认证中心登录接口

陈杰
1 parent 5b7afb68
Showing 37 changed files with 352 additions and 2128 deletions Show diff stats
cloud/autho/pom.xml
cloud/autho/src/main/java/com/sincere/autho/AuthoApplication.java
cloud/autho/src/main/java/com/sincere/autho/Swagger2.java
cloud/autho/src/main/java/com/sincere/autho/annotation/EnableLogging.java
cloud/autho/src/main/java/com/sincere/autho/annotation/datasource/DataSource.java
cloud/autho/src/main/java/com/sincere/autho/annotation/log/LogAnnotation.java
cloud/autho/src/main/java/com/sincere/autho/autoconfigure/LoggingConfigurationSelector.java
cloud/autho/src/main/java/com/sincere/autho/autoconfigure/datasource/DataSourceAspect.java
cloud/autho/src/main/java/com/sincere/autho/autoconfigure/log/LogAnnotationAspect.java
cloud/autho/src/main/java/com/sincere/autho/config/OAuth2ServerConfig.java
cloud/autho/src/main/java/com/sincere/autho/config/SecurityConfig.java
cloud/autho/src/main/java/com/sincere/autho/config/ValidateCodeSecurityConfig.java
cloud/autho/src/main/java/com/sincere/autho/control/LoginController.java
cloud/autho/src/main/java/com/sincere/autho/control/OAuth2Controller.java
cloud/autho/src/main/java/com/sincere/autho/control/UserController.java
cloud/autho/src/main/java/com/sincere/autho/dto/BaseDto.java
cloud/autho/src/main/java/com/sincere/autho/dto/req/LoginReqDto.java
cloud/autho/src/main/java/com/sincere/autho/handler/ExceptionHandlerAdvice.java
cloud/autho/src/main/java/com/sincere/autho/handler/OauthLogoutHandler.java
cloud/autho/src/main/java/com/sincere/autho/log/dao/LogDao.java
@@ -13,63 +13,142 @@
     <name>autho</name>
     <description>Demo project for Spring Boot</description>
-    <properties>
-        <java.version>1.8</java.version>
-        <spring-cloud.version>Greenwich.SR2</spring-cloud.version>
-    </properties>
-
     <dependencies>
         <dependency>
             <groupId>com.sincere</groupId>
             <artifactId>common</artifactId>
-            <version>0.0.1-SNAPSHOT</version>
+            <version>1.0.0</version>
         </dependency>
         <dependency>
-            <groupId>org.springframework.cloud</groupId>
-            <artifactId>spring-cloud-starter-oauth2</artifactId>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-test</artifactId>
+            <scope>test</scope>
         </dependency>
-
         <dependency>
             <groupId>org.springframework.cloud</groupId>
-            <artifactId>spring-cloud-starter-security</artifactId>
-            <version>2.1.3.RELEASE</version>
+            <artifactId>spring-cloud-starter-feign</artifactId>
+            <version>1.3.6.RELEASE</version>
         </dependency>
         <dependency>
             <groupId>org.springframework.cloud</groupId>
-            <artifactId>spring-cloud-starter-openfeign</artifactId>
+            <artifactId>spring-cloud-openfeign-core</artifactId>
+            <version>2.1.2.RELEASE</version>
         </dependency>
-
         <dependency>
-            <groupId>org.springframework.boot</groupId>
-            <artifactId>spring-boot-starter-data-redis</artifactId>
+            <groupId>org.apache.commons</groupId>
+            <artifactId>commons-lang3</artifactId>
+            <version>3.3.2</version>
         </dependency>
         <dependency>
-            <groupId>io.grpc</groupId>
-            <artifactId>grpc-core</artifactId>
-            <version>1.18.0</version>
+            <groupId>org.mybatis.spring.boot</groupId>
+            <artifactId>mybatis-spring-boot-starter</artifactId>
+            <version>1.3.0</version>
         </dependency>
-
         <dependency>
-            <groupId>io.springfox</groupId>
-            <artifactId>springfox-swagger2</artifactId>
-            <version>2.9.2</version>
+            <groupId>com.microsoft.sqlserver</groupId>
+            <artifactId>mssql-jdbc</artifactId>
+            <version>6.4.0.jre8</version>
         </dependency>
-
         <dependency>
-            <groupId>io.springfox</groupId>
-            <artifactId>springfox-swagger-ui</artifactId>
-            <version>2.9.2</version>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-web</artifactId>
         </dependency>
-
     </dependencies>
+    <dependencyManagement>
+        <dependencies>
+            <dependency>
+                <groupId>org.springframework.cloud</groupId>
+                <artifactId>spring-cloud-dependencies</artifactId>
+                <version>${spring-cloud.version}</version>
+                <type>pom</type>
+                <scope>import</scope>
+            </dependency>
+        </dependencies>
+    </dependencyManagement>
+
     <build>
+        <!--打包文件名-->
+        <finalName>quartz_server</finalName>
+        <!--打包方式-->
         <plugins>
+            <!-- 设置编译版本 -->
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-compiler-plugin</artifactId>
+                <version>3.1</version>
+                <configuration>
+                    <source>1.8</source>
+                    <target>1.8</target>
+                    <encoding>UTF-8</encoding>
+                </configuration>
+            </plugin>
+            <!-- 打包jar文件时，配置manifest文件，加入lib包的jar依赖 -->
+            <!-- 本地启动需要注释-->
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-jar-plugin</artifactId>
+                <configuration>
+                    <archive>
+                        <manifest>
+                            <mainClass>com.sincere.userSearch.UserApplication</mainClass>
+                            <addClasspath>true</addClasspath>
+                            <classpathPrefix>lib/</classpathPrefix>
+                        </manifest>
+                        <manifestEntries>
+                            <Class-Path>./config/</Class-Path>
+                        </manifestEntries>
+                    </archive>
+                    <excludes>
+                        <exclude>config/**</exclude>
+                    </excludes>
+                    <classesDirectory></classesDirectory>
+                </configuration>
+            </plugin>
+            <!-- 拷贝依赖的jar包到lib目录 -->
             <plugin>
-                <groupId>org.springframework.boot</groupId>
-                <artifactId>spring-boot-maven-plugin</artifactId>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-dependency-plugin</artifactId>
+                <executions>
+                    <execution>
+                        <id>copy</id>
+                        <phase>package</phase>
+                        <goals>
+                            <goal>copy-dependencies</goal>
+                        </goals>
+                        <configuration>
+                            <outputDirectory>
+                                ${project.build.directory}/lib
+                            </outputDirectory>
+                        </configuration>
+                    </execution>
+                </executions>
+            </plugin>
+            <!-- 解决资源文件的编码问题 -->
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-resources-plugin</artifactId>
+                <version>2.5</version>
+                <configuration>
+                    <encoding>UTF-8</encoding>
+                </configuration>
+            </plugin>
+            <!-- 打包source文件为jar文件 -->
+            <plugin>
+                <artifactId>maven-source-plugin</artifactId>
+                <version>2.2</version>
+                <configuration>
+                    <attach>true</attach>
+                </configuration>
+                <executions>
+                    <execution>
+                        <phase>compile</phase>
+                        <goals>
+                            <goal>jar</goal>
+                        </goals>
+                    </execution>
+                </executions>
             </plugin>
         </plugins>
     </build>
-
 </project>
 package com.sincere.autho;
+import org.mybatis.spring.annotation.MapperScan;
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
 import org.springframework.cloud.client.discovery.EnableDiscoveryClient;
 @EnableDiscoveryClient
 @SpringBootApplication
+@MapperScan("com.sincere.autho.mapper")
 public class AuthoApplication {
     public static void main(String[] args) {
@@ -0,0 +1,52 @@
+package com.sincere.autho;
+
+import io.swagger.annotations.ApiOperation;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import springfox.documentation.builders.ApiInfoBuilder;
+import springfox.documentation.builders.ParameterBuilder;
+import springfox.documentation.builders.PathSelectors;
+import springfox.documentation.builders.RequestHandlerSelectors;
+import springfox.documentation.schema.ModelRef;
+import springfox.documentation.service.ApiInfo;
+import springfox.documentation.service.Parameter;
+import springfox.documentation.spi.DocumentationType;
+import springfox.documentation.spring.web.plugins.Docket;
+import springfox.documentation.swagger2.annotations.EnableSwagger2;
+
+import java.util.ArrayList;
+import java.util.List;
+
+@EnableSwagger2
+@Configuration      //让Spring来加载该类配置
+public class Swagger2 {
+
+    @Bean
+   public Docket createRestApi() {
+        ParameterBuilder ticketPar = new ParameterBuilder();
+        List<Parameter> pars = new ArrayList<Parameter>();
+        ticketPar.name("X-Authorization").description("user token")
+                .modelRef(new ModelRef("string")).parameterType("header")
+                .required(false).build(); //header中的ticket参数非必填，传空也可以
+        pars.add(ticketPar.build());
+
+
+        return new Docket(DocumentationType.SWAGGER_2)
+                .apiInfo(apiInfo())
+                .enableUrlTemplating(true)
+                .select()
+                // 扫描所有有注解的api，用这种方式更灵活
+                .apis(RequestHandlerSelectors.basePackage("com.sincere.autho.control"))
+                .paths(PathSelectors.any())
+                .build().globalOperationParameters(pars);
+
+    }
+     private ApiInfo apiInfo() {
+        return new ApiInfoBuilder()
+               .title("Spring Boot中使用Swagger2构建RESTful APIs")
+                 .description("接口文档")
+                 .termsOfServiceUrl("")
+                .version("1.0")
+              .build();
+     }
+}
@@ -1,22 +0,0 @@
-package com.sincere.autho.annotation;
-
-import com.sincere.autho.autoconfigure.LoggingConfigurationSelector;
-import org.springframework.context.annotation.Import;
-
-import java.lang.annotation.*;
-
-
-/**
- * 启动日志框架支持
- * @author owen
- * @create 2017年7月2日
- */
-
-@Target(ElementType.TYPE)
-@Retention(RetentionPolicy.RUNTIME)
-@Documented
-//自动装配starter
-@Import(LoggingConfigurationSelector.class)
-public @interface EnableLogging{
-//	String name() ;
-}
 \ No newline at end of file
@@ -1,16 +0,0 @@
-package com.sincere.autho.annotation.datasource;
-
-import java.lang.annotation.*;
-
-
-/**
- * 数据源选择
- * @author owen
- * @create 2017年7月2日
- */
-@Target({ElementType.METHOD, ElementType.TYPE})
-@Retention(RetentionPolicy.RUNTIME)
-@Documented
-public @interface DataSource {
-    String name();
-}
 \ No newline at end of file
@@ -1,26 +0,0 @@
-package com.sincere.autho.annotation.log;
-
-import java.lang.annotation.*;
-
-/**
- * 日志注解
- * @author owen
- * @create 2017年7月2日
- */
-@Target({ElementType.METHOD, ElementType.TYPE})
-@Retention(RetentionPolicy.RUNTIME)
-@Documented
-public @interface LogAnnotation {
-
-	/**
-	 * 模块
-	 * @return
-	 */
-	String module();
-
-	/**
-	 * 记录执行参数
-	 * @return
-	 */
-	boolean recordRequestParam() default true;
-}
@@ -1,23 +0,0 @@
-package com.sincere.autho.autoconfigure;
-
-import org.springframework.context.annotation.ImportSelector;
-import org.springframework.core.type.AnnotationMetadata;
-
-/**
- * @author owen
- * @create 2017年7月2日
- * 装配bean
- */
-public class LoggingConfigurationSelector implements ImportSelector {
-
-	@Override
-	public String[] selectImports(AnnotationMetadata importingClassMetadata) {
-		// TODO Auto-generated method stub
-//		importingClassMetadata.getAllAnnotationAttributes(EnableEcho.class.getName());
-		return new String[] { 
-				"com.sincere.autho.autoconfigure.datasource.DataSourceAspect",
-				"com.sincere.autho.autoconfigure.log.LogAnnotationAspect"
-		};
-	}
-
-}
@@ -1,42 +0,0 @@
-package com.sincere.autho.autoconfigure.datasource;
-
-import com.sincere.autho.annotation.datasource.DataSource;
-import com.sincere.common.config.DataSourceHolder;
-import com.sincere.common.config.DataSourceKey;
-import org.aspectj.lang.JoinPoint;
-import org.aspectj.lang.annotation.After;
-import org.aspectj.lang.annotation.Aspect;
-import org.aspectj.lang.annotation.Before;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.core.annotation.Order;
-
-/**
- * 切换数据源Advice
- */
-@Aspect
-@Order(-1) // 保证该AOP在@Transactional之前执行
-public class DataSourceAspect {
-
-    private static final Logger logger = LoggerFactory.getLogger(DataSourceAspect.class);
-
-    @Before("@annotation(ds)")
-    public void changeDataSource(JoinPoint point, DataSource ds) throws Throwable {
-        String dsId = ds.name();
-        try {
-            DataSourceKey dataSourceKey = DataSourceKey.valueOf(dsId);
-            DataSourceHolder.setDataSourceKey(dataSourceKey);
-        } catch (Exception e) {
-            logger.error("数据源[{}]不存在，使用默认数据源 > {}", ds.name(), point.getSignature());
-        }
-
-
-    }
-
-    @After("@annotation(ds)")
-    public void restoreDataSource(JoinPoint point, DataSource ds) {
-        logger.debug("Revert DataSource : {transIdo} > {}", ds.name(), point.getSignature());
-        DataSourceHolder.clearDataSourceKey();
-    }
-
-}
 \ No newline at end of file
@@ -1,133 +0,0 @@
-package com.sincere.autho.autoconfigure.log;
-
-import com.alibaba.fastjson.JSON;
-import com.alibaba.fastjson.JSONObject;
-import com.sincere.autho.annotation.log.LogAnnotation;
-import com.sincere.autho.log.service.LogService;
-import com.sincere.autho.log.service.impl.LogServiceImpl;
-import com.sincere.autho.utils.SysUserUtil;
-import com.sincere.common.model.log.SysLog;
-import com.sincere.common.model.system.LoginAppUser;
-import com.sincere.common.util.SpringUtils;
-import org.aspectj.lang.ProceedingJoinPoint;
-import org.aspectj.lang.annotation.Around;
-import org.aspectj.lang.annotation.Aspect;
-import org.aspectj.lang.reflect.MethodSignature;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.core.annotation.Order;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import java.util.ArrayList;
-import java.util.Date;
-import java.util.List;
-import java.util.concurrent.CompletableFuture;
-import java.util.concurrent.ThreadLocalRandom;
-
-/**
- * 保存日志
- * 
- * @author owen
- * @create 2017年7月2日
- */
-@Aspect
-@Order(-1) // 保证该AOP在@Transactional之前执行
-public class LogAnnotationAspect {
-
-	private static final Logger logger = LoggerFactory.getLogger(LogAnnotationAspect.class);
-
-	@Around("@annotation(ds)")
-	public Object logSave(ProceedingJoinPoint joinPoint, LogAnnotation ds) throws Throwable {
-
-		// 请求流水号
-		String transid = getRandom();
-		// 记录开始时间
-		long start = System.currentTimeMillis();
-		// 获取方法参数
-		String url = null;
-		String httpMethod = null;
-		Object result = null;
-		List<Object> httpReqArgs = new ArrayList<Object>();
-		SysLog log = new SysLog();
-		log.setCreateTime(new Date());
-		LoginAppUser loginAppUser = SysUserUtil.getLoginAppUser();
-		if (loginAppUser != null) {
