ElementType.METHOD, ElementType.TYPE})
-@Retention(RetentionPolicy.RUNTIME)
-@Documented
-public @interface LogAnnotation {
-
-	/**
-	 * 模块
-	 * @return
-	 */
-	String module();
-
-	/**
-	 * 记录执行参数
-	 * @return
-	 */
-	boolean recordRequestParam() default true;
-}
@@ -1,23 +0,0 @@
-package com.sincere.autho.autoconfigure;
-
-import org.springframework.context.annotation.ImportSelector;
-import org.springframework.core.type.AnnotationMetadata;
-
-/**
- * @author owen
- * @create 2017年7月2日
- * 装配bean
- */
-public class LoggingConfigurationSelector implements ImportSelector {
-
-	@Override
-	public String[] selectImports(AnnotationMetadata importingClassMetadata) {
-		// TODO Auto-generated method stub
-//		importingClassMetadata.getAllAnnotationAttributes(EnableEcho.class.getName());
-		return new String[] { 
-				"com.sincere.autho.autoconfigure.datasource.DataSourceAspect",
-				"com.sincere.autho.autoconfigure.log.LogAnnotationAspect"
-		};
-	}
-
-}
@@ -1,42 +0,0 @@
-package com.sincere.autho.autoconfigure.datasource;
-
-import com.sincere.autho.annotation.datasource.DataSource;
-import com.sincere.common.config.DataSourceHolder;
-import com.sincere.common.config.DataSourceKey;
-import org.aspectj.lang.JoinPoint;
-import org.aspectj.lang.annotation.After;
-import org.aspectj.lang.annotation.Aspect;
-import org.aspectj.lang.annotation.Before;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.core.annotation.Order;
-
-/**
- * 切换数据源Advice
- */
-@Aspect
-@Order(-1) // 保证该AOP在@Transactional之前执行
-public class DataSourceAspect {
-
-    private static final Logger logger = LoggerFactory.getLogger(DataSourceAspect.class);
-
-    @Before("@annotation(ds)")
-    public void changeDataSource(JoinPoint point, DataSource ds) throws Throwable {
-        String dsId = ds.name();
-        try {
-            DataSourceKey dataSourceKey = DataSourceKey.valueOf(dsId);
-            DataSourceHolder.setDataSourceKey(dataSourceKey);
-        } catch (Exception e) {
-            logger.error("数据源[{}]不存在，使用默认数据源 > {}", ds.name(), point.getSignature());
-        }
-
-
-    }
-
-    @After("@annotation(ds)")
-    public void restoreDataSource(JoinPoint point, DataSource ds) {
-        logger.debug("Revert DataSource : {transIdo} > {}", ds.name(), point.getSignature());
-        DataSourceHolder.clearDataSourceKey();
-    }
-
-}
 \ No newline at end of file
@@ -1,133 +0,0 @@
-package com.sincere.autho.autoconfigure.log;
-
-import com.alibaba.fastjson.JSON;
-import com.alibaba.fastjson.JSONObject;
-import com.sincere.autho.annotation.log.LogAnnotation;
-import com.sincere.autho.log.service.LogService;
-import com.sincere.autho.log.service.impl.LogServiceImpl;
-import com.sincere.autho.utils.SysUserUtil;
-import com.sincere.common.model.log.SysLog;
-import com.sincere.common.model.system.LoginAppUser;
-import com.sincere.common.util.SpringUtils;
-import org.aspectj.lang.ProceedingJoinPoint;
-import org.aspectj.lang.annotation.Around;
-import org.aspectj.lang.annotation.Aspect;
-import org.aspectj.lang.reflect.MethodSignature;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.core.annotation.Order;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import java.util.ArrayList;
-import java.util.Date;
-import java.util.List;
-import java.util.concurrent.CompletableFuture;
-import java.util.concurrent.ThreadLocalRandom;
-
-/**
- * 保存日志
- * 
- * @author owen
- * @create 2017年7月2日
- */
-@Aspect
-@Order(-1) // 保证该AOP在@Transactional之前执行
-public class LogAnnotationAspect {
-
-	private static final Logger logger = LoggerFactory.getLogger(LogAnnotationAspect.class);
-
-	@Around("@annotation(ds)")
-	public Object logSave(ProceedingJoinPoint joinPoint, LogAnnotation ds) throws Throwable {
-
-		// 请求流水号
-		String transid = getRandom();
-		// 记录开始时间
-		long start = System.currentTimeMillis();
-		// 获取方法参数
-		String url = null;
-		String httpMethod = null;
-		Object result = null;
-		List<Object> httpReqArgs = new ArrayList<Object>();
-		SysLog log = new SysLog();
-		log.setCreateTime(new Date());
-		LoginAppUser loginAppUser = SysUserUtil.getLoginAppUser();
-		if (loginAppUser != null) {
-			log.setUsername(loginAppUser.getUsername());
-		}
-
-		MethodSignature methodSignature = (MethodSignature) joinPoint.getSignature();
-
-		LogAnnotation logAnnotation = methodSignature.getMethod().getDeclaredAnnotation(LogAnnotation.class);
-		log.setModule(logAnnotation.module() + ":" + methodSignature.getDeclaringTypeName() + "/"
-				+ methodSignature.getName());
-
-		Object[] args = joinPoint.getArgs();// 参数值
-		url =  methodSignature.getDeclaringTypeName() + "/"+ methodSignature.getName();
-		for (Object object : args) {
-			if (object instanceof HttpServletRequest) {
-				HttpServletRequest request = (HttpServletRequest) object;
-				url = request.getRequestURI();
-				httpMethod = request.getMethod();
-			} else if (object instanceof HttpServletResponse) {
-			} else {
-				
-				httpReqArgs.add(object);
-			}
-		}
-
-		try {
-			String params = JSONObject.toJSONString(httpReqArgs);
-			log.setParams(params);
-			// 打印请求参数参数
-			logger.info("开始请求，transid={},  url={} , httpMethod={}, reqData={} ", transid, url, httpMethod, params);
-		} catch (Exception e) {
-			logger.error("记录参数失败：{}", e.getMessage());
-		}
-
-		try {
-			// 调用原来的方法
-			result = joinPoint.proceed();
-			log.setFlag(Boolean.TRUE);
-		} catch (Exception e) {
-			log.setFlag(Boolean.FALSE);
-			log.setRemark(e.getMessage());
-
-			throw e;
-		} finally {
-
-			CompletableFuture.runAsync(() -> {
-				try {
-					if (logAnnotation.recordRequestParam()) {
-						LogService logService = SpringUtils.getBean(LogServiceImpl.class);
-						logService.save(log);
-					}
-				} catch (Exception e) {
-					logger.error("记录参数失败：{}", e.getMessage());
-				}
-
-			});
-			// 获取回执报文及耗时
-			logger.info("请求完成, transid={}, 耗时={}, resp={}:", transid, (System.currentTimeMillis() - start),
-					result == null ? null : JSON.toJSONString(result));
-
-		}
-		return result;
-	}
-
-	/**
-	 * 生成日志随机数
-	 * 
-	 * @return
-	 */
-	public String getRandom() {
-		int i = 0;
-		StringBuilder st = new StringBuilder();
-		while (i < 5) {
-			i++;
-			st.append(ThreadLocalRandom.current().nextInt(10));
-		}
-		return st.toString() + System.currentTimeMillis();
-	}
-
-}
 \ No newline at end of file
@@ -1,260 +0,0 @@
-
-package com.sincere.autho.config;
-
-import com.sincere.autho.service.RedisAuthorizationCodeServices;
-import com.sincere.autho.service.RedisClientDetailsService;
-import com.sincere.autho.token.RedisTemplateTokenStore;
-import com.sincere.common.props.PermitUrlProperties;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.boot.autoconfigure.AutoConfigureAfter;
-import org.springframework.boot.context.properties.EnableConfigurationProperties;
-import org.springframework.context.annotation.Bean;
-import org.springframework.context.annotation.Configuration;
-import org.springframework.data.redis.core.RedisTemplate;
-import org.springframework.security.authentication.AuthenticationManager;
-import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.security.config.annotation.web.builders.WebSecurity;
-import org.springframework.security.core.userdetails.UserDetailsService;
-import org.springframework.security.oauth2.common.OAuth2AccessToken;
-import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
-import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
-import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
-import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
-import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
-import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
-import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;
-import org.springframework.security.oauth2.provider.code.RandomValueAuthorizationCodeServices;
-import org.springframework.security.oauth2.provider.error.WebResponseExceptionTranslator;
-import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter;
-import org.springframework.security.oauth2.provider.token.store.JwtTokenStore;
-import org.springframework.security.web.util.matcher.RequestMatcher;
-import org.springframework.stereotype.Component;
-import org.springframework.util.AntPathMatcher;
-
-import javax.annotation.Resource;
-import javax.servlet.http.HttpServletRequest;
-import javax.sql.DataSource;
-
-/**
- * @author owen 624191343@qq.com
- * @version 创建时间：2017年11月12日 上午22:57:51
- */
-@Configuration
-public class OAuth2ServerConfig {
-
-    @Resource
-    private DataSource dataSource;
-    @Resource
-    private RedisTemplate<String, Object> redisTemplate;
-
-    /**
-     * 声明 ClientDetails实现
-     */
-    @Bean
-    public RedisClientDetailsService redisClientDetailsService() {
-        RedisClientDetailsService clientDetailsService = new RedisClientDetailsService(dataSource);
-        clientDetailsService.setRedisTemplate(redisTemplate);
-        return clientDetailsService;
-    }
-
-
-    @Bean
-    public RandomValueAuthorizationCodeServices authorizationCodeServices() {
-        RedisAuthorizationCodeServices redisAuthorizationCodeServices = new RedisAuthorizationCodeServices();
-        redisAuthorizationCodeServices.setRedisTemplate(redisTemplate);
-        return redisAuthorizationCodeServices;
-    }
-
-    /**
-     * @author owen 624191343@qq.com
-     * @version 创建时间：2017年11月12日 上午22:57:51 默认token存储在内存中
-     * DefaultTokenServices默认处理
-     */
-    @Component
-    @Configuration
-    @EnableAuthorizationServer
-    @AutoConfigureAfter(AuthorizationServerEndpointsConfigurer.class)
-    public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {
-        /**
-         * 注入authenticationManager 来支持 password grant type
-         */
-        @Autowired
-        private AuthenticationManager authenticationManager;
-
-        @Autowired
-        private UserDetailsService userDetailsService;
-
-        @Autowired(required = false)
-        private RedisTemplateTokenStore redisTokenStore;
-
-        @Autowired(required = false)
-        private JwtTokenStore jwtTokenStore;
-        @Autowired(required = false)
-        private JwtAccessTokenConverter jwtAccessTokenConverter;
-
-        @Autowired
-        private WebResponseExceptionTranslator webResponseExceptionTranslator;
-
-        @Autowired
-        private RedisClientDetailsService redisClientDetailsService;
-
-        @Autowired(required = false)
-        private RandomValueAuthorizationCodeServices authorizationCodeServices;
-
-        /**
-         * 配置身份认证器，配置认证方式，TokenStore，TokenGranter，OAuth2RequestFactory
-         */
-        public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
-
-            if (jwtTokenStore != null) {
-                endpoints.tokenStore(jwtTokenStore).authenticationManager(authenticationManager)
-                        // 支持
-                        .userDetailsService(userDetailsService);
-                // password
-                // grant
-                // type;
-            } else if (redisTokenStore != null) {
-                endpoints.tokenStore(redisTokenStore).authenticationManager(authenticationManager)
-                        // 支持
-                        .userDetailsService(userDetailsService);
-                // password
-                // grant
-                // type;
-            }
-
-            if (jwtAccessTokenConverter != null) {
-                endpoints.accessTokenConverter(jwtAccessTokenConverter);
-            }
-
-            endpoints.authorizationCodeServices(authorizationCodeServices);
-
-            endpoints.exceptionTranslator(webResponseExceptionTranslator);
-
-        }
-
-        /**
-         * 配置应用名称 应用id
-         * 配置OAuth2的客户端相关信息
-         */
-        @Override
-        public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
-
-            // if(clientDetailsService!=null){
-            // clients.withClientDetails(clientDetailsService);
-            // }else{
-            // clients.inMemory().withClient("neusoft1").secret("neusoft1")
-            // .authorizedGrantTypes("authorization_code", "password",
-            // "refresh_token").scopes("all")
-            // .resourceIds(SERVER_RESOURCE_ID).accessTokenValiditySeconds(1200)
-            // .refreshTokenValiditySeconds(50000)
-            // .and().withClient("neusoft2").secret("neusoft2")
-            // .authorizedGrantTypes("authorization_code", "password",
-            // "refresh_token").scopes("all")
-            // .resourceIds(SERVER_RESOURCE_ID).accessTokenValiditySeconds(1200)
-            // .refreshTokenValiditySeconds(50000)
-            // ;
-            // }
-            clients.withClientDetails(redisClientDetailsService);
-            redisClientDetailsService.loadAllClientToCache();
-        }
-
-        /**
-         * 对应于配置AuthorizationServer安全认证的相关信息，创建ClientCredentialsTokenEndpointFilter核心过滤器
-         */
-        @Override
-        public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
-            // url:/oauth/token_key,exposes
-            security.tokenKeyAccess("permitAll()")
-                    /// public key for token
-                    /// verification if using
-                    /// JWT tokens
-                    // url:/oauth/check_token
-                    .checkTokenAccess("isAuthenticated()")
-                    // allow check token
-                    .allowFormAuthenticationForClients();
