上传技术分享

Author: xieshaoping

README.txt

@@ -0,0 +1,14 @@
+参考：
+https://blog.csdn.net/vbirdbest/article/details/83999188
+https://www.jianshu.com/p/29d7eea97339
+
+jwt:
+eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJoZWxsb2tvZGluZyIsImlhdCI6MTU3NTI3MjE2M30.aTwkRcQyWH9shRIEMRuxSB4x7uHHa4rDaj08-3RjuqI
+
+清除Cookie
+chrome://settings/siteData
+
+#生成私钥命令
+openssl genrsa -out rsakey0.pem 1024
+#生成公钥命令
+openssl rsa -in rsakey0.pem -pubout -out rsakey0-pub.pem

SSO-jwt-HMAC/.gitignore

@@ -0,0 +1,17 @@
+.idea/
+*/.settings/
+*.idea
+.DS_Store
+**/.iml*
+*.iml
+**/.class
+**/.classpath
+**/.project
+*/target/
+target/
+*.ipr
+*.iws
+antx.properties
+output/
+*/test/*
+logs

SSO-jwt-HMAC/SSO-client-1/.gitignore

@@ -0,0 +1,8 @@
+target
+out
+.settings
+.classpath
+.project
+.idea
+*.iml
+*.DS_Store

SSO-jwt-HMAC/SSO-client-1/pom.xml

@@ -0,0 +1,44 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+    <groupId>com.hellokoding.security</groupId>
+    <artifactId>SSO-client-1</artifactId>
+    <parent>
+        <groupId>org.springframework.boot</groupId>
+        <artifactId>spring-boot-starter-parent</artifactId>
+        <version>2.1.4.RELEASE</version>
+    </parent>
+
+    <properties>
+        <java.version>1.8</java.version>
+    </properties>
+
+    <dependencies>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-web</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-freemarker</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>redis.clients</groupId>
+            <artifactId>jedis</artifactId>
+            <version>2.9.0</version>
+        </dependency>
+        <dependency>
+            <groupId>io.jsonwebtoken</groupId>
+            <artifactId>jjwt</artifactId>
+            <version>0.9.1</version>
+        </dependency>
+    </dependencies>
+    <build>
+        <plugins>
+            <plugin>
+                <groupId>org.springframework.boot</groupId>
+                <artifactId>spring-boot-maven-plugin</artifactId>
+            </plugin>
+        </plugins>
+    </build>
+</project>

SSO-jwt-HMAC/SSO-client-1/src/main/java/com/hellokoding/sso/resource/Client1Application.java

@@ -0,0 +1,35 @@
+package com.hellokoding.sso.resource;
+
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.boot.web.servlet.FilterRegistrationBean;
+import org.springframework.context.annotation.Bean;
+
+import java.util.Collections;
+
+/**
+ * @author XieShaoping
+ */
+@SpringBootApplication
+public class Client1Application {
+    @Value("${services.auth}")
+    private String authService;
+
+    /**
+     * 注册过滤器
+     */
+    @Bean
+    public FilterRegistrationBean<JwtFilter> jwtFilter() {
+        final FilterRegistrationBean<JwtFilter> registrationBean = new FilterRegistrationBean<JwtFilter>();
+        registrationBean.setFilter(new JwtFilter());
+        registrationBean.setInitParameters(Collections.singletonMap("services.auth", authService));
+        registrationBean.addUrlPatterns("/protected-resource", "/logout");
+        return registrationBean;
+    }
+
+    public static void main(String[] args) throws Exception {
+        SpringApplication.run(Client1Application.class, args);
+    }
+}
+

SSO-jwt-HMAC/SSO-client-1/src/main/java/com/hellokoding/sso/resource/CookieUtil.java