-			log.setUsername(loginAppUser.getUsername());
-		}
-
-		MethodSignature methodSignature = (MethodSignature) joinPoint.getSignature();
-
-		LogAnnotation logAnnotation = methodSignature.getMethod().getDeclaredAnnotation(LogAnnotation.class);
-		log.setModule(logAnnotation.module() + ":" + methodSignature.getDeclaringTypeName() + "/"
-				+ methodSignature.getName());
-
-		Object[] args = joinPoint.getArgs();// 参数值
-		url =  methodSignature.getDeclaringTypeName() + "/"+ methodSignature.getName();
-		for (Object object : args) {
-			if (object instanceof HttpServletRequest) {
-				HttpServletRequest request = (HttpServletRequest) object;
-				url = request.getRequestURI();
-				httpMethod = request.getMethod();
-			} else if (object instanceof HttpServletResponse) {
-			} else {
-				
-				httpReqArgs.add(object);
-			}
-		}
-
-		try {
-			String params = JSONObject.toJSONString(httpReqArgs);
-			log.setParams(params);
-			// 打印请求参数参数
-			logger.info("开始请求，transid={},  url={} , httpMethod={}, reqData={} ", transid, url, httpMethod, params);
-		} catch (Exception e) {
-			logger.error("记录参数失败：{}", e.getMessage());
-		}
-
-		try {
-			// 调用原来的方法
-			result = joinPoint.proceed();
-			log.setFlag(Boolean.TRUE);
-		} catch (Exception e) {
-			log.setFlag(Boolean.FALSE);
-			log.setRemark(e.getMessage());
-
-			throw e;
-		} finally {
-
-			CompletableFuture.runAsync(() -> {
-				try {
-					if (logAnnotation.recordRequestParam()) {
-						LogService logService = SpringUtils.getBean(LogServiceImpl.class);
-						logService.save(log);
-					}
-				} catch (Exception e) {
-					logger.error("记录参数失败：{}", e.getMessage());
-				}
-
-			});
-			// 获取回执报文及耗时
-			logger.info("请求完成, transid={}, 耗时={}, resp={}:", transid, (System.currentTimeMillis() - start),
-					result == null ? null : JSON.toJSONString(result));
-
-		}
-		return result;
-	}
-
-	/**
-	 * 生成日志随机数
-	 * 
-	 * @return
-	 */
-	public String getRandom() {
-		int i = 0;
-		StringBuilder st = new StringBuilder();
-		while (i < 5) {
-			i++;
-			st.append(ThreadLocalRandom.current().nextInt(10));
-		}
-		return st.toString() + System.currentTimeMillis();
-	}
-
-}
 \ No newline at end of file
@@ -1,260 +0,0 @@
-
-package com.sincere.autho.config;
-
-import com.sincere.autho.service.RedisAuthorizationCodeServices;
-import com.sincere.autho.service.RedisClientDetailsService;
-import com.sincere.autho.token.RedisTemplateTokenStore;
-import com.sincere.common.props.PermitUrlProperties;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.boot.autoconfigure.AutoConfigureAfter;
-import org.springframework.boot.context.properties.EnableConfigurationProperties;
-import org.springframework.context.annotation.Bean;
-import org.springframework.context.annotation.Configuration;
-import org.springframework.data.redis.core.RedisTemplate;
-import org.springframework.security.authentication.AuthenticationManager;
-import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.security.config.annotation.web.builders.WebSecurity;
-import org.springframework.security.core.userdetails.UserDetailsService;
-import org.springframework.security.oauth2.common.OAuth2AccessToken;
-import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
-import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
-import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
-import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
-import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
-import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
-import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;
-import org.springframework.security.oauth2.provider.code.RandomValueAuthorizationCodeServices;
-import org.springframework.security.oauth2.provider.error.WebResponseExceptionTranslator;
-import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter;
-import org.springframework.security.oauth2.provider.token.store.JwtTokenStore;
-import org.springframework.security.web.util.matcher.RequestMatcher;
-import org.springframework.stereotype.Component;
-import org.springframework.util.AntPathMatcher;
-
-import javax.annotation.Resource;
-import javax.servlet.http.HttpServletRequest;
-import javax.sql.DataSource;
-
-/**
- * @author owen 624191343@qq.com
- * @version 创建时间：2017年11月12日 上午22:57:51
- */
-@Configuration
-public class OAuth2ServerConfig {
-
-    @Resource
-    private DataSource dataSource;
-    @Resource
-    private RedisTemplate<String, Object> redisTemplate;
-
-    /**
-     * 声明 ClientDetails实现
-     */
-    @Bean
-    public RedisClientDetailsService redisClientDetailsService() {
-        RedisClientDetailsService clientDetailsService = new RedisClientDetailsService(dataSource);
-        clientDetailsService.setRedisTemplate(redisTemplate);
-        return clientDetailsService;
-    }
-
-
-    @Bean
-    public RandomValueAuthorizationCodeServices authorizationCodeServices() {
-        RedisAuthorizationCodeServices redisAuthorizationCodeServices = new RedisAuthorizationCodeServices();
-        redisAuthorizationCodeServices.setRedisTemplate(redisTemplate);
-        return redisAuthorizationCodeServices;
-    }
-
-    /**
-     * @author owen 624191343@qq.com
-     * @version 创建时间：2017年11月12日 上午22:57:51 默认token存储在内存中
-     * DefaultTokenServices默认处理
-     */
-    @Component
-    @Configuration
-    @EnableAuthorizationServer
-    @AutoConfigureAfter(AuthorizationServerEndpointsConfigurer.class)
-    public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {
-        /**
-         * 注入authenticationManager 来支持 password grant type
-         */
-        @Autowired
-        private AuthenticationManager authenticationManager;
-
-        @Autowired
-        private UserDetailsService userDetailsService;
-
-        @Autowired(required = false)
-        private RedisTemplateTokenStore redisTokenStore;
-
-        @Autowired(required = false)
-        private JwtTokenStore jwtTokenStore;
-        @Autowired(required = false)
-        private JwtAccessTokenConverter jwtAccessTokenConverter;
-
-        @Autowired
-        private WebResponseExceptionTranslator webResponseExceptionTranslator;
-
-        @Autowired
-        private RedisClientDetailsService redisClientDetailsService;
-
-        @Autowired(required = false)
-        private RandomValueAuthorizationCodeServices authorizationCodeServices;
-
-        /**
-         * 配置身份认证器，配置认证方式，TokenStore，TokenGranter，OAuth2RequestFactory
-         */
-        public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
-
-            if (jwtTokenStore != null) {
-                endpoints.tokenStore(jwtTokenStore).authenticationManager(authenticationManager)
-                        // 支持
-                        .userDetailsService(userDetailsService);
-                // password
-                // grant
-                // type;
-            } else if (redisTokenStore != null) {
-                endpoints.tokenStore(redisTokenStore).authenticationManager(authenticationManager)
-                        // 支持
-                        .userDetailsService(userDetailsService);
-                // password
-                // grant
-                // type;
-            }
-
-            if (jwtAccessTokenConverter != null) {
-                endpoints.accessTokenConverter(jwtAccessTokenConverter);
-            }
-
-            endpoints.authorizationCodeServices(authorizationCodeServices);
-
-            endpoints.exceptionTranslator(webResponseExceptionTranslator);
-
-        }
-
-        /**
-         * 配置应用名称 应用id
-         * 配置OAuth2的客户端相关信息
-         */
-        @Override
-        public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
-
-            // if(clientDetailsService!=null){
-            // clients.withClientDetails(clientDetailsService);
-            // }else{
-            // clients.inMemory().withClient("neusoft1").secret("neusoft1")
-            // .authorizedGrantTypes("authorization_code", "password",
-            // "refresh_token").scopes("all")
-            // .resourceIds(SERVER_RESOURCE_ID).accessTokenValiditySeconds(1200)
-            // .refreshTokenValiditySeconds(50000)
-            // .and().withClient("neusoft2").secret("neusoft2")
-            // .authorizedGrantTypes("authorization_code", "password",
-            // "refresh_token").scopes("all")
-            // .resourceIds(SERVER_RESOURCE_ID).accessTokenValiditySeconds(1200)
-            // .refreshTokenValiditySeconds(50000)
-            // ;
-            // }
-            clients.withClientDetails(redisClientDetailsService);
-            redisClientDetailsService.loadAllClientToCache();
-        }
-
-        /**
-         * 对应于配置AuthorizationServer安全认证的相关信息，创建ClientCredentialsTokenEndpointFilter核心过滤器
-         */
-        @Override
-        public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
-            // url:/oauth/token_key,exposes
-            security.tokenKeyAccess("permitAll()")
-                    /// public key for token
-                    /// verification if using
-                    /// JWT tokens
-                    // url:/oauth/check_token
-                    .checkTokenAccess("isAuthenticated()")
-                    // allow check token
-                    .allowFormAuthenticationForClients();
-
-            // security.allowFormAuthenticationForClients();
-            //// security.tokenKeyAccess("permitAll()");
-            // security.tokenKeyAccess("isAuthenticated()");
-        }
-
-    }
-
-    /**
-     * 资源服务
-     */
-    @Configuration
-    @EnableResourceServer
-    @EnableConfigurationProperties(PermitUrlProperties.class)
-    public class ResourceServerConfig extends ResourceServerConfigurerAdapter {
-
-        @Autowired
-        private PermitUrlProperties permitUrlProperties;
-
-        public void configure(WebSecurity web) throws Exception {
-            web.ignoring().antMatchers("/health");
-            web.ignoring().antMatchers("/oauth/user/token");
-            web.ignoring().antMatchers("/oauth/client/token");
-        }
-
-        @Override
-        public void configure(HttpSecurity http) throws Exception {
-            http.requestMatcher(
-                    /**
-                     * 判断来源请求是否包含oauth2授权信息
-                     */
-                    new RequestMatcher() {
-                        private AntPathMatcher antPathMatcher = new AntPathMatcher();
-
-                        @Override
-                        public boolean matches(HttpServletRequest request) {
-                            // 请求参数中包含access_token参数
-                            if (request.getParameter(OAuth2AccessToken.ACCESS_TOKEN) != null) {
-                                return true;
-                            }
-
-                            // 头部的Authorization值以Bearer开头
-                            String auth = request.getHeader("Authorization");
-                            if (auth != null) {
-                                if (auth.startsWith(OAuth2AccessToken.BEARER_TYPE)) {
-                                    return true;
-                                }
-                            }
-                            if (antPathMatcher.match(request.getRequestURI(), "/oauth/userinfo")) {
-                                return true;
-                            }
-                            if (antPathMatcher.match(request.getRequestURI(), "/oauth/remove/token")) {
-                                return true;
-                            }
-                            if (antPathMatcher.match(request.getRequestURI(), "/oauth/get/token")) {
-                                return true;
-                            }
-                            if (antPathMatcher.match(request.getRequestURI(), "/oauth/refresh/token")) {
-                                return true;
-                            }
-
-                            if (antPathMatcher.match(request.getRequestURI(), "/oauth/token/list")) {
-                                return true;
-                            }
-
-                            if (antPathMatcher.match("/clients/**", request.getRequestURI())) {
-                                return true;
-                            }
-
-                            if (antPathMatcher.match("/services/**", request.getRequestURI())) {
-                                return true;
-                            }
-                            if (antPathMatcher.match("/redis/**", request.getRequestURI())) {
-                                return true;
-                            }
-                            return false;
-                        }
-                    }
-
-            ).authorizeRequests().antMatchers(permitUrlProperties.getIgnored()).permitAll().anyRequest()
-                    .authenticated();
-        }
-
-    }
-
-}
@@ -1,129 +0,0 @@
-package com.sincere.autho.config;
-
-import com.sincere.autho.handler.OauthLogoutHandler;
-import com.sincere.common.props.PermitUrlProperties;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.boot.context.properties.EnableConfigurationProperties;
-import org.springframework.context.annotation.Bean;
-import org.springframework.context.annotation.Configuration;
-import org.springframework.security.authentication.AuthenticationManager;
-import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
-import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.security.config.annotation.web.builders.WebSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
-import org.springframework.security.config.http.SessionCreationPolicy;
-import org.springframework.security.core.userdetails.UserDetailsService;
-import org.springframework.security.crypto.password.PasswordEncoder;
-import org.springframework.security.web.AuthenticationEntryPoint;
-import org.springframework.security.web.authentication.AuthenticationFailureHandler;
-import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
-import org.springframework.security.web.authentication.logout.HttpStatusReturningLogoutSuccessHandler;
-
-/**
- * spring security配置
- *          在WebSecurityConfigurerAdapter不拦截oauth要开放的资源
- */
-@Configuration
-//@EnableWebSecurity
-//@EnableGlobalMethodSecurity(prePostEnabled = true)
-@EnableConfigurationProperties(PermitUrlProperties.class)
-public class SecurityConfig extends WebSecurityConfigurerAdapter {
-
-	@Autowired
-	private AuthenticationSuccessHandler authenticationSuccessHandler;
-	@Autowired
-	private AuthenticationFailureHandler authenticationFailureHandler;
-	// @Autowired
-	// private LogoutSuccessHandler logoutSuccessHandler;
-	@Autowired(required = false)
-	private AuthenticationEntryPoint authenticationEntryPoint;
-	@Autowired
-	private UserDetailsService userDetailsService;
-
-	@Autowired
-	private PasswordEncoder passwordEncoder;
-
-	@Autowired
-	private OauthLogoutHandler oauthLogoutHandler;
-	@Autowired
-	private PermitUrlProperties permitUrlProperties ;
-	
-	@Autowired
-	private ValidateCodeSecurityConfig validateCodeSecurityConfig ;
-	
-	@Override
-	public void configure(WebSecurity web) throws Exception {
-		web.ignoring().antMatchers("/v2/api-docs", "/configuration/ui", "/swagger-resources", "/configuration/security",
-				"/swagger-ui.html", "/webjars/**", "/doc.html", "/login.html");
-		web.ignoring().antMatchers("/js/**");
-		web.ignoring().antMatchers("/css/**");
-		web.ignoring().antMatchers("/health");
-		// 忽略登录界面
