✨ 将储存在 Redis 中的数据序列化为 JSON（本功能不兼容之前的Redis数据，需要将原有Redis数据清空才能正常使用）

spring-projects/spring-security#4370

Author: xuxiaowei-com-cn

pig-common/pig-common-core/pom.xml

@@ -61,5 +61,11 @@
             <artifactId>spring-webmvc</artifactId>
             <scope>provided</scope>
         </dependency>
+		<dependency>
+			<groupId>org.springframework.security</groupId>
+			<artifactId>spring-security-oauth2-authorization-server</artifactId>
+			<version>${spring.authorization.version}</version>
+			<scope>provided</scope>
+		</dependency>
     </dependencies>
 </project>

pig-common/pig-common-core/src/main/java/com/pig4cloud/pig/common/core/config/JacksonConfiguration.java

@@ -17,15 +17,10 @@
 package com.pig4cloud.pig.common.core.config;
 
 import cn.hutool.core.date.DatePattern;
-import com.fasterxml.jackson.databind.ObjectMapper;
 import com.fasterxml.jackson.databind.ser.std.ToStringSerializer;
 import com.pig4cloud.pig.common.core.jackson.PigJavaTimeModule;
-import org.springframework.boot.autoconfigure.AutoConfiguration;
-import org.springframework.boot.autoconfigure.AutoConfigureBefore;
-import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
 import org.springframework.boot.autoconfigure.jackson.Jackson2ObjectMapperBuilderCustomizer;
-import org.springframework.boot.autoconfigure.jackson.JacksonAutoConfiguration;
 import org.springframework.context.annotation.Bean;
 
 import java.time.ZoneId;
@@ -40,9 +35,9 @@
  * @author lishangbu
  * @date 2020-06-17
  */
-@AutoConfiguration
-@ConditionalOnClass(ObjectMapper.class)
-@AutoConfigureBefore(JacksonAutoConfiguration.class)
+// @EnableCaching
+// @AutoConfiguration
+// @AutoConfigureBefore(RedisAutoConfiguration.class)
 public class JacksonConfiguration {
 
 	@Bean

pig-common/pig-common-core/src/main/java/com/pig4cloud/pig/common/core/config/RedisCacheManagerConfiguration.java