-
-            // security.allowFormAuthenticationForClients();
-            //// security.tokenKeyAccess("permitAll()");
-            // security.tokenKeyAccess("isAuthenticated()");
-        }
-
-    }
-
-    /**
-     * 资源服务
-     */
-    @Configuration
-    @EnableResourceServer
-    @EnableConfigurationProperties(PermitUrlProperties.class)
-    public class ResourceServerConfig extends ResourceServerConfigurerAdapter {
-
-        @Autowired
-        private PermitUrlProperties permitUrlProperties;
-
-        public void configure(WebSecurity web) throws Exception {
-            web.ignoring().antMatchers("/health");
-            web.ignoring().antMatchers("/oauth/user/token");
-            web.ignoring().antMatchers("/oauth/client/token");
-        }
-
-        @Override
-        public void configure(HttpSecurity http) throws Exception {
-            http.requestMatcher(
-                    /**
-                     * 判断来源请求是否包含oauth2授权信息
-                     */
-                    new RequestMatcher() {
-                        private AntPathMatcher antPathMatcher = new AntPathMatcher();
-
-                        @Override
-                        public boolean matches(HttpServletRequest request) {
-                            // 请求参数中包含access_token参数
-                            if (request.getParameter(OAuth2AccessToken.ACCESS_TOKEN) != null) {
-                                return true;
-                            }
-
-                            // 头部的Authorization值以Bearer开头
-                            String auth = request.getHeader("Authorization");
-                            if (auth != null) {
-                                if (auth.startsWith(OAuth2AccessToken.BEARER_TYPE)) {
-                                    return true;
-                                }
-                            }
-                            if (antPathMatcher.match(request.getRequestURI(), "/oauth/userinfo")) {
-                                return true;
-                            }
-                            if (antPathMatcher.match(request.getRequestURI(), "/oauth/remove/token")) {
-                                return true;
-                            }
-                            if (antPathMatcher.match(request.getRequestURI(), "/oauth/get/token")) {
-                                return true;
-                            }
-                            if (antPathMatcher.match(request.getRequestURI(), "/oauth/refresh/token")) {
-                                return true;
-                            }
-
-                            if (antPathMatcher.match(request.getRequestURI(), "/oauth/token/list")) {
-                                return true;
-                            }
-
-                            if (antPathMatcher.match("/clients/**", request.getRequestURI())) {
-                                return true;
-                            }
-
-                            if (antPathMatcher.match("/services/**", request.getRequestURI())) {
-                                return true;
-                            }
-                            if (antPathMatcher.match("/redis/**", request.getRequestURI())) {
-                                return true;
-                            }
-                            return false;
-                        }
-                    }
-
-            ).authorizeRequests().antMatchers(permitUrlProperties.getIgnored()).permitAll().anyRequest()
-                    .authenticated();
-        }
-
-    }
-
-}
@@ -1,129 +0,0 @@
-package com.sincere.autho.config;
-
-import com.sincere.autho.handler.OauthLogoutHandler;
-import com.sincere.common.props.PermitUrlProperties;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.boot.context.properties.EnableConfigurationProperties;
-import org.springframework.context.annotation.Bean;
-import org.springframework.context.annotation.Configuration;
-import org.springframework.security.authentication.AuthenticationManager;
-import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
-import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.security.config.annotation.web.builders.WebSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
-import org.springframework.security.config.http.SessionCreationPolicy;
-import org.springframework.security.core.userdetails.UserDetailsService;
-import org.springframework.security.crypto.password.PasswordEncoder;
-import org.springframework.security.web.AuthenticationEntryPoint;
-import org.springframework.security.web.authentication.AuthenticationFailureHandler;
-import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
-import org.springframework.security.web.authentication.logout.HttpStatusReturningLogoutSuccessHandler;
-
-/**
- * spring security配置
- *          在WebSecurityConfigurerAdapter不拦截oauth要开放的资源
- */
-@Configuration
-//@EnableWebSecurity
-//@EnableGlobalMethodSecurity(prePostEnabled = true)
-@EnableConfigurationProperties(PermitUrlProperties.class)
-public class SecurityConfig extends WebSecurityConfigurerAdapter {
-
-	@Autowired
-	private AuthenticationSuccessHandler authenticationSuccessHandler;
-	@Autowired
-	private AuthenticationFailureHandler authenticationFailureHandler;
-	// @Autowired
-	// private LogoutSuccessHandler logoutSuccessHandler;
-	@Autowired(required = false)
-	private AuthenticationEntryPoint authenticationEntryPoint;
-	@Autowired
-	private UserDetailsService userDetailsService;
-
-	@Autowired
-	private PasswordEncoder passwordEncoder;
-
-	@Autowired
-	private OauthLogoutHandler oauthLogoutHandler;
-	@Autowired
-	private PermitUrlProperties permitUrlProperties ;
-	
-	@Autowired
-	private ValidateCodeSecurityConfig validateCodeSecurityConfig ;
-	
-	@Override
-	public void configure(WebSecurity web) throws Exception {
-		web.ignoring().antMatchers("/v2/api-docs", "/configuration/ui", "/swagger-resources", "/configuration/security",
-				"/swagger-ui.html", "/webjars/**", "/doc.html", "/login.html");
-		web.ignoring().antMatchers("/js/**");
-		web.ignoring().antMatchers("/css/**");
-		web.ignoring().antMatchers("/health");
-		// 忽略登录界面
-		web.ignoring().antMatchers("/login.html");
-		web.ignoring().antMatchers("/index.html");
-		web.ignoring().antMatchers("/oauth/user/token");
-		web.ignoring().antMatchers("/oauth/client/token");
-		web.ignoring().antMatchers("/validata/code/**");
-		web.ignoring().antMatchers(permitUrlProperties.getIgnored());
-		
-	}
-	/**
-	 * 认证管理
-	 * 
-	 * @return 认证管理对象
-	 * @throws Exception
-	 *             认证异常信息
-	 */
-	@Override
-	@Bean
-	public AuthenticationManager authenticationManagerBean() throws Exception {
-		return super.authenticationManagerBean();
-	}
-
-	@Override
-	protected void configure(HttpSecurity http) throws Exception {
-		http.csrf().disable();
-
-		http.authorizeRequests()
-				.anyRequest().authenticated();
-		http.formLogin().loginPage("/login.html").loginProcessingUrl("/user/login")
-				.successHandler(authenticationSuccessHandler).failureHandler(authenticationFailureHandler);
-
-		// 基于密码 等模式可以无session,不支持授权码模式
-		if (authenticationEntryPoint != null) {
-			http.exceptionHandling().authenticationEntryPoint(authenticationEntryPoint);
-			http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
-
-		} else {
-			// 授权码模式单独处理，需要session的支持，此模式可以支持所有oauth2的认证
-			http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED);
-		}
-
-		http.logout().logoutSuccessUrl("/login.html")
-				.logoutSuccessHandler(new HttpStatusReturningLogoutSuccessHandler())
-				.addLogoutHandler(oauthLogoutHandler).clearAuthentication(true);
-
-		//增加验证码处理
-		http.apply(validateCodeSecurityConfig) ;
-		// http.logout().logoutUrl("/logout").logoutSuccessHandler(logoutSuccessHandler);
-		// 解决不允许显示在iframe的问题
-		http.headers().frameOptions().disable();
-		http.headers().cacheControl();
-
-	}
-
-	/**
-	 * 全局用户信息
-	 * 
-	 * @param auth
-	 *            认证管理
-	 * @throws Exception
-	 *             用户认证异常信息
-	 */
-	@Autowired
-	public void globalUserDetails(AuthenticationManagerBuilder auth) throws Exception {
-		auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder);
-	}
-
-
-}
@@ -1,29 +0,0 @@
-/**
- * 
- */
-package com.sincere.autho.config;
-
-import org.springframework.security.config.annotation.SecurityConfigurerAdapter;
-import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.security.web.DefaultSecurityFilterChain;
-import org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter;
-import org.springframework.stereotype.Component;
-
-import javax.annotation.Resource;
-import javax.servlet.Filter;
-
-/**
- * 校验码相关安全配置
- * 
- * @author zlt
- */
-@Component("validateCodeSecurityConfig")
-public class ValidateCodeSecurityConfig extends SecurityConfigurerAdapter<DefaultSecurityFilterChain, HttpSecurity> {
-	@Resource
-	private Filter validateCodeFilter;
-	
-	@Override
-	public void configure(HttpSecurity http) {
-		http.addFilterBefore(validateCodeFilter, AbstractPreAuthenticatedProcessingFilter.class);
-	}
-}
@@ -0,0 +1,35 @@
+package com.sincere.autho.control;
+
+import com.sincere.autho.dto.BaseDto;
+import com.sincere.autho.dto.req.LoginReqDto;
+import com.sincere.autho.service.LoginService;
+import com.sincere.common.util.TokenUtils;
+import io.swagger.annotations.Api;
+import org.apache.commons.lang3.StringUtils;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
+import org.springframework.web.bind.annotation.RestController;
+
+@RestController
+public class LoginController {
+
+    @Autowired
+    LoginService loginService ;
+
+
+    @RequestMapping(value = "/login" , method = RequestMethod.POST)
+    public BaseDto<String> login(@RequestBody LoginReqDto loginReqDto){
+        BaseDto<String> result = new BaseDto<>() ;
+        String userId = loginService.login(loginReqDto);
+        if(StringUtils.isNotBlank(userId)){
+            result.setMessage("登录成功");
+            result.setData(TokenUtils.buildToken(userId));
+        }else {
+            result.setStatus(false);
+            result.setMessage("账号密码错误");
+        }
+        return result ;
+    }
+}
@@ -1,482 +0,0 @@
-package com.sincere.autho.control;
-
-import com.fasterxml.jackson.core.JsonProcessingException;
-import com.fasterxml.jackson.databind.ObjectMapper;
-import com.sincere.autho.annotation.log.LogAnnotation;
-import com.sincere.autho.service.RedisClientDetailsService;
-import com.sincere.autho.utils.SpringUtil;
-import com.sincere.common.commons.PageResult;
-import com.sincere.common.model.system.LoginAppUser;
-import com.sincere.common.model.system.SysPermission;
-import io.swagger.annotations.Api;
-import io.swagger.annotations.ApiOperation;
-import io.swagger.annotations.ApiParam;
-import org.apache.commons.collections.MapUtils;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.dao.DataAccessException;
-import org.springframework.data.redis.connection.RedisConnection;
-import org.springframework.data.redis.core.Cursor;
-import org.springframework.data.redis.core.RedisCallback;
-import org.springframework.data.redis.core.RedisTemplate;
-import org.springframework.data.redis.core.ScanOptions;
-import org.springframework.http.HttpStatus;
-import org.springframework.security.authentication.AuthenticationManager;
-import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
-import org.springframework.security.core.Authentication;
-import org.springframework.security.core.context.SecurityContextHolder;
-import org.springframework.security.crypto.password.PasswordEncoder;
-import org.springframework.security.oauth2.common.OAuth2AccessToken;
-import org.springframework.security.oauth2.common.exceptions.UnapprovedClientAuthenticationException;
-import org.springframework.security.oauth2.provider.*;
-import org.springframework.security.oauth2.provider.authentication.OAuth2AuthenticationDetails;
-import org.springframework.security.oauth2.provider.client.ClientCredentialsTokenGranter;
-import org.springframework.security.oauth2.provider.refresh.RefreshTokenGranter;
-import org.springframework.security.oauth2.provider.request.DefaultOAuth2RequestFactory;
-import org.springframework.security.oauth2.provider.token.AuthorizationServerTokenServices;
-import org.springframework.security.oauth2.provider.token.TokenStore;
-import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken;
-import org.springframework.web.bind.annotation.PostMapping;
-import org.springframework.web.bind.annotation.RequestMapping;
-import org.springframework.web.bind.annotation.RequestParam;
-import org.springframework.web.bind.annotation.RestController;
-
-import javax.annotation.Resource;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import java.io.IOException;
-import java.util.*;
-
-/**
- * @author 作者 owen E-mail: 624191343@qq.com
- * @version 创建时间：2018年4月28日 下午2:18:54 类说明
- */
-
-@Api(tags = "OAuth2相关操作")
-@RestController
-public class OAuth2Controller {
-
-	private static final Logger logger = LoggerFactory.getLogger(OAuth2Controller.class);
-	@Resource
-	private ObjectMapper objectMapper; // springmvc启动时自动装配json处理类
-	@Autowired
-	private PasswordEncoder passwordEncoder;
-
-	@Autowired
-	private TokenStore tokenStore;
-
-	@Autowired
-	private RedisTemplate<String, Object> redisTemplate;
-
-	@ApiOperation(value = "用户名密码获取token")
-	@PostMapping("/oauth/user/token")
-	public void getUserTokenInfo(