-		web.ignoring().antMatchers("/login.html");
-		web.ignoring().antMatchers("/index.html");
-		web.ignoring().antMatchers("/oauth/user/token");
-		web.ignoring().antMatchers("/oauth/client/token");
-		web.ignoring().antMatchers("/validata/code/**");
-		web.ignoring().antMatchers(permitUrlProperties.getIgnored());
-		
-	}
-	/**
-	 * 认证管理
-	 * 
-	 * @return 认证管理对象
-	 * @throws Exception
-	 *             认证异常信息
-	 */
-	@Override
-	@Bean
-	public AuthenticationManager authenticationManagerBean() throws Exception {
-		return super.authenticationManagerBean();
-	}
-
-	@Override
-	protected void configure(HttpSecurity http) throws Exception {
-		http.csrf().disable();
-
-		http.authorizeRequests()
-				.anyRequest().authenticated();
-		http.formLogin().loginPage("/login.html").loginProcessingUrl("/user/login")
-				.successHandler(authenticationSuccessHandler).failureHandler(authenticationFailureHandler);
-
-		// 基于密码 等模式可以无session,不支持授权码模式
-		if (authenticationEntryPoint != null) {
-			http.exceptionHandling().authenticationEntryPoint(authenticationEntryPoint);
-			http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
-
-		} else {
-			// 授权码模式单独处理，需要session的支持，此模式可以支持所有oauth2的认证
-			http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED);
-		}
-
-		http.logout().logoutSuccessUrl("/login.html")
-				.logoutSuccessHandler(new HttpStatusReturningLogoutSuccessHandler())
-				.addLogoutHandler(oauthLogoutHandler).clearAuthentication(true);
-
-		//增加验证码处理
-		http.apply(validateCodeSecurityConfig) ;
-		// http.logout().logoutUrl("/logout").logoutSuccessHandler(logoutSuccessHandler);
-		// 解决不允许显示在iframe的问题
-		http.headers().frameOptions().disable();
-		http.headers().cacheControl();
-
-	}
-
-	/**
-	 * 全局用户信息
-	 * 
-	 * @param auth
-	 *            认证管理
-	 * @throws Exception
-	 *             用户认证异常信息
-	 */
-	@Autowired
-	public void globalUserDetails(AuthenticationManagerBuilder auth) throws Exception {
-		auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder);
-	}
-
-
-}
@@ -1,29 +0,0 @@
-/**
- * 
- */
-package com.sincere.autho.config;
-
-import org.springframework.security.config.annotation.SecurityConfigurerAdapter;
-import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.security.web.DefaultSecurityFilterChain;
-import org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter;
-import org.springframework.stereotype.Component;
-
-import javax.annotation.Resource;
-import javax.servlet.Filter;
-
-/**
- * 校验码相关安全配置
- * 
- * @author zlt
- */
-@Component("validateCodeSecurityConfig")
-public class ValidateCodeSecurityConfig extends SecurityConfigurerAdapter<DefaultSecurityFilterChain, HttpSecurity> {
-	@Resource
-	private Filter validateCodeFilter;
-	
-	@Override
-	public void configure(HttpSecurity http) {
-		http.addFilterBefore(validateCodeFilter, AbstractPreAuthenticatedProcessingFilter.class);
-	}
-}
@@ -0,0 +1,35 @@
+package com.sincere.autho.control;
+
+import com.sincere.autho.dto.BaseDto;
+import com.sincere.autho.dto.req.LoginReqDto;
+import com.sincere.autho.service.LoginService;
+import com.sincere.common.util.TokenUtils;
+import io.swagger.annotations.Api;
+import org.apache.commons.lang3.StringUtils;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
+import org.springframework.web.bind.annotation.RestController;
+
+@RestController
+public class LoginController {
+
+    @Autowired
+    LoginService loginService ;
+
+
+    @RequestMapping(value = "/login" , method = RequestMethod.POST)
+    public BaseDto<String> login(@RequestBody LoginReqDto loginReqDto){
+        BaseDto<String> result = new BaseDto<>() ;
+        String userId = loginService.login(loginReqDto);
+        if(StringUtils.isNotBlank(userId)){
+            result.setMessage("登录成功");
+            result.setData(TokenUtils.buildToken(userId));
+        }else {
+            result.setStatus(false);
+            result.setMessage("账号密码错误");
+        }
+        return result ;
+    }
+}
@@ -1,482 +0,0 @@
-package com.sincere.autho.control;
-
-import com.fasterxml.jackson.core.JsonProcessingException;
-import com.fasterxml.jackson.databind.ObjectMapper;
-import com.sincere.autho.annotation.log.LogAnnotation;
-import com.sincere.autho.service.RedisClientDetailsService;
-import com.sincere.autho.utils.SpringUtil;
-import com.sincere.common.commons.PageResult;
-import com.sincere.common.model.system.LoginAppUser;
-import com.sincere.common.model.system.SysPermission;
-import io.swagger.annotations.Api;
-import io.swagger.annotations.ApiOperation;
-import io.swagger.annotations.ApiParam;
-import org.apache.commons.collections.MapUtils;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.dao.DataAccessException;
-import org.springframework.data.redis.connection.RedisConnection;
-import org.springframework.data.redis.core.Cursor;
-import org.springframework.data.redis.core.RedisCallback;
-import org.springframework.data.redis.core.RedisTemplate;
-import org.springframework.data.redis.core.ScanOptions;
-import org.springframework.http.HttpStatus;
-import org.springframework.security.authentication.AuthenticationManager;
-import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
-import org.springframework.security.core.Authentication;
-import org.springframework.security.core.context.SecurityContextHolder;
-import org.springframework.security.crypto.password.PasswordEncoder;
-import org.springframework.security.oauth2.common.OAuth2AccessToken;
-import org.springframework.security.oauth2.common.exceptions.UnapprovedClientAuthenticationException;
-import org.springframework.security.oauth2.provider.*;
-import org.springframework.security.oauth2.provider.authentication.OAuth2AuthenticationDetails;
-import org.springframework.security.oauth2.provider.client.ClientCredentialsTokenGranter;
-import org.springframework.security.oauth2.provider.refresh.RefreshTokenGranter;
-import org.springframework.security.oauth2.provider.request.DefaultOAuth2RequestFactory;
-import org.springframework.security.oauth2.provider.token.AuthorizationServerTokenServices;
-import org.springframework.security.oauth2.provider.token.TokenStore;
-import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken;
-import org.springframework.web.bind.annotation.PostMapping;
-import org.springframework.web.bind.annotation.RequestMapping;
-import org.springframework.web.bind.annotation.RequestParam;
-import org.springframework.web.bind.annotation.RestController;
-
-import javax.annotation.Resource;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import java.io.IOException;
-import java.util.*;
-
-/**
- * @author 作者 owen E-mail: 624191343@qq.com
- * @version 创建时间：2018年4月28日 下午2:18:54 类说明
- */
-
-@Api(tags = "OAuth2相关操作")
-@RestController
-public class OAuth2Controller {
-
-	private static final Logger logger = LoggerFactory.getLogger(OAuth2Controller.class);
-	@Resource
-	private ObjectMapper objectMapper; // springmvc启动时自动装配json处理类
-	@Autowired
-	private PasswordEncoder passwordEncoder;
-
-	@Autowired
-	private TokenStore tokenStore;
-
-	@Autowired
-	private RedisTemplate<String, Object> redisTemplate;
-
-	@ApiOperation(value = "用户名密码获取token")
-	@PostMapping("/oauth/user/token")
-	public void getUserTokenInfo(
-            @ApiParam(required = true, name = "username", value = "账号") @RequestParam(value = "username") String username,
-            @ApiParam(required = true, name = "password", value = "密码") @RequestParam(value = "password") String password,
-            HttpServletRequest request, HttpServletResponse response) {
-		String clientId = request.getHeader("client_id");
-		String clientSecret = request.getHeader("client_secret");
-
-		try {
-
-			if (clientId == null || "".equals(clientId)) {
-				throw new UnapprovedClientAuthenticationException("请求头中无client_id信息");
-			}
-
-			if (clientSecret == null || "".equals(clientSecret)) {
-				throw new UnapprovedClientAuthenticationException("请求头中无client_secret信息");
-			}
-
-			RedisClientDetailsService clientDetailsService = SpringUtil.getBean(RedisClientDetailsService.class);
-
-			ClientDetails clientDetails = clientDetailsService.loadClientByClientId(clientId);
-
-			if (clientDetails == null) {
-				throw new UnapprovedClientAuthenticationException("clientId对应的信息不存在");
-			} else if (!passwordEncoder.matches(clientSecret, clientDetails.getClientSecret())) {
-				throw new UnapprovedClientAuthenticationException("clientSecret不匹配");
-			}
-
-			TokenRequest tokenRequest = new TokenRequest(MapUtils.EMPTY_MAP, clientId, clientDetails.getScope(),
-					"customer");
-
-			OAuth2Request oAuth2Request = tokenRequest.createOAuth2Request(clientDetails);
-
-			UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(username, password);
-
-			AuthenticationManager authenticationManager = SpringUtil.getBean(AuthenticationManager.class);
-
-			Authentication authentication = authenticationManager.authenticate(token);
-			SecurityContextHolder.getContext().setAuthentication(authentication);
-
-			OAuth2Authentication oAuth2Authentication = new OAuth2Authentication(oAuth2Request, authentication);
-
-			AuthorizationServerTokenServices authorizationServerTokenServices = SpringUtil
-					.getBean("defaultAuthorizationServerTokenServices", AuthorizationServerTokenServices.class);
-
-			OAuth2AccessToken oAuth2AccessToken = authorizationServerTokenServices
-					.createAccessToken(oAuth2Authentication);
-
-			oAuth2Authentication.setAuthenticated(true);
-
-			response.setContentType("application/json;charset=UTF-8");
-			response.getWriter().write(objectMapper.writeValueAsString(oAuth2AccessToken));
-			response.getWriter().flush();
-			response.getWriter().close();
-
-		} catch (Exception e) {
-
-			response.setStatus(HttpStatus.UNAUTHORIZED.value());
-
-			response.setContentType("application/json;charset=UTF-8");
-
-			Map<String, String> rsp = new HashMap<>();
-			rsp.put("resp_code", HttpStatus.UNAUTHORIZED.value() + "");
-			rsp.put("rsp_msg", e.getMessage());
-
-			try {
-				response.getWriter().write(objectMapper.writeValueAsString(rsp));
-				response.getWriter().flush();
-				response.getWriter().close();
-			} catch (JsonProcessingException e1) {
-				// TODO Auto-generated catch block
-				e1.printStackTrace();
-			} catch (IOException e1) {
-				// TODO Auto-generated catch block
-				e1.printStackTrace();
-			}
-
-		}
-	}
-
-	
-	@ApiOperation(value = "clientId获取token")
-	@PostMapping("/oauth/client/token")
-	@LogAnnotation(module = "autho", recordRequestParam = false)
-	public void getClientTokenInfo(HttpServletRequest request, HttpServletResponse response) {
-
-		String clientId = request.getHeader("client_id");
-		String clientSecret = request.getHeader("client_secret");
-		try {
-
-			if (clientId == null || "".equals(clientId)) {
-				throw new UnapprovedClientAuthenticationException("请求参数中无clientId信息");
-			}
-
-			if (clientSecret == null || "".equals(clientSecret)) {
-				throw new UnapprovedClientAuthenticationException("请求参数中无clientSecret信息");
-			}
-
-			RedisClientDetailsService clientDetailsService = SpringUtil.getBean(RedisClientDetailsService.class);
-
-			ClientDetails clientDetails = clientDetailsService.loadClientByClientId(clientId);
-
-			if (clientDetails == null) {
-				throw new UnapprovedClientAuthenticationException("clientId对应的信息不存在");
-			} else if (!passwordEncoder.matches(clientSecret, clientDetails.getClientSecret())) {
-				throw new UnapprovedClientAuthenticationException("clientSecret不匹配");
-			}
-
-			Map<String, String> map = new HashMap<>();
-			map.put("client_secret", clientSecret);
-			map.put("client_id", clientId);
-			map.put("grant_type", "client_credentials");
-			TokenRequest tokenRequest = new TokenRequest(map, clientId, clientDetails.getScope(), "client_credentials");
-
-			OAuth2Request oAuth2Request = tokenRequest.createOAuth2Request(clientDetails);
-
-			AuthorizationServerTokenServices authorizationServerTokenServices = SpringUtil
-					.getBean("defaultAuthorizationServerTokenServices", AuthorizationServerTokenServices.class);
-			OAuth2RequestFactory requestFactory = new DefaultOAuth2RequestFactory(clientDetailsService);
-			ClientCredentialsTokenGranter clientCredentialsTokenGranter = new ClientCredentialsTokenGranter(
-					authorizationServerTokenServices, clientDetailsService, requestFactory);
-
-			clientCredentialsTokenGranter.setAllowRefresh(true);
-			OAuth2AccessToken oAuth2AccessToken = clientCredentialsTokenGranter.grant("client_credentials",
-					tokenRequest);
-
-			response.setContentType("application/json;charset=UTF-8");
-			response.getWriter().write(objectMapper.writeValueAsString(oAuth2AccessToken));
-			response.getWriter().flush();
-			response.getWriter().close();
-
-		} catch (Exception e) {
-
-			response.setStatus(HttpStatus.UNAUTHORIZED.value());
-			response.setContentType("application/json;charset=UTF-8");
-			Map<String, String> rsp = new HashMap<>();
-			rsp.put("resp_code", HttpStatus.UNAUTHORIZED.value() + "");
-			rsp.put("rsp_msg", e.getMessage());
-
-			try {
-				response.getWriter().write(objectMapper.writeValueAsString(rsp));
-				response.getWriter().flush();
-				response.getWriter().close();
-			} catch (JsonProcessingException e1) {
-				// TODO Auto-generated catch block
-				e1.printStackTrace();
-			} catch (IOException e1) {
-				// TODO Auto-generated catch block
-				e1.printStackTrace();
-			}
-
-		}
-	}
-
-	@ApiOperation(value = "access_token刷新token")
-	@PostMapping(value = "/oauth/refresh/token", params = "access_token")
-	public void refreshTokenInfo(String access_token, HttpServletRequest request, HttpServletResponse response) {
-
-		// 拿到当前用户信息
-		try {
-			Authentication user = SecurityContextHolder.getContext().getAuthentication();
-
-			if (user != null) {
-				if (user instanceof OAuth2Authentication) {
-					Authentication athentication = (Authentication) user;
-					OAuth2AuthenticationDetails details = (OAuth2AuthenticationDetails) athentication.getDetails();
-				}
-
-			}
-			OAuth2AccessToken accessToken = tokenStore.readAccessToken(access_token);
-			OAuth2Authentication auth = (OAuth2Authentication) user;
-			RedisClientDetailsService clientDetailsService = SpringUtil.getBean(RedisClientDetailsService.class);
-
-			ClientDetails clientDetails = clientDetailsService
-					.loadClientByClientId(auth.getOAuth2Request().getClientId());
-
-			AuthorizationServerTokenServices authorizationServerTokenServices = SpringUtil
-					.getBean("defaultAuthorizationServerTokenServices", AuthorizationServerTokenServices.class);
-			OAuth2RequestFactory requestFactory = new DefaultOAuth2RequestFactory(clientDetailsService);
-
-			RefreshTokenGranter refreshTokenGranter = new RefreshTokenGranter(authorizationServerTokenServices,
-					clientDetailsService, requestFactory);
-
-			Map<String, String> map = new HashMap<>();
-			map.put("grant_type", "refresh_token");
-			map.put("refresh_token", accessToken.getRefreshToken().getValue());
-			TokenRequest tokenRequest = new TokenRequest(map, auth.getOAuth2Request().getClientId(),
-					auth.getOAuth2Request().getScope(), "refresh_token");
-
-			OAuth2AccessToken oAuth2AccessToken = refreshTokenGranter.grant("refresh_token", tokenRequest);
-
-			tokenStore.removeAccessToken(accessToken);
-
-			response.setContentType("application/json;charset=UTF-8");
-			response.getWriter().write(objectMapper.writeValueAsString(oAuth2AccessToken));
