Config login. security

src/main/java/com/monkeyk/sos/config/MVCConfiguration.java

@@ -1,6 +1,7 @@
 package com.monkeyk.sos.config;
 
 
+import com.monkeyk.sos.web.WebUtils;
 import com.monkeyk.sos.web.filter.CharacterEncodingIPFilter;
 import com.monkeyk.sos.web.filter.SOSSiteMeshFilter;
 import org.springframework.boot.web.servlet.FilterRegistrationBean;
@@ -44,12 +45,10 @@ public class MVCConfiguration implements WebMvcConfigurer {
     @Override
     public void configureMessageConverters(List<HttpMessageConverter<?>> converters) {
         WebMvcConfigurer.super.configureMessageConverters(converters);
-        converters.add(new StringHttpMessageConverter(Charset.forName("UTF-8")));
+        converters.add(new StringHttpMessageConverter(Charset.forName(WebUtils.UTF_8)));
     }
 
 
-
-
     /**
      * 字符编码配置 UTF-8
      */
@@ -78,5 +77,4 @@ public class MVCConfiguration implements WebMvcConfigurer {
     }
 
 
-
 }

src/main/java/com/monkeyk/sos/config/WebSecurityConfigurer.java

@@ -50,7 +50,8 @@ public class WebSecurityConfigurer extends WebSecurityConfigurerAdapter {
 //        http.csrf().disable()
         http.authorizeRequests()
                 .antMatchers("/public/**").permitAll()
-                .antMatchers("/resources/**").permitAll()
+                .antMatchers("/static/**").permitAll()
+                .antMatchers("/oauth2/rest_token*").permitAll()
                 .antMatchers("/login*").permitAll()
 
                 .antMatchers("/admin/**").hasAnyRole("ADMIN")

src/main/java/com/monkeyk/sos/web/WebUtils.java

@@ -10,6 +10,9 @@ import javax.servlet.http.HttpServletRequest;
 public abstract class WebUtils {
 
 
+    public static final String UTF_8 = "UTF-8";
+
+
     /**
      * Sync by pom.xml   <version></version>
      */

src/main/java/com/monkeyk/sos/web/controller/SOSController.java

@@ -0,0 +1,43 @@
+package com.monkeyk.sos.web.controller;
+
+
+import com.monkeyk.sos.web.WebUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.stereotype.Controller;
+import org.springframework.ui.Model;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RequestMapping;
+
+/**
+ * 2018/4/19
+ * <p>
+ * starup
+ *
+ * @author Shengzhao Li
+ */
+@Controller
+public class SOSController {
+
+
+    private static final Logger LOG = LoggerFactory.getLogger(SOSController.class);
+
+
+    /**
+     * 首页
+     */
+    @RequestMapping(value = "/")
+    public String index(Model model) {
+        return "index";
+    }
+
+
+    //Go login
+    @GetMapping(value = {"/login"})
+    public String login(Model model) {
+        LOG.info("Go to login, IP: {}", WebUtils.getIp());
+        return "login";
+    }
+
+
+}

src/main/java/com/monkeyk/sos/web/controller/resource/MobileController.java

@@ -1,4 +1,4 @@
-package com.monkeyk.sos.web.controller.mobile;
+package com.monkeyk.sos.web.controller.resource;
 
 import com.monkeyk.sos.service.dto.UserJsonDto;
 import com.monkeyk.sos.service.UserService;

src/main/java/com/monkeyk/sos/web/controller/resource/UnityController.java

@@ -1,4 +1,4 @@
-package com.monkeyk.sos.web.controller.unity;
+package com.monkeyk.sos.web.controller.resource;
 
 import com.monkeyk.sos.service.dto.UserJsonDto;
 import com.monkeyk.sos.service.UserService;

src/main/webapp/WEB-INF/jsp/decorators/main.jsp

@@ -4,8 +4,8 @@
 --%>
 
 <%@ page contentType="text/html;charset=UTF-8" language="java" %>
-<%@ taglib uri="http://www.opensymphony.com/sitemesh/decorator" prefix="decorator" %>
 <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
+<%@ taglib tagdir="/WEB-INF/tags" prefix="custom" %>
 <!DOCTYPE HTML>
 <html>
 <head>
@@ -14,25 +14,27 @@
 
     <meta name="viewport" content="width=device-width,user-scalable=no"/>
     <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1"/>
-    <link rel="shortcut icon" href="${contextPath}/resources/favicon.ico"/>
+    <meta name="${_csrf.headerName}" content="${_csrf.token}"/>
+    <link rel="shortcut icon" href="${contextPath}/static/favicon.ico"/>
 
-    <title><decorator:title default=""/> - Spring Security&Oauth2</title>
+    <title><sitemesh:write property='title'/> - Spring Security&OAuth2</title>
 
-    <link href="${contextPath}/resources/bootstrap.min.css" rel="stylesheet"/>
-    <decorator:head/>
+    <link href="${contextPath}/static/bootstrap.min.css" rel="stylesheet"/>
+    <%--<decorator:head/>--%>
+    <sitemesh:write property='head'/>
 