-            @ApiParam(required = true, name = "username", value = "账号") @RequestParam(value = "username") String username,
-            @ApiParam(required = true, name = "password", value = "密码") @RequestParam(value = "password") String password,
-            HttpServletRequest request, HttpServletResponse response) {
-		String clientId = request.getHeader("client_id");
-		String clientSecret = request.getHeader("client_secret");
-
-		try {
-
-			if (clientId == null || "".equals(clientId)) {
-				throw new UnapprovedClientAuthenticationException("请求头中无client_id信息");
-			}
-
-			if (clientSecret == null || "".equals(clientSecret)) {
-				throw new UnapprovedClientAuthenticationException("请求头中无client_secret信息");
-			}
-
-			RedisClientDetailsService clientDetailsService = SpringUtil.getBean(RedisClientDetailsService.class);
-
-			ClientDetails clientDetails = clientDetailsService.loadClientByClientId(clientId);
-
-			if (clientDetails == null) {
-				throw new UnapprovedClientAuthenticationException("clientId对应的信息不存在");
-			} else if (!passwordEncoder.matches(clientSecret, clientDetails.getClientSecret())) {
-				throw new UnapprovedClientAuthenticationException("clientSecret不匹配");
-			}
-
-			TokenRequest tokenRequest = new TokenRequest(MapUtils.EMPTY_MAP, clientId, clientDetails.getScope(),
-					"customer");
-
-			OAuth2Request oAuth2Request = tokenRequest.createOAuth2Request(clientDetails);
-
-			UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(username, password);
-
-			AuthenticationManager authenticationManager = SpringUtil.getBean(AuthenticationManager.class);
-
-			Authentication authentication = authenticationManager.authenticate(token);
-			SecurityContextHolder.getContext().setAuthentication(authentication);
-
-			OAuth2Authentication oAuth2Authentication = new OAuth2Authentication(oAuth2Request, authentication);
-
-			AuthorizationServerTokenServices authorizationServerTokenServices = SpringUtil
-					.getBean("defaultAuthorizationServerTokenServices", AuthorizationServerTokenServices.class);
-
-			OAuth2AccessToken oAuth2AccessToken = authorizationServerTokenServices
-					.createAccessToken(oAuth2Authentication);
-
-			oAuth2Authentication.setAuthenticated(true);
-
-			response.setContentType("application/json;charset=UTF-8");
-			response.getWriter().write(objectMapper.writeValueAsString(oAuth2AccessToken));
-			response.getWriter().flush();
-			response.getWriter().close();
-
-		} catch (Exception e) {
-
-			response.setStatus(HttpStatus.UNAUTHORIZED.value());
-
-			response.setContentType("application/json;charset=UTF-8");
-
-			Map<String, String> rsp = new HashMap<>();
-			rsp.put("resp_code", HttpStatus.UNAUTHORIZED.value() + "");
-			rsp.put("rsp_msg", e.getMessage());
-
-			try {
-				response.getWriter().write(objectMapper.writeValueAsString(rsp));
-				response.getWriter().flush();
-				response.getWriter().close();
-			} catch (JsonProcessingException e1) {
-				// TODO Auto-generated catch block
-				e1.printStackTrace();
-			} catch (IOException e1) {
-				// TODO Auto-generated catch block
-				e1.printStackTrace();
-			}
-
-		}
-	}
-
-	
-	@ApiOperation(value = "clientId获取token")
-	@PostMapping("/oauth/client/token")
-	@LogAnnotation(module = "autho", recordRequestParam = false)
-	public void getClientTokenInfo(HttpServletRequest request, HttpServletResponse response) {
-
-		String clientId = request.getHeader("client_id");
-		String clientSecret = request.getHeader("client_secret");
-		try {
-
-			if (clientId == null || "".equals(clientId)) {
-				throw new UnapprovedClientAuthenticationException("请求参数中无clientId信息");
-			}
-
-			if (clientSecret == null || "".equals(clientSecret)) {
-				throw new UnapprovedClientAuthenticationException("请求参数中无clientSecret信息");
-			}
-
-			RedisClientDetailsService clientDetailsService = SpringUtil.getBean(RedisClientDetailsService.class);
-
-			ClientDetails clientDetails = clientDetailsService.loadClientByClientId(clientId);
-
-			if (clientDetails == null) {
-				throw new UnapprovedClientAuthenticationException("clientId对应的信息不存在");
-			} else if (!passwordEncoder.matches(clientSecret, clientDetails.getClientSecret())) {
-				throw new UnapprovedClientAuthenticationException("clientSecret不匹配");
-			}
-
-			Map<String, String> map = new HashMap<>();
-			map.put("client_secret", clientSecret);
-			map.put("client_id", clientId);
-			map.put("grant_type", "client_credentials");
-			TokenRequest tokenRequest = new TokenRequest(map, clientId, clientDetails.getScope(), "client_credentials");
-
-			OAuth2Request oAuth2Request = tokenRequest.createOAuth2Request(clientDetails);
-
-			AuthorizationServerTokenServices authorizationServerTokenServices = SpringUtil
-					.getBean("defaultAuthorizationServerTokenServices", AuthorizationServerTokenServices.class);
-			OAuth2RequestFactory requestFactory = new DefaultOAuth2RequestFactory(clientDetailsService);
-			ClientCredentialsTokenGranter clientCredentialsTokenGranter = new ClientCredentialsTokenGranter(
-					authorizationServerTokenServices, clientDetailsService, requestFactory);
-
-			clientCredentialsTokenGranter.setAllowRefresh(true);
-			OAuth2AccessToken oAuth2AccessToken = clientCredentialsTokenGranter.grant("client_credentials",
-					tokenRequest);
-
-			response.setContentType("application/json;charset=UTF-8");
-			response.getWriter().write(objectMapper.writeValueAsString(oAuth2AccessToken));
-			response.getWriter().flush();
-			response.getWriter().close();
-
-		} catch (Exception e) {
-
-			response.setStatus(HttpStatus.UNAUTHORIZED.value());
-			response.setContentType("application/json;charset=UTF-8");
-			Map<String, String> rsp = new HashMap<>();
-			rsp.put("resp_code", HttpStatus.UNAUTHORIZED.value() + "");
-			rsp.put("rsp_msg", e.getMessage());
-
-			try {
-				response.getWriter().write(objectMapper.writeValueAsString(rsp));
-				response.getWriter().flush();
-				response.getWriter().close();
-			} catch (JsonProcessingException e1) {
-				// TODO Auto-generated catch block
-				e1.printStackTrace();
-			} catch (IOException e1) {
-				// TODO Auto-generated catch block
-				e1.printStackTrace();
-			}
-
-		}
-	}
-
-	@ApiOperation(value = "access_token刷新token")
-	@PostMapping(value = "/oauth/refresh/token", params = "access_token")
-	public void refreshTokenInfo(String access_token, HttpServletRequest request, HttpServletResponse response) {
-
-		// 拿到当前用户信息
-		try {
-			Authentication user = SecurityContextHolder.getContext().getAuthentication();
-
-			if (user != null) {
-				if (user instanceof OAuth2Authentication) {
-					Authentication athentication = (Authentication) user;
-					OAuth2AuthenticationDetails details = (OAuth2AuthenticationDetails) athentication.getDetails();
-				}
-
-			}
-			OAuth2AccessToken accessToken = tokenStore.readAccessToken(access_token);
-			OAuth2Authentication auth = (OAuth2Authentication) user;
-			RedisClientDetailsService clientDetailsService = SpringUtil.getBean(RedisClientDetailsService.class);
-
-			ClientDetails clientDetails = clientDetailsService
-					.loadClientByClientId(auth.getOAuth2Request().getClientId());
-
-			AuthorizationServerTokenServices authorizationServerTokenServices = SpringUtil
-					.getBean("defaultAuthorizationServerTokenServices", AuthorizationServerTokenServices.class);
-			OAuth2RequestFactory requestFactory = new DefaultOAuth2RequestFactory(clientDetailsService);
-
-			RefreshTokenGranter refreshTokenGranter = new RefreshTokenGranter(authorizationServerTokenServices,
-					clientDetailsService, requestFactory);
-
-			Map<String, String> map = new HashMap<>();
-			map.put("grant_type", "refresh_token");
-			map.put("refresh_token", accessToken.getRefreshToken().getValue());
-			TokenRequest tokenRequest = new TokenRequest(map, auth.getOAuth2Request().getClientId(),
-					auth.getOAuth2Request().getScope(), "refresh_token");
-
-			OAuth2AccessToken oAuth2AccessToken = refreshTokenGranter.grant("refresh_token", tokenRequest);
-
-			tokenStore.removeAccessToken(accessToken);
-
-			response.setContentType("application/json;charset=UTF-8");
-			response.getWriter().write(objectMapper.writeValueAsString(oAuth2AccessToken));
-			response.getWriter().flush();
-			response.getWriter().close();
-		} catch (Exception e) {
-			response.setStatus(HttpStatus.UNAUTHORIZED.value());
-			response.setContentType("application/json;charset=UTF-8");
-			Map<String, String> rsp = new HashMap<>();
-			rsp.put("resp_code", HttpStatus.UNAUTHORIZED.value() + "");
-			rsp.put("rsp_msg", e.getMessage());
-
-			try {
-				response.getWriter().write(objectMapper.writeValueAsString(rsp));
-				response.getWriter().flush();
-				response.getWriter().close();
-			} catch (JsonProcessingException e1) {
-				// TODO Auto-generated catch block
-				e1.printStackTrace();
-			} catch (IOException e1) {
-				// TODO Auto-generated catch block
-				e1.printStackTrace();
-			}
-		}
-
-	}
-
-	/**
-	 * 移除access_token和refresh_token
-	 * 
-	 * @param access_token
-	 */
-	@ApiOperation(value = "移除token")
-	@PostMapping(value = "/oauth/remove/token", params = "access_token")
-	public void removeToken(String access_token) {
-
-		// 拿到当前用户信息
-		Authentication user = SecurityContextHolder.getContext().getAuthentication();
-
-		if (user != null) {
-			if (user instanceof OAuth2Authentication) {
-				Authentication athentication = (Authentication) user;
-				OAuth2AuthenticationDetails details = (OAuth2AuthenticationDetails) athentication.getDetails();
-			}
-
-		}
-		OAuth2AccessToken accessToken = tokenStore.readAccessToken(access_token);
-		if (accessToken != null) {
-			// 移除access_token
-			tokenStore.removeAccessToken(accessToken);
-
-			// 移除refresh_token
-			if (accessToken.getRefreshToken() != null) {
-				tokenStore.removeRefreshToken(accessToken.getRefreshToken());
-			}
-
-		}
-	}
-
-	@ApiOperation(value = "获取token信息")
-	@PostMapping(value = "/oauth/get/token", params = "access_token")
-	public OAuth2AccessToken getTokenInfo(String access_token) {
-
-		// 拿到当前用户信息
-		Authentication user = SecurityContextHolder.getContext().getAuthentication();
-
-		if (user != null) {
-			if (user instanceof OAuth2Authentication) {
-				Authentication athentication = (Authentication) user;
-				OAuth2AuthenticationDetails details = (OAuth2AuthenticationDetails) athentication.getDetails();
-			}
-
-		}
-		OAuth2AccessToken accessToken = tokenStore.readAccessToken(access_token);
-
-		return accessToken;
-
-	}
-
-	/**
-	 * 当前登陆用户信息
-	 * security获取当前登录用户的方法是SecurityContextHolder.getContext().getAuthentication()
-	 * 这里的实现类是org.springframework.security.oauth2.provider.OAuth2Authentication
-	 * 
-	 * @return
-	 */
-	@ApiOperation(value = "当前登陆用户信息")
-	@RequestMapping(value = { "/oauth/userinfo" }, produces = "application/json") // 获取用户信息。/auth/user
-	public Map<String, Object> getCurrentUserDetail() {
-		Map<String, Object> userInfo = new HashMap<>();
-		userInfo.put("user", SecurityContextHolder.getContext().getAuthentication().getPrincipal());
-		logger.debug("认证详细信息:" + SecurityContextHolder.getContext().getAuthentication().getPrincipal().toString());
-
-		List<SysPermission> permissions = new ArrayList<>();
-
-		new ArrayList(SecurityContextHolder.getContext().getAuthentication().getAuthorities()).forEach(o -> {
-			SysPermission sysPermission = new SysPermission();
-			sysPermission.setPermission(o.toString());
-			permissions.add(sysPermission);
-		});
-		// userInfo.put("authorities",
-		// AuthorityUtils.authorityListToSet(SecurityContextHolder.getContext().getAuthentication().getAuthorities())
-		// );
-		userInfo.put("permissions", permissions);
-
-		userInfo.put("resp_code", "200");
-
-		logger.info("返回信息:{}", userInfo);
-
-		return userInfo;
-	}
-
-	@ApiOperation(value = "token列表")
-	@PostMapping("/oauth/token/list")
-	public PageResult<HashMap<String, String>> getUserTokenInfo(@RequestParam Map<String, Object> params)
-			throws Exception {
-		List<HashMap<String, String>> list = new ArrayList<>();
-
-		Set<String> keys = redisTemplate.keys("access:" + "*") ;
-//        Object key1 = keys.toArray()[0];
-//        Object token1 = redisTemplate.opsForValue().get(key1);
-		//根据分页参数获取对应数据
-	//	List<String> pages = findKeysForPage("access:" + "*", MapUtils.getInteger(params, "page"),MapUtils.getInteger(params, "limit"));
-
-		for (Object key: keys.toArray()) {
-//			String key = page;
-//			String accessToken = StringUtils.substringAfter(key, "access:");
-//			OAuth2AccessToken token = tokenStore.readAccessToken(accessToken);
-            OAuth2AccessToken token = (OAuth2AccessToken)redisTemplate.opsForValue().get(key);
-			HashMap<String, String> map = new HashMap<String, String>();
-
-			try {
-				map.put("token_type", token.getTokenType());
-				map.put("token_value", token.getValue());
-				map.put("expires_in", token.getExpiresIn()+"");
-			} catch (Exception e) {
-				 
-			}
-			
-			
-			OAuth2Authentication oAuth2Auth = tokenStore.readAuthentication(token);
-			Authentication authentication = oAuth2Auth.getUserAuthentication();
-
-			map.put("client_id", oAuth2Auth.getOAuth2Request().getClientId());
-			map.put("grant_type", oAuth2Auth.getOAuth2Request().getGrantType());
-			
-			if (authentication instanceof UsernamePasswordAuthenticationToken) {
-				UsernamePasswordAuthenticationToken authenticationToken = (UsernamePasswordAuthenticationToken) authentication;
-			
-				if(authenticationToken.getPrincipal() instanceof LoginAppUser ){