@@ -0,0 +1,36 @@
+package com.hellokoding.sso.resource;
+
+import org.springframework.web.util.WebUtils;
+import javax.servlet.http.Cookie;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+/**
+ * @author XieShaoping
+ */
+public class CookieUtil {
+    public static void create(HttpServletResponse httpServletResponse, String name, String value, Boolean secure, Integer maxAge, String domain) {
+        Cookie cookie = new Cookie(name, value);
+        cookie.setSecure(secure);
+        cookie.setHttpOnly(true);
+        cookie.setMaxAge(maxAge);
+        cookie.setDomain(domain);
+        cookie.setPath("/");
+        httpServletResponse.addCookie(cookie);
+    }
+
+    public static void clear(HttpServletResponse httpServletResponse, String name) {
+        Cookie cookie = new Cookie(name, null);
+        cookie.setPath("/");
+        cookie.setHttpOnly(true);
+        cookie.setMaxAge(0);
+        cookie.setDomain("yanxiaoping.top");//可以访问该Cookie的域名。如果设置为“.google.com”，则所有以“google.com”结尾的域名都可以访问该Cookie。
+        httpServletResponse.addCookie(cookie);
+    }
+
+    public static String getValue(HttpServletRequest httpServletRequest, String name) {
+        Cookie cookie = WebUtils.getCookie(httpServletRequest, name);
+        return cookie != null ? cookie.getValue() : null;
+    }
+}
+

SSO-jwt-HMAC/SSO-client-1/src/main/java/com/hellokoding/sso/resource/JwtFilter.java

@@ -0,0 +1,26 @@
+package com.hellokoding.sso.resource;
+
+import org.springframework.web.filter.OncePerRequestFilter;
+
+import javax.servlet.FilterChain;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+
+/**
+ * @author XieShaoping
+ */
+public class JwtFilter extends OncePerRequestFilter {
+    private static final String jwtTokenCookieName = "JWT-TOKEN";
+    private static final String signingKey = "signingKey";
+
+    @Override
+    protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException {
+        String username = JwtUtil.parseToken(httpServletRequest, jwtTokenCookieName, signingKey);
+        if(username != null){
+            httpServletRequest.setAttribute("username", username);
+        }
+        filterChain.doFilter(httpServletRequest, httpServletResponse);
+    }
+}

SSO-jwt-HMAC/SSO-client-1/src/main/java/com/hellokoding/sso/resource/JwtUtil.java

@@ -0,0 +1,67 @@
+package com.hellokoding.sso.resource;
+
+import io.jsonwebtoken.*;
+import org.slf4j.LoggerFactory;
+
+import javax.servlet.http.HttpServletRequest;
+import java.util.Date;
+
+/**
+ * @author XieShaoping
+ */
+public class JwtUtil {
+    private static final String REDIS_SET_ACTIVE_SUBJECTS = "active-subjects";
+    private static final org.slf4j.Logger logger = LoggerFactory.getLogger(JwtUtil.class);
+
+    public static String generateToken(String signingKey, String subject) {
+        long nowMillis = System.currentTimeMillis();
+        Date now = new Date(nowMillis);
+
+        JwtBuilder builder = Jwts.builder()
+                .setSubject(subject)
+                .setIssuedAt(now)
+                .signWith(SignatureAlgorithm.HS256, signingKey);
+
+        String token = builder.compact();
+
+        RedisUtil.INSTANCE.sadd(REDIS_SET_ACTIVE_SUBJECTS, subject);
+
+        return token;
+    }
+
+    static String parseToken(HttpServletRequest httpServletRequest, String jwtTokenCookieName, String signingKey){
+        String token = CookieUtil.getValue(httpServletRequest, jwtTokenCookieName);
+        if(token == null) {
+            return null;
+        }
+        String subject = null;
+        try {
+            subject = Jwts.parser()
+                    .setSigningKey(signingKey)
+                    .parseClaimsJws(token)
+                    .getBody() //获取Claims
+                    .getSubject();
+        } catch (ExpiredJwtException e) {
+            logger.error("过期异常");
+        } catch (UnsupportedJwtException e) {
+            logger.error("不支持的Jwt异常");
+        } catch (MalformedJwtException e) {
+            logger.error("格式错误的Jwt异常");
+        } catch (SignatureException e) {
+            logger.error("签名异常");
+        } catch (IllegalArgumentException e) {
+            logger.error("非法参数异常");
+        }
+        //验证判断标准
+        if (subject!=null&&!RedisUtil.INSTANCE.sismember(REDIS_SET_ACTIVE_SUBJECTS, subject)) {
+            return null;
+        }
+
+        return subject;
+    }
+
+    static void invalidateRelatedTokens(HttpServletRequest httpServletRequest) {
+        RedisUtil.INSTANCE.srem(REDIS_SET_ACTIVE_SUBJECTS, (String) httpServletRequest.getAttribute("username"));
+    }
+}
+