-			response.getWriter().flush();
-			response.getWriter().close();
-		} catch (Exception e) {
-			response.setStatus(HttpStatus.UNAUTHORIZED.value());
-			response.setContentType("application/json;charset=UTF-8");
-			Map<String, String> rsp = new HashMap<>();
-			rsp.put("resp_code", HttpStatus.UNAUTHORIZED.value() + "");
-			rsp.put("rsp_msg", e.getMessage());
-
-			try {
-				response.getWriter().write(objectMapper.writeValueAsString(rsp));
-				response.getWriter().flush();
-				response.getWriter().close();
-			} catch (JsonProcessingException e1) {
-				// TODO Auto-generated catch block
-				e1.printStackTrace();
-			} catch (IOException e1) {
-				// TODO Auto-generated catch block
-				e1.printStackTrace();
-			}
-		}
-
-	}
-
-	/**
-	 * 移除access_token和refresh_token
-	 * 
-	 * @param access_token
-	 */
-	@ApiOperation(value = "移除token")
-	@PostMapping(value = "/oauth/remove/token", params = "access_token")
-	public void removeToken(String access_token) {
-
-		// 拿到当前用户信息
-		Authentication user = SecurityContextHolder.getContext().getAuthentication();
-
-		if (user != null) {
-			if (user instanceof OAuth2Authentication) {
-				Authentication athentication = (Authentication) user;
-				OAuth2AuthenticationDetails details = (OAuth2AuthenticationDetails) athentication.getDetails();
-			}
-
-		}
-		OAuth2AccessToken accessToken = tokenStore.readAccessToken(access_token);
-		if (accessToken != null) {
-			// 移除access_token
-			tokenStore.removeAccessToken(accessToken);
-
-			// 移除refresh_token
-			if (accessToken.getRefreshToken() != null) {
-				tokenStore.removeRefreshToken(accessToken.getRefreshToken());
-			}
-
-		}
-	}
-
-	@ApiOperation(value = "获取token信息")
-	@PostMapping(value = "/oauth/get/token", params = "access_token")
-	public OAuth2AccessToken getTokenInfo(String access_token) {
-
-		// 拿到当前用户信息
-		Authentication user = SecurityContextHolder.getContext().getAuthentication();
-
-		if (user != null) {
-			if (user instanceof OAuth2Authentication) {
-				Authentication athentication = (Authentication) user;
-				OAuth2AuthenticationDetails details = (OAuth2AuthenticationDetails) athentication.getDetails();
-			}
-
-		}
-		OAuth2AccessToken accessToken = tokenStore.readAccessToken(access_token);
-
-		return accessToken;
-
-	}
-
-	/**
-	 * 当前登陆用户信息
-	 * security获取当前登录用户的方法是SecurityContextHolder.getContext().getAuthentication()
-	 * 这里的实现类是org.springframework.security.oauth2.provider.OAuth2Authentication
-	 * 
-	 * @return
-	 */
-	@ApiOperation(value = "当前登陆用户信息")
-	@RequestMapping(value = { "/oauth/userinfo" }, produces = "application/json") // 获取用户信息。/auth/user
-	public Map<String, Object> getCurrentUserDetail() {
-		Map<String, Object> userInfo = new HashMap<>();
-		userInfo.put("user", SecurityContextHolder.getContext().getAuthentication().getPrincipal());
-		logger.debug("认证详细信息:" + SecurityContextHolder.getContext().getAuthentication().getPrincipal().toString());
-
-		List<SysPermission> permissions = new ArrayList<>();
-
-		new ArrayList(SecurityContextHolder.getContext().getAuthentication().getAuthorities()).forEach(o -> {
-			SysPermission sysPermission = new SysPermission();
-			sysPermission.setPermission(o.toString());
-			permissions.add(sysPermission);
-		});
-		// userInfo.put("authorities",
-		// AuthorityUtils.authorityListToSet(SecurityContextHolder.getContext().getAuthentication().getAuthorities())
-		// );
-		userInfo.put("permissions", permissions);
-
-		userInfo.put("resp_code", "200");
-
-		logger.info("返回信息:{}", userInfo);
-
-		return userInfo;
-	}
-
-	@ApiOperation(value = "token列表")
-	@PostMapping("/oauth/token/list")
-	public PageResult<HashMap<String, String>> getUserTokenInfo(@RequestParam Map<String, Object> params)
-			throws Exception {
-		List<HashMap<String, String>> list = new ArrayList<>();
-
-		Set<String> keys = redisTemplate.keys("access:" + "*") ;
-//        Object key1 = keys.toArray()[0];
-//        Object token1 = redisTemplate.opsForValue().get(key1);
-		//根据分页参数获取对应数据
-	//	List<String> pages = findKeysForPage("access:" + "*", MapUtils.getInteger(params, "page"),MapUtils.getInteger(params, "limit"));
-
-		for (Object key: keys.toArray()) {
-//			String key = page;
-//			String accessToken = StringUtils.substringAfter(key, "access:");
-//			OAuth2AccessToken token = tokenStore.readAccessToken(accessToken);
-            OAuth2AccessToken token = (OAuth2AccessToken)redisTemplate.opsForValue().get(key);
-			HashMap<String, String> map = new HashMap<String, String>();
-
-			try {
-				map.put("token_type", token.getTokenType());
-				map.put("token_value", token.getValue());
-				map.put("expires_in", token.getExpiresIn()+"");
-			} catch (Exception e) {
-				 
-			}
-			
-			
-			OAuth2Authentication oAuth2Auth = tokenStore.readAuthentication(token);
-			Authentication authentication = oAuth2Auth.getUserAuthentication();
-
-			map.put("client_id", oAuth2Auth.getOAuth2Request().getClientId());
-			map.put("grant_type", oAuth2Auth.getOAuth2Request().getGrantType());
-			
-			if (authentication instanceof UsernamePasswordAuthenticationToken) {
-				UsernamePasswordAuthenticationToken authenticationToken = (UsernamePasswordAuthenticationToken) authentication;
-			
-				if(authenticationToken.getPrincipal() instanceof LoginAppUser ){
-					LoginAppUser user = (LoginAppUser) authenticationToken.getPrincipal();
-					map.put("user_id", user.getId()+"");
-					map.put("user_name", user.getUsername()+"");
-					map.put("user_head_imgurl", user.getHeadImgUrl()+"");
-				}
-				
-				
-			}else if (authentication instanceof PreAuthenticatedAuthenticationToken){
-				//刷新token方式
-				PreAuthenticatedAuthenticationToken authenticationToken = (PreAuthenticatedAuthenticationToken) authentication;
-				if(authenticationToken.getPrincipal() instanceof LoginAppUser ){
-					LoginAppUser user = (LoginAppUser) authenticationToken.getPrincipal();
-					map.put("user_id", user.getId()+"");
-					map.put("user_name", user.getUsername()+"");
-					map.put("user_head_imgurl", user.getHeadImgUrl()+"");
-				}
-
-			}
-			list.add(map);
-
-		}
-
-
-
-		return PageResult.<HashMap<String, String>>builder().data(list).code(0).count((long) keys.size()).build();
-
-	}
-
-	public List<String> findKeysForPage(String patternKey, int pageNum, int pageSize) {
-
-		Set<String> execute = redisTemplate.execute(new RedisCallback<Set<String>>() {
-
-			@Override
-			public Set<String> doInRedis(RedisConnection connection) throws DataAccessException {
-
-				Set<String> binaryKeys = new HashSet<>();
-
-				Cursor<byte[]> cursor = connection
-						.scan(new ScanOptions.ScanOptionsBuilder().match(patternKey).count(1000).build());
-				int tmpIndex = 0;
-				int startIndex = (pageNum - 1) * pageSize;
-				int end = pageNum * pageSize;
-				while (cursor.hasNext()) {
-					if (tmpIndex >= startIndex && tmpIndex < end) {
-						binaryKeys.add(new String(cursor.next()));
-						tmpIndex++;
-						continue;
-					}
-
-					// 获取到满足条件的数据后,就可以退出了
-					if (tmpIndex >= end) {
-						break;
-					}
-
-					tmpIndex++;
-					cursor.next();
-				}
-				connection.close();
-				return binaryKeys;
-			}
-		});
-
-		List<String> result = new ArrayList<String>(pageSize);
-		result.addAll(execute);
-		return result;
-	}
-
-}
@@ -1,16 +0,0 @@
-package com.sincere.autho.control;
-
-import org.springframework.web.bind.annotation.GetMapping;
-import org.springframework.web.bind.annotation.RestController;
-
-import java.security.Principal;
-
-@RestController
-public class UserController {
-
-    @GetMapping("/user")
-    public Principal user(Principal user){
-        return user;
-    }
-
-}
@@ -0,0 +1,36 @@
+package com.sincere.autho.dto;
+
+public class BaseDto<T> {
+
+    private String message ;
+    private boolean status ;
+    private T data ;
+
+    public String getMessage() {
+        return message;
+    }
+
+    public void setMessage(String message) {
+        this.message = message;
+    }
+
+    public boolean isStatus() {
+        return status;
+    }
+
+    public void setStatus(boolean status) {
+        this.status = status;
+    }
+
+    public T getData() {
+        return data;
+    }
+
+    public void setData(T data) {
+        this.data = data;
+    }
+
+    public BaseDto() {
+        this.status = true ;
+    }
+}
@@ -0,0 +1,32 @@
+package com.sincere.autho.dto.req;
+
+public class LoginReqDto {
+
+    private String account ;
+    private String password ;
+    private int userType ;  // 2:学生；3：家长；其他都是老师
+
+    public String getAccount() {
+        return account;
+    }
+
+    public void setAccount(String account) {
+        this.account = account;
+    }
+
+    public String getPassword() {
+        return password;
+    }
+
+    public void setPassword(String password) {
+        this.password = password;
+    }
+
+    public int getUserType() {
+        return userType;
+    }
+
+    public void setUserType(int userType) {
+        this.userType = userType;
+    }
+}
@@ -1,63 +0,0 @@
-package com.sincere.autho.handler;
-
-import io.grpc.StatusRuntimeException;
-import org.springframework.http.HttpStatus;
-import org.springframework.security.access.AccessDeniedException;
-import org.springframework.web.bind.annotation.ExceptionHandler;
-import org.springframework.web.bind.annotation.ResponseStatus;
-import org.springframework.web.bind.annotation.RestControllerAdvice;
-
-import java.util.HashMap;
-import java.util.Map;
-
-
-/**
- * @author 作者 owen E-mail: 624191343@qq.com
- * @version 创建时间：2017年11月12日 上午22:57:51
- * 异常通用处理
-*/
-@RestControllerAdvice
-public class ExceptionHandlerAdvice {
-
-	/**
-	 * IllegalArgumentException异常处理返回json
-	 * 状态码:400
-	 * @param exception
-	 * @return
-	 */
-	@ExceptionHandler({ IllegalArgumentException.class })
-	@ResponseStatus(HttpStatus.BAD_REQUEST)
-	public Map<String, Object> badRequestException(IllegalArgumentException exception) {
-		Map<String, Object> data = new HashMap<>();
-		data.put("resp_code", HttpStatus.BAD_REQUEST.value());
-		data.put("resp_msg", exception.getMessage());
-
-		return data;
-	}
-	/**
-	 * AccessDeniedException异常处理返回json
-	 * 状态码:403
-	 * @param exception
-	 * @return
-	 */
-	@ExceptionHandler({ AccessDeniedException.class })
-	@ResponseStatus(HttpStatus.FORBIDDEN)
-	public Map<String, Object> badMethodExpressException(AccessDeniedException exception) {
-		Map<String, Object> data = new HashMap<>();
-		data.put("resp_code", HttpStatus.FORBIDDEN.value());
-		data.put("resp_msg", exception.getMessage());
-
-		return data;
-	}
-	@ExceptionHandler({ StatusRuntimeException.class })
-	@ResponseStatus(HttpStatus.BAD_REQUEST)
-	public Map<String, Object> badRequestException(StatusRuntimeException exception) {
-		Map<String, Object> data = new HashMap<>();
-		data.put("resp_code", HttpStatus.INTERNAL_SERVER_ERROR.value());
-		data.put("resp_msg", exception.getMessage());
-
-		return data;
-	}
- 
-    
-}
@@ -1,90 +0,0 @@
-package com.sincere.autho.handler;
-
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.security.core.Authentication;
-import org.springframework.security.oauth2.common.OAuth2AccessToken;
-import org.springframework.security.oauth2.common.OAuth2RefreshToken;
-import org.springframework.security.oauth2.provider.authentication.OAuth2AuthenticationDetails;
-import org.springframework.security.oauth2.provider.token.TokenStore;
-import org.springframework.security.web.authentication.logout.LogoutHandler;
-import org.springframework.util.Assert;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import java.util.Enumeration;
-
-/**
- * @author keets
- * @date 2017/10/17
- */
-public class OauthLogoutHandler implements LogoutHandler {
-
-	private static final Logger logger = LoggerFactory.getLogger(OauthLogoutHandler.class);
-
-	@Autowired
-	private TokenStore tokenStore;
-
-	@Override
-	public void logout(HttpServletRequest request, HttpServletResponse response, Authentication authentication) {
-		Assert.notNull(tokenStore, "tokenStore must be set");
-		String token = extractToken(request);
-		if(token!=null || !"".equals(token)){
-			OAuth2AccessToken existingAccessToken = tokenStore.readAccessToken(token);
-			OAuth2RefreshToken refreshToken;
-			if (existingAccessToken != null) {
-				if (existingAccessToken.getRefreshToken() != null) {
-					logger.info("remove refreshToken!", existingAccessToken.getRefreshToken());
-					refreshToken = existingAccessToken.getRefreshToken();
-					tokenStore.removeRefreshToken(refreshToken);
-				}
-				logger.info("remove existingAccessToken!", existingAccessToken);
-				tokenStore.removeAccessToken(existingAccessToken);
-			}
-			return;
-		}
-
-	}
-
-	protected String extractToken(HttpServletRequest request) {
-		// first check the header...
-		String token = extractHeaderToken(request);
-
-		// bearer type allows a request parameter as well
-		if (token == null) {
-			logger.debug("Token not found in headers. Trying request parameters.");
-			token = request.getParameter(OAuth2AccessToken.ACCESS_TOKEN);
-			if (token == null) {
-				logger.debug("Token not found in request parameters.  Not an OAuth2 request.");
-			} else {
-				request.setAttribute(OAuth2AuthenticationDetails.ACCESS_TOKEN_TYPE, OAuth2AccessToken.BEARER_TYPE);
-			}
-		}
-
-		return token;
-	}
-
-	protected String extractHeaderToken(HttpServletRequest request) {
-		Enumeration<String> headers = request.getHeaders("Authorization");
-		while (headers.hasMoreElements()) { // typically there is only one (most
-											// servers enforce that)
-			String value = headers.nextElement();
-			if ((value.toLowerCase().startsWith(OAuth2AccessToken.BEARER_TYPE.toLowerCase()))) {
-				String authHeaderValue = value.substring(OAuth2AccessToken.BEARER_TYPE.length()).trim();
-				// Add this here for the auth details later. Would be better to
-				// change the signature of this method.
-				request.setAttribute(OAuth2AuthenticationDetails.ACCESS_TOKEN_TYPE,
-						value.substring(0, OAuth2AccessToken.BEARER_TYPE.length()).trim());
-				int commaIndex = authHeaderValue.indexOf(',');
-				if (commaIndex > 0) {
-					authHeaderValue = authHeaderValue.substring(0, commaIndex);
-				}
-				return authHeaderValue;
-			}
-		}
-
-		return null;
-	}
-
-}
@@ -1,13 +0,0 @@
-package com.sincere.autho.log.dao;
-
-import com.sincere.common.model.log.SysLog;
-import org.apache.ibatis.annotations.Insert;
-import org.apache.ibatis.annotations.Mapper;
-
-@Mapper
-public interface LogDao {
-
-	@Insert("insert into sys_log(username, module, params, remark, flag, createTime) values(#{username}, #{module}, #{params}, #{remark}, #{flag}, #{createTime})")
-	int save(SysLog log);
-
-}
@@ -1,11 +0,0 @@
-package com.sincere.autho.log.service;
-
-
-import com.sincere.common.model.log.SysLog;
-
-public interface LogService {
-
-	void save(SysLog log);
-
-
-}
@@ -1,34 +0,0 @@
-package com.sincere.autho.log.service.impl;
-
-import com.sincere.autho.annotation.datasource.DataSource;
-import com.sincere.autho.log.dao.LogDao;
-import com.sincere.autho.log.service.LogService;
-import com.sincere.common.model.log.SysLog;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.scheduling.annotation.Async;
-import org.springframework.stereotype.Service;
-
-import java.util.Date;
-
-@Service
-public class LogServiceImpl implements LogService {
-
-	@Autowired
-	private LogDao logDao;
-
-	@Async
-	@Override
-	@DataSource(name="log")
-	public void save(SysLog log) {