-					LoginAppUser user = (LoginAppUser) authenticationToken.getPrincipal();
-					map.put("user_id", user.getId()+"");
-					map.put("user_name", user.getUsername()+"");
-					map.put("user_head_imgurl", user.getHeadImgUrl()+"");
-				}
-				
-				
-			}else if (authentication instanceof PreAuthenticatedAuthenticationToken){
-				//刷新token方式
-				PreAuthenticatedAuthenticationToken authenticationToken = (PreAuthenticatedAuthenticationToken) authentication;
-				if(authenticationToken.getPrincipal() instanceof LoginAppUser ){
-					LoginAppUser user = (LoginAppUser) authenticationToken.getPrincipal();
-					map.put("user_id", user.getId()+"");
-					map.put("user_name", user.getUsername()+"");
-					map.put("user_head_imgurl", user.getHeadImgUrl()+"");
-				}
-
-			}
-			list.add(map);
-
-		}
-
-
-
-		return PageResult.<HashMap<String, String>>builder().data(list).code(0).count((long) keys.size()).build();
-
-	}
-
-	public List<String> findKeysForPage(String patternKey, int pageNum, int pageSize) {
-
-		Set<String> execute = redisTemplate.execute(new RedisCallback<Set<String>>() {
-
-			@Override
-			public Set<String> doInRedis(RedisConnection connection) throws DataAccessException {
-
-				Set<String> binaryKeys = new HashSet<>();
-
-				Cursor<byte[]> cursor = connection
-						.scan(new ScanOptions.ScanOptionsBuilder().match(patternKey).count(1000).build());
-				int tmpIndex = 0;
-				int startIndex = (pageNum - 1) * pageSize;
-				int end = pageNum * pageSize;
-				while (cursor.hasNext()) {
-					if (tmpIndex >= startIndex && tmpIndex < end) {
-						binaryKeys.add(new String(cursor.next()));
-						tmpIndex++;
-						continue;
-					}
-
-					// 获取到满足条件的数据后,就可以退出了
-					if (tmpIndex >= end) {
-						break;
-					}
-
-					tmpIndex++;
-					cursor.next();
-				}
-				connection.close();
-				return binaryKeys;
-			}
-		});
-
-		List<String> result = new ArrayList<String>(pageSize);
-		result.addAll(execute);
-		return result;
-	}
-
-}
@@ -1,16 +0,0 @@
-package com.sincere.autho.control;
-
-import org.springframework.web.bind.annotation.GetMapping;
-import org.springframework.web.bind.annotation.RestController;
-
-import java.security.Principal;
-
-@RestController
-public class UserController {
-
-    @GetMapping("/user")
-    public Principal user(Principal user){
-        return user;
-    }
-
-}
@@ -0,0 +1,36 @@
+package com.sincere.autho.dto;
+
+public class BaseDto<T> {
+
+    private String message ;
+    private boolean status ;
+    private T data ;
+
+    public String getMessage() {
+        return message;
+    }
+
+    public void setMessage(String message) {
+        this.message = message;
+    }
+
+    public boolean isStatus() {
+        return status;
+    }
+
+    public void setStatus(boolean status) {
+        this.status = status;
+    }
+
+    public T getData() {
+        return data;
+    }
+
+    public void setData(T data) {
+        this.data = data;
+    }
+
+    public BaseDto() {
+        this.status = true ;
+    }
+}
@@ -0,0 +1,32 @@
+package com.sincere.autho.dto.req;
+
+public class LoginReqDto {
+
+    private String account ;
+    private String password ;
+    private int userType ;  // 2:学生；3：家长；其他都是老师
+
+    public String getAccount() {
+        return account;
+    }
+
+    public void setAccount(String account) {
+        this.account = account;
+    }
+
+    public String getPassword() {
+        return password;
+    }
+
+    public void setPassword(String password) {
+        this.password = password;
+    }
+
+    public int getUserType() {
+        return userType;
+    }
+
+    public void setUserType(int userType) {
+        this.userType = userType;
+    }
+}
@@ -1,63 +0,0 @@
-package com.sincere.autho.handler;
-
-import io.grpc.StatusRuntimeException;
-import org.springframework.http.HttpStatus;
-import org.springframework.security.access.AccessDeniedException;
-import org.springframework.web.bind.annotation.ExceptionHandler;
-import org.springframework.web.bind.annotation.ResponseStatus;
-import org.springframework.web.bind.annotation.RestControllerAdvice;
-
-import java.util.HashMap;
-import java.util.Map;
-
-
-/**
- * @author 作者 owen E-mail: 624191343@qq.com
- * @version 创建时间：2017年11月12日 上午22:57:51
- * 异常通用处理
-*/
-@RestControllerAdvice
-public class ExceptionHandlerAdvice {
-
-	/**
-	 * IllegalArgumentException异常处理返回json
-	 * 状态码:400
-	 * @param exception
-	 * @return
-	 */
-	@ExceptionHandler({ IllegalArgumentException.class })
-	@ResponseStatus(HttpStatus.BAD_REQUEST)
-	public Map<String, Object> badRequestException(IllegalArgumentException exception) {
-		Map<String, Object> data = new HashMap<>();
-		data.put("resp_code", HttpStatus.BAD_REQUEST.value());
-		data.put("resp_msg", exception.getMessage());
-
-		return data;
-	}
-	/**
-	 * AccessDeniedException异常处理返回json
-	 * 状态码:403
-	 * @param exception
-	 * @return
-	 */
-	@ExceptionHandler({ AccessDeniedException.class })
-	@ResponseStatus(HttpStatus.FORBIDDEN)
-	public Map<String, Object> badMethodExpressException(AccessDeniedException exception) {
-		Map<String, Object> data = new HashMap<>();
-		data.put("resp_code", HttpStatus.FORBIDDEN.value());
-		data.put("resp_msg", exception.getMessage());
-
-		return data;
-	}
-	@ExceptionHandler({ StatusRuntimeException.class })
-	@ResponseStatus(HttpStatus.BAD_REQUEST)
-	public Map<String, Object> badRequestException(StatusRuntimeException exception) {
-		Map<String, Object> data = new HashMap<>();
-		data.put("resp_code", HttpStatus.INTERNAL_SERVER_ERROR.value());
-		data.put("resp_msg", exception.getMessage());
-
-		return data;
-	}
- 
-    
-}
@@ -1,90 +0,0 @@
-package com.sincere.autho.handler;
-
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.security.core.Authentication;
-import org.springframework.security.oauth2.common.OAuth2AccessToken;
-import org.springframework.security.oauth2.common.OAuth2RefreshToken;
-import org.springframework.security.oauth2.provider.authentication.OAuth2AuthenticationDetails;
-import org.springframework.security.oauth2.provider.token.TokenStore;
-import org.springframework.security.web.authentication.logout.LogoutHandler;
-import org.springframework.util.Assert;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import java.util.Enumeration;
-
-/**
- * @author keets
- * @date 2017/10/17
- */
-public class OauthLogoutHandler implements LogoutHandler {
-
-	private static final Logger logger = LoggerFactory.getLogger(OauthLogoutHandler.class);
-
-	@Autowired
-	private TokenStore tokenStore;
-
-	@Override
-	public void logout(HttpServletRequest request, HttpServletResponse response, Authentication authentication) {
-		Assert.notNull(tokenStore, "tokenStore must be set");
-		String token = extractToken(request);
-		if(token!=null || !"".equals(token)){
-			OAuth2AccessToken existingAccessToken = tokenStore.readAccessToken(token);
-			OAuth2RefreshToken refreshToken;
-			if (existingAccessToken != null) {
-				if (existingAccessToken.getRefreshToken() != null) {
-					logger.info("remove refreshToken!", existingAccessToken.getRefreshToken());
-					refreshToken = existingAccessToken.getRefreshToken();
-					tokenStore.removeRefreshToken(refreshToken);
-				}
-				logger.info("remove existingAccessToken!", existingAccessToken);
-				tokenStore.removeAccessToken(existingAccessToken);
-			}
-			return;
-		}
-
-	}
-
-	protected String extractToken(HttpServletRequest request) {
-		// first check the header...
-		String token = extractHeaderToken(request);
-
-		// bearer type allows a request parameter as well
-		if (token == null) {
-			logger.debug("Token not found in headers. Trying request parameters.");
-			token = request.getParameter(OAuth2AccessToken.ACCESS_TOKEN);
-			if (token == null) {
-				logger.debug("Token not found in request parameters.  Not an OAuth2 request.");
-			} else {
-				request.setAttribute(OAuth2AuthenticationDetails.ACCESS_TOKEN_TYPE, OAuth2AccessToken.BEARER_TYPE);
-			}
-		}
-
-		return token;
-	}
-
-	protected String extractHeaderToken(HttpServletRequest request) {
-		Enumeration<String> headers = request.getHeaders("Authorization");
-		while (headers.hasMoreElements()) { // typically there is only one (most
-											// servers enforce that)
-			String value = headers.nextElement();
-			if ((value.toLowerCase().startsWith(OAuth2AccessToken.BEARER_TYPE.toLowerCase()))) {
-				String authHeaderValue = value.substring(OAuth2AccessToken.BEARER_TYPE.length()).trim();
-				// Add this here for the auth details later. Would be better to
-				// change the signature of this method.
-				request.setAttribute(OAuth2AuthenticationDetails.ACCESS_TOKEN_TYPE,
-						value.substring(0, OAuth2AccessToken.BEARER_TYPE.length()).trim());
-				int commaIndex = authHeaderValue.indexOf(',');
-				if (commaIndex > 0) {
-					authHeaderValue = authHeaderValue.substring(0, commaIndex);
-				}
-				return authHeaderValue;
-			}
-		}
-
-		return null;
-	}
-
-}
@@ -1,13 +0,0 @@
-package com.sincere.autho.log.dao;
-
-import com.sincere.common.model.log.SysLog;
-import org.apache.ibatis.annotations.Insert;
-import org.apache.ibatis.annotations.Mapper;
-
-@Mapper
-public interface LogDao {
-
-	@Insert("insert into sys_log(username, module, params, remark, flag, createTime) values(#{username}, #{module}, #{params}, #{remark}, #{flag}, #{createTime})")
-	int save(SysLog log);
-
-}
@@ -1,11 +0,0 @@
-package com.sincere.autho.log.service;
-
-
-import com.sincere.common.model.log.SysLog;
-
-public interface LogService {
-
-	void save(SysLog log);
-
-
-}
@@ -1,34 +0,0 @@
-package com.sincere.autho.log.service.impl;
-
-import com.sincere.autho.annotation.datasource.DataSource;
-import com.sincere.autho.log.dao.LogDao;
-import com.sincere.autho.log.service.LogService;
-import com.sincere.common.model.log.SysLog;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.scheduling.annotation.Async;
-import org.springframework.stereotype.Service;
-
-import java.util.Date;
-
-@Service
-public class LogServiceImpl implements LogService {
-
-	@Autowired
-	private LogDao logDao;
-
-	@Async
-	@Override
-	@DataSource(name="log")
-	public void save(SysLog log) {
-		if (log.getCreateTime() == null) {
-			log.setCreateTime(new Date());
-		}
-		if (log.getFlag() == null) {
-			log.setFlag(Boolean.TRUE);
-		}
-
-		logDao.save(log);
-	}
-
-	 
-}
@@ -0,0 +1,10 @@
+package com.sincere.autho.mapper;
+
+import com.sincere.autho.dto.req.LoginReqDto;
+
+public interface UserMapper {
+
+    String loginTeacher(LoginReqDto loginReqDto) ;
+
+    String loginStudent(LoginReqDto loginReqDto) ;
+}
@@ -0,0 +1,8 @@
+package com.sincere.autho.service;
+
+import com.sincere.autho.dto.req.LoginReqDto;
+
+public interface LoginService {
+
+    String login(LoginReqDto loginReqDto);
+}
@@ -1,58 +0,0 @@
-package com.sincere.autho.service;
-
-import org.springframework.data.redis.core.RedisTemplate;
-import org.springframework.security.oauth2.provider.OAuth2Authentication;
-import org.springframework.security.oauth2.provider.code.RandomValueAuthorizationCodeServices;
-
-import java.util.concurrent.TimeUnit;
-
-/**
- * JdbcAuthorizationCodeServices替换
- */
-public class RedisAuthorizationCodeServices extends RandomValueAuthorizationCodeServices {
-
-	private RedisTemplate<String,Object> redisTemplate ;
-
-	
-	public RedisTemplate<String, Object> getRedisTemplate() {
-		return redisTemplate;
-	}
-
-	public void setRedisTemplate(RedisTemplate<String, Object> redisTemplate) {
-		this.redisTemplate = redisTemplate;
-	}
-
-	/**
-	 * 替换JdbcAuthorizationCodeServices的存储策略
-	 * 将存储code到redis，并设置过期时间，10分钟<br>
-	 */
-	@Override
-	protected void store(String code, OAuth2Authentication authentication) {
-		
-		redisTemplate.opsForValue().set(redisKey(code), authentication, 10, TimeUnit.MINUTES);
-		
-		 
-	}
-
-	@Override
-	protected OAuth2Authentication remove(final String code) {
-		 
-		String codeKey =redisKey(code) ;
-			
-		OAuth2Authentication token = (OAuth2Authentication) redisTemplate.opsForValue().get(codeKey) ;
-			
-		this.redisTemplate.delete(codeKey); 
-
-		return token;
-	}
-
-	/**
-	 * redis中 code key的前缀
-	 * 
-	 * @param code
-	 * @return
-	 */
-	private String redisKey(String code) {
-		return "oauth:code:" + code;
-	}
-}
@@ -1,153 +0,0 @@
-package com.sincere.autho.service;
-
-import com.alibaba.fastjson.JSONObject;
-import org.apache.commons.lang.StringUtils;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.data.redis.core.RedisTemplate;
-import org.springframework.security.oauth2.common.exceptions.InvalidClientException;
-import org.springframework.security.oauth2.provider.ClientDetails;
-import org.springframework.security.oauth2.provider.NoSuchClientException;
-import org.springframework.security.oauth2.provider.client.BaseClientDetails;
-import org.springframework.security.oauth2.provider.client.JdbcClientDetailsService;
-import org.springframework.util.CollectionUtils;
-
-import javax.sql.DataSource;
-import java.util.List;
-
-
-/**
- * @author owen 624191343@qq.com
- * @version 创建时间：2017年11月12日 上午22:57:51
- * 类说明
- * 将oauth_client_details表数据缓存到redis，这里做个缓存优化
- * layui模块中有对oauth_client_details的crud， 注意同步redis的数据
- * 注意对oauth_client_details清楚redis db部分数据的清空
- */
-
-public class RedisClientDetailsService extends JdbcClientDetailsService {
-
-
-    // 扩展 默认的 ClientDetailsService, 增加逻辑删除判断( status = 1)