@@ -0,0 +1,176 @@
+package com.pig4cloud.pig.common.core.config;
+
+import cn.hutool.core.date.DatePattern;
+import com.fasterxml.jackson.annotation.JsonTypeInfo;
+import com.fasterxml.jackson.databind.DeserializationFeature;
+import com.fasterxml.jackson.databind.ObjectMapper;
+import com.fasterxml.jackson.databind.SerializationFeature;
+import com.fasterxml.jackson.datatype.jsr310.JavaTimeModule;
+import com.fasterxml.jackson.datatype.jsr310.deser.LocalDateDeserializer;
+import com.fasterxml.jackson.datatype.jsr310.deser.LocalDateTimeDeserializer;
+import com.fasterxml.jackson.datatype.jsr310.deser.LocalTimeDeserializer;
+import com.fasterxml.jackson.datatype.jsr310.ser.LocalDateSerializer;
+import com.fasterxml.jackson.datatype.jsr310.ser.LocalDateTimeSerializer;
+import com.fasterxml.jackson.datatype.jsr310.ser.LocalTimeSerializer;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.autoconfigure.AutoConfiguration;
+import org.springframework.boot.autoconfigure.AutoConfigureBefore;
+import org.springframework.boot.autoconfigure.data.redis.RedisAutoConfiguration;
+import org.springframework.cache.annotation.EnableCaching;
+import org.springframework.context.annotation.Bean;
+import org.springframework.data.redis.cache.RedisCacheConfiguration;
+import org.springframework.data.redis.cache.RedisCacheManager;
+import org.springframework.data.redis.cache.RedisCacheWriter;
+import org.springframework.data.redis.connection.RedisConnectionFactory;
+import org.springframework.data.redis.core.RedisTemplate;
+import org.springframework.data.redis.serializer.Jackson2JsonRedisSerializer;
+import org.springframework.data.redis.serializer.RedisSerializationContext;
+import org.springframework.data.redis.serializer.RedisSerializer;
+import org.springframework.data.redis.serializer.StringRedisSerializer;
+import org.springframework.security.jackson2.CoreJackson2Module;
+import org.springframework.security.jackson2.SecurityJackson2Modules;
+import org.springframework.security.web.jackson2.WebJackson2Module;
+import org.springframework.security.web.jackson2.WebServletJackson2Module;
+import org.springframework.security.web.server.jackson2.WebServerJackson2Module;
+
+import java.time.LocalDate;
+import java.time.LocalDateTime;
+import java.time.LocalTime;
+import java.time.format.DateTimeFormatter;
+import java.util.Objects;
+
+/**
+ * Redis 缓存管理器 配置
+ * <p>
+ * 可将 Redis 内的数据格式化为 JSON
+ * <p>
+ * 与 {@link RedisTemplateConfiguration} 二选一
+ *
+ * @author xuxiaowei
+ * @since 3.6.4
+ */
+@EnableCaching
+@AutoConfiguration
+@AutoConfigureBefore(RedisAutoConfiguration.class)
+public class RedisCacheManagerConfiguration {
+
+	/**
+	 * Redis 缓存管理器
+	 * @param redisTemplate Redis 模板
+	 * @return 返回 Redis 缓存管理器
+	 */
+	@Bean
+	public RedisCacheManager redisCacheManager(RedisTemplate<?, ?> redisTemplate) {
+
+		// 从 RedisTemplate 中获取连接
+		RedisConnectionFactory connectionFactory = redisTemplate.getConnectionFactory();
+
+		// 检查 RedisConnectionFactory 是否为 null
+		RedisConnectionFactory redisConnectionFactory = Objects.requireNonNull(connectionFactory);
+
+		// 检查 RedisConnectionFactory 是否为 null
+		// 创建新的无锁 RedisCacheWriter
+		RedisCacheWriter redisCacheWriter = RedisCacheWriter.nonLockingRedisCacheWriter(redisConnectionFactory);
+
+		// 获取 RedisTemplate 的序列化
+		RedisSerializer<?> valueSerializer = redisTemplate.getValueSerializer();
+
+		// 序列化对
+		RedisSerializationContext.SerializationPair<?> serializationPair = RedisSerializationContext.SerializationPair
+				.fromSerializer(valueSerializer);
+
+		// 获取默认缓存配置
+		RedisCacheConfiguration redisCacheConfiguration = RedisCacheConfiguration.defaultCacheConfig();
+
+		// 设置序列化
+		RedisCacheConfiguration redisCacheConfigurationSerialize = redisCacheConfiguration
+				.serializeValuesWith(serializationPair);
+
+		// 创建并返回 Redis 缓存管理
+		return new RedisCacheManager(redisCacheWriter, redisCacheConfigurationSerialize);
+	}
+
+	/**
+	 * 注意：如果要使用注解 {@link Autowired} 管理 {@link RedisTemplate}， 则需要将 {@link RedisTemplate} 的
+	 * {@link Bean} 缺省泛型
+	 * @param redisConnectionFactory Redis 连接工厂
+	 * @return 返回 Redis 模板
+	 */
+	@Bean
+	public RedisTemplate<String, Object> redisTemplate(RedisConnectionFactory redisConnectionFactory) {
+
+		// Helper类简化了 Redis 数据访问代码
+		RedisTemplate<String, Object> template = new RedisTemplate<>();
+
+		// 设置连接工厂。
+		template.setConnectionFactory(redisConnectionFactory);
+
+		// 可以使用读写JSON
+		Jackson2JsonRedisSerializer<?> jackson2JsonRedisSerializer = new Jackson2JsonRedisSerializer<>(Object.class);
+
+		jackson2JsonRedisSerializer.setObjectMapper(objectMapper());
+
+		// Redis 字符串：键、值序列化
+		template.setKeySerializer(new StringRedisSerializer());
+		template.setValueSerializer(jackson2JsonRedisSerializer);
+
+		// Redis Hash：键、值序列化
+		template.setHashKeySerializer(new StringRedisSerializer());
+		template.setHashValueSerializer(jackson2JsonRedisSerializer);
+
+		template.afterPropertiesSet();
+
+		return template;
+	}
+
+	public static ObjectMapper objectMapper() {
+		// ObjectMapper 提供了从基本 POJO（普通旧Java对象）或从通用 JSON 树模型（{@link JsonNode}）读取和写入 JSON
+		// 的功能，
+		// 以及执行转换的相关功能。
+		ObjectMapper objectMapper = new ObjectMapper();
+
+		// 枚举，定义影响Java对象序列化方式的简单开/关功能。
+		// 默认情况下启用功能，因此默认情况下日期/时间序列化为时间戳。
+		objectMapper.disable(SerializationFeature.WRITE_DATES_AS_TIMESTAMPS);
+		// 如果启用，上下文<code> TimeZone </
+		// code>将基本上覆盖任何其他TimeZone信息;如果禁用，则仅在值本身不包含任何TimeZone信息时使用。
+		objectMapper.disable(DeserializationFeature.ADJUST_DATES_TO_CONTEXT_TIME_ZONE);
+
+		// 注册使用Jackson核心序列化{@code java.time}对象的功能的类。
+		JavaTimeModule javaTimeModule = new JavaTimeModule();
+
+		// 添加序列化
+		javaTimeModule.addSerializer(LocalDateTime.class,
+				new LocalDateTimeSerializer(DateTimeFormatter.ofPattern(DatePattern.NORM_DATETIME_PATTERN)));
+		javaTimeModule.addSerializer(LocalDate.class,
+				new LocalDateSerializer(DateTimeFormatter.ofPattern(DatePattern.NORM_DATE_PATTERN)));
+		javaTimeModule.addSerializer(LocalTime.class,
+				new LocalTimeSerializer(DateTimeFormatter.ofPattern(DatePattern.NORM_TIME_PATTERN)));
+
+		// 添加反序列化
+		javaTimeModule.addDeserializer(LocalDateTime.class,
+				new LocalDateTimeDeserializer(DateTimeFormatter.ofPattern(DatePattern.NORM_DATETIME_PATTERN)));
+		javaTimeModule.addDeserializer(LocalDate.class,
+				new LocalDateDeserializer(DateTimeFormatter.ofPattern(DatePattern.NORM_DATE_PATTERN)));
+		javaTimeModule.addDeserializer(LocalTime.class,
+				new LocalTimeDeserializer(DateTimeFormatter.ofPattern(DatePattern.NORM_TIME_PATTERN)));
+
+		// 用于注册可以扩展该映射器提供的功能的模块的方法; 例如，通过添加自定义序列化程序和反序列化程序的提供程序。
+		objectMapper.registerModule(javaTimeModule);
+
+		// Web、Security 序列化与反序列化
+		// 显性引入
+		// https://github.com/spring-projects/spring-security/issues/4370
+		SecurityJackson2Modules.enableDefaultTyping(objectMapper);
+		objectMapper.registerModules(new WebServletJackson2Module(), new WebJackson2Module(), new CoreJackson2Module(),
+				new WebServerJackson2Module());
+		objectMapper.activateDefaultTyping(objectMapper.getPolymorphicTypeValidator(),
+				ObjectMapper.DefaultTyping.NON_FINAL, JsonTypeInfo.As.PROPERTY);
+		// objectMapper.registerModule(new CasJackson2Module());
+		// objectMapper.registerModule(new OAuth2ClientJackson2Module());
+		// objectMapper.registerModule(new Saml2Jackson2Module());
+
+		return objectMapper;
+	}
+
+}

