自定义授权方式示例添加

Author: hengboy

api-boot-samples/api-boot-sample-security-oauth-jwt/pom.xml

@@ -21,6 +21,16 @@
             <groupId>org.minbox.framework</groupId>
             <artifactId>api-boot-starter-security-oauth-jwt</artifactId>
         </dependency>
+        <!--Hikari-->
+        <dependency>
+            <groupId>com.zaxxer</groupId>
+            <artifactId>HikariCP</artifactId>
+        </dependency>
+        <!--MySQL-->
+        <dependency>
+            <groupId>mysql</groupId>
+            <artifactId>mysql-connector-java</artifactId>
+        </dependency>
     </dependencies>
     <!--ApiBoot版本依赖-->
     <dependencyManagement>
@@ -34,4 +44,13 @@
             </dependency>
         </dependencies>
     </dependencyManagement>
+    <build>
+        <plugins>
+            <plugin>
+                <groupId>org.springframework.boot</groupId>
+                <artifactId>spring-boot-maven-plugin</artifactId>
+                <version>2.1.5.RELEASE</version>
+            </plugin>
+        </plugins>
+    </build>
 </project>

api-boot-samples/api-boot-sample-security-oauth-jwt/src/main/java/org/minbox/framework/api/boot/sample/PhoneCodeOauthTokenGranter.java

@@ -0,0 +1,124 @@
+/*
+ * Copyright [2019] [恒宇少年 - 于起宇]
+ *
+ *      Licensed under the Apache License, Version 2.0 (the "License");
+ *      you may not use this file except in compliance with the License.
+ *      You may obtain a copy of the License at
+ *
+ *          http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *      Unless required by applicable law or agreed to in writing, software
+ *      distributed under the License is distributed on an "AS IS" BASIS,
+ *      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *      See the License for the specific language governing permissions and
+ *      limitations under the License.
+ *
+ */
+
+package org.minbox.framework.api.boot.sample;
+
+import org.minbox.framework.api.boot.plugin.oauth.exception.ApiBootTokenException;
+import org.minbox.framework.api.boot.plugin.oauth.grant.ApiBootOauthTokenGranter;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.stereotype.Component;
+
+import java.util.Collection;
+import java.util.Map;
+
+/**
+ * 短信验证码登录示例
+ *
+ * @author 恒宇少年 - 于起宇
+ * <p>
+ * DateTime：2019-06-06 09:15
+ * Blog：http://blog.yuqiyu.com
+ * WebSite：http://www.jianshu.com/u/092df3f77bca
+ * Gitee：https://gitee.com/hengboy
+ * GitHub：https://github.com/hengboy
+ */
+@Component
+public class PhoneCodeOauthTokenGranter implements ApiBootOauthTokenGranter {
+    /**
+     * logger instance
+     */
+    static Logger logger = LoggerFactory.getLogger(PhoneCodeOauthTokenGranter.class);
+    /**
+     * 获取Token时使用grant_type=phone_code授权方式
+     */
+    private static final String GRANT_TYPE = "phone_code";
+
+    /**
+     * 参数：手机号
+     */
+    private static final String PARAM_PHONE = "phone";
+    /**
+     * 参数：验证码
+     */
+    private static final String PARAM_CODE = "code";
+
+    @Override
+    public String grantType() {
+        return GRANT_TYPE;
+    }
+
+    /**
+     * 该方法参数集合是获取Token时携带的参数
+     * 获取Token路径：/oauth/token?grant_type=phone_code&phone=171xxxxx&code=196523
+     * phone=171xxxxx
+     * code=196523
+     *
+     * @param parameters parameter map
+     * @return
+     * @throws ApiBootTokenException
+     */
+    @Override
+    public UserDetails loadByParameter(Map<String, String> parameters) throws ApiBootTokenException {
+        String phone = parameters.get(PARAM_PHONE);
+        String code = parameters.get(PARAM_CODE);
+
+        logger.debug("手机号：{}", phone);
+        logger.debug("验证码：{}", code);
+
+        // 自定义数据逻辑校验验证码是否正确、是否与该手机号匹配等
+        // 校验通过后返回实现SpringSecurity提供的UserDetails接口的数据实体即可
+        return new UserDetails() {
+            @Override
+            public Collection<? extends GrantedAuthority> getAuthorities() {
+                return null;
+            }
+
+            @Override
+            public String getPassword() {
+                return null;
+            }
+
+            @Override
+            public String getUsername() {
+                return phone;
+            }
+
+            @Override
+            public boolean isAccountNonExpired() {
+                return true;
+            }
+
+            @Override
+            public boolean isAccountNonLocked() {
+                return true;
+            }
+
+            @Override
+            public boolean isCredentialsNonExpired() {
+                return true;
+            }
+
+            @Override
+            public boolean isEnabled() {
+                return true;
+            }
+        };
+    }
+}

api-boot-samples/api-boot-sample-security-oauth-jwt/src/main/resources/application.yml

@@ -1,20 +1,23 @@
 spring:
   application:
     name: api-boot-sample-security-oauth-jwt
+  datasource:
+    type: com.zaxxer.hikari.HikariDataSource
+    driver-class-name: com.mysql.cj.jdbc.Driver
+    url: jdbc:mysql://localhost:3306/test
+    username: root
+    password: 123456
 api:
   boot:
     security:
       # Spring Security 内存方式用户列表示例
-      #users:
-        #- username: hengboy
-        #  password: 123456
-        #- username: apiboot
-        #  password: abc321
-      enable-default-store-delegate: false
-      away: jdbc
+      users:
+        - username: hengboy
+          password: 123456
+        - username: apiboot
+          password: abc321
     oauth:
       jwt:
-        away: jdbc
         # 开启Jwt转换AccessToken
         enable: true
         # 转换Jwt时所需加密key，默认为ApiBoot

pom.xml

@@ -23,7 +23,7 @@
     </properties>
     <description>
         ApiBoot是一款基于SpringBoot1.x、2.x的接口服务集成基础框架，
-        内部提供了第三方框架的封装集成，让接口开发者可以选着性完成开箱即用，
+        内部提供了第三方框架的封装集成，让接口开发者可以选择性完成开箱即用，
         不再为搭建接口框架而犯愁，从而极大的提高开发效率。
     </description>
     <url>https://github.com/hengboy/api-boot</url>