-    private static final String SELECT_CLIENT_DETAILS_SQL = "select client_id, client_secret, resource_ids, scope, authorized_grant_types, " +
-            "web_server_redirect_uri, authorities, access_token_validity, refresh_token_validity, additional_information, autoapprove " +
-            "from oauth_client_details where client_id = ? and `status` = 1 ";
-
-
-    private static final String SELECT_FIND_STATEMENT = "select client_id, client_secret,resource_ids, scope, "
-            + "authorized_grant_types, web_server_redirect_uri, authorities, access_token_validity, "
-            + "refresh_token_validity, additional_information, autoapprove   from oauth_client_details where `status` = 1 order by client_id " ;
-
-    /**
-     * 缓存client的redis key，这里是hash结构存储
-     */
-    private static final String CACHE_CLIENT_KEY = "oauth_client_details";
-
-    private Logger logger = LoggerFactory.getLogger(RedisClientDetailsService.class) ;
-
-    private RedisTemplate<String,Object> redisTemplate ;
-
-    public RedisTemplate<String, Object> getRedisTemplate() {
-        return redisTemplate;
-    }
-
-    public void setRedisTemplate(RedisTemplate<String, Object> redisTemplate) {
-        this.redisTemplate = redisTemplate;
-    }
-
-    public RedisClientDetailsService(DataSource dataSource) {
-        super(dataSource);
-        setSelectClientDetailsSql(SELECT_CLIENT_DETAILS_SQL) ;
-        setFindClientDetailsSql(SELECT_FIND_STATEMENT) ;
-    }
-
-
-
-    @Override
-    public ClientDetails loadClientByClientId(String clientId) throws InvalidClientException {
-        ClientDetails clientDetails = null;
-
-        // 先从redis获取
-        String value = (String) redisTemplate.boundHashOps(CACHE_CLIENT_KEY).get(clientId);
-        if (StringUtils.isBlank(value)) {
-            clientDetails = cacheAndGetClient(clientId);
-        } else {
-            clientDetails = JSONObject.parseObject(value, BaseClientDetails.class);
-        }
-
-        return clientDetails;
-    }
-
-    /**
-     * 缓存client并返回client
-     *
-     * @param clientId
-     * @return
-     */
-    private ClientDetails cacheAndGetClient(String clientId) {
-        // 从数据库读取
-        ClientDetails clientDetails = null ;
-        try {
-            clientDetails = super.loadClientByClientId(clientId);
-            if (clientDetails != null) {
-                // 写入redis缓存
-                redisTemplate.boundHashOps(CACHE_CLIENT_KEY).put(clientId, JSONObject.toJSONString(clientDetails));
-                logger.info("缓存clientId:{},{}", clientId, clientDetails);
-            }
-        }catch (NoSuchClientException e){
-            logger.info("clientId:{},{}", clientId, clientId );
-        }catch (InvalidClientException e) {
-            // TODO Auto-generated catch block
-            e.printStackTrace();
-        }
-
-        return clientDetails;
-    }
-
-    @Override
-    public void updateClientDetails(ClientDetails clientDetails) throws NoSuchClientException {
-        super.updateClientDetails(clientDetails);
-        cacheAndGetClient(clientDetails.getClientId());
-    }
-
-    @Override
-    public void updateClientSecret(String clientId, String secret) throws NoSuchClientException {
-        super.updateClientSecret(clientId, secret);
-        cacheAndGetClient(clientId);
-    }
-
-    @Override
-    public void removeClientDetails(String clientId) throws NoSuchClientException {
-        super.removeClientDetails(clientId);
-        removeRedisCache(clientId);
-    }
-
-    /**
-     * 删除redis缓存
-     *
-     * @param clientId
-     */
-    private void removeRedisCache(String clientId) {
-        redisTemplate.boundHashOps(CACHE_CLIENT_KEY).delete(clientId);
-    }
-
-    /**
-     * 将oauth_client_details全表刷入redis
-     */
-    public void loadAllClientToCache() {
-        if (redisTemplate.hasKey(CACHE_CLIENT_KEY)) {
-            return;
-        }
-        logger.info("将oauth_client_details全表刷入redis");
-
-        List<ClientDetails> list = super.listClientDetails();
-        if (CollectionUtils.isEmpty(list)) {
-            logger.error("oauth_client_details表数据为空，请检查");
-            return;
-        }
-
-        list.parallelStream().forEach(client -> {
-            redisTemplate.boundHashOps(CACHE_CLIENT_KEY).put(client.getClientId(), JSONObject.toJSONString(client));
-        });
-    }
-}
@@ -0,0 +1,25 @@
+package com.sincere.autho.service.impl;
+
+import com.sincere.autho.dto.req.LoginReqDto;
+import com.sincere.autho.mapper.UserMapper;
+import com.sincere.autho.service.LoginService;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Service;
+
+@Service
+public class LoginServiceImpl implements LoginService {
+
+    @Autowired
+    UserMapper userMapper ;
+
+    @Override
+    public String login(LoginReqDto loginReqDto) {
+        String userId = "" ;
+        if(loginReqDto.getUserType() == 2){
+            userId = userMapper.loginStudent(loginReqDto);
+        }else {
+            userId = userMapper.loginTeacher(loginReqDto);
+        }
+        return userId;
+    }
+}
@@ -1,331 +0,0 @@
-package com.sincere.autho.token;
-
-import com.sincere.common.model.system.LoginAppUser;
-import org.springframework.data.redis.core.RedisTemplate;
-import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
-import org.springframework.security.oauth2.common.DefaultOAuth2AccessToken;
-import org.springframework.security.oauth2.common.ExpiringOAuth2RefreshToken;
-import org.springframework.security.oauth2.common.OAuth2AccessToken;
-import org.springframework.security.oauth2.common.OAuth2RefreshToken;
-import org.springframework.security.oauth2.provider.OAuth2Authentication;
-import org.springframework.security.oauth2.provider.token.AuthenticationKeyGenerator;
-import org.springframework.security.oauth2.provider.token.DefaultAuthenticationKeyGenerator;
-import org.springframework.security.oauth2.provider.token.TokenStore;
-
-import java.time.Instant;
-import java.time.LocalDateTime;
-import java.time.ZoneId;
-import java.util.*;
-import java.util.concurrent.TimeUnit;
-
-/**
- * @version  redis集群存储token
- */
-
-public class RedisTemplateTokenStore implements TokenStore {
-
-	private static final String ACCESS = "access:";
-	private static final String AUTH_TO_ACCESS = "auth_to_access:";
-	private static final String AUTH = "auth:";
-	private static final String REFRESH_AUTH = "refresh_auth:";
-	private static final String ACCESS_TO_REFRESH = "access_to_refresh:";
-	private static final String REFRESH = "refresh:";
-	private static final String REFRESH_TO_ACCESS = "refresh_to_access:";
-	private static final String CLIENT_ID_TO_ACCESS = "client_id_to_access:";
-	private static final String UNAME_TO_ACCESS = "uname_to_access:";
-	private static final String TOKEN = "token:";
-
-	private RedisTemplate<String, Object> redisTemplate;
-
-	public RedisTemplate<String, Object> getRedisTemplate() {
-		return redisTemplate;
-	}
-
-	public void setRedisTemplate(RedisTemplate<String, Object> redisTemplate) {
-		this.redisTemplate = redisTemplate;
-	}
-
-	private AuthenticationKeyGenerator authenticationKeyGenerator = new DefaultAuthenticationKeyGenerator();
-
-	public void setAuthenticationKeyGenerator(AuthenticationKeyGenerator authenticationKeyGenerator) {
-		this.authenticationKeyGenerator = authenticationKeyGenerator;
-	}
-
-	public OAuth2AccessToken getAccessToken(OAuth2Authentication authentication) {
-		String key = authenticationKeyGenerator.extractKey(authentication);
-		OAuth2AccessToken accessToken = (OAuth2AccessToken) redisTemplate.opsForValue().get(AUTH_TO_ACCESS + key);
-		if (accessToken != null
-				&& !key.equals(authenticationKeyGenerator.extractKey(readAuthentication(accessToken.getValue())))) {
-			// Keep the stores consistent (maybe the same user is represented by
-			// this authentication but the details
-			// have changed)
-			storeAccessToken(accessToken, authentication);
-		}
-		return accessToken;
-	}
-
-	public OAuth2Authentication readAuthentication(OAuth2AccessToken token) {
-		return readAuthentication(token.getValue());
-	}
-
-	public OAuth2Authentication readAuthentication(String token) {
-		return (OAuth2Authentication) this.redisTemplate.opsForValue().get(AUTH + token);
-	}
-
-	public OAuth2Authentication readAuthenticationForRefreshToken(OAuth2RefreshToken token) {
-		return readAuthenticationForRefreshToken(token.getValue());
-	}
-
-	public OAuth2Authentication readAuthenticationForRefreshToken(String token) {
-		return (OAuth2Authentication) this.redisTemplate.opsForValue().get(REFRESH_AUTH + token);
-	}
-
-	public void storeAccessToken(OAuth2AccessToken token, OAuth2Authentication authentication) {
-
-		OAuth2AccessToken existingAccessToken = this.getAccessToken(authentication);
-
-		this.redisTemplate.opsForValue().set(ACCESS + token.getValue(), token);
-		this.redisTemplate.opsForValue().set(AUTH + token.getValue(), authentication);
-		this.redisTemplate.opsForValue().set(AUTH_TO_ACCESS + authenticationKeyGenerator.extractKey(authentication),
-				token);
-
-		Map<String, Object> params = new HashMap<>();
-
-		params.put("clientId", authentication.getOAuth2Request().getClientId());
-
-		if (authentication.getUserAuthentication() instanceof UsernamePasswordAuthenticationToken) {
-			UsernamePasswordAuthenticationToken authenticationToken = (UsernamePasswordAuthenticationToken) authentication
-					.getUserAuthentication();
-			LoginAppUser appUser = (LoginAppUser) authenticationToken.getPrincipal();
-			params.put("username", appUser.getUsername());
-			params.put("authorities", appUser.getAuthorities());
-		}
-
-		if (!params.isEmpty()) {
-			this.redisTemplate.opsForValue().set(TOKEN + token.getValue(), params);
-		}
-
-		if (!authentication.isClientOnly()) {
-			if (existingAccessToken != null) {
-				if (!existingAccessToken.isExpired()) {
-					int seconds = token.getExpiresIn();
-					redisTemplate.expire(UNAME_TO_ACCESS + authentication.getOAuth2Request().getClientId(), seconds,
-							TimeUnit.SECONDS);
-				} else {
-					redisTemplate.opsForList().rightPush(UNAME_TO_ACCESS + getApprovalKey(authentication), token);
-				}
-			} else {
-				redisTemplate.opsForList().rightPush(UNAME_TO_ACCESS + getApprovalKey(authentication), token);
-			}
-
-		}
-
-		if (existingAccessToken != null) {
-			if (!existingAccessToken.isExpired()) {
-				int seconds = token.getExpiresIn();
-				redisTemplate.expire(CLIENT_ID_TO_ACCESS + authentication.getOAuth2Request().getClientId(), seconds,
-						TimeUnit.SECONDS);
-
-			} else {
-				redisTemplate.opsForList()
-						.rightPush(CLIENT_ID_TO_ACCESS + authentication.getOAuth2Request().getClientId(), token);
-			}
-		} else {
-			redisTemplate.opsForList().rightPush(CLIENT_ID_TO_ACCESS + authentication.getOAuth2Request().getClientId(),
-					token);
-		}
-
-		if (token.getExpiration() != null) {
-
-			int seconds = token.getExpiresIn();
-			redisTemplate.expire(ACCESS + token.getValue(), seconds, TimeUnit.SECONDS);
-			redisTemplate.expire(AUTH + token.getValue(), seconds, TimeUnit.SECONDS);
-			redisTemplate.expire(TOKEN + token.getValue(), seconds, TimeUnit.SECONDS);
-			redisTemplate.expire(AUTH_TO_ACCESS + authenticationKeyGenerator.extractKey(authentication), seconds,
-					TimeUnit.SECONDS);
-			redisTemplate.expire(CLIENT_ID_TO_ACCESS + authentication.getOAuth2Request().getClientId(), seconds,
-					TimeUnit.SECONDS);
-			redisTemplate.expire(UNAME_TO_ACCESS + getApprovalKey(authentication), seconds, TimeUnit.SECONDS);
-		}
-
-		OAuth2RefreshToken refreshToken = token.getRefreshToken();
-
-		if (token.getRefreshToken() != null && token.getRefreshToken().getValue() != null) {
-			this.redisTemplate.opsForValue().set(REFRESH_TO_ACCESS + token.getRefreshToken().getValue(),
-					token.getValue());
-			this.redisTemplate.opsForValue().set(ACCESS_TO_REFRESH + token.getValue(),
-					token.getRefreshToken().getValue());
-
-			if (refreshToken instanceof ExpiringOAuth2RefreshToken) {
-				ExpiringOAuth2RefreshToken expiringRefreshToken = (ExpiringOAuth2RefreshToken) refreshToken;
-				Date expiration = expiringRefreshToken.getExpiration();
-				if (expiration != null) {
-					int seconds = Long.valueOf((expiration.getTime() - System.currentTimeMillis()) / 1000L).intValue();
-
-					redisTemplate.expire(REFRESH_TO_ACCESS + token.getRefreshToken().getValue(), seconds,
-							TimeUnit.SECONDS);
-					redisTemplate.expire(ACCESS_TO_REFRESH + token.getValue(), seconds, TimeUnit.SECONDS);
-
-				}
-			}
-
-		}
-	}
-
-	private String getApprovalKey(OAuth2Authentication authentication) {
-		String userName = authentication.getUserAuthentication() == null ? ""
-				: authentication.getUserAuthentication().getName();
-		return getApprovalKey(authentication.getOAuth2Request().getClientId(), userName);
-	}
-
-	private String getApprovalKey(String clientId, String userName) {
-		return clientId + (userName == null ? "" : ":" + userName);
-	}
-
-	public void removeAccessToken(OAuth2AccessToken accessToken) {
-		removeAccessToken(accessToken.getValue());
-	}
-
-	public OAuth2AccessToken readAccessToken(String tokenValue) {
-
-		OAuth2Authentication oauth2Authentication = (OAuth2Authentication) this.redisTemplate.opsForValue()
-				.get(AUTH + tokenValue);
-		OAuth2AccessToken oauth2AccessToken = (OAuth2AccessToken) this.redisTemplate.opsForValue()
-				.get(ACCESS + tokenValue);
-		if (oauth2Authentication != null) {