SSO-jwt-HMAC/SSO-client-1/src/main/java/com/hellokoding/sso/resource/RedisUtil.java

@@ -0,0 +1,58 @@
+package com.hellokoding.sso.resource;
+
+import redis.clients.jedis.Jedis;
+import redis.clients.jedis.JedisPool;
+import redis.clients.jedis.JedisPoolConfig;
+
+/**
+ * @author XieShaoping
+ */
+
+public enum RedisUtil {
+    /*
+     * INSTANCE
+     */
+    INSTANCE;
+
+    private final JedisPool pool;
+
+    RedisUtil() {
+        pool = new JedisPool(new JedisPoolConfig(), "39.96.186.57");
+    }
+
+    public void sadd(String key, String value) {
+        Jedis jedis = null;
+        try{
+            jedis = pool.getResource();
+            jedis.sadd(key, value);
+        } finally {
+            if (jedis != null) {
+                jedis.close();
+            }
+        }
+    }
+
+    public void srem(String key, String value) {
+        Jedis jedis = null;
+        try{
+            jedis = pool.getResource();
+            jedis.srem(key, value);
+        } finally {
+            if (jedis != null) {
+                jedis.close();
+            }
+        }
+    }
+
+    public boolean sismember(String key, String value) {
+        Jedis jedis = null;
+        try{
+            jedis = pool.getResource();
+            return jedis.sismember(key, value);
+        } finally {
+            if (jedis != null) {
+                jedis.close();
+            }
+        }
+    }
+}

SSO-jwt-HMAC/SSO-client-1/src/main/java/com/hellokoding/sso/resource/ResourceController.java

@@ -0,0 +1,32 @@
+package com.hellokoding.sso.resource;
+
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.RequestMapping;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+/**
+ * @author XieShaoping
+ */
+@Controller
+public class ResourceController {
+    private static final String jwtTokenCookieName = "JWT-TOKEN";
+
+    @RequestMapping("/")
+    public String home() {
+        return "redirect:/protected-resource";
+    }
+
+    @RequestMapping("/protected-resource")
+    public String protectedResource() {
+        return "protected-resource";
+    }
+
+    @RequestMapping("/logout")
+    public String logout(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
+        JwtUtil.invalidateRelatedTokens(httpServletRequest);
+        CookieUtil.clear(httpServletResponse, jwtTokenCookieName);
+        return "redirect:/";
+    }
+}

SSO-jwt-HMAC/SSO-client-1/src/main/resources/application.properties

@@ -0,0 +1,2 @@
+services.auth=http://native.yanxiaoping.top:8080/login
+server.port=8881

SSO-jwt-HMAC/SSO-client-1/src/main/resources/templates/protected-resource.ftl

@@ -0,0 +1,18 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <title>Protected Resource Service</title>
+</head>
+<body>
+
+<#if Request.username??>
+    <h2><span style="color: red">本地</span>client1系统</h2>
+    <h2>欢迎用户‘${Request.username!}’登录系统</h2>
+    <a href="/logout">退出</a>
+<#else>
+    <h2><span style="color: red">本地</span>client1系统，未登录</h2>
+    <a href="http://native.yanxiaoping.top:8080/login?redirect=http://native.yanxiaoping.top:8881/protected-resource">请登录</a>
+</#if>
+
+</body>
+</html>

SSO-jwt-HMAC/SSO-client-2/.gitignore

@@ -0,0 +1,8 @@
+target
+out
+.settings
+.classpath
+.project
+.idea
+*.iml
+*.DS_Store