数据库验证服务是否允许访问

spring5-auth/spring5-auth-server/pom.xml

@@ -48,6 +48,21 @@
 <!--             <groupId>org.apache.commons</groupId> -->
 <!--             <artifactId>commons-lang3</artifactId> -->
 <!--         </dependency> -->
-		
+		      <!--mybatis plus依赖包-->
+        <dependency>
+            <groupId>com.baomidou</groupId>
+            <artifactId>mybatis-plus-boot-starter</artifactId>
+            <version>3.1.0</version>
+        </dependency>
+        <dependency>
+            <groupId>org.mybatis</groupId>
+            <artifactId>mybatis-spring</artifactId>
+            <version>2.0.0</version>
+        </dependency>
+        <!--数据库-->
+        <dependency>
+            <groupId>mysql</groupId>
+            <artifactId>mysql-connector-java</artifactId>
+        </dependency>
 	</dependencies>
 </project>

spring5-auth/spring5-auth-server/src/main/java/com/yaozhitech/spring5/Oauth2Application.java

@@ -1,9 +1,11 @@
 package com.yaozhitech.spring5;
 
+import org.mybatis.spring.annotation.MapperScan;
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
 
 
+@MapperScan("com.yaozhitech.spring5.mapper")
 @SpringBootApplication
 public class Oauth2Application {
     public static void main(String[] args) {

spring5-auth/spring5-auth-server/src/main/java/com/yaozhitech/spring5/config/ShiroConfiguration.java

@@ -106,12 +106,13 @@ public class ShiroConfiguration {
     protected ShiroFilterChainDefinition shiroFilterChainDefinition() {
         DefaultShiroFilterChainDefinition chainDefinition = new DefaultShiroFilterChainDefinition();
         chainDefinition.addPathDefinition("/login", "noSessionCreation,anon");  //login不做认证，noSessionCreation的作用是用户在操作session时会抛异常
+        chainDefinition.addPathDefinition("/clientAuth/**", "noSessionCreation,anon"); 
         chainDefinition.addPathDefinition("/logout", "noSessionCreation,authcToken[permissive]"); //做用户认证，permissive参数的作用是当token无效时也允许请求访问，不会返回鉴权未通过的错误
         chainDefinition.addPathDefinition("/image/**", "anon");
         chainDefinition.addPathDefinition("/admin/**", "noSessionCreation,authcToken,anyRole[admin,manager]"); //只允许admin或manager角色的用户访问
         chainDefinition.addPathDefinition("/article/list", "noSessionCreation,authcToken");
         chainDefinition.addPathDefinition("/article/*", "noSessionCreation,authcToken[permissive]");
-        chainDefinition.addPathDefinition("/**", "noSessionCreation,authcToken"); // 默认进行用户鉴权
+        chainDefinition.addPathDefinition("/**", "noSessionCreation,anon"); // 默认进行用户鉴权
         return chainDefinition;
     }
 

spring5-auth/spring5-auth-server/src/main/java/com/yaozhitech/spring5/controller/AuthClientController.java

@@ -0,0 +1,24 @@
+package com.yaozhitech.spring5.controller;
+
+import org.springframework.http.ResponseEntity;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestParam;
+import org.springframework.web.bind.annotation.RestController;
+
+import com.yaozhitech.spring5.service.ClientAuthService;
+
+import lombok.AllArgsConstructor;
+
+@RestController
+@RequestMapping("/clientAuth")
+@AllArgsConstructor
+public class AuthClientController {
+	
+	private final ClientAuthService authClientService;
+
+	@GetMapping("/verify")
+	public ResponseEntity<Boolean> verify(@RequestParam String service, @RequestParam String allowClient, @RequestParam String secret) {
+		return ResponseEntity.ok(authClientService.isAllowed(service, allowClient, secret));
+	}
+}

spring5-auth/spring5-auth-server/src/main/java/com/yaozhitech/spring5/domain/Client.java

@@ -0,0 +1,28 @@
+package com.yaozhitech.spring5.domain;
+
+import java.io.Serializable;
+
+import com.baomidou.mybatisplus.annotation.IdType;
+import com.baomidou.mybatisplus.annotation.TableId;
+import com.baomidou.mybatisplus.annotation.TableName;
+
+import lombok.Data;
+import lombok.EqualsAndHashCode;
+import lombok.experimental.Accessors;
+
+@Data
+@EqualsAndHashCode(callSuper = false)
+@Accessors(chain = true)
+@TableName("sys_client")
+public class Client implements Serializable {
+
+	private static final long serialVersionUID = 1L;
+
+	@TableId(value = "id", type = IdType.AUTO)
+	private Integer id;
+
+	private String name;
+
+	private String secret;
+
+}

spring5-auth/spring5-auth-server/src/main/java/com/yaozhitech/spring5/domain/ClientAuth.java