pig-common/pig-common-core/src/main/java/com/pig4cloud/pig/common/core/config/RedisTemplateConfiguration.java

@@ -16,22 +16,20 @@
 
 package com.pig4cloud.pig.common.core.config;
 
-import org.springframework.boot.autoconfigure.AutoConfiguration;
-import org.springframework.boot.autoconfigure.AutoConfigureBefore;
-import org.springframework.boot.autoconfigure.data.redis.RedisAutoConfiguration;
-import org.springframework.cache.annotation.EnableCaching;
 import org.springframework.context.annotation.Bean;
 import org.springframework.data.redis.connection.RedisConnectionFactory;
 import org.springframework.data.redis.core.*;
 import org.springframework.data.redis.serializer.RedisSerializer;
 
 /**
+ * 与 {@link RedisCacheManagerConfiguration} 二选一
+ *
  * @author lengleng
  * @date 2019/2/1 Redis 配置类
  */
-@EnableCaching
-@AutoConfiguration
-@AutoConfigureBefore(RedisAutoConfiguration.class)
+// @EnableCaching
+// @AutoConfiguration
+// @AutoConfigureBefore(RedisAutoConfiguration.class)
 public class RedisTemplateConfiguration {
 
 	@Bean

pig-common/pig-common-core/src/main/resources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports

@@ -1,6 +1,6 @@
 com.pig4cloud.pig.common.core.config.TaskExecutorConfiguration
 com.pig4cloud.pig.common.core.config.JacksonConfiguration
-com.pig4cloud.pig.common.core.config.RedisTemplateConfiguration
+com.pig4cloud.pig.common.core.config.RedisCacheManagerConfiguration
 com.pig4cloud.pig.common.core.config.RestTemplateConfiguration
 com.pig4cloud.pig.common.core.util.SpringContextHolder
 com.pig4cloud.pig.common.core.config.WebMvcConfiguration

pig-common/pig-common-security/src/main/java/com/pig4cloud/pig/common/security/service/PigAppUserDetailsServiceImpl.java