 </head>
 <body class="container">
 <div>
     <div>
-        <decorator:body/>
+        <%--<decorator:body/>--%>
+        <sitemesh:write property='body'/>
     </div>
     <div>
         <hr/>
         <p class="text-center text-muted">
-            &copy; 2013 - 2016
-            <a href="mailto:sz@monkeyk.com">sz@monkeyk.com</a> from <a
-                href="http://git.oschina.net/shengzhao/spring-oauth-server" target="_blank">spring-oauth-server</a>
+            &copy; 2013 - 2018 <a href="https://gitee.com/shengzhao/spring-oauth-server" target="_blank">spring-oauth-server</a>.
+            V${mainVersion}
         </p>
     </div>
 </div>

src/main/webapp/WEB-INF/jsp/index.jsp

@@ -13,7 +13,7 @@
 
 </head>
 <body>
-<h2>Spring Security&Oauth2 is work!</h2>
+<h2>Spring Security&OAuth2 is work!</h2>
 
 <p>
     <a href="${contextPath}/login.jsp">Login</a>
@@ -26,19 +26,19 @@
     <ol>
         <li>
             <p>
-                菜单 User 是不需要Oauth 验证即可访问的(即公开的resource); 用于管理用户信息(添加,删除等).
+                菜单 User 是不需要OAuth 验证即可访问的(即公开的resource); 用于管理用户信息(添加,删除等).
             </p>
         </li>
         <li>
             <p>
-                菜单 Unity 与 Mobile 需要Oauth 验证后才能访问(即受保护的resource); <br/>
+                菜单 Unity 与 Mobile 需要OAuth 验证后才能访问(即受保护的resource); <br/>
                 Unity 需要 [ROLE_UNITY] 权限, Mobile 需要 [ROLE_MOBILE] 权限.
             </p>
         </li>
         <li>
             <p>
                 在项目的 others目录里有 <a
-                    href="http://git.oschina.net/shengzhao/spring-oauth-server/blob/master/others/oauth_test.txt"
+                    href="https://gitee.com/shengzhao/spring-oauth-server/blob/master/others/oauth_test.txt"
                     target="_blank">oauth_test.txt</a>文件, 里面有测试的URL地址(包括浏览器与客户端的),<br/>
                 若想访问 Unity 与 Mobile, 则先用基于浏览器的测试URL 访问,等验证通过后即可访问(注意不同的账号对应的权限).
             </p>

src/main/webapp/WEB-INF/jsp/login.jsp

@@ -1,50 +1,50 @@
-<%--
- * 
- * @author Shengzhao Li
---%>
-
-<%@ page contentType="text/html;charset=UTF-8" language="java" %>
-<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
-<!DOCTYPE HTML>
-<html>
-<head>
-    <title>Oauth Login</title>
-</head>
-<body>
-<h2 class="page-header">Oauth Login</h2>
-
-<div class="row">
-    <div class="col-md-4">
-        <form action="${pageContext.request.contextPath}/login.do" method="post" class="form-horizontal">
-
-            <div class="form-group">
-                <label for="username" class="col-sm-3 control-label">Username</label>
-
-                <div class="col-sm-9">
-                    <input type="text" id="username" name="username" value="" placeholder="Type username"
-                           required="required" class="form-control"/>
-                </div>
-            </div>
-
-            <div class="form-group">
-                <label for="password" class="col-sm-3 control-label">Password</label>
-
-                <div class="col-sm-9">
-                    <input type="password" name="password" id="password" value="" placeholder="Type password"
-                           required="required" class="form-control"/>
-                </div>
-            </div>
-            <input type="submit" value="Login" class="btn btn-primary"/>
-            <a href="${pageContext.request.contextPath}">Back to Home</a>&nbsp;
-            <%--Login error--%>
-            <c:if test="${param.authorization_error eq 2}"><span
-                    class="label label-danger">Access denied !!!</span></c:if>
-            <c:if test="${param.authentication_error eq 1}"><span
-                    class="label label-danger">Authentication Failure</span></c:if>
-        </form>
-    </div>
-</div>
-
-
-</body>
+<%--
+ * 
+ * @author Shengzhao Li
+--%>
+
+<%@ page contentType="text/html;charset=UTF-8" language="java" %>
+<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
+<!DOCTYPE HTML>
+<html>
+<head>
+    <title>OAuth Login</title>
+</head>
+<body>
+<h2 class="page-header">OAuth Login</h2>
+
+<div class="row">
+    <div class="col-md-4">
+        <form action="${pageContext.request.contextPath}/signin" method="post" class="form-horizontal">
+
+            <div class="form-group">
+                <label for="username" class="col-sm-3 control-label">Username</label>
+
+                <div class="col-sm-9">
+                    <input type="text" id="username" name="username" value="" placeholder="Type username"
+                           required="required" class="form-control"/>
+                </div>
+            </div>
+
+            <div class="form-group">
+                <label for="password" class="col-sm-3 control-label">Password</label>
+
+                <div class="col-sm-9">
+                    <input type="password" name="password" id="password" value="" placeholder="Type password"
+                           required="required" class="form-control"/>
+                </div>
+            </div>
+            <input type="submit" value="Login" class="btn btn-primary"/>
+            &nbsp;
+            <%--Login error--%>
+            <c:if test="${param.error eq '2'}"><span
+                    class="label label-danger">Access denied !!!</span></c:if>
+            <c:if test="${param.error eq '1'}"><span
+                    class="label label-danger">Authentication Failure</span></c:if>
+        </form>
+    </div>
+</div>
+
+
+</body>
 </html>

src/main/webapp/WEB-INF/tags/csrf.tag

@@ -0,0 +1,3 @@
+<%@tag pageEncoding="UTF-8" %>
+<input id="csrfHidden" type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}"/>
+