@@ -0,0 +1,28 @@
+package com.yaozhitech.spring5.domain;
+
+import java.io.Serializable;
+
+import com.baomidou.mybatisplus.annotation.IdType;
+import com.baomidou.mybatisplus.annotation.TableId;
+import com.baomidou.mybatisplus.annotation.TableName;
+
+import lombok.Data;
+import lombok.EqualsAndHashCode;
+import lombok.experimental.Accessors;
+
+@Data
+@EqualsAndHashCode(callSuper = false)
+@Accessors(chain = true)
+@TableName("sys_client_auth")
+public class ClientAuth implements Serializable {
+
+	private static final long serialVersionUID = 1L;
+
+	@TableId(value = "id", type = IdType.AUTO)
+	private Integer id;
+
+	private String service;
+
+	private String allowClient;
+
+}

spring5-auth/spring5-auth-server/src/main/java/com/yaozhitech/spring5/mapper/ClientAuthMapper.java

@@ -0,0 +1,8 @@
+package com.yaozhitech.spring5.mapper;
+
+import com.baomidou.mybatisplus.core.mapper.BaseMapper;
+import com.yaozhitech.spring5.domain.ClientAuth;
+
+public interface ClientAuthMapper extends BaseMapper<ClientAuth>{
+ 
+}

spring5-auth/spring5-auth-server/src/main/java/com/yaozhitech/spring5/mapper/ClientMapper.java

@@ -0,0 +1,8 @@
+package com.yaozhitech.spring5.mapper;
+
+import com.baomidou.mybatisplus.core.mapper.BaseMapper;
+import com.yaozhitech.spring5.domain.Client;
+
+public interface ClientMapper extends BaseMapper<Client>{
+ 
+}

spring5-auth/spring5-auth-server/src/main/java/com/yaozhitech/spring5/service/ClientAuthService.java

@@ -0,0 +1,33 @@
+package com.yaozhitech.spring5.service;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Service;
+
+import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
+import com.yaozhitech.spring5.domain.Client;
+import com.yaozhitech.spring5.domain.ClientAuth;
+import com.yaozhitech.spring5.mapper.ClientAuthMapper;
+import com.yaozhitech.spring5.mapper.ClientMapper;
+
+@Service
+public class ClientAuthService {
+
+	@Autowired
+	private ClientAuthMapper authClientMapper;
+	
+	@Autowired
+	private ClientMapper clientMapper;
+	
+	public Boolean isAllowed(String service, String allowClient, String secret) {
+		Client client = clientMapper.selectOne(new QueryWrapper<Client>().eq("name", allowClient).eq("secret", secret));
+		if (client == null) {
+			return false;
+		}
+		
+		ClientAuth authClient = authClientMapper.selectOne(new QueryWrapper<ClientAuth>()
+				.eq("service", service)
+				.eq("allow_client", allowClient));
+		
+		return authClient != null;
+	}
+}

spring5-auth/spring5-auth-server/src/main/java/com/yaozhitech/spring5/service/ClientService.java

@@ -0,0 +1,24 @@
+package com.yaozhitech.spring5.service;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Service;
+
+import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
+import com.yaozhitech.spring5.domain.ClientAuth;
+import com.yaozhitech.spring5.mapper.ClientAuthMapper;
+
+@Service
+public class ClientService {
+
+	@Autowired
+	private ClientAuthMapper authClientMapper;
+	
+	public Boolean isAllowed(String service, String secret, String allowClient) {
+		ClientAuth authClient = authClientMapper.selectOne(new QueryWrapper<ClientAuth>()
+				.eq("service", service)
+				.eq("secret", secret)
+				.eq("allow_client", allowClient));
+		
+		return authClient != null;
+	}
+}

spring5-auth/spring5-auth-server/src/main/resources/application.yml

@@ -16,6 +16,11 @@ spring:
     port: 6280
     password: bbztx123456
     timeout: 5000
+  datasource:
+    driver-class-name: com.mysql.jdbc.Driver
+    url: jdbc:${DATASOURCE_DBTYPE:mysql}://121.41.17.212:${DATASOURCE_PORT:3306}/ceshi?characterEncoding=UTF-8&useUnicode=true&useSSL=false
+    username: ${DATASOURCE_USERNAME:root}
+    password: huojutech!23
   
 password:
   salt: k12829WhsvnEV$#03b2n          

spring5-common/src/main/java/com/yaozhitech/spring5/common/constant/RestCodeConstants.java

@@ -7,4 +7,24 @@ public class RestCodeConstants {
 
     public static final int TOKEN_ERROR_CODE = 40101;
     public static final int TOKEN_FORBIDDEN_CODE = 40301;
+    
+    /**
+     * const codeMessage = {
+  200: '服务器成功返回请求的数据。',
+  201: '新建或修改数据成功。',
+  202: '一个请求已经进入后台排队（异步任务）。',
+  204: '删除数据成功。',
+  400: '发出的请求有错误，服务器没有进行新建或修改数据的操作。',
+  401: '用户没有权限（令牌、用户名、密码错误）。',
+  403: '用户得到授权，但是访问是被禁止的。',
+  404: '发出的请求针对的是不存在的记录，服务器没有进行操作。',
+  406: '请求的格式不可得。',
+  410: '请求的资源被永久删除，且不会再得到的。',
+  422: '当创建一个对象时，发生一个验证错误。',
+  500: '服务器发生错误，请检查服务器。',
+  502: '网关错误。',
+  503: '服务不可用，服务器暂时过载或维护。',
+  504: '网关超时。',
+};
+     */
 }