-		if (log.getCreateTime() == null) {
-			log.setCreateTime(new Date());
-		}
-		if (log.getFlag() == null) {
-			log.setFlag(Boolean.TRUE);
-		}
-
-		logDao.save(log);
-	}
-
-	 
-}
@@ -0,0 +1,10 @@
+package com.sincere.autho.mapper;
+
+import com.sincere.autho.dto.req.LoginReqDto;
+
+public interface UserMapper {
+
+    String loginTeacher(LoginReqDto loginReqDto) ;
+
+    String loginStudent(LoginReqDto loginReqDto) ;
+}
@@ -0,0 +1,8 @@
+package com.sincere.autho.service;
+
+import com.sincere.autho.dto.req.LoginReqDto;
+
+public interface LoginService {
+
+    String login(LoginReqDto loginReqDto);
+}
@@ -1,58 +0,0 @@
-package com.sincere.autho.service;
-
-import org.springframework.data.redis.core.RedisTemplate;
-import org.springframework.security.oauth2.provider.OAuth2Authentication;
-import org.springframework.security.oauth2.provider.code.RandomValueAuthorizationCodeServices;
-
-import java.util.concurrent.TimeUnit;
-
-/**
- * JdbcAuthorizationCodeServices替换
- */
-public class RedisAuthorizationCodeServices extends RandomValueAuthorizationCodeServices {
-
-	private RedisTemplate<String,Object> redisTemplate ;
-
-	
-	public RedisTemplate<String, Object> getRedisTemplate() {
-		return redisTemplate;
-	}
-
-	public void setRedisTemplate(RedisTemplate<String, Object> redisTemplate) {
-		this.redisTemplate = redisTemplate;
-	}
-
-	/**
-	 * 替换JdbcAuthorizationCodeServices的存储策略
-	 * 将存储code到redis，并设置过期时间，10分钟<br>
-	 */
-	@Override
-	protected void store(String code, OAuth2Authentication authentication) {
-		
-		redisTemplate.opsForValue().set(redisKey(code), authentication, 10, TimeUnit.MINUTES);
-		
-		 
-	}
-
-	@Override
-	protected OAuth2Authentication remove(final String code) {
-		 
-		String codeKey =redisKey(code) ;
-			
-		OAuth2Authentication token = (OAuth2Authentication) redisTemplate.opsForValue().get(codeKey) ;
-			
-		this.redisTemplate.delete(codeKey); 
-
-		return token;
-	}
-
-	/**
-	 * redis中 code key的前缀
-	 * 
-	 * @param code
-	 * @return
-	 */
-	private String redisKey(String code) {
-		return "oauth:code:" + code;
-	}
-}
@@ -1,153 +0,0 @@
-package com.sincere.autho.service;
-
-import com.alibaba.fastjson.JSONObject;
-import org.apache.commons.lang.StringUtils;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.data.redis.core.RedisTemplate;
-import org.springframework.security.oauth2.common.exceptions.InvalidClientException;
-import org.springframework.security.oauth2.provider.ClientDetails;
-import org.springframework.security.oauth2.provider.NoSuchClientException;
-import org.springframework.security.oauth2.provider.client.BaseClientDetails;
-import org.springframework.security.oauth2.provider.client.JdbcClientDetailsService;
-import org.springframework.util.CollectionUtils;
-
-import javax.sql.DataSource;
-import java.util.List;
-
-
-/**
- * @author owen 624191343@qq.com
- * @version 创建时间：2017年11月12日 上午22:57:51
- * 类说明
- * 将oauth_client_details表数据缓存到redis，这里做个缓存优化
- * layui模块中有对oauth_client_details的crud， 注意同步redis的数据
- * 注意对oauth_client_details清楚redis db部分数据的清空
- */
-
-public class RedisClientDetailsService extends JdbcClientDetailsService {
-
-
-    // 扩展 默认的 ClientDetailsService, 增加逻辑删除判断( status = 1)
-    private static final String SELECT_CLIENT_DETAILS_SQL = "select client_id, client_secret, resource_ids, scope, authorized_grant_types, " +
-            "web_server_redirect_uri, authorities, access_token_validity, refresh_token_validity, additional_information, autoapprove " +
-            "from oauth_client_details where client_id = ? and `status` = 1 ";
-
-
-    private static final String SELECT_FIND_STATEMENT = "select client_id, client_secret,resource_ids, scope, "
-            + "authorized_grant_types, web_server_redirect_uri, authorities, access_token_validity, "
-            + "refresh_token_validity, additional_information, autoapprove   from oauth_client_details where `status` = 1 order by client_id " ;
-
-    /**
-     * 缓存client的redis key，这里是hash结构存储
-     */
-    private static final String CACHE_CLIENT_KEY = "oauth_client_details";
-
-    private Logger logger = LoggerFactory.getLogger(RedisClientDetailsService.class) ;
-
-    private RedisTemplate<String,Object> redisTemplate ;
-
-    public RedisTemplate<String, Object> getRedisTemplate() {
-        return redisTemplate;
-    }
-
-    public void setRedisTemplate(RedisTemplate<String, Object> redisTemplate) {
-        this.redisTemplate = redisTemplate;
-    }
-
-    public RedisClientDetailsService(DataSource dataSource) {
-        super(dataSource);
-        setSelectClientDetailsSql(SELECT_CLIENT_DETAILS_SQL) ;
-        setFindClientDetailsSql(SELECT_FIND_STATEMENT) ;
-    }
-
-
-
-    @Override
-    public ClientDetails loadClientByClientId(String clientId) throws InvalidClientException {
-        ClientDetails clientDetails = null;
-
-        // 先从redis获取
-        String value = (String) redisTemplate.boundHashOps(CACHE_CLIENT_KEY).get(clientId);
-        if (StringUtils.isBlank(value)) {
-            clientDetails = cacheAndGetClient(clientId);
-        } else {
-            clientDetails = JSONObject.parseObject(value, BaseClientDetails.class);
-        }
-
-        return clientDetails;
-    }
-
-    /**
-     * 缓存client并返回client
-     *
-     * @param clientId
-     * @return
-     */
-    private ClientDetails cacheAndGetClient(String clientId) {
-        // 从数据库读取
-        ClientDetails clientDetails = null ;
-        try {
-            clientDetails = super.loadClientByClientId(clientId);
-            if (clientDetails != null) {
-                // 写入redis缓存
-                redisTemplate.boundHashOps(CACHE_CLIENT_KEY).put(clientId, JSONObject.toJSONString(clientDetails));
-                logger.info("缓存clientId:{},{}", clientId, clientDetails);
-            }
-        }catch (NoSuchClientException e){
-            logger.info("clientId:{},{}", clientId, clientId );
-        }catch (InvalidClientException e) {
-            // TODO Auto-generated catch block
-            e.printStackTrace();
-        }
-
-        return clientDetails;
-    }
-
-    @Override
-    public void updateClientDetails(ClientDetails clientDetails) throws NoSuchClientException {
-        super.updateClientDetails(clientDetails);
-        cacheAndGetClient(clientDetails.getClientId());
-    }
-
-    @Override
-    public void updateClientSecret(String clientId, String secret) throws NoSuchClientException {
-        super.updateClientSecret(clientId, secret);
-        cacheAndGetClient(clientId);
-    }
-
-    @Override
-    public void removeClientDetails(String clientId) throws NoSuchClientException {
-        super.removeClientDetails(clientId);
-        removeRedisCache(clientId);
-    }
-
-    /**
-     * 删除redis缓存
-     *
-     * @param clientId
-     */
-    private void removeRedisCache(String clientId) {
-        redisTemplate.boundHashOps(CACHE_CLIENT_KEY).delete(clientId);
-    }
-
-    /**
-     * 将oauth_client_details全表刷入redis
-     */
-    public void loadAllClientToCache() {
-        if (redisTemplate.hasKey(CACHE_CLIENT_KEY)) {
-            return;
-        }
-        logger.info("将oauth_client_details全表刷入redis");
-
-        List<ClientDetails> list = super.listClientDetails();
-        if (CollectionUtils.isEmpty(list)) {
-            logger.error("oauth_client_details表数据为空，请检查");
-            return;
-        }
-
-        list.parallelStream().forEach(client -> {
-            redisTemplate.boundHashOps(CACHE_CLIENT_KEY).put(client.getClientId(), JSONObject.toJSONString(client));
-        });
-    }
-}
@@ -0,0 +1,25 @@
+package com.sincere.autho.service.impl;
+
+import com.sincere.autho.dto.req.LoginReqDto;
+import com.sincere.autho.mapper.UserMapper;
+import com.sincere.autho.service.LoginService;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Service;
+
+@Service
+public class LoginServiceImpl implements LoginService {
+
+    @Autowired
+    UserMapper userMapper ;
+
+    @Override
+    public String login(LoginReqDto loginReqDto) {
+        String userId = "" ;
+        if(loginReqDto.getUserType() == 2){
+            userId = userMapper.loginStudent(loginReqDto);
+        }else {
+            userId = userMapper.loginTeacher(loginReqDto);
+        }
+        return userId;
+    }
+}
@@ -1,331 +0,0 @@
-package com.sincere.autho.token;
-
-import com.sincere.common.model.system.LoginAppUser;
-import org.springframework.data.redis.core.RedisTemplate;
-import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
-import org.springframework.security.oauth2.common.DefaultOAuth2AccessToken;
-import org.springframework.security.oauth2.common.ExpiringOAuth2RefreshToken;
-import org.springframework.security.oauth2.common.OAuth2AccessToken;
-import org.springframework.security.oauth2.common.OAuth2RefreshToken;
-import org.springframework.security.oauth2.provider.OAuth2Authentication;
-import org.springframework.security.oauth2.provider.token.AuthenticationKeyGenerator;
-import org.springframework.security.oauth2.provider.token.DefaultAuthenticationKeyGenerator;
-import org.springframework.security.oauth2.provider.token.TokenStore;
-
-import java.time.Instant;
-import java.time.LocalDateTime;
-import java.time.ZoneId;
-import java.util.*;
-import java.util.concurrent.TimeUnit;
-
-/**
- * @version  redis集群存储token
- */
-
-public class RedisTemplateTokenStore implements TokenStore {
-
-	private static final String ACCESS = "access:";
-	private static final String AUTH_TO_ACCESS = "auth_to_access:";
-	private static final String AUTH = "auth:";
-	private static final String REFRESH_AUTH = "refresh_auth:";
-	private static final String ACCESS_TO_REFRESH = "access_to_refresh:";
-	private static final String REFRESH = "refresh:";
-	private static final String REFRESH_TO_ACCESS = "refresh_to_access:";
-	private static final String CLIENT_ID_TO_ACCESS = "client_id_to_access:";
-	private static final String UNAME_TO_ACCESS = "uname_to_access:";
-	private static final String TOKEN = "token:";
-
-	private RedisTemplate<String, Object> redisTemplate;
-
-	public RedisTemplate<String, Object> getRedisTemplate() {
-		return redisTemplate;
-	}
-
-	public void setRedisTemplate(RedisTemplate<String, Object> redisTemplate) {
-		this.redisTemplate = redisTemplate;
-	}
-
-	private AuthenticationKeyGenerator authenticationKeyGenerator = new DefaultAuthenticationKeyGenerator();
-
-	public void setAuthenticationKeyGenerator(AuthenticationKeyGenerator authenticationKeyGenerator) {
-		this.authenticationKeyGenerator = authenticationKeyGenerator;
-	}
-
-	public OAuth2AccessToken getAccessToken(OAuth2Authentication authentication) {
-		String key = authenticationKeyGenerator.extractKey(authentication);
-		OAuth2AccessToken accessToken = (OAuth2AccessToken) redisTemplate.opsForValue().get(AUTH_TO_ACCESS + key);
-		if (accessToken != null
-				&& !key.equals(authenticationKeyGenerator.extractKey(readAuthentication(accessToken.getValue())))) {
-			// Keep the stores consistent (maybe the same user is represented by
-			// this authentication but the details
-			// have changed)
-			storeAccessToken(accessToken, authentication);
-		}
-		return accessToken;
-	}
-
-	public OAuth2Authentication readAuthentication(OAuth2AccessToken token) {
-		return readAuthentication(token.getValue());
-	}
-
-	public OAuth2Authentication readAuthentication(String token) {
-		return (OAuth2Authentication) this.redisTemplate.opsForValue().get(AUTH + token);
-	}
-
-	public OAuth2Authentication readAuthenticationForRefreshToken(OAuth2RefreshToken token) {
-		return readAuthenticationForRefreshToken(token.getValue());
-	}
-
-	public OAuth2Authentication readAuthenticationForRefreshToken(String token) {
-		return (OAuth2Authentication) this.redisTemplate.opsForValue().get(REFRESH_AUTH + token);
-	}
-
-	public void storeAccessToken(OAuth2AccessToken token, OAuth2Authentication authentication) {
-
-		OAuth2AccessToken existingAccessToken = this.getAccessToken(authentication);
-
-		this.redisTemplate.opsForValue().set(ACCESS + token.getValue(), token);
-		this.redisTemplate.opsForValue().set(AUTH + token.getValue(), authentication);
-		this.redisTemplate.opsForValue().set(AUTH_TO_ACCESS + authenticationKeyGenerator.extractKey(authentication),
-				token);
-
-		Map<String, Object> params = new HashMap<>();
-
-		params.put("clientId", authentication.getOAuth2Request().getClientId());
-
-		if (authentication.getUserAuthentication() instanceof UsernamePasswordAuthenticationToken) {
-			UsernamePasswordAuthenticationToken authenticationToken = (UsernamePasswordAuthenticationToken) authentication
-					.getUserAuthentication();
-			LoginAppUser appUser = (LoginAppUser) authenticationToken.getPrincipal();
-			params.put("username", appUser.getUsername());
-			params.put("authorities", appUser.getAuthorities());
-		}
-
-		if (!params.isEmpty()) {
-			this.redisTemplate.opsForValue().set(TOKEN + token.getValue(), params);
-		}
-
-		if (!authentication.isClientOnly()) {
-			if (existingAccessToken != null) {
-				if (!existingAccessToken.isExpired()) {
-					int seconds = token.getExpiresIn();
-					redisTemplate.expire(UNAME_TO_ACCESS + authentication.getOAuth2Request().getClientId(), seconds,
-							TimeUnit.SECONDS);
-				} else {
-					redisTemplate.opsForList().rightPush(UNAME_TO_ACCESS + getApprovalKey(authentication), token);
-				}
-			} else {
-				redisTemplate.opsForList().rightPush(UNAME_TO_ACCESS + getApprovalKey(authentication), token);
-			}
-
-		}
-
-		if (existingAccessToken != null) {
-			if (!existingAccessToken.isExpired()) {
-				int seconds = token.getExpiresIn();
-				redisTemplate.expire(CLIENT_ID_TO_ACCESS + authentication.getOAuth2Request().getClientId(), seconds,
-						TimeUnit.SECONDS);
-
-			} else {
-				redisTemplate.opsForList()
-						.rightPush(CLIENT_ID_TO_ACCESS + authentication.getOAuth2Request().getClientId(), token);
-			}
-		} else {
-			redisTemplate.opsForList().rightPush(CLIENT_ID_TO_ACCESS + authentication.getOAuth2Request().getClientId(),
-					token);
-		}
-
-		if (token.getExpiration() != null) {
-
-			int seconds = token.getExpiresIn();
-			redisTemplate.expire(ACCESS + token.getValue(), seconds, TimeUnit.SECONDS);
-			redisTemplate.expire(AUTH + token.getValue(), seconds, TimeUnit.SECONDS);
-			redisTemplate.expire(TOKEN + token.getValue(), seconds, TimeUnit.SECONDS);
-			redisTemplate.expire(AUTH_TO_ACCESS + authenticationKeyGenerator.extractKey(authentication), seconds,
-					TimeUnit.SECONDS);
-			redisTemplate.expire(CLIENT_ID_TO_ACCESS + authentication.getOAuth2Request().getClientId(), seconds,
-					TimeUnit.SECONDS);
-			redisTemplate.expire(UNAME_TO_ACCESS + getApprovalKey(authentication), seconds, TimeUnit.SECONDS);
-		}
-
-		OAuth2RefreshToken refreshToken = token.getRefreshToken();
-
-		if (token.getRefreshToken() != null && token.getRefreshToken().getValue() != null) {
-			this.redisTemplate.opsForValue().set(REFRESH_TO_ACCESS + token.getRefreshToken().getValue(),
-					token.getValue());
-			this.redisTemplate.opsForValue().set(ACCESS_TO_REFRESH + token.getValue(),
-					token.getRefreshToken().getValue());
-
-			if (refreshToken instanceof ExpiringOAuth2RefreshToken) {
-				ExpiringOAuth2RefreshToken expiringRefreshToken = (ExpiringOAuth2RefreshToken) refreshToken;
-				Date expiration = expiringRefreshToken.getExpiration();
-				if (expiration != null) {