-			String auth_to_access = authenticationKeyGenerator.extractKey(oauth2Authentication);
-			if (oauth2AccessToken != null) {
-				if (oauth2AccessToken.getExpiresIn() < 180) {
-
-					if (oauth2AccessToken instanceof DefaultOAuth2AccessToken) {
-						DefaultOAuth2AccessToken token = (DefaultOAuth2AccessToken) oauth2AccessToken;
-//						Calendar cal = Calendar.getInstance();
-//						cal.add(Calendar.DATE, 30);
-//						Date date = cal.getTime();
-						/**
-						 * 	自动续费 30分钟
-						 */
-						LocalDateTime t1 = LocalDateTime.now().plusMinutes(30);
-						ZoneId zone = ZoneId.systemDefault();
-						Instant instant = t1.atZone(zone).toInstant();
-						Date date = Date.from(instant);
-
-						token.setExpiration(date);
-
-						int seconds = token.getExpiresIn();
-
-						this.redisTemplate.opsForValue().set(AUTH_TO_ACCESS + auth_to_access, token, seconds,
-								TimeUnit.SECONDS);
-						this.redisTemplate.opsForValue().set(ACCESS + token.getValue(), token, seconds,
-								TimeUnit.SECONDS);
-
-						redisTemplate.expire(AUTH + token.getValue(), seconds, TimeUnit.SECONDS);
-						redisTemplate.expire(TOKEN + token.getValue(), seconds, TimeUnit.SECONDS);
-
-						redisTemplate.expire(
-								CLIENT_ID_TO_ACCESS + oauth2Authentication.getOAuth2Request().getClientId(), seconds,
-								TimeUnit.SECONDS);
-						redisTemplate.expire(UNAME_TO_ACCESS + getApprovalKey(oauth2Authentication), seconds,
-								TimeUnit.SECONDS);
-
-					}
-
-				}
-			}
-		}
-
-		return oauth2AccessToken;
-	}
-
-	public void removeAccessToken(String tokenValue) {
-		OAuth2AccessToken removed = (OAuth2AccessToken) redisTemplate.opsForValue().get(ACCESS + tokenValue);
-		// Don't remove the refresh token - it's up to the caller to do that
-		OAuth2Authentication authentication = (OAuth2Authentication) this.redisTemplate.opsForValue()
-				.get(AUTH + tokenValue);
-
-		this.redisTemplate.delete(AUTH + tokenValue);
-		redisTemplate.delete(ACCESS + tokenValue);
-		redisTemplate.delete(TOKEN + tokenValue);
-		this.redisTemplate.delete(ACCESS_TO_REFRESH + tokenValue);
-
-		if (authentication != null) {
-			this.redisTemplate.delete(AUTH_TO_ACCESS + authenticationKeyGenerator.extractKey(authentication));
-
-			String clientId = authentication.getOAuth2Request().getClientId();
-
-			// redisTemplate.opsForList().rightPush("UNAME_TO_ACCESS:"+getApprovalKey(authentication),
-			// token) ;
-			redisTemplate.opsForList().leftPop(UNAME_TO_ACCESS + getApprovalKey(clientId, authentication.getName()));
-
-			redisTemplate.opsForList().leftPop(CLIENT_ID_TO_ACCESS + clientId);
-
-			this.redisTemplate.delete(AUTH_TO_ACCESS + authenticationKeyGenerator.extractKey(authentication));
-		}
-	}
-
-	public void storeRefreshToken(OAuth2RefreshToken refreshToken, OAuth2Authentication authentication) {
-		this.redisTemplate.opsForValue().set(REFRESH + refreshToken.getValue(), refreshToken);
-		this.redisTemplate.opsForValue().set(REFRESH_AUTH + refreshToken.getValue(), authentication);
-	}
-
-	public OAuth2RefreshToken readRefreshToken(String tokenValue) {
-		return (OAuth2RefreshToken) this.redisTemplate.opsForValue().get(REFRESH + tokenValue);
-	}
-
-	public void removeRefreshToken(OAuth2RefreshToken refreshToken) {
-		removeRefreshToken(refreshToken.getValue());
-	}
-
-	public void removeRefreshToken(String tokenValue) {
-		this.redisTemplate.delete(REFRESH + tokenValue);
-		this.redisTemplate.delete(REFRESH_AUTH + tokenValue);
-		this.redisTemplate.delete(REFRESH_TO_ACCESS + tokenValue);
-	}
-
-	public void removeAccessTokenUsingRefreshToken(OAuth2RefreshToken refreshToken) {
-		removeAccessTokenUsingRefreshToken(refreshToken.getValue());
-	}
-
-	private void removeAccessTokenUsingRefreshToken(String refreshToken) {
-
-		String token = (String) this.redisTemplate.opsForValue().get(REFRESH_TO_ACCESS + refreshToken);
-
-		if (token != null) {
-			redisTemplate.delete(REFRESH_TO_ACCESS + refreshToken);
-		}
-	}
-
-	public Collection<OAuth2AccessToken> findTokensByClientIdAndUserName(String clientId, String userName) {
-		List<Object> result = redisTemplate.opsForList().range(UNAME_TO_ACCESS + getApprovalKey(clientId, userName), 0,
-				-1);
-
-		if (result == null || result.size() == 0) {
-			return Collections.<OAuth2AccessToken>emptySet();
-		}
-		List<OAuth2AccessToken> accessTokens = new ArrayList<OAuth2AccessToken>(result.size());
-
-		for (Iterator<Object> it = result.iterator(); it.hasNext();) {
-			OAuth2AccessToken accessToken = (OAuth2AccessToken) it.next();
-			accessTokens.add(accessToken);
-		}
-
-		return Collections.<OAuth2AccessToken>unmodifiableCollection(accessTokens);
-	}
-
-	public Collection<OAuth2AccessToken> findTokensByClientId(String clientId) {
-		List<Object> result = redisTemplate.opsForList().range((CLIENT_ID_TO_ACCESS + clientId), 0, -1);
-
-		if (result == null || result.size() == 0) {
-			return Collections.<OAuth2AccessToken>emptySet();
-		}
-		List<OAuth2AccessToken> accessTokens = new ArrayList<OAuth2AccessToken>(result.size());
-
-		for (Iterator<Object> it = result.iterator(); it.hasNext();) {
-			OAuth2AccessToken accessToken = (OAuth2AccessToken) it.next();
-			accessTokens.add(accessToken);
-		}
-
-		return Collections.<OAuth2AccessToken>unmodifiableCollection(accessTokens);
-	}
-
-}
@@ -1,35 +0,0 @@
-package com.sincere.autho.utils;
-
-import org.springframework.beans.BeansException;
-import org.springframework.context.ApplicationContext;
-import org.springframework.context.ApplicationContextAware;
-import org.springframework.core.env.Environment;
-import org.springframework.stereotype.Component;
-
-/**
- * spring获取bean工具类
- * 
- *
- */
-@Component
-public class SpringUtil implements ApplicationContextAware {
-
-	private static ApplicationContext applicationContext = null;
-
-	@Override
-	public void setApplicationContext(ApplicationContext applicationContext) throws BeansException {
-		SpringUtil.applicationContext = applicationContext;
-	}
-
-	public static <T> T getBean(Class<T> cla) {
-		return applicationContext.getBean(cla);
-	}
-
-	public static <T> T getBean(String name, Class<T> cal) {
-		return applicationContext.getBean(name, cal);
-	}
-
-	public static String getProperty(String key) {
-		return applicationContext.getBean(Environment.class).getProperty(key);
-	}
-}
@@ -1,41 +0,0 @@
-package com.sincere.autho.utils;
-
-import com.sincere.common.model.system.LoginAppUser;
-import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
-import org.springframework.security.core.Authentication;
-import org.springframework.security.core.context.SecurityContextHolder;
-import org.springframework.security.oauth2.provider.OAuth2Authentication;
-import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken;
-
-/**
- * @author 作者 owen E-mail: 624191343@qq.com
- * @version 创建时间：2017年11月12日 上午22:57:51 获取用户信息
- */
-public class SysUserUtil {
-
-	/**
-	 * 获取登陆的 LoginAppUser
-	 * 
-	 * @return
-	 */
-	@SuppressWarnings("rawtypes")
-	public static LoginAppUser getLoginAppUser() {
-		Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
-		if (authentication instanceof OAuth2Authentication) {
-			OAuth2Authentication oAuth2Auth = (OAuth2Authentication) authentication;
-			authentication = oAuth2Auth.getUserAuthentication();
-
-			if (authentication instanceof UsernamePasswordAuthenticationToken) {
-				UsernamePasswordAuthenticationToken authenticationToken = (UsernamePasswordAuthenticationToken) authentication;
-				return (LoginAppUser) authenticationToken.getPrincipal();
-			} else if (authentication instanceof PreAuthenticatedAuthenticationToken) {
-				// 刷新token方式
-				PreAuthenticatedAuthenticationToken authenticationToken = (PreAuthenticatedAuthenticationToken) authentication;
-				return (LoginAppUser) authenticationToken.getPrincipal();
-
-			}
-		}
-
-		return null;
-	}
-}
 server:
-  port: 8763
+  port: 9005
  
 spring:
   application:
-    name: auth-server
-session:
-  store-type: redis
+    name: authserver
   datasource:
-    dynamic:
-      enable: true
-    druid:
-      # JDBC 配置(驱动类自动从url的mysql识别,数据源类型自动识别)
-      core:
-        url: jdbc:mysql://localhost/oauth-center?useUnicode=true&characterEncoding=utf-8&allowMultiQueries=true&useSSL=false
-        username: root
-        password: root
-        driver-class-name:  com.mysql.jdbc.Driver
-      log:
-        url: jdbc:mysql://59.110.164.254:3306/log-center?useUnicode=true&characterEncoding=utf-8&allowMultiQueries=true&useSSL=false
-        username: root
-        password: root
-        driver-class-name:  com.mysql.jdbc.Driver
-      #连接池配置(通常来说，只需要修改initialSize、minIdle、maxActive
-      initial-size: 1
-      max-active: 20
-      min-idle: 1
-      # 配置获取连接等待超时的时间
-      max-wait: 60000
-      #打开PSCache，并且指定每个连接上PSCache的大小
-      pool-prepared-statements: true
-      max-pool-prepared-statement-per-connection-size: 20
-      validation-query: SELECT 'x'
-      test-on-borrow: false
-      test-on-return: false
-      test-while-idle: true
-      #配置间隔多久才进行一次检测，检测需要关闭的空闲连接，单位是毫秒
-      time-between-eviction-runs-millis: 60000
-      #配置一个连接在池中最小生存的时间，单位是毫秒
-      min-evictable-idle-time-millis: 300000
-      filters: stat,wall
-      # WebStatFilter配置，说明请参考Druid Wiki，配置_配置WebStatFilter
-      #是否启用StatFilter默认值true
-      web-stat-filter.enabled: true
-      web-stat-filter.url-pattern:  /*
-      web-stat-filter.exclusions: "*.js , *.gif ,*.jpg ,*.png ,*.css ,*.ico , /druid/*"
-      web-stat-filter.session-stat-max-count: 1000
-      web-stat-filter.profile-enable: true
-      # StatViewServlet配置
-      #展示Druid的统计信息,StatViewServlet的用途包括：1.提供监控信息展示的html页面2.提供监控信息的JSON API
-      #是否启用StatViewServlet默认值true
-      stat-view-servlet.enabled: true
-      #根据配置中的url-pattern来访问内置监控页面，如果是上面的配置，内置监控页面的首页是/druid/index.html例如：
-      #http://110.76.43.235:9000/druid/index.html
-      #http://110.76.43.235:8080/mini-web/druid/index.html
-      stat-view-servlet.url-pattern:  /druid/*
-      #允许清空统计数据
-      stat-view-servlet.reset-enable:  true
-      stat-view-servlet.login-username: admin
-      stat-view-servlet.login-password: admin
-      #StatViewSerlvet展示出来的监控信息比较敏感，是系统运行的内部情况，如果你需要做访问控制，可以配置allow和deny这两个参数
-      #deny优先于allow，如果在deny列表中，就算在allow列表中，也会被拒绝。如果allow没有配置或者为空，则允许所有访问
-      #配置的格式
-      #<IP>
-      #或者<IP>/<SUB_NET_MASK_size>其中128.242.127.1/24
-      #24表示，前面24位是子网掩码，比对的时候，前面24位相同就匹配,不支持IPV6。
-      #stat-view-servlet.allow=
-      #stat-view-servlet.deny=128.242.127.1/24,128.242.128.1
-      # Spring监控配置，说明请参考Druid Github Wiki，配置_Druid和Spring关联监控配置
-      #aop-patterns= # Spring监控AOP切入点，如x.y.z.service.*,配置多个英文逗号分隔
-################### mysq end ##########################
-
-
+    username: szjxtuser
+    password: RQminVCJota3H1u8bBYH
+    url: jdbc:sqlserver://116.62.155.137:33419;database=SmartCampus
+    driver-class-name: com.microsoft.sqlserver.jdbc.SQLServerDriver
+##mybatis
+mybatis:
+  mapper-locations: classpath:mapper/*.xml
+  type-aliases-package: com.sincere.autho.mapper
+  check-config-location: true
+ribbon:
+  ReadTimeout: 50000
+  ConnectTimeout: 5000
 eureka:
   instance:
     hostname: localhost
@@ -78,19 +24,5 @@ eureka:
     lease-renewal-interval-in-seconds: 10
   client:
     service-url:
-      defaultZone: http://121.40.109.21:8761/eureka/,http://121.40.109.21:8762/eureka/
-
+      defaultZone: http://localhost:8761/eureka/,http://localhost:8762/eureka/
  
-  redis:
-    ################### redis 单机版 start ##########################
-    host: localhost
-    port: 6379
-    timeout: 6000
-    database: 2
-    lettuce:
-      pool:
-        max-active: 10 # 连接池最大连接数（使用负值表示没有限制）,如果赋值为-1，则表示不限制；如果pool已经分配了maxActive个jedis实例，则此时pool的状态为exhausted(耗尽)
-        max-idle: 8   # 连接池中的最大空闲连接 ，默认值也是8
-        max-wait: 100 # # 等待可用连接的最大时间，单位毫秒，默认值为-1，表示永不超时。如果超过等待时间，则直接抛出JedisConnectionException
-        min-idle: 2    # 连接池中的最小空闲连接 ，默认值也是0
-      shutdown-timeout: 100ms
 \ No newline at end of file
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd" >
+<mapper namespace="com.sincere.autho.mapper.UserMapper">
+
+
+    <select id="loginTeacher" parameterType="com.sincere.autho.dto.req.LoginReqDto" resultType="java.lang.String">
+        select user_id from SZ_User where mobile = #{account} and pass = #{password}
+    </select>
+
+    <select id="loginStudent" parameterType="com.sincere.autho.dto.req.LoginReqDto"  resultType="java.lang.String">
+        select user_id from SZ_User where othername = #{account} and pass = #{password}
+    </select>
+
+</mapper>
@@ -20,7 +20,7 @@ public class TokenUtils {
     /**
      * 过期时间5秒
      */
-    private static final long EXPIRE_TIME = 1000 * 60 * 60 * 24;
+    private static final long EXPIRE_TIME = 1000 * 60 * 60 * 24 * 3;
  
  
     /**
@@ -63,8 +63,8 @@ public class AccessFilter implements GlobalFilter, Ordered {
 				exchange.getResponse().setStatusCode(HttpStatus.UNAUTHORIZED);
 				ServerHttpResponse response = exchange.getResponse();
 				JSONObject message = new JSONObject();
-				message.put("resp_code", result.getCode());
-				message.put("resp_msg", result.getMessage());
+				message.put("code", result.getCode());
+				message.put("message", result.getMessage());
 				byte[] bits = message.toJSONString().getBytes(StandardCharsets.UTF_8);
 				DataBuffer buffer = response.bufferFactory().wrap(bits);
 				response.setStatusCode(HttpStatus.UNAUTHORIZED);
