Directory
First let’s look at how to integrate
first step:
Step two:
third step:
the fourth step:
Problems encountered during project upgrade
First of all, detailed introductions to IAM are everywhere on the Internet. I will not elaborate here one by one. You can learn from some articles.
For example:
Zero Trust: From IAM Overview to Application Implementation_H3C-Navigator’s Blog-CSDN Blog
What I am upgrading here is an old project. SSI is a very old project, because some core codes are in it, and it has always been used as it is. In the future, it will definitely be updated and iterated or offline.
Without further ado, let’s take a look at some simple configurations of IAM
Here I have integrated some methods and calls corresponding to IAM and packaged them into a jar. The main thing is to build the corresponding application of IAM. Upgrading is relatively simple, it depends on what results the corresponding application requires.
If the IAM authentication is passed, the corresponding parameter data will be returned.
The structure is as follows.
code example
package cn.axa.common;
import cn.axa.entity.User;
import cn.axa.utils.HttpClientUtilBasic;
import com.alibaba.fastjson.JSON;
import com.alibaba.fastjson.JSONObject;
import java.util.HashMap;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Component;
@Component
public class SecurityHelper
{
private static final String ANONYMITY = "anonymity";
private static final String COMMON_ACCOUNT_TYPE = "COMMON_ACCOUNT_TYPE:";
private static final Map<String, String> REMOTE_URL = new HashMap();
@Value("${oauth2.interface.client.id:app}")
private String clientId;
@Value("${oauth2.interface.client.secret:secret}")
private String clientSecret;
@Value("${DISCONF_ENV:sit}")
private String env;
public static Authentication getUserDetails() { return SecurityContextHolder.getContext().getAuthentication(); }
public User getUserInfo(String account, String accountType, String sysName)
throws Exception
{
try
{
Map param = new HashMap();
param.put("account", account);
param.put("accountType", accountType);
param.put("sysName", sysName);
Object content = HttpClientUtilBasic.postGetUserInfo((String)REMOTE_URL.get(this.env), JSON.toJSONString(param), this.clientId, this.clientSecret);
JSONObject jsonObject = JSONObject.parseObject(content.toString());
return (User)JSON.toJavaObject(jsonObject.getJSONObject("data"), User.class);
} catch (Exception e) {
throw new Exception(e.getMessage());
}
}
public static String getAccountType() {
Authentication authentication = getUserDetails();
for (GrantedAuthority auth : authentication.getAuthorities()) {
if (auth.getAuthority().contains("COMMON_ACCOUNT_TYPE:")) {
return auth.getAuthority().split(":")[1];
}
}
return null;
}
public static List<String> getCurrentRole() {
List roles = new LinkedList();
Authentication authentication = getUserDetails();
if (authentication != null) {
for (GrantedAuthority ga : authentication.getAuthorities()) {
roles.add(ga.getAuthority());
}
}
return roles;
}
public static String[] getRoles() {
List roles = new LinkedList();
Authentication authentication = getUserDetails();
if (authentication != null) {
for (GrantedAuthority ga : authentication.getAuthorities()) {
roles.add(ga.getAuthority());
}
}
if (roles. size() != 0) {
String[] roleArr = new String[roles.size()];
for (int i = 0; i < roles.size(); i + + ) {
roleArr[i] = ((String)roles.get(i));
}
return roleArr;
}
return null;
}
public static String getUserName()
{
Authentication authentication = getUserDetails();
String username;
String username;
if (authentication != null)
username = (String)authentication.getPrincipal();
else {
username = "anonymity";
}
return username;
}
static
{
REMOTE_URL.put("sit", "Test environment");
REMOTE_URL.put("uat", "Business Test Environment");
REMOTE_URL.put("preprod", "pre-production");
REMOTE_URL.put("gray", "Grayscale");
REMOTE_URL.put("prod", "production");
}
}
For the application I am upgrading now, the required account permissions and the menu permission CODE of the corresponding account are required.
First, let’s look at how to integrate
First step:
There are two ways to introduce jar: pom file or add jar directly.
<dependency> <groupId>*****</groupId> <artifactId>oauth-client-mvc</artifactId> <version>1.1</version> </dependency
Second step:
Configure the corresponding parameters
#Application home page address
oauth2.access.url=Application homepage address
#clientid
oauth2.clientId=project name
#Client key
oauth2.clientSecret=Corresponding secret key
#SSO server address
oauth2.region.url=https://sits.*****/ssooauth2
#oauth2.region.url=https://uats.*****/ssooauth2
#oauth2.region.url=https://*****
#oauth2.region.url=https://*****
#Client application own domain address
oauth2.domain=*****
#Application release address (accessible without logging in)
oauth2.ignore.url=[“/healthcheck.do”,”/logout.do”,”/proxylogin.do”]
#ClientID
oauth2.interface.client.id=Project name
#key
oauth2.interface.client.secret=Secret
#Application Environment
DISCONF_ENV=sit
#DISCONF_ENV=uat
#DISCONF_ENV=preprod
#DISCONF_ENV=prod
Step 3:
web.xml configures Spring Security filter chain
<filter> <filter-name>springSecurityFilterChain</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filterclass> </filter> <filter-mapping> <filter-name>springSecurityFilterChain</filter-name> <url-pattern>/*</url-pattern> </filter-mapping>
Step 4:
Configure interceptors and packet scanning addresses
Add the following configuration in servlet.xml:
<context:component-scan base-package="package path"/> <mvc:interceptors> <mvc:interceptor> <mvc:mapping path="/**"/> <mvc:exclude-mapping path="/Configure the static path to be filtered"/> <bean class="cn.axa.common.AdminInterceptorOrHttpClient"></bean> </mvc:interceptor> </mvc:interceptors>
Problems encountered in project upgrade
Notice:
Spring-security-jar package requires >=4.2.5
There will be some problems and difficulties encountered in the middle after the springboot upgrade corresponding to the upgrade is completed. I’ll update it as well.
thank you all.