-					int seconds = Long.valueOf((expiration.getTime() - System.currentTimeMillis()) / 1000L).intValue();
-
-					redisTemplate.expire(REFRESH_TO_ACCESS + token.getRefreshToken().getValue(), seconds,
-							TimeUnit.SECONDS);
-					redisTemplate.expire(ACCESS_TO_REFRESH + token.getValue(), seconds, TimeUnit.SECONDS);
-
-				}
-			}
-
-		}
-	}
-
-	private String getApprovalKey(OAuth2Authentication authentication) {
-		String userName = authentication.getUserAuthentication() == null ? ""
-				: authentication.getUserAuthentication().getName();
-		return getApprovalKey(authentication.getOAuth2Request().getClientId(), userName);
-	}
-
-	private String getApprovalKey(String clientId, String userName) {
-		return clientId + (userName == null ? "" : ":" + userName);
-	}
-
-	public void removeAccessToken(OAuth2AccessToken accessToken) {
-		removeAccessToken(accessToken.getValue());
-	}
-
-	public OAuth2AccessToken readAccessToken(String tokenValue) {
-
-		OAuth2Authentication oauth2Authentication = (OAuth2Authentication) this.redisTemplate.opsForValue()
-				.get(AUTH + tokenValue);
-		OAuth2AccessToken oauth2AccessToken = (OAuth2AccessToken) this.redisTemplate.opsForValue()
-				.get(ACCESS + tokenValue);
-		if (oauth2Authentication != null) {
-			String auth_to_access = authenticationKeyGenerator.extractKey(oauth2Authentication);
-			if (oauth2AccessToken != null) {
-				if (oauth2AccessToken.getExpiresIn() < 180) {
-
-					if (oauth2AccessToken instanceof DefaultOAuth2AccessToken) {
-						DefaultOAuth2AccessToken token = (DefaultOAuth2AccessToken) oauth2AccessToken;
-//						Calendar cal = Calendar.getInstance();
-//						cal.add(Calendar.DATE, 30);
-//						Date date = cal.getTime();
-						/**
-						 * 	自动续费 30分钟
-						 */
-						LocalDateTime t1 = LocalDateTime.now().plusMinutes(30);
-						ZoneId zone = ZoneId.systemDefault();
-						Instant instant = t1.atZone(zone).toInstant();
-						Date date = Date.from(instant);
-
-						token.setExpiration(date);
-
-						int seconds = token.getExpiresIn();
-
-						this.redisTemplate.opsForValue().set(AUTH_TO_ACCESS + auth_to_access, token, seconds,
-								TimeUnit.SECONDS);
-						this.redisTemplate.opsForValue().set(ACCESS + token.getValue(), token, seconds,
-								TimeUnit.SECONDS);
-
-						redisTemplate.expire(AUTH + token.getValue(), seconds, TimeUnit.SECONDS);
-						redisTemplate.expire(TOKEN + token.getValue(), seconds, TimeUnit.SECONDS);
-
-						redisTemplate.expire(
-								CLIENT_ID_TO_ACCESS + oauth2Authentication.getOAuth2Request().getClientId(), seconds,
-								TimeUnit.SECONDS);
-						redisTemplate.expire(UNAME_TO_ACCESS + getApprovalKey(oauth2Authentication), seconds,
-								TimeUnit.SECONDS);
-
-					}
-
-				}
-			}
-		}
-
-		return oauth2AccessToken;
-	}
-
-	public void removeAccessToken(String tokenValue) {
-		OAuth2AccessToken removed = (OAuth2AccessToken) redisTemplate.opsForValue().get(ACCESS + tokenValue);
-		// Don't remove the refresh token - it's up to the caller to do that
-		OAuth2Authentication authentication = (OAuth2Authentication) this.redisTemplate.opsForValue()
-				.get(AUTH + tokenValue);
-
-		this.redisTemplate.delete(AUTH + tokenValue);
-		redisTemplate.delete(ACCESS + tokenValue);
-		redisTemplate.delete(TOKEN + tokenValue);
-		this.redisTemplate.delete(ACCESS_TO_REFRESH + tokenValue);
-
-		if (authentication != null) {
-			this.redisTemplate.delete(AUTH_TO_ACCESS + authenticationKeyGenerator.extractKey(authentication));
-
-			String clientId = authentication.getOAuth2Request().getClientId();
-
-			// redisTemplate.opsForList().rightPush("UNAME_TO_ACCESS:"+getApprovalKey(authentication),
-			// token) ;
-			redisTemplate.opsForList().leftPop(UNAME_TO_ACCESS + getApprovalKey(clientId, authentication.getName()));
-
-			redisTemplate.opsForList().leftPop(CLIENT_ID_TO_ACCESS + clientId);
-
-			this.redisTemplate.delete(AUTH_TO_ACCESS + authenticationKeyGenerator.extractKey(authentication));
-		}
-	}
-
-	public void storeRefreshToken(OAuth2RefreshToken refreshToken, OAuth2Authentication authentication) {
-		this.redisTemplate.opsForValue().set(REFRESH + refreshToken.getValue(), refreshToken);
-		this.redisTemplate.opsForValue().set(REFRESH_AUTH + refreshToken.getValue(), authentication);
-	}
-
-	public OAuth2RefreshToken readRefreshToken(String tokenValue) {
-		return (OAuth2RefreshToken) this.redisTemplate.opsForValue().get(REFRESH + tokenValue);
-	}
-
-	public void removeRefreshToken(OAuth2RefreshToken refreshToken) {
-		removeRefreshToken(refreshToken.getValue());
-	}
-
-	public void removeRefreshToken(String tokenValue) {
-		this.redisTemplate.delete(REFRESH + tokenValue);
-		this.redisTemplate.delete(REFRESH_AUTH + tokenValue);
-		this.redisTemplate.delete(REFRESH_TO_ACCESS + tokenValue);
-	}
-
-	public void removeAccessTokenUsingRefreshToken(OAuth2RefreshToken refreshToken) {
-		removeAccessTokenUsingRefreshToken(refreshToken.getValue());
-	}
-
-	private void removeAccessTokenUsingRefreshToken(String refreshToken) {
-
-		String token = (String) this.redisTemplate.opsForValue().get(REFRESH_TO_ACCESS + refreshToken);
-
-		if (token != null) {
-			redisTemplate.delete(REFRESH_TO_ACCESS + refreshToken);
-		}
-	}
-
-	public Collection<OAuth2AccessToken> findTokensByClientIdAndUserName(String clientId, String userName) {
-		List<Object> result = redisTemplate.opsForList().range(UNAME_TO_ACCESS + getApprovalKey(clientId, userName), 0,
-				-1);
-
-		if (result == null || result.size() == 0) {
-			return Collections.<OAuth2AccessToken>emptySet();
-		}
-		List<OAuth2AccessToken> accessTokens = new ArrayList<OAuth2AccessToken>(result.size());
-
-		for (Iterator<Object> it = result.iterator(); it.hasNext();) {
-			OAuth2AccessToken accessToken = (OAuth2AccessToken) it.next();
-			accessTokens.add(accessToken);
-		}
-
-		return Collections.<OAuth2AccessToken>unmodifiableCollection(accessTokens);
-	}
-
-	public Collection<OAuth2AccessToken> findTokensByClientId(String clientId) {
-		List<Object> result = redisTemplate.opsForList().range((CLIENT_ID_TO_ACCESS + clientId), 0, -1);
-
-		if (result == null || result.size() == 0) {
-			return Collections.<OAuth2AccessToken>emptySet();
-		}
-		List<OAuth2AccessToken> accessTokens = new ArrayList<OAuth2AccessToken>(result.size());
-
-		for (Iterator<Object> it = result.iterator(); it.hasNext();) {
-			OAuth2AccessToken accessToken = (OAuth2AccessToken) it.next();
-			accessTokens.add(accessToken);
-		}
-
-		return Collections.<OAuth2AccessToken>unmodifiableCollection(accessTokens);
-	}
-
-}
@@ -1,35 +0,0 @@
-package com.sincere.autho.utils;
-
-import org.springframework.beans.BeansException;
-import org.springframework.context.ApplicationContext;
-import org.springframework.context.ApplicationContextAware;
-import org.springframework.core.env.Environment;
-import org.springframework.stereotype.Component;
-
-/**
- * spring获取bean工具类
- * 
- *
- */
-@Component
-public class SpringUtil implements ApplicationContextAware {
-
-	private static ApplicationContext applicationContext = null;
-
-	@Override
-	public void setApplicationContext(ApplicationContext applicationContext) throws BeansException {
-		SpringUtil.applicationContext = applicationContext;
-	}
-
-	public static <T> T getBean(Class<T> cla) {
-		return applicationContext.getBean(cla);
-	}
-
-	public static <T> T getBean(String name, Class<T> cal) {
-		return applicationContext.getBean(name, cal);
-	}
-
-	public static String getProperty(String key) {
-		return applicationContext.getBean(Environment.class).getProperty(key);
-	}
-}
@@ -1,41 +0,0 @@
-package com.sincere.autho.utils;
-
-import com.sincere.common.model.system.LoginAppUser;
-import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
-import org.springframework.security.core.Authentication;
-import org.springframework.security.core.context.SecurityContextHolder;
-import org.springframework.security.oauth2.provider.OAuth2Authentication;
-import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken;
-
-/**
- * @author 作者 owen E-mail: 624191343@qq.com
- * @version 创建时间：2017年11月12日 上午22:57:51 获取用户信息
- */
-public class SysUserUtil {
-
-	/**
-	 * 获取登陆的 LoginAppUser
-	 * 
-	 * @return
-	 */
-	@SuppressWarnings("rawtypes")
-	public static LoginAppUser getLoginAppUser() {
-		Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
-		if (authentication instanceof OAuth2Authentication) {
-			OAuth2Authentication oAuth2Auth = (OAuth2Authentication) authentication;
-			authentication = oAuth2Auth.getUserAuthentication();
-
-			if (authentication instanceof UsernamePasswordAuthenticationToken) {
-				UsernamePasswordAuthenticationToken authenticationToken = (UsernamePasswordAuthenticationToken) authentication;
-				return (LoginAppUser) authenticationToken.getPrincipal();
-			} else if (authentication instanceof PreAuthenticatedAuthenticationToken) {
-				// 刷新token方式
-				PreAuthenticatedAuthenticationToken authenticationToken = (PreAuthenticatedAuthenticationToken) authentication;
-				return (LoginAppUser) authenticationToken.getPrincipal();
-
-			}
-		}
-
-		return null;
-	}
-}
 server:
-  port: 8763
+  port: 9005
 spring:
   application:
-    name: auth-server
-session:
-  store-type: redis
+    name: authserver
   datasource:
-    dynamic:
-      enable: true
-    druid:
-      # JDBC 配置(驱动类自动从url的mysql识别,数据源类型自动识别)
-      core:
-        url: jdbc:mysql://localhost/oauth-center?useUnicode=true&characterEncoding=utf-8&allowMultiQueries=true&useSSL=false
-        username: root
-        password: root
-        driver-class-name:  com.mysql.jdbc.Driver
-      log:
-        url: jdbc:mysql://59.110.164.254:3306/log-center?useUnicode=true&characterEncoding=utf-8&allowMultiQueries=true&useSSL=false
-        username: root
-        password: root
-        driver-class-name:  com.mysql.jdbc.Driver
-      #连接池配置(通常来说，只需要修改initialSize、minIdle、maxActive
-      initial-size: 1
-      max-active: 20
-      min-idle: 1
-      # 配置获取连接等待超时的时间
-      max-wait: 60000
-      #打开PSCache，并且指定每个连接上PSCache的大小
-      pool-prepared-statements: true
-      max-pool-prepared-statement-per-connection-size: 20
-      validation-query: SELECT 'x'
-      test-on-borrow: false
-      test-on-return: false
-      test-while-idle: true
-      #配置间隔多久才进行一次检测，检测需要关闭的空闲连接，单位是毫秒
-      time-between-eviction-runs-millis: 60000
-      #配置一个连接在池中最小生存的时间，单位是毫秒
-      min-evictable-idle-time-millis: 300000
-      filters: stat,wall
-      # WebStatFilter配置，说明请参考Druid Wiki，配置_配置WebStatFilter
-      #是否启用StatFilter默认值true
-      web-stat-filter.enabled: true
-      web-stat-filter.url-pattern:  /*
-      web-stat-filter.exclusions: "*.js , *.gif ,*.jpg ,*.png ,*.css ,*.ico , /druid/*"
-      web-stat-filter.session-stat-max-count: 1000
-      web-stat-filter.profile-enable: true
-      # StatViewServlet配置
-      #展示Druid的统计信息,StatViewServlet的用途包括：1.提供监控信息展示的html页面2.提供监控信息的JSON API
-      #是否启用StatViewServlet默认值true
-      stat-view-servlet.enabled: true
-      #根据配置中的url-pattern来访问内置监控页面，如果是上面的配置，内置监控页面的首页是/druid/index.html例如：
-      #http://110.76.43.235:9000/druid/index.html
-      #http://110.76.43.235:8080/mini-web/druid/index.html
-      stat-view-servlet.url-pattern:  /druid/*
-      #允许清空统计数据
-      stat-view-servlet.reset-enable:  true
-      stat-view-servlet.login-username: admin
-      stat-view-servlet.login-password: admin
-      #StatViewSerlvet展示出来的监控信息比较敏感，是系统运行的内部情况，如果你需要做访问控制，可以配置allow和deny这两个参数
-      #deny优先于allow，如果在deny列表中，就算在allow列表中，也会被拒绝。如果allow没有配置或者为空，则允许所有访问
-      #配置的格式
-      #<IP>
-      #或者<IP>/<SUB_NET_MASK_size>其中128.242.127.1/24
-      #24表示，前面24位是子网掩码，比对的时候，前面24位相同就匹配,不支持IPV6。
-      #stat-view-servlet.allow=
-      #stat-view-servlet.deny=128.242.127.1/24,128.242.128.1
-      # Spring监控配置，说明请参考Druid Github Wiki，配置_Druid和Spring关联监控配置
-      #aop-patterns= # Spring监控AOP切入点，如x.y.z.service.*,配置多个英文逗号分隔
-################### mysq end ##########################
-
-
+    username: szjxtuser
+    password: RQminVCJota3H1u8bBYH
+    url: jdbc:sqlserver://116.62.155.137:33419;database=SmartCampus
+    driver-class-name: com.microsoft.sqlserver.jdbc.SQLServerDriver
+##mybatis
+mybatis:
+  mapper-locations: classpath:mapper/*.xml
+  type-aliases-package: com.sincere.autho.mapper
+  check-config-location: true
+ribbon:
+  ReadTimeout: 50000
+  ConnectTimeout: 5000
 eureka:
   instance:
     hostname: localhost
@@ -78,19 +24,5 @@ eureka:
     lease-renewal-interval-in-seconds: 10
   client:
     service-url:
-      defaultZone: http://121.40.109.21:8761/eureka/,http://121.40.109.21:8762/eureka/
-
+      defaultZone: http://localhost:8761/eureka/,http://localhost:8762/eureka/
-  redis:
-    ################### redis 单机版 start ##########################
-    host: localhost
-    port: 6379
-    timeout: 6000
-    database: 2
-    lettuce:
-      pool:
-        max-active: 10 # 连接池最大连接数（使用负值表示没有限制）,如果赋值为-1，则表示不限制；如果pool已经分配了maxActive个jedis实例，则此时pool的状态为exhausted(耗尽)
-        max-idle: 8   # 连接池中的最大空闲连接 ，默认值也是8
-        max-wait: 100 # # 等待可用连接的最大时间，单位毫秒，默认值为-1，表示永不超时。如果超过等待时间，则直接抛出JedisConnectionException
-        min-idle: 2    # 连接池中的最小空闲连接 ，默认值也是0
-      shutdown-timeout: 100ms
 \ No newline at end of file
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd" >
+<mapper namespace="com.sincere.autho.mapper.UserMapper">
+
+
+    <select id="loginTeacher" parameterType="com.sincere.autho.dto.req.LoginReqDto" resultType="java.lang.String">
+        select user_id from SZ_User where mobile = #{account} and pass = #{password}
+    </select>
+
+    <select id="loginStudent" parameterType="com.sincere.autho.dto.req.LoginReqDto"  resultType="java.lang.String">
+        select user_id from SZ_User where othername = #{account} and pass = #{password}
+    </select>
+
+</mapper>
@@ -20,7 +20,7 @@ public class TokenUtils {
     /**
      * 过期时间5秒
      */
-    private static final long EXPIRE_TIME = 1000 * 60 * 60 * 24;
+    private static final long EXPIRE_TIME = 1000 * 60 * 60 * 24 * 3;
     /**
@@ -63,8 +63,8 @@ public class AccessFilter implements GlobalFilter, Ordered {
 				exchange.getResponse().setStatusCode(HttpStatus.UNAUTHORIZED);
 				ServerHttpResponse response = exchange.getResponse();
 				JSONObject message = new JSONObject();
-				message.put("resp_code", result.getCode());
-				message.put("resp_msg", result.getMessage());
+				message.put("code", result.getCode());
+				message.put("message", result.getMessage());
 				byte[] bits = message.toJSONString().getBytes(StandardCharsets.UTF_8);
 				DataBuffer buffer = response.bufferFactory().wrap(bits);
 				response.setStatusCode(HttpStatus.UNAUTHORIZED);
@@ -86,7 +86,7 @@ public class AccessFilter implements GlobalFilter, Ordered {
 				return ResultEnums.getByCode(e.getCode());
 			}
 		}
-		return ResultEnums.error ;
+		return ResultEnums.success ;
 	}
 	public String extractToken(ServerHttpRequest request) {
@@ -27,5 +27,11 @@ spring:
             - Path=/haikangserver/**
           filters:
             - StripPrefix=1
+        - id: authserver
+          uri: lb://authserver
+          predicates:
+            - Path=/authserver/**
+          filters:
+            - StripPrefix=1
 url:
-  ignored: /user/**
 \ No newline at end of file
+  ignored: /authserver/**
 \ No newline at end of file
@@ -40,8 +40,8 @@ public class UserController {
      */
     @ApiOperation("根据userId 获取用户信息")
     @RequestMapping(value = "getUserInfo" , method = RequestMethod.GET)