@@ -86,7 +86,7 @@ public class AccessFilter implements GlobalFilter, Ordered {
 				return ResultEnums.getByCode(e.getCode());
 			}
 		}
-		return ResultEnums.error ;
+		return ResultEnums.success ;
 	}
  
 	public String extractToken(ServerHttpRequest request) {
@@ -27,5 +27,11 @@ spring:
             - Path=/haikangserver/**
           filters:
             - StripPrefix=1
+        - id: authserver
+          uri: lb://authserver
+          predicates:
+            - Path=/authserver/**
+          filters:
+            - StripPrefix=1
 url:
-  ignored: /user/**
 \ No newline at end of file
+  ignored: /authserver/**
 \ No newline at end of file
@@ -40,8 +40,8 @@ public class UserController {
      */
     @ApiOperation("根据userId 获取用户信息")
     @RequestMapping(value = "getUserInfo" , method = RequestMethod.GET)
-    public String getUserInfo(){
-        return "aa" ;
+    public String getUserInfo(UserInfo userInfo){
+        return userInfo.getUserId() ;
     }
  
     public void getUserId(){
@@ -12,7 +12,7 @@ spring:
 ##mybatis
 mybatis:
   mapper-locations: classpath:mapper/*.xml
-  type-aliases-package: com.sincere.quartz.mapper
+  type-aliases-package: com.sincere.userSearch.mapper
   check-config-location: true
 ribbon:
   ReadTimeout: 50000
...	...	@@ -13,63 +13,142 @@
13	13	<name>autho</name>
14	14	<description>Demo project for Spring Boot</description>
15	15
16		- <properties>
17		- <java.version>1.8</java.version>
18		- <spring-cloud.version>Greenwich.SR2</spring-cloud.version>
19		- </properties>
20		-
21	16	<dependencies>
22	17	<dependency>
23	18	<groupId>com.sincere</groupId>
24	19	<artifactId>common</artifactId>
25		- <version>0.0.1-SNAPSHOT</version>
	20	+ <version>1.0.0</version>
26	21	</dependency>
27	22	<dependency>
28		- <groupId>org.springframework.cloud</groupId>
29		- <artifactId>spring-cloud-starter-oauth2</artifactId>
	23	+ <groupId>org.springframework.boot</groupId>
	24	+ <artifactId>spring-boot-starter-test</artifactId>
	25	+ <scope>test</scope>
30	26	</dependency>
31		-
32	27	<dependency>
33	28	<groupId>org.springframework.cloud</groupId>
34		- <artifactId>spring-cloud-starter-security</artifactId>
35		- <version>2.1.3.RELEASE</version>
	29	+ <artifactId>spring-cloud-starter-feign</artifactId>
	30	+ <version>1.3.6.RELEASE</version>
36	31	</dependency>
37	32	<dependency>
38	33	<groupId>org.springframework.cloud</groupId>
39		- <artifactId>spring-cloud-starter-openfeign</artifactId>
	34	+ <artifactId>spring-cloud-openfeign-core</artifactId>
	35	+ <version>2.1.2.RELEASE</version>
40	36	</dependency>
41		-
42	37	<dependency>
43		- <groupId>org.springframework.boot</groupId>
44		- <artifactId>spring-boot-starter-data-redis</artifactId>
	38	+ <groupId>org.apache.commons</groupId>
	39	+ <artifactId>commons-lang3</artifactId>
	40	+ <version>3.3.2</version>
45	41	</dependency>
46	42	<dependency>
47		- <groupId>io.grpc</groupId>
48		- <artifactId>grpc-core</artifactId>
49		- <version>1.18.0</version>
	43	+ <groupId>org.mybatis.spring.boot</groupId>
	44	+ <artifactId>mybatis-spring-boot-starter</artifactId>
	45	+ <version>1.3.0</version>
50	46	</dependency>
51		-
52	47	<dependency>
53		- <groupId>io.springfox</groupId>
54		- <artifactId>springfox-swagger2</artifactId>
55		- <version>2.9.2</version>
	48	+ <groupId>com.microsoft.sqlserver</groupId>
	49	+ <artifactId>mssql-jdbc</artifactId>
	50	+ <version>6.4.0.jre8</version>
56	51	</dependency>
57		-
58	52	<dependency>
59		- <groupId>io.springfox</groupId>
60		- <artifactId>springfox-swagger-ui</artifactId>
61		- <version>2.9.2</version>
	53	+ <groupId>org.springframework.boot</groupId>
	54	+ <artifactId>spring-boot-starter-web</artifactId>
62	55	</dependency>
63		-
64	56	</dependencies>
65	57
	58	+ <dependencyManagement>
	59	+ <dependencies>
	60	+ <dependency>
	61	+ <groupId>org.springframework.cloud</groupId>
	62	+ <artifactId>spring-cloud-dependencies</artifactId>
	63	+ <version>${spring-cloud.version}</version>
	64	+ <type>pom</type>
	65	+ <scope>import</scope>
	66	+ </dependency>
	67	+ </dependencies>
	68	+ </dependencyManagement>
	69	+
66	70	<build>
	71	+ <!--打包文件名-->
	72	+ <finalName>quartz_server</finalName>
	73	+ <!--打包方式-->
67	74	<plugins>
	75	+ <!-- 设置编译版本 -->
	76	+ <plugin>
	77	+ <groupId>org.apache.maven.plugins</groupId>
	78	+ <artifactId>maven-compiler-plugin</artifactId>
	79	+ <version>3.1</version>
	80	+ <configuration>
	81	+ <source>1.8</source>
	82	+ <target>1.8</target>
	83	+ <encoding>UTF-8</encoding>
	84	+ </configuration>
	85	+ </plugin>
	86	+ <!-- 打包jar文件时，配置manifest文件，加入lib包的jar依赖 -->
	87	+ <!-- 本地启动需要注释-->
	88	+ <plugin>
	89	+ <groupId>org.apache.maven.plugins</groupId>
	90	+ <artifactId>maven-jar-plugin</artifactId>
	91	+ <configuration>
	92	+ <archive>
	93	+ <manifest>
	94	+ <mainClass>com.sincere.userSearch.UserApplication</mainClass>
	95	+ <addClasspath>true</addClasspath>
	96	+ <classpathPrefix>lib/</classpathPrefix>
	97	+ </manifest>
	98	+ <manifestEntries>
	99	+ <Class-Path>./config/</Class-Path>
	100	+ </manifestEntries>
	101	+ </archive>
	102	+ <excludes>
	103	+ <exclude>config/**</exclude>
	104	+ </excludes>
	105	+ <classesDirectory></classesDirectory>
	106	+ </configuration>
	107	+ </plugin>
	108	+ <!-- 拷贝依赖的jar包到lib目录 -->
68	109	<plugin>
69		- <groupId>org.springframework.boot</groupId>
70		- <artifactId>spring-boot-maven-plugin</artifactId>
	110	+ <groupId>org.apache.maven.plugins</groupId>
	111	+ <artifactId>maven-dependency-plugin</artifactId>
	112	+ <executions>
	113	+ <execution>
	114	+ <id>copy</id>
	115	+ <phase>package</phase>
	116	+ <goals>
	117	+ <goal>copy-dependencies</goal>
	118	+ </goals>
	119	+ <configuration>
	120	+ <outputDirectory>
	121	+ ${project.build.directory}/lib
	122	+ </outputDirectory>
	123	+ </configuration>
	124	+ </execution>
	125	+ </executions>
	126	+ </plugin>
	127	+ <!-- 解决资源文件的编码问题 -->
	128	+ <plugin>
	129	+ <groupId>org.apache.maven.plugins</groupId>
	130	+ <artifactId>maven-resources-plugin</artifactId>
	131	+ <version>2.5</version>
	132	+ <configuration>
	133	+ <encoding>UTF-8</encoding>
	134	+ </configuration>
	135	+ </plugin>
	136	+ <!-- 打包source文件为jar文件 -->
	137	+ <plugin>
	138	+ <artifactId>maven-source-plugin</artifactId>
	139	+ <version>2.2</version>
	140	+ <configuration>
	141	+ <attach>true</attach>
	142	+ </configuration>
	143	+ <executions>
	144	+ <execution>
	145	+ <phase>compile</phase>
	146	+ <goals>
	147	+ <goal>jar</goal>
	148	+ </goals>
	149	+ </execution>
	150	+ </executions>
71	151	</plugin>
72	152	</plugins>
73	153	</build>
74		-
75	154	</project>
...	...
1	1	package com.sincere.autho;
2	2
	3	+import org.mybatis.spring.annotation.MapperScan;
3	4	import org.springframework.boot.SpringApplication;
4	5	import org.springframework.boot.autoconfigure.SpringBootApplication;
5	6	import org.springframework.cloud.client.discovery.EnableDiscoveryClient;
6	7
7	8	@EnableDiscoveryClient
8	9	@SpringBootApplication
	10	+@MapperScan("com.sincere.autho.mapper")
9	11	public class AuthoApplication {
10	12
11	13	public static void main(String[] args) {
...	...
...	...	@@ -0,0 +1,52 @@
	1	+package com.sincere.autho;
	2	+
	3	+import io.swagger.annotations.ApiOperation;
	4	+import org.springframework.context.annotation.Bean;
	5	+import org.springframework.context.annotation.Configuration;
	6	+import springfox.documentation.builders.ApiInfoBuilder;
	7	+import springfox.documentation.builders.ParameterBuilder;
	8	+import springfox.documentation.builders.PathSelectors;
	9	+import springfox.documentation.builders.RequestHandlerSelectors;
	10	+import springfox.documentation.schema.ModelRef;
	11	+import springfox.documentation.service.ApiInfo;
	12	+import springfox.documentation.service.Parameter;
	13	+import springfox.documentation.spi.DocumentationType;
	14	+import springfox.documentation.spring.web.plugins.Docket;
	15	+import springfox.documentation.swagger2.annotations.EnableSwagger2;
	16	+
	17	+import java.util.ArrayList;
	18	+import java.util.List;
	19	+
	20	+@EnableSwagger2
	21	+@Configuration //让Spring来加载该类配置
	22	+public class Swagger2 {
	23	+
	24	+ @Bean
	25	+ public Docket createRestApi() {
	26	+ ParameterBuilder ticketPar = new ParameterBuilder();
	27	+ List<Parameter> pars = new ArrayList<Parameter>();
	28	+ ticketPar.name("X-Authorization").description("user token")
	29	+ .modelRef(new ModelRef("string")).parameterType("header")
	30	+ .required(false).build(); //header中的ticket参数非必填，传空也可以
	31	+ pars.add(ticketPar.build());
	32	+
	33	+
	34	+ return new Docket(DocumentationType.SWAGGER_2)
	35	+ .apiInfo(apiInfo())
	36	+ .enableUrlTemplating(true)
	37	+ .select()
	38	+ // 扫描所有有注解的api，用这种方式更灵活
	39	+ .apis(RequestHandlerSelectors.basePackage("com.sincere.autho.control"))
	40	+ .paths(PathSelectors.any())
	41	+ .build().globalOperationParameters(pars);
	42	+
	43	+ }
	44	+ private ApiInfo apiInfo() {
	45	+ return new ApiInfoBuilder()
	46	+ .title("Spring Boot中使用Swagger2构建RESTful APIs")
	47	+ .description("接口文档")
	48	+ .termsOfServiceUrl("")
	49	+ .version("1.0")
	50	+ .build();
	51	+ }
	52	+}
...	...
...	...	@@ -1,22 +0,0 @@
1		-package com.sincere.autho.annotation;
2		-
3		-import com.sincere.autho.autoconfigure.LoggingConfigurationSelector;
4		-import org.springframework.context.annotation.Import;
5		-
6		-import java.lang.annotation.*;
7		-
8		-
9		-/**
10		- * 启动日志框架支持
11		- * @author owen
12		- * @create 2017年7月2日
13		- */
14		-
15		-@Target(ElementType.TYPE)
16		-@Retention(RetentionPolicy.RUNTIME)
17		-@Documented
18		-//自动装配starter
19		-@Import(LoggingConfigurationSelector.class)
20		-public @interface EnableLogging{
21		-// String name() ;
22		-}
23	0	\ No newline at end of file
...	...	@@ -1,16 +0,0 @@
1		-package com.sincere.autho.annotation.datasource;
2		-
3		-import java.lang.annotation.*;
4		-
5		-
6		-/**
7		- * 数据源选择
8		- * @author owen
9		- * @create 2017年7月2日
10		- */
11		-@Target({ElementType.METHOD, ElementType.TYPE})
12		-@Retention(RetentionPolicy.RUNTIME)
13		-@Documented
14		-public @interface DataSource {
15		- String name();
16		-}
17	0	\ No newline at end of file
...	...	@@ -1,26 +0,0 @@
1		-package com.sincere.autho.annotation.log;
2		-
3		-import java.lang.annotation.*;
4		-
5		-/**
6		- * 日志注解
7		- * @author owen
8		- * @create 2017年7月2日
9		- */
10		-@Target({ElementType.METHOD, ElementType.TYPE})
11		-@Retention(RetentionPolicy.RUNTIME)
12		-@Documented
13		-public @interface LogAnnotation {
14		-
15		- /**
16		- * 模块
17		- * @return
18		- */
19		- String module();
20		-
21		- /**
22		- * 记录执行参数
23		- * @return
24		- */
25		- boolean recordRequestParam() default true;
26		-}
...	...	@@ -1,23 +0,0 @@
1		-package com.sincere.autho.autoconfigure;
2		-
3		-import org.springframework.context.annotation.ImportSelector;
4		-import org.springframework.core.type.AnnotationMetadata;
5		-
6		-/**
7		- * @author owen
8		- * @create 2017年7月2日
9		- * 装配bean
10		- */
11		-public class LoggingConfigurationSelector implements ImportSelector {
12		-
13		- @Override
14		- public String[] selectImports(AnnotationMetadata importingClassMetadata) {
15		- // TODO Auto-generated method stub
16		-// importingClassMetadata.getAllAnnotationAttributes(EnableEcho.class.getName());
17		- return new String[] {
18		- "com.sincere.autho.autoconfigure.datasource.DataSourceAspect",
19		- "com.sincere.autho.autoconfigure.log.LogAnnotationAspect"
20		- };
21		- }
22		-
23		-}
...	...	@@ -1,42 +0,0 @@
1		-package com.sincere.autho.autoconfigure.datasource;
2		-
3		-import com.sincere.autho.annotation.datasource.DataSource;
4		-import com.sincere.common.config.DataSourceHolder;
5		-import com.sincere.common.config.DataSourceKey;
6		-import org.aspectj.lang.JoinPoint;
7		-import org.aspectj.lang.annotation.After;
8		-import org.aspectj.lang.annotation.Aspect;
9		-import org.aspectj.lang.annotation.Before;
10		-import org.slf4j.Logger;
11		-import org.slf4j.LoggerFactory;
12		-import org.springframework.core.annotation.Order;
13		-
14		-/**
15		- * 切换数据源Advice
16		- */
17		-@Aspect
18		-@Order(-1) // 保证该AOP在@Transactional之前执行
19		-public class DataSourceAspect {
20		-
21		- private static final Logger logger = LoggerFactory.getLogger(DataSourceAspect.class);
22		-
23		- @Before("@annotation(ds)")
24		- public void changeDataSource(JoinPoint point, DataSource ds) throws Throwable {
25		- String dsId = ds.name();
26		- try {
27		- DataSourceKey dataSourceKey = DataSourceKey.valueOf(dsId);
28		- DataSourceHolder.setDataSourceKey(dataSourceKey);
29		- } catch (Exception e) {
30		- logger.error("数据源[{}]不存在，使用默认数据源 > {}", ds.name(), point.getSignature());
31		- }
32		-
33		-
34		- }
35		-
36		- @After("@annotation(ds)")
37		- public void restoreDataSource(JoinPoint point, DataSource ds) {
38		- logger.debug("Revert DataSource : {transIdo} > {}", ds.name(), point.getSignature());
39		- DataSourceHolder.clearDataSourceKey();
40		- }
41		-
42		-}
43	0	\ No newline at end of file
...	...	@@ -1,133 +0,0 @@
1		-package com.sincere.autho.autoconfigure.log;
2		-
3		-import com.alibaba.fastjson.JSON;
4		-import com.alibaba.fastjson.JSONObject;
5		-import com.sincere.autho.annotation.log.LogAnnotation;
6		-import com.sincere.autho.log.service.LogService;
7		-import com.sincere.autho.log.service.impl.LogServiceImpl;
8		-import com.sincere.autho.utils.SysUserUtil;
9		-import com.sincere.common.model.log.SysLog;
10		-import com.sincere.common.model.system.LoginAppUser;
11		-import com.sincere.common.util.SpringUtils;