@@ -24,8 +24,7 @@
 import lombok.RequiredArgsConstructor;
 import lombok.SneakyThrows;
 import lombok.extern.slf4j.Slf4j;
-import org.springframework.cache.Cache;
-import org.springframework.cache.CacheManager;
+import org.springframework.cache.annotation.Cacheable;
 import org.springframework.security.core.userdetails.UserDetails;
 
 /**
@@ -39,28 +38,17 @@ public class PigAppUserDetailsServiceImpl implements PigUserDetailsService {
 
 	private final RemoteUserService remoteUserService;
 
-	private final CacheManager cacheManager;
-
 	/**
 	 * 手机号登录
 	 * @param phone 手机号
 	 * @return
 	 */
 	@Override
 	@SneakyThrows
+	@Cacheable(value = CacheConstants.USER_DETAILS, key = "#phone", unless = "#result == null")
 	public UserDetails loadUserByUsername(String phone) {
-		Cache cache = cacheManager.getCache(CacheConstants.USER_DETAILS);
-		if (cache != null && cache.get(phone) != null) {
-			return (PigUser) cache.get(phone).get();
-		}
-
 		R<UserInfo> result = remoteUserService.infoByMobile(phone);
-
-		UserDetails userDetails = getUserDetails(result);
-		if (cache != null) {
-			cache.put(phone, userDetails);
-		}
-		return userDetails;
+		return getUserDetails(result);
 	}
 
 	/**

pig-common/pig-common-security/src/main/java/com/pig4cloud/pig/common/security/service/PigUserDetailsServiceImpl.java

@@ -23,8 +23,7 @@
 import lombok.RequiredArgsConstructor;
 import lombok.SneakyThrows;
 import lombok.extern.slf4j.Slf4j;
-import org.springframework.cache.Cache;
-import org.springframework.cache.CacheManager;
+import org.springframework.cache.annotation.Cacheable;
 import org.springframework.context.annotation.Primary;
 import org.springframework.security.core.userdetails.UserDetails;
 
@@ -40,27 +39,17 @@ public class PigUserDetailsServiceImpl implements PigUserDetailsService {
 
 	private final RemoteUserService remoteUserService;
 
-	private final CacheManager cacheManager;
-
 	/**
 	 * 用户名密码登录
 	 * @param username 用户名
 	 * @return
 	 */
 	@Override
 	@SneakyThrows
+	@Cacheable(value = CacheConstants.USER_DETAILS, key = "#username", unless = "#result == null")
 	public UserDetails loadUserByUsername(String username) {
-		Cache cache = cacheManager.getCache(CacheConstants.USER_DETAILS);
-		if (cache != null && cache.get(username) != null) {
-			return (PigUser) cache.get(username).get();
-		}
-
 		R<UserInfo> result = remoteUserService.info(username);
-		UserDetails userDetails = getUserDetails(result);
-		if (cache != null) {
-			cache.put(username, userDetails);
-		}
-		return userDetails;
+		return getUserDetails(result);
 	}
 
 	@Override

pig-gateway/pom.xml

@@ -92,6 +92,11 @@
             <groupId>org.springdoc</groupId>
             <artifactId>springdoc-openapi-webflux-ui</artifactId>
         </dependency>
+		<dependency>
+			<groupId>org.springframework.security</groupId>
+			<artifactId>spring-security-oauth2-authorization-server</artifactId>
+			<version>${spring.authorization.version}</version>
+		</dependency>
     </dependencies>
 
     <build>

pig-gateway/src/main/java/com/pig4cloud/pig/gateway/config/ReactiveAuthorizationManagerConfiguration.java

@@ -0,0 +1,39 @@
+package com.pig4cloud.pig.gateway.config;
+
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.authorization.AuthorizationDecision;
+import org.springframework.security.authorization.ReactiveAuthorizationManager;
+import org.springframework.security.config.web.server.ServerHttpSecurity;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.web.server.SecurityWebFilterChain;
+import org.springframework.security.web.server.authorization.AuthorizationContext;
+import reactor.core.publisher.Mono;
+
+/**
+ * 网关禁用 Security
+ *
+ * @author xuxiaowei
+ * @since 3.6.4
+ */
+@Slf4j
+@Configuration
+public class ReactiveAuthorizationManagerConfiguration implements ReactiveAuthorizationManager<AuthorizationContext> {
+
+	@Override
+	public Mono<AuthorizationDecision> check(Mono<Authentication> authentication, AuthorizationContext object) {
+		return Mono.just(new AuthorizationDecision(true));
+	}
+
+	@Bean
+	public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
+
+		http.formLogin().disable();
+		http.csrf().disable();
+		http.cors().disable();
+
+		return http.build();
+	}
+
+}