-    public String getUserInfo(){
-        return "aa" ;
+    public String getUserInfo(UserInfo userInfo){
+        return userInfo.getUserId() ;
     }
     public void getUserId(){
@@ -12,7 +12,7 @@ spring:
 ##mybatis
 mybatis:
   mapper-locations: classpath:mapper/*.xml
-  type-aliases-package: com.sincere.quartz.mapper
+  type-aliases-package: com.sincere.userSearch.mapper
   check-config-location: true
 ribbon:
   ReadTimeout: 50000
	@@ -13,63 +13,142 @@		@@ -13,63 +13,142 @@
13	<name>autho</name>	13	<name>autho</name>
14	<description>Demo project for Spring Boot</description>	14	<description>Demo project for Spring Boot</description>
15		15
16	- <properties>
17	- <java.version>1.8</java.version>
18	- <spring-cloud.version>Greenwich.SR2</spring-cloud.version>
19	- </properties>
20	-
21	<dependencies>	16	<dependencies>
22	<dependency>	17	<dependency>
23	<groupId>com.sincere</groupId>	18	<groupId>com.sincere</groupId>
24	<artifactId>common</artifactId>	19	<artifactId>common</artifactId>
25	- <version>0.0.1-SNAPSHOT</version>	20	+ <version>1.0.0</version>
26	</dependency>	21	</dependency>
27	<dependency>	22	<dependency>
28	- <groupId>org.springframework.cloud</groupId>
29	- <artifactId>spring-cloud-starter-oauth2</artifactId>	23	+ <groupId>org.springframework.boot</groupId>
		24	+ <artifactId>spring-boot-starter-test</artifactId>
		25	+ <scope>test</scope>
30	</dependency>	26	</dependency>
31	-
32	<dependency>	27	<dependency>
33	<groupId>org.springframework.cloud</groupId>	28	<groupId>org.springframework.cloud</groupId>
34	- <artifactId>spring-cloud-starter-security</artifactId>
35	- <version>2.1.3.RELEASE</version>	29	+ <artifactId>spring-cloud-starter-feign</artifactId>
		30	+ <version>1.3.6.RELEASE</version>
36	</dependency>	31	</dependency>
37	<dependency>	32	<dependency>
38	<groupId>org.springframework.cloud</groupId>	33	<groupId>org.springframework.cloud</groupId>
39	- <artifactId>spring-cloud-starter-openfeign</artifactId>	34	+ <artifactId>spring-cloud-openfeign-core</artifactId>
		35	+ <version>2.1.2.RELEASE</version>
40	</dependency>	36	</dependency>
41	-
42	<dependency>	37	<dependency>
43	- <groupId>org.springframework.boot</groupId>
44	- <artifactId>spring-boot-starter-data-redis</artifactId>	38	+ <groupId>org.apache.commons</groupId>
		39	+ <artifactId>commons-lang3</artifactId>
		40	+ <version>3.3.2</version>
45	</dependency>	41	</dependency>
46	<dependency>	42	<dependency>
47	- <groupId>io.grpc</groupId>
48	- <artifactId>grpc-core</artifactId>
49	- <version>1.18.0</version>	43	+ <groupId>org.mybatis.spring.boot</groupId>
		44	+ <artifactId>mybatis-spring-boot-starter</artifactId>
		45	+ <version>1.3.0</version>
50	</dependency>	46	</dependency>
51	-
52	<dependency>	47	<dependency>
53	- <groupId>io.springfox</groupId>
54	- <artifactId>springfox-swagger2</artifactId>
55	- <version>2.9.2</version>	48	+ <groupId>com.microsoft.sqlserver</groupId>
		49	+ <artifactId>mssql-jdbc</artifactId>
		50	+ <version>6.4.0.jre8</version>
56	</dependency>	51	</dependency>
57	-
58	<dependency>	52	<dependency>
59	- <groupId>io.springfox</groupId>
60	- <artifactId>springfox-swagger-ui</artifactId>
61	- <version>2.9.2</version>	53	+ <groupId>org.springframework.boot</groupId>
		54	+ <artifactId>spring-boot-starter-web</artifactId>
62	</dependency>	55	</dependency>
63	-
64	</dependencies>	56	</dependencies>
65		57
		58	+ <dependencyManagement>
		59	+ <dependencies>
		60	+ <dependency>
		61	+ <groupId>org.springframework.cloud</groupId>
		62	+ <artifactId>spring-cloud-dependencies</artifactId>
		63	+ <version>${spring-cloud.version}</version>
		64	+ <type>pom</type>
		65	+ <scope>import</scope>
		66	+ </dependency>
		67	+ </dependencies>
		68	+ </dependencyManagement>
		69	+
66	<build>	70	<build>
		71	+ <!--打包文件名-->
		72	+ <finalName>quartz_server</finalName>
		73	+ <!--打包方式-->
67	<plugins>	74	<plugins>
		75	+ <!-- 设置编译版本 -->
		76	+ <plugin>
		77	+ <groupId>org.apache.maven.plugins</groupId>
		78	+ <artifactId>maven-compiler-plugin</artifactId>
		79	+ <version>3.1</version>
		80	+ <configuration>
		81	+ <source>1.8</source>
		82	+ <target>1.8</target>
		83	+ <encoding>UTF-8</encoding>
		84	+ </configuration>
		85	+ </plugin>
		86	+ <!-- 打包jar文件时，配置manifest文件，加入lib包的jar依赖 -->
		87	+ <!-- 本地启动需要注释-->
		88	+ <plugin>
		89	+ <groupId>org.apache.maven.plugins</groupId>
		90	+ <artifactId>maven-jar-plugin</artifactId>
		91	+ <configuration>
		92	+ <archive>
		93	+ <manifest>
		94	+ <mainClass>com.sincere.userSearch.UserApplication</mainClass>
		95	+ <addClasspath>true</addClasspath>
		96	+ <classpathPrefix>lib/</classpathPrefix>
		97	+ </manifest>
		98	+ <manifestEntries>
		99	+ <Class-Path>./config/</Class-Path>
		100	+ </manifestEntries>
		101	+ </archive>
		102	+ <excludes>
		103	+ <exclude>config/**</exclude>
		104	+ </excludes>
		105	+ <classesDirectory></classesDirectory>
		106	+ </configuration>
		107	+ </plugin>
		108	+ <!-- 拷贝依赖的jar包到lib目录 -->
68	<plugin>	109	<plugin>
69	- <groupId>org.springframework.boot</groupId>
70	- <artifactId>spring-boot-maven-plugin</artifactId>	110	+ <groupId>org.apache.maven.plugins</groupId>
		111	+ <artifactId>maven-dependency-plugin</artifactId>
		112	+ <executions>
		113	+ <execution>
		114	+ <id>copy</id>
		115	+ <phase>package</phase>
		116	+ <goals>
		117	+ <goal>copy-dependencies</goal>
		118	+ </goals>
		119	+ <configuration>
		120	+ <outputDirectory>
		121	+ ${project.build.directory}/lib
		122	+ </outputDirectory>
		123	+ </configuration>
		124	+ </execution>
		125	+ </executions>
		126	+ </plugin>
		127	+ <!-- 解决资源文件的编码问题 -->
		128	+ <plugin>
		129	+ <groupId>org.apache.maven.plugins</groupId>
		130	+ <artifactId>maven-resources-plugin</artifactId>
		131	+ <version>2.5</version>
		132	+ <configuration>
		133	+ <encoding>UTF-8</encoding>
		134	+ </configuration>
		135	+ </plugin>
		136	+ <!-- 打包source文件为jar文件 -->
		137	+ <plugin>
		138	+ <artifactId>maven-source-plugin</artifactId>
		139	+ <version>2.2</version>
		140	+ <configuration>
		141	+ <attach>true</attach>
		142	+ </configuration>
		143	+ <executions>
		144	+ <execution>
		145	+ <phase>compile</phase>
		146	+ <goals>
		147	+ <goal>jar</goal>
		148	+ </goals>
		149	+ </execution>
		150	+ </executions>
71	</plugin>	151	</plugin>
72	</plugins>	152	</plugins>
73	</build>	153	</build>
74	-
75	</project>	154	</project>
@@ -0,0 +1,52 @@		@@ -0,0 +1,52 @@
	1	+package com.sincere.autho;
	2	+
	3	+import io.swagger.annotations.ApiOperation;
	4	+import org.springframework.context.annotation.Bean;
	5	+import org.springframework.context.annotation.Configuration;
	6	+import springfox.documentation.builders.ApiInfoBuilder;
	7	+import springfox.documentation.builders.ParameterBuilder;
	8	+import springfox.documentation.builders.PathSelectors;
	9	+import springfox.documentation.builders.RequestHandlerSelectors;
	10	+import springfox.documentation.schema.ModelRef;
	11	+import springfox.documentation.service.ApiInfo;
	12	+import springfox.documentation.service.Parameter;
	13	+import springfox.documentation.spi.DocumentationType;
	14	+import springfox.documentation.spring.web.plugins.Docket;
	15	+import springfox.documentation.swagger2.annotations.EnableSwagger2;
	16	+
	17	+import java.util.ArrayList;
	18	+import java.util.List;
	19	+
	20	+@EnableSwagger2
	21	+@Configuration //让Spring来加载该类配置
	22	+public class Swagger2 {
	23	+
	24	+ @Bean
	25	+ public Docket createRestApi() {
	26	+ ParameterBuilder ticketPar = new ParameterBuilder();
	27	+ List<Parameter> pars = new ArrayList<Parameter>();
	28	+ ticketPar.name("X-Authorization").description("user token")
	29	+ .modelRef(new ModelRef("string")).parameterType("header")
	30	+ .required(false).build(); //header中的ticket参数非必填，传空也可以
	31	+ pars.add(ticketPar.build());
	32	+
	33	+
	34	+ return new Docket(DocumentationType.SWAGGER_2)
	35	+ .apiInfo(apiInfo())
	36	+ .enableUrlTemplating(true)
	37	+ .select()
	38	+ // 扫描所有有注解的api，用这种方式更灵活
	39	+ .apis(RequestHandlerSelectors.basePackage("com.sincere.autho.control"))
	40	+ .paths(PathSelectors.any())
	41	+ .build().globalOperationParameters(pars);
	42	+
	43	+ }
	44	+ private ApiInfo apiInfo() {
	45	+ return new ApiInfoBuilder()
	46	+ .title("Spring Boot中使用Swagger2构建RESTful APIs")
	47	+ .description("接口文档")
	48	+ .termsOfServiceUrl("")
	49	+ .version("1.0")
	50	+ .build();
	51	+ }
	52	+}
	@@ -1,22 +0,0 @@		@@ -1,22 +0,0 @@
1	-package com.sincere.autho.annotation;
2	-
3	-import com.sincere.autho.autoconfigure.LoggingConfigurationSelector;
4	-import org.springframework.context.annotation.Import;
5	-
6	-import java.lang.annotation.*;
7	-
8	-
9	-/**
10	- * 启动日志框架支持
11	- * @author owen
12	- * @create 2017年7月2日
13	- */
14	-
15	-@Target(ElementType.TYPE)
16	-@Retention(RetentionPolicy.RUNTIME)
17	-@Documented
18	-//自动装配starter
19	-@Import(LoggingConfigurationSelector.class)
20	-public @interface EnableLogging{
21	-// String name() ;
22	-}
23	\ No newline at end of file	0	\ No newline at end of file
	@@ -1,16 +0,0 @@		@@ -1,16 +0,0 @@
1	-package com.sincere.autho.annotation.datasource;
2	-
3	-import java.lang.annotation.*;
4	-
5	-
6	-/**
7	- * 数据源选择
8	- * @author owen
9	- * @create 2017年7月2日
10	- */
11	-@Target({ElementType.METHOD, ElementType.TYPE})
12	-@Retention(RetentionPolicy.RUNTIME)
13	-@Documented
14	-public @interface DataSource {
15	- String name();
16	-}
17	\ No newline at end of file	0	\ No newline at end of file
	@@ -1,26 +0,0 @@	@@ -1,26 +0,0 @@
1	-package com.sincere.autho.annotation.log;
2	-
3	-import java.lang.annotation.*;
4	-
5	-/**
6	- * 日志注解
7	- * @author owen
8	- * @create 2017年7月2日
9	- */
10	-@Target({ElementType.METHOD, ElementType.TYPE})
11	-@Retention(RetentionPolicy.RUNTIME)
12	-@Documented
13	-public @interface LogAnnotation {
14	-
15	- /**
16	- * 模块
17	- * @return
18	- */
19	- String module();
20	-
21	- /**
22	- * 记录执行参数
23	- * @return
24	- */
25	- boolean recordRequestParam() default true;
26	-}
	@@ -1,23 +0,0 @@	@@ -1,23 +0,0 @@
1	-package com.sincere.autho.autoconfigure;
2	-
3	-import org.springframework.context.annotation.ImportSelector;
4	-import org.springframework.core.type.AnnotationMetadata;
5	-
6	-/**
7	- * @author owen
8	- * @create 2017年7月2日
9	- * 装配bean
10	- */
11	-public class LoggingConfigurationSelector implements ImportSelector {
12	-
13	- @Override
14	- public String[] selectImports(AnnotationMetadata importingClassMetadata) {
15	- // TODO Auto-generated method stub
16	-// importingClassMetadata.getAllAnnotationAttributes(EnableEcho.class.getName());
17	- return new String[] {
18	- "com.sincere.autho.autoconfigure.datasource.DataSourceAspect",
19	- "com.sincere.autho.autoconfigure.log.LogAnnotationAspect"
20	- };
21	- }
22	-
23	-}
	@@ -1,42 +0,0 @@		@@ -1,42 +0,0 @@
1	-package com.sincere.autho.autoconfigure.datasource;
2	-
3	-import com.sincere.autho.annotation.datasource.DataSource;
4	-import com.sincere.common.config.DataSourceHolder;
5	-import com.sincere.common.config.DataSourceKey;
6	-import org.aspectj.lang.JoinPoint;
7	-import org.aspectj.lang.annotation.After;
8	-import org.aspectj.lang.annotation.Aspect;
9	-import org.aspectj.lang.annotation.Before;
10	-import org.slf4j.Logger;
11	-import org.slf4j.LoggerFactory;
12	-import org.springframework.core.annotation.Order;
13	-
14	-/**
15	- * 切换数据源Advice
16	- */
17	-@Aspect
18	-@Order(-1) // 保证该AOP在@Transactional之前执行
19	-public class DataSourceAspect {
20	-
21	- private static final Logger logger = LoggerFactory.getLogger(DataSourceAspect.class);
22	-
23	- @Before("@annotation(ds)")
24	- public void changeDataSource(JoinPoint point, DataSource ds) throws Throwable {
25	- String dsId = ds.name();
26	- try {
27	- DataSourceKey dataSourceKey = DataSourceKey.valueOf(dsId);
28	- DataSourceHolder.setDataSourceKey(dataSourceKey);
29	- } catch (Exception e) {
30	- logger.error("数据源[{}]不存在，使用默认数据源 > {}", ds.name(), point.getSignature());
31	- }
32	-
33	-
34	- }
35	-
36	- @After("@annotation(ds)")
37	- public void restoreDataSource(JoinPoint point, DataSource ds) {
38	- logger.debug("Revert DataSource : {transIdo} > {}", ds.name(), point.getSignature());
39	- DataSourceHolder.clearDataSourceKey();
40	- }
41	-
42	-}
43	\ No newline at end of file	0	\ No newline at end of file
	@@ -1,133 +0,0 @@		@@ -1,133 +0,0 @@
1	-package com.sincere.autho.autoconfigure.log;
2	-
3	-import com.alibaba.fastjson.JSON;
4	-import com.alibaba.fastjson.JSONObject;
5	-import com.sincere.autho.annotation.log.LogAnnotation;
6	-import com.sincere.autho.log.service.LogService;
7	-import com.sincere.autho.log.service.impl.LogServiceImpl;
8	-import com.sincere.autho.utils.SysUserUtil;
9	-import com.sincere.common.model.log.SysLog;
10	-import com.sincere.common.model.system.LoginAppUser;
11	-import com.sincere.common.util.SpringUtils;
12	-import org.aspectj.lang.ProceedingJoinPoint;
13	-import org.aspectj.lang.annotation.Around;
14	-import org.aspectj.lang.annotation.Aspect;
15	-import org.aspectj.lang.reflect.MethodSignature;
16	-import org.slf4j.Logger;
17	-import org.slf4j.LoggerFactory;
18	-import org.springframework.core.annotation.Order;
19	-
20	-import javax.servlet.http.HttpServletRequest;
21	-import javax.servlet.http.HttpServletResponse;
22	-import java.util.ArrayList;
23	-import java.util.Date;
24	-import java.util.List;
25	-import java.util.concurrent.CompletableFuture;
26	-import java.util.concurrent.ThreadLocalRandom;
27	-
28	-/**
29	- * 保存日志
30	- *
31	- * @author owen
32	- * @create 2017年7月2日
33	- */
34	-@Aspect
35	-@Order(-1) // 保证该AOP在@Transactional之前执行
36	-public class LogAnnotationAspect {
37	-
38	- private static final Logger logger = LoggerFactory.getLogger(LogAnnotationAspect.class);
39	-
40	- @Around("@annotation(ds)")
41	- public Object logSave(ProceedingJoinPoint joinPoint, LogAnnotation ds) throws Throwable {
42	-
43	- // 请求流水号
44	- String transid = getRandom();
45	- // 记录开始时间
46	- long start = System.currentTimeMillis();
47	- // 获取方法参数
48	- String url = null;
49	- String httpMethod = null;
50	- Object result = null;
51	- List<Object> httpReqArgs = new ArrayList<Object>();
52	- SysLog log = new SysLog();
53	- log.setCreateTime(new Date());
54	- LoginAppUser loginAppUser = SysUserUtil.getLoginAppUser();
55	- if (loginAppUser != null) {
56	- log.setUsername(loginAppUser.getUsername());
57	- }
58	-
59	- MethodSignature methodSignature = (MethodSignature) joinPoint.getSignature();
60	-
61	- LogAnnotation logAnnotation = methodSignature.getMethod().getDeclaredAnnotation(LogAnnotation.class);
62	- log.setModule(logAnnotation.module() + ":" + methodSignature.getDeclaringTypeName() + "/"
63	- + methodSignature.getName());
64	-
65	- Object[] args = joinPoint.getArgs();// 参数值
66	- url = methodSignature.getDeclaringTypeName() + "/"+ methodSignature.getName();
67	- for (Object object : args) {
68	- if (object instanceof HttpServletRequest) {
69	- HttpServletRequest request = (HttpServletRequest) object;
70	- url = request.getRequestURI();
71	- httpMethod = request.getMethod();
72	- } else if (object instanceof HttpServletResponse) {
73	- } else {
74	-
75	- httpReqArgs.add(object);
76	- }
77	- }
78	-
79	- try {
80	- String params = JSONObject.toJSONString(httpReqArgs);
81	- log.setParams(params);
82	- // 打印请求参数参数
83	- logger.info("开始请求，transid={}, url={} , httpMethod={}, reqData={} ", transid, url, httpMethod, params);
84	- } catch (Exception e) {
85	- logger.error("记录参数失败：{}", e.getMessage());
86	- }
87	-
88	- try {
89	- // 调用原来的方法