12		-import org.aspectj.lang.ProceedingJoinPoint;
13		-import org.aspectj.lang.annotation.Around;
14		-import org.aspectj.lang.annotation.Aspect;
15		-import org.aspectj.lang.reflect.MethodSignature;
16		-import org.slf4j.Logger;
17		-import org.slf4j.LoggerFactory;
18		-import org.springframework.core.annotation.Order;
19		-
20		-import javax.servlet.http.HttpServletRequest;
21		-import javax.servlet.http.HttpServletResponse;
22		-import java.util.ArrayList;
23		-import java.util.Date;
24		-import java.util.List;
25		-import java.util.concurrent.CompletableFuture;
26		-import java.util.concurrent.ThreadLocalRandom;
27		-
28		-/**
29		- * 保存日志
30		- *
31		- * @author owen
32		- * @create 2017年7月2日
33		- */
34		-@Aspect
35		-@Order(-1) // 保证该AOP在@Transactional之前执行
36		-public class LogAnnotationAspect {
37		-
38		- private static final Logger logger = LoggerFactory.getLogger(LogAnnotationAspect.class);
39		-
40		- @Around("@annotation(ds)")
41		- public Object logSave(ProceedingJoinPoint joinPoint, LogAnnotation ds) throws Throwable {
42		-
43		- // 请求流水号
44		- String transid = getRandom();
45		- // 记录开始时间
46		- long start = System.currentTimeMillis();
47		- // 获取方法参数
48		- String url = null;
49		- String httpMethod = null;
50		- Object result = null;
51		- List<Object> httpReqArgs = new ArrayList<Object>();
52		- SysLog log = new SysLog();
53		- log.setCreateTime(new Date());
54		- LoginAppUser loginAppUser = SysUserUtil.getLoginAppUser();
55		- if (loginAppUser != null) {
56		- log.setUsername(loginAppUser.getUsername());
57		- }
58		-
59		- MethodSignature methodSignature = (MethodSignature) joinPoint.getSignature();
60		-
61		- LogAnnotation logAnnotation = methodSignature.getMethod().getDeclaredAnnotation(LogAnnotation.class);
62		- log.setModule(logAnnotation.module() + ":" + methodSignature.getDeclaringTypeName() + "/"
63		- + methodSignature.getName());
64		-
65		- Object[] args = joinPoint.getArgs();// 参数值
66		- url = methodSignature.getDeclaringTypeName() + "/"+ methodSignature.getName();
67		- for (Object object : args) {
68		- if (object instanceof HttpServletRequest) {
69		- HttpServletRequest request = (HttpServletRequest) object;
70		- url = request.getRequestURI();
71		- httpMethod = request.getMethod();
72		- } else if (object instanceof HttpServletResponse) {
73		- } else {
74		-
75		- httpReqArgs.add(object);
76		- }
77		- }
78		-
79		- try {
80		- String params = JSONObject.toJSONString(httpReqArgs);
81		- log.setParams(params);
82		- // 打印请求参数参数
83		- logger.info("开始请求，transid={}, url={} , httpMethod={}, reqData={} ", transid, url, httpMethod, params);
84		- } catch (Exception e) {
85		- logger.error("记录参数失败：{}", e.getMessage());
86		- }
87		-
88		- try {
89		- // 调用原来的方法
90		- result = joinPoint.proceed();
91		- log.setFlag(Boolean.TRUE);
92		- } catch (Exception e) {
93		- log.setFlag(Boolean.FALSE);
94		- log.setRemark(e.getMessage());
95		-
96		- throw e;
97		- } finally {
98		-
99		- CompletableFuture.runAsync(() -> {
100		- try {
101		- if (logAnnotation.recordRequestParam()) {
102		- LogService logService = SpringUtils.getBean(LogServiceImpl.class);
103		- logService.save(log);
104		- }
105		- } catch (Exception e) {
106		- logger.error("记录参数失败：{}", e.getMessage());
107		- }
108		-
109		- });
110		- // 获取回执报文及耗时
111		- logger.info("请求完成, transid={}, 耗时={}, resp={}:", transid, (System.currentTimeMillis() - start),
112		- result == null ? null : JSON.toJSONString(result));
113		-
114		- }
115		- return result;
116		- }
117		-
118		- /**
119		- * 生成日志随机数
120		- *
121		- * @return
122		- */
123		- public String getRandom() {
124		- int i = 0;
125		- StringBuilder st = new StringBuilder();
126		- while (i < 5) {
127		- i++;
128		- st.append(ThreadLocalRandom.current().nextInt(10));
129		- }
130		- return st.toString() + System.currentTimeMillis();
131		- }
132		-
133		-}
134	0	\ No newline at end of file
...	...	@@ -1,260 +0,0 @@
1		-
2		-package com.sincere.autho.config;
3		-
4		-import com.sincere.autho.service.RedisAuthorizationCodeServices;
5		-import com.sincere.autho.service.RedisClientDetailsService;
6		-import com.sincere.autho.token.RedisTemplateTokenStore;
7		-import com.sincere.common.props.PermitUrlProperties;
8		-import org.springframework.beans.factory.annotation.Autowired;
9		-import org.springframework.boot.autoconfigure.AutoConfigureAfter;
10		-import org.springframework.boot.context.properties.EnableConfigurationProperties;
11		-import org.springframework.context.annotation.Bean;
12		-import org.springframework.context.annotation.Configuration;
13		-import org.springframework.data.redis.core.RedisTemplate;
14		-import org.springframework.security.authentication.AuthenticationManager;
15		-import org.springframework.security.config.annotation.web.builders.HttpSecurity;
16		-import org.springframework.security.config.annotation.web.builders.WebSecurity;
17		-import org.springframework.security.core.userdetails.UserDetailsService;
18		-import org.springframework.security.oauth2.common.OAuth2AccessToken;
19		-import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
20		-import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
21		-import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
22		-import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
23		-import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
24		-import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
25		-import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;
26		-import org.springframework.security.oauth2.provider.code.RandomValueAuthorizationCodeServices;
27		-import org.springframework.security.oauth2.provider.error.WebResponseExceptionTranslator;
28		-import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter;
29		-import org.springframework.security.oauth2.provider.token.store.JwtTokenStore;
30		-import org.springframework.security.web.util.matcher.RequestMatcher;
31		-import org.springframework.stereotype.Component;
32		-import org.springframework.util.AntPathMatcher;
33		-
34		-import javax.annotation.Resource;
35		-import javax.servlet.http.HttpServletRequest;
36		-import javax.sql.DataSource;
37		-
38		-/**
39		- * @author owen 624191343@qq.com
40		- * @version 创建时间：2017年11月12日上午22:57:51
41		- */
42		-@Configuration
43		-public class OAuth2ServerConfig {
44		-
45		- @Resource
46		- private DataSource dataSource;
47		- @Resource
48		- private RedisTemplate<String, Object> redisTemplate;
49		-
50		- /**
51		- * 声明 ClientDetails实现
52		- */
53		- @Bean
54		- public RedisClientDetailsService redisClientDetailsService() {
55		- RedisClientDetailsService clientDetailsService = new RedisClientDetailsService(dataSource);
56		- clientDetailsService.setRedisTemplate(redisTemplate);
57		- return clientDetailsService;
58		- }
59		-
60		-
61		- @Bean
62		- public RandomValueAuthorizationCodeServices authorizationCodeServices() {
63		- RedisAuthorizationCodeServices redisAuthorizationCodeServices = new RedisAuthorizationCodeServices();
64		- redisAuthorizationCodeServices.setRedisTemplate(redisTemplate);
65		- return redisAuthorizationCodeServices;
66		- }
67		-
68		- /**
69		- * @author owen 624191343@qq.com
70		- * @version 创建时间：2017年11月12日上午22:57:51 默认token存储在内存中
71		- * DefaultTokenServices默认处理
72		- */
73		- @Component
74		- @Configuration
75		- @EnableAuthorizationServer
76		- @AutoConfigureAfter(AuthorizationServerEndpointsConfigurer.class)
77		- public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {
78		- /**
79		- * 注入authenticationManager 来支持 password grant type
80		- */
81		- @Autowired
82		- private AuthenticationManager authenticationManager;
83		-
84		- @Autowired
85		- private UserDetailsService userDetailsService;
86		-
87		- @Autowired(required = false)
88		- private RedisTemplateTokenStore redisTokenStore;
89		-
90		- @Autowired(required = false)
91		- private JwtTokenStore jwtTokenStore;
92		- @Autowired(required = false)
93		- private JwtAccessTokenConverter jwtAccessTokenConverter;
94		-
95		- @Autowired
96		- private WebResponseExceptionTranslator webResponseExceptionTranslator;
97		-
98		- @Autowired
99		- private RedisClientDetailsService redisClientDetailsService;
100		-
101		- @Autowired(required = false)
102		- private RandomValueAuthorizationCodeServices authorizationCodeServices;
103		-
104		- /**
105		- * 配置身份认证器，配置认证方式，TokenStore，TokenGranter，OAuth2RequestFactory
106		- */
107		- public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
108		-
109		- if (jwtTokenStore != null) {
110		- endpoints.tokenStore(jwtTokenStore).authenticationManager(authenticationManager)
111		- // 支持
112		- .userDetailsService(userDetailsService);
113		- // password
114		- // grant
115		- // type;
116		- } else if (redisTokenStore != null) {
117		- endpoints.tokenStore(redisTokenStore).authenticationManager(authenticationManager)
118		- // 支持
119		- .userDetailsService(userDetailsService);
120		- // password
121		- // grant
122		- // type;
123		- }
124		-
125		- if (jwtAccessTokenConverter != null) {
126		- endpoints.accessTokenConverter(jwtAccessTokenConverter);
127		- }
128		-
129		- endpoints.authorizationCodeServices(authorizationCodeServices);
130		-
131		- endpoints.exceptionTranslator(webResponseExceptionTranslator);
132		-
133		- }
134		-
135		- /**
136		- * 配置应用名称应用id
137		- * 配置OAuth2的客户端相关信息
138		- */
139		- @Override
140		- public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
141		-
142		- // if(clientDetailsService!=null){
143		- // clients.withClientDetails(clientDetailsService);
144		- // }else{
145		- // clients.inMemory().withClient("neusoft1").secret("neusoft1")
146		- // .authorizedGrantTypes("authorization_code", "password",
147		- // "refresh_token").scopes("all")
148		- // .resourceIds(SERVER_RESOURCE_ID).accessTokenValiditySeconds(1200)
149		- // .refreshTokenValiditySeconds(50000)
150		- // .and().withClient("neusoft2").secret("neusoft2")
151		- // .authorizedGrantTypes("authorization_code", "password",
152		- // "refresh_token").scopes("all")
153		- // .resourceIds(SERVER_RESOURCE_ID).accessTokenValiditySeconds(1200)
154		- // .refreshTokenValiditySeconds(50000)
155		- // ;
156		- // }
157		- clients.withClientDetails(redisClientDetailsService);
158		- redisClientDetailsService.loadAllClientToCache();
159		- }
160		-
161		- /**
162		- * 对应于配置AuthorizationServer安全认证的相关信息，创建ClientCredentialsTokenEndpointFilter核心过滤器
163		- */
164		- @Override
165		- public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
166		- // url:/oauth/token_key,exposes
167		- security.tokenKeyAccess("permitAll()")
168		- /// public key for token
169		- /// verification if using
170		- /// JWT tokens
171		- // url:/oauth/check_token
172		- .checkTokenAccess("isAuthenticated()")
173		- // allow check token
174		- .allowFormAuthenticationForClients();
175		-
176		- // security.allowFormAuthenticationForClients();
177		- //// security.tokenKeyAccess("permitAll()");
178		- // security.tokenKeyAccess("isAuthenticated()");
179		- }
180		-
181		- }
182		-
183		- /**
184		- * 资源服务
185		- */
186		- @Configuration
187		- @EnableResourceServer
188		- @EnableConfigurationProperties(PermitUrlProperties.class)
189		- public class ResourceServerConfig extends ResourceServerConfigurerAdapter {
190		-
191		- @Autowired
192		- private PermitUrlProperties permitUrlProperties;
193		-
194		- public void configure(WebSecurity web) throws Exception {
195		- web.ignoring().antMatchers("/health");
196		- web.ignoring().antMatchers("/oauth/user/token");
197		- web.ignoring().antMatchers("/oauth/client/token");
198		- }
199		-
200		- @Override
201		- public void configure(HttpSecurity http) throws Exception {
202		- http.requestMatcher(
203		- /**
204		- * 判断来源请求是否包含oauth2授权信息
205		- */
206		- new RequestMatcher() {
207		- private AntPathMatcher antPathMatcher = new AntPathMatcher();
208		-
209		- @Override
210		- public boolean matches(HttpServletRequest request) {
211		- // 请求参数中包含access_token参数
212		- if (request.getParameter(OAuth2AccessToken.ACCESS_TOKEN) != null) {
213		- return true;
214		- }
215		-
216		- // 头部的Authorization值以Bearer开头
217		- String auth = request.getHeader("Authorization");
218		- if (auth != null) {
219		- if (auth.startsWith(OAuth2AccessToken.BEARER_TYPE)) {
220		- return true;
221		- }
222		- }
223		- if (antPathMatcher.match(request.getRequestURI(), "/oauth/userinfo")) {
224		- return true;
225		- }
226		- if (antPathMatcher.match(request.getRequestURI(), "/oauth/remove/token")) {
227		- return true;
228		- }
229		- if (antPathMatcher.match(request.getRequestURI(), "/oauth/get/token")) {
230		- return true;
231		- }
232		- if (antPathMatcher.match(request.getRequestURI(), "/oauth/refresh/token")) {
233		- return true;
234		- }
235		-
236		- if (antPathMatcher.match(request.getRequestURI(), "/oauth/token/list")) {
237		- return true;
238		- }
239		-
240		- if (antPathMatcher.match("/clients/**", request.getRequestURI())) {
241		- return true;
242		- }
243		-
244		- if (antPathMatcher.match("/services/**", request.getRequestURI())) {
245		- return true;
246		- }
247		- if (antPathMatcher.match("/redis/**", request.getRequestURI())) {
248		- return true;
249		- }
250		- return false;
251		- }
252		- }
253		-
254		- ).authorizeRequests().antMatchers(permitUrlProperties.getIgnored()).permitAll().anyRequest()
255		- .authenticated();
256		- }
257		-
258		- }
259		-
260		-}