90	- result = joinPoint.proceed();
91	- log.setFlag(Boolean.TRUE);
92	- } catch (Exception e) {
93	- log.setFlag(Boolean.FALSE);
94	- log.setRemark(e.getMessage());
95	-
96	- throw e;
97	- } finally {
98	-
99	- CompletableFuture.runAsync(() -> {
100	- try {
101	- if (logAnnotation.recordRequestParam()) {
102	- LogService logService = SpringUtils.getBean(LogServiceImpl.class);
103	- logService.save(log);
104	- }
105	- } catch (Exception e) {
106	- logger.error("记录参数失败：{}", e.getMessage());
107	- }
108	-
109	- });
110	- // 获取回执报文及耗时
111	- logger.info("请求完成, transid={}, 耗时={}, resp={}:", transid, (System.currentTimeMillis() - start),
112	- result == null ? null : JSON.toJSONString(result));
113	-
114	- }
115	- return result;
116	- }
117	-
118	- /**
119	- * 生成日志随机数
120	- *
121	- * @return
122	- */
123	- public String getRandom() {
124	- int i = 0;
125	- StringBuilder st = new StringBuilder();
126	- while (i < 5) {
127	- i++;
128	- st.append(ThreadLocalRandom.current().nextInt(10));
129	- }
130	- return st.toString() + System.currentTimeMillis();
131	- }
132	-
133	-}
134	\ No newline at end of file	0	\ No newline at end of file
	@@ -1,260 +0,0 @@	@@ -1,260 +0,0 @@
1	-
2	-package com.sincere.autho.config;
3	-
4	-import com.sincere.autho.service.RedisAuthorizationCodeServices;
5	-import com.sincere.autho.service.RedisClientDetailsService;
6	-import com.sincere.autho.token.RedisTemplateTokenStore;
7	-import com.sincere.common.props.PermitUrlProperties;
8	-import org.springframework.beans.factory.annotation.Autowired;
9	-import org.springframework.boot.autoconfigure.AutoConfigureAfter;
10	-import org.springframework.boot.context.properties.EnableConfigurationProperties;
11	-import org.springframework.context.annotation.Bean;
12	-import org.springframework.context.annotation.Configuration;
13	-import org.springframework.data.redis.core.RedisTemplate;
14	-import org.springframework.security.authentication.AuthenticationManager;
15	-import org.springframework.security.config.annotation.web.builders.HttpSecurity;
16	-import org.springframework.security.config.annotation.web.builders.WebSecurity;
17	-import org.springframework.security.core.userdetails.UserDetailsService;
18	-import org.springframework.security.oauth2.common.OAuth2AccessToken;
19	-import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
20	-import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
21	-import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
22	-import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
23	-import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
24	-import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
25	-import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;
26	-import org.springframework.security.oauth2.provider.code.RandomValueAuthorizationCodeServices;
27	-import org.springframework.security.oauth2.provider.error.WebResponseExceptionTranslator;
28	-import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter;
29	-import org.springframework.security.oauth2.provider.token.store.JwtTokenStore;
30	-import org.springframework.security.web.util.matcher.RequestMatcher;
31	-import org.springframework.stereotype.Component;
32	-import org.springframework.util.AntPathMatcher;
33	-
34	-import javax.annotation.Resource;
35	-import javax.servlet.http.HttpServletRequest;
36	-import javax.sql.DataSource;
37	-
38	-/**
39	- * @author owen 624191343@qq.com
40	- * @version 创建时间：2017年11月12日上午22:57:51
41	- */
42	-@Configuration
43	-public class OAuth2ServerConfig {
44	-
45	- @Resource
46	- private DataSource dataSource;
47	- @Resource
48	- private RedisTemplate<String, Object> redisTemplate;
49	-
50	- /**
51	- * 声明 ClientDetails实现
52	- */
53	- @Bean
54	- public RedisClientDetailsService redisClientDetailsService() {
55	- RedisClientDetailsService clientDetailsService = new RedisClientDetailsService(dataSource);
56	- clientDetailsService.setRedisTemplate(redisTemplate);
57	- return clientDetailsService;
58	- }
59	-
60	-
61	- @Bean
62	- public RandomValueAuthorizationCodeServices authorizationCodeServices() {
63	- RedisAuthorizationCodeServices redisAuthorizationCodeServices = new RedisAuthorizationCodeServices();
64	- redisAuthorizationCodeServices.setRedisTemplate(redisTemplate);
65	- return redisAuthorizationCodeServices;
66	- }
67	-
68	- /**
69	- * @author owen 624191343@qq.com
70	- * @version 创建时间：2017年11月12日上午22:57:51 默认token存储在内存中
71	- * DefaultTokenServices默认处理
72	- */
73	- @Component
74	- @Configuration
75	- @EnableAuthorizationServer
76	- @AutoConfigureAfter(AuthorizationServerEndpointsConfigurer.class)
77	- public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {
78	- /**
79	- * 注入authenticationManager 来支持 password grant type
80	- */
81	- @Autowired
82	- private AuthenticationManager authenticationManager;
83	-
84	- @Autowired
85	- private UserDetailsService userDetailsService;
86	-
87	- @Autowired(required = false)
88	- private RedisTemplateTokenStore redisTokenStore;
89	-
90	- @Autowired(required = false)
91	- private JwtTokenStore jwtTokenStore;
92	- @Autowired(required = false)
93	- private JwtAccessTokenConverter jwtAccessTokenConverter;
94	-
95	- @Autowired
96	- private WebResponseExceptionTranslator webResponseExceptionTranslator;
97	-
98	- @Autowired
99	- private RedisClientDetailsService redisClientDetailsService;
100	-
101	- @Autowired(required = false)
102	- private RandomValueAuthorizationCodeServices authorizationCodeServices;
103	-
104	- /**
105	- * 配置身份认证器，配置认证方式，TokenStore，TokenGranter，OAuth2RequestFactory
106	- */
107	- public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
108	-
109	- if (jwtTokenStore != null) {
110	- endpoints.tokenStore(jwtTokenStore).authenticationManager(authenticationManager)
111	- // 支持
112	- .userDetailsService(userDetailsService);
113	- // password
114	- // grant
115	- // type;
116	- } else if (redisTokenStore != null) {
117	- endpoints.tokenStore(redisTokenStore).authenticationManager(authenticationManager)
118	- // 支持
119	- .userDetailsService(userDetailsService);
120	- // password
121	- // grant
122	- // type;
123	- }
124	-
125	- if (jwtAccessTokenConverter != null) {
126	- endpoints.accessTokenConverter(jwtAccessTokenConverter);
127	- }
128	-
129	- endpoints.authorizationCodeServices(authorizationCodeServices);
130	-
131	- endpoints.exceptionTranslator(webResponseExceptionTranslator);
132	-
133	- }
134	-
135	- /**
136	- * 配置应用名称应用id
137	- * 配置OAuth2的客户端相关信息
138	- */
139	- @Override
140	- public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
141	-
142	- // if(clientDetailsService!=null){
143	- // clients.withClientDetails(clientDetailsService);
144	- // }else{
145	- // clients.inMemory().withClient("neusoft1").secret("neusoft1")
146	- // .authorizedGrantTypes("authorization_code", "password",
147	- // "refresh_token").scopes("all")
148	- // .resourceIds(SERVER_RESOURCE_ID).accessTokenValiditySeconds(1200)
149	- // .refreshTokenValiditySeconds(50000)
150	- // .and().withClient("neusoft2").secret("neusoft2")
151	- // .authorizedGrantTypes("authorization_code", "password",
152	- // "refresh_token").scopes("all")
153	- // .resourceIds(SERVER_RESOURCE_ID).accessTokenValiditySeconds(1200)
154	- // .refreshTokenValiditySeconds(50000)
155	- // ;
156	- // }
157	- clients.withClientDetails(redisClientDetailsService);
158	- redisClientDetailsService.loadAllClientToCache();
159	- }
160	-
161	- /**
162	- * 对应于配置AuthorizationServer安全认证的相关信息，创建ClientCredentialsTokenEndpointFilter核心过滤器
163	- */
164	- @Override
165	- public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
166	- // url:/oauth/token_key,exposes
167	- security.tokenKeyAccess("permitAll()")
168	- /// public key for token
169	- /// verification if using
170	- /// JWT tokens
171	- // url:/oauth/check_token
172	- .checkTokenAccess("isAuthenticated()")
173	- // allow check token
174	- .allowFormAuthenticationForClients();
175	-
176	- // security.allowFormAuthenticationForClients();
177	- //// security.tokenKeyAccess("permitAll()");
178	- // security.tokenKeyAccess("isAuthenticated()");
179	- }
180	-
181	- }
182	-
183	- /**
184	- * 资源服务
185	- */
186	- @Configuration
187	- @EnableResourceServer
188	- @EnableConfigurationProperties(PermitUrlProperties.class)
189	- public class ResourceServerConfig extends ResourceServerConfigurerAdapter {
190	-
191	- @Autowired
192	- private PermitUrlProperties permitUrlProperties;
193	-
194	- public void configure(WebSecurity web) throws Exception {
195	- web.ignoring().antMatchers("/health");
196	- web.ignoring().antMatchers("/oauth/user/token");
197	- web.ignoring().antMatchers("/oauth/client/token");
198	- }
199	-
200	- @Override
201	- public void configure(HttpSecurity http) throws Exception {
202	- http.requestMatcher(
203	- /**
204	- * 判断来源请求是否包含oauth2授权信息
205	- */
206	- new RequestMatcher() {
207	- private AntPathMatcher antPathMatcher = new AntPathMatcher();
208	-
209	- @Override
210	- public boolean matches(HttpServletRequest request) {
211	- // 请求参数中包含access_token参数
212	- if (request.getParameter(OAuth2AccessToken.ACCESS_TOKEN) != null) {
213	- return true;
214	- }
215	-
216	- // 头部的Authorization值以Bearer开头
217	- String auth = request.getHeader("Authorization");
218	- if (auth != null) {
219	- if (auth.startsWith(OAuth2AccessToken.BEARER_TYPE)) {
220	- return true;
221	- }
222	- }
223	- if (antPathMatcher.match(request.getRequestURI(), "/oauth/userinfo")) {
224	- return true;
225	- }
226	- if (antPathMatcher.match(request.getRequestURI(), "/oauth/remove/token")) {
227	- return true;
228	- }
229	- if (antPathMatcher.match(request.getRequestURI(), "/oauth/get/token")) {
230	- return true;
231	- }
232	- if (antPathMatcher.match(request.getRequestURI(), "/oauth/refresh/token")) {
233	- return true;
234	- }
235	-
236	- if (antPathMatcher.match(request.getRequestURI(), "/oauth/token/list")) {
237	- return true;
238	- }
239	-
240	- if (antPathMatcher.match("/clients/**", request.getRequestURI())) {
241	- return true;
242	- }
243	-
244	- if (antPathMatcher.match("/services/**", request.getRequestURI())) {
245	- return true;
246	- }
247	- if (antPathMatcher.match("/redis/**", request.getRequestURI())) {
248	- return true;
249	- }
250	- return false;
251	- }
252	- }
253	-
254	- ).authorizeRequests().antMatchers(permitUrlProperties.getIgnored()).permitAll().anyRequest()
255	- .authenticated();
256	- }
257	-
258	- }
259	-
260	-}
	@@ -1,129 +0,0 @@	@@ -1,129 +0,0 @@
1	-package com.sincere.autho.config;
2	-
3	-import com.sincere.autho.handler.OauthLogoutHandler;
4	-import com.sincere.common.props.PermitUrlProperties;
5	-import org.springframework.beans.factory.annotation.Autowired;
6	-import org.springframework.boot.context.properties.EnableConfigurationProperties;
7	-import org.springframework.context.annotation.Bean;
8	-import org.springframework.context.annotation.Configuration;
9	-import org.springframework.security.authentication.AuthenticationManager;
10	-import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
11	-import org.springframework.security.config.annotation.web.builders.HttpSecurity;
12	-import org.springframework.security.config.annotation.web.builders.WebSecurity;
13	-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
14	-import org.springframework.security.config.http.SessionCreationPolicy;
15	-import org.springframework.security.core.userdetails.UserDetailsService;
16	-import org.springframework.security.crypto.password.PasswordEncoder;
17	-import org.springframework.security.web.AuthenticationEntryPoint;
18	-import org.springframework.security.web.authentication.AuthenticationFailureHandler;
19	-import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
20	-import org.springframework.security.web.authentication.logout.HttpStatusReturningLogoutSuccessHandler;
21	-
22	-/**
23	- * spring security配置
24	- * 在WebSecurityConfigurerAdapter不拦截oauth要开放的资源
25	- */
26	-@Configuration
27	-//@EnableWebSecurity
28	-//@EnableGlobalMethodSecurity(prePostEnabled = true)
29	-@EnableConfigurationProperties(PermitUrlProperties.class)
30	-public class SecurityConfig extends WebSecurityConfigurerAdapter {
31	-
32	- @Autowired
33	- private AuthenticationSuccessHandler authenticationSuccessHandler;
34	- @Autowired
35	- private AuthenticationFailureHandler authenticationFailureHandler;
36	- // @Autowired
37	- // private LogoutSuccessHandler logoutSuccessHandler;
38	- @Autowired(required = false)
39	- private AuthenticationEntryPoint authenticationEntryPoint;
40	- @Autowired
41	- private UserDetailsService userDetailsService;
42	-
43	- @Autowired
44	- private PasswordEncoder passwordEncoder;
45	-
46	- @Autowired
47	- private OauthLogoutHandler oauthLogoutHandler;
48	- @Autowired
49	- private PermitUrlProperties permitUrlProperties ;
50	-
51	- @Autowired
52	- private ValidateCodeSecurityConfig validateCodeSecurityConfig ;
53	-
54	- @Override
55	- public void configure(WebSecurity web) throws Exception {
56	- web.ignoring().antMatchers("/v2/api-docs", "/configuration/ui", "/swagger-resources", "/configuration/security",
57	- "/swagger-ui.html", "/webjars/**", "/doc.html", "/login.html");
58	- web.ignoring().antMatchers("/js/**");
59	- web.ignoring().antMatchers("/css/**");
60	- web.ignoring().antMatchers("/health");
61	- // 忽略登录界面
62	- web.ignoring().antMatchers("/login.html");
63	- web.ignoring().antMatchers("/index.html");
64	- web.ignoring().antMatchers("/oauth/user/token");
65	- web.ignoring().antMatchers("/oauth/client/token");
66	- web.ignoring().antMatchers("/validata/code/**");
67	- web.ignoring().antMatchers(permitUrlProperties.getIgnored());
68	-
69	- }
70	- /**
71	- * 认证管理
72	- *
73	- * @return 认证管理对象
74	- * @throws Exception
75	- * 认证异常信息
76	- */
77	- @Override
78	- @Bean
79	- public AuthenticationManager authenticationManagerBean() throws Exception {
80	- return super.authenticationManagerBean();
81	- }
82	-
83	- @Override
84	- protected void configure(HttpSecurity http) throws Exception {
85	- http.csrf().disable();
86	-
87	- http.authorizeRequests()
88	- .anyRequest().authenticated();
89	- http.formLogin().loginPage("/login.html").loginProcessingUrl("/user/login")
90	- .successHandler(authenticationSuccessHandler).failureHandler(authenticationFailureHandler);
91	-
92	- // 基于密码等模式可以无session,不支持授权码模式
93	- if (authenticationEntryPoint != null) {
94	- http.exceptionHandling().authenticationEntryPoint(authenticationEntryPoint);
95	- http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
96	-
97	- } else {
98	- // 授权码模式单独处理，需要session的支持，此模式可以支持所有oauth2的认证
99	- http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED);
100	- }
101	-
102	- http.logout().logoutSuccessUrl("/login.html")
103	- .logoutSuccessHandler(new HttpStatusReturningLogoutSuccessHandler())
104	- .addLogoutHandler(oauthLogoutHandler).clearAuthentication(true);
105	-
106	- //增加验证码处理
107	- http.apply(validateCodeSecurityConfig) ;
108	- // http.logout().logoutUrl("/logout").logoutSuccessHandler(logoutSuccessHandler);
109	- // 解决不允许显示在iframe的问题
110	- http.headers().frameOptions().disable();
111	- http.headers().cacheControl();
112	-
113	- }
114	-
115	- /**
116	- * 全局用户信息
117	- *
118	- * @param auth
119	- * 认证管理
120	- * @throws Exception
121	- * 用户认证异常信息
122	- */
123	- @Autowired
124	- public void globalUserDetails(AuthenticationManagerBuilder auth) throws Exception {
125	- auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder);
126	- }
127	-
128	-
129	-}