From beea3c4eee1847cdf8fd8d0a899631b4c107d1c2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E6=9D=A8=E9=B9=8F=E9=A3=9E?= <yangpf@tongzhi.com.cn>
Date: Fri, 26 Mar 2021 14:23:40 +0800
Subject: [PATCH] =?UTF-8?q?=E8=A1=A5=E5=85=85=E5=AE=A2=E6=88=B7=E7=AB=AF?=
 =?UTF-8?q?=E6=8E=88=E6=9D=83=E6=96=B9=E5=BC=8F?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../poile/ucs/auth/AuthServerApplication.java |  4 +--
 .../ucs/auth/config/AuthorizationConfig.java  |  2 +-
 .../ucs/auth/config/ExceptionHandle.java      | 10 ++++---
 .../cn/poile/ucs/auth/constant/ErrorEnum.java |  5 ++++
 .../auth/controller/SysClientController.java  | 26 ++++++++++++++++---
 .../exception/CustomOauthTokenException.java  |  7 +++++
 .../ucs/auth/service/ISysClientService.java   |  8 ++++++
 .../service/impl/SysClientServiceImpl.java    | 26 ++++++++++++++++++-
 .../src/main/resources/application-dev.yml    |  7 ++---
 resource-server/pom.xml                       |  2 +-
 .../controller/TestRestController.java        | 14 +++++++---
 .../src/main/resources/application-dev.yml    | 10 +++----
 12 files changed, 97 insertions(+), 24 deletions(-)

diff --git a/auth-server/src/main/java/cn/poile/ucs/auth/AuthServerApplication.java b/auth-server/src/main/java/cn/poile/ucs/auth/AuthServerApplication.java
index 8141e5a..f2b8c17 100644
--- a/auth-server/src/main/java/cn/poile/ucs/auth/AuthServerApplication.java
+++ b/auth-server/src/main/java/cn/poile/ucs/auth/AuthServerApplication.java
@@ -7,9 +7,9 @@ import org.springframework.boot.web.servlet.ServletComponentScan;
 import org.springframework.cloud.client.discovery.EnableDiscoveryClient;
 
 
-
 /**
  * 认证中心服务
+ *
  * @author: yaohw
  * @create: 2019-09-25 16:48
  **/
@@ -20,7 +20,7 @@ import org.springframework.cloud.client.discovery.EnableDiscoveryClient;
 public class AuthServerApplication {
 
     public static void main(String[] args) {
-        SpringApplication.run(AuthServerApplication.class,args);
+        SpringApplication.run(AuthServerApplication.class, args);
     }
 
 }
diff --git a/auth-server/src/main/java/cn/poile/ucs/auth/config/AuthorizationConfig.java b/auth-server/src/main/java/cn/poile/ucs/auth/config/AuthorizationConfig.java
index 0835cbf..fc2a7c6 100644
--- a/auth-server/src/main/java/cn/poile/ucs/auth/config/AuthorizationConfig.java
+++ b/auth-server/src/main/java/cn/poile/ucs/auth/config/AuthorizationConfig.java
@@ -1 +1 @@
-package cn.poile.ucs.auth.config;

import cn.poile.ucs.auth.granter.MobileCodeTokenGranter;
import cn.poile.ucs.auth.response.ApiOauthTokenResponse;
import cn.poile.ucs.auth.service.impl.SysClientServiceImpl;
import cn.poile.ucs.auth.service.impl.SysUserServiceImpl;
import cn.poile.ucs.auth.vo.UserDetailImpl;
import lombok.extern.log4j.Log4j2;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Primary;
import org.springframework.data.redis.connection.RedisConnectionFactory;
import org.springframework.data.redis.core.RedisTemplate;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;
import org.springframework.security.oauth2.provider.CompositeTokenGranter;
import org.springframework.security.oauth2.provider.OAuth2Authentication;
import org.springframework.security.oauth2.provider.OAuth2Request;
import org.springframework.security.oauth2.provider.TokenGranter;
import org.springframework.security.oauth2.provider.code.AuthorizationCodeServices;
import org.springframework.security.oauth2.provider.code.AuthorizationCodeTokenGranter;
import org.springframework.security.oauth2.provider.implicit.ImplicitTokenGranter;
import org.springframework.security.oauth2.provider.password.ResourceOwnerPasswordTokenGranter;
import org.springframework.security.oauth2.provider.refresh.RefreshTokenGranter;
import org.springframework.security.oauth2.provider.token.AuthenticationKeyGenerator;
import org.springframework.security.oauth2.provider.token.DefaultTokenServices;
import org.springframework.security.oauth2.provider.token.TokenEnhancer;
import org.springframework.security.oauth2.provider.token.TokenStore;
import org.springframework.security.oauth2.provider.token.store.redis.RedisTokenStore;

import java.math.BigInteger;
import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.ArrayList;
import java.util.List;
import java.util.concurrent.TimeUnit;

/**
 * 认证配置
 * @author: yaohw
 * @create: 2019-09-30 16:12
 **/
@Log4j2
@Configuration
@EnableAuthorizationServer
public class AuthorizationConfig extends AuthorizationServerConfigurerAdapter {

    @Autowired
    private AuthenticationManager authenticationManager;

    @Autowired
    private SysUserServiceImpl userDetailsService;

    @Autowired
    private SysClientServiceImpl clientDetailsService;

    @Autowired
    private RedisConnectionFactory redisConnectionFactory;


    @Autowired
    private RedisTemplate<String, Object> redisTemplate;


    /**
     * 自定义token唯一key
     * @return AuthenticationKeyGenerator
     */
    private AuthenticationKeyGenerator keyGenerator() {
        return new AuthenticationKeyGenerator() {
            /**
             * @param authentication an OAuth2Authentication
             * @return a unique key identifying the authentication
             */
            @Override
            public String extractKey(OAuth2Authentication authentication) {
                OAuth2Request oAuth2Request = authentication.getOAuth2Request();
                String clientId = oAuth2Request.getClientId();
                UserDetailImpl principal = (UserDetailImpl)authentication.getPrincipal();
                String value = principal.getId() + clientId;
                MessageDigest digest;
                try {
                    digest = MessageDigest.getInstance("MD5");
                    byte[] bytes = digest.digest(value.getBytes(StandardCharsets.UTF_8));
                    return String.format("%032x", new BigInteger(1, bytes));
                } catch (NoSuchAlgorithmException nsae) {
                    throw new IllegalStateException("MD5 algorithm not available.  Fatal (should be in the JDK).", nsae);
                }
            }
        };
    }


    /**
     * 配置token存储，这个配置token存到redis中
     * @return tokenStore
     */
    @Bean
    public TokenStore tokenStore() {
        RedisTokenStore redisTokenStore = new RedisTokenStore(redisConnectionFactory);
        redisTokenStore.setAuthenticationKeyGenerator(keyGenerator());
        return redisTokenStore;
    }

    /**
     * 配置授权码模式授权码服务,不配置默认为内存模式
     * @return
     */
    @Primary
    @Bean
    public AuthorizationCodeServices authorizationCodeServices() {
        return new RedisAuthorizationCodeServices(redisConnectionFactory);
    }

    /**
     * 配置客户端详情
     * @param clients
     * @throws Exception
     */
    @Override
    public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
        clients.withClientDetails(clientDetailsService);
    }

    @Override
    public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
                // 配置token存储，一般配置redis存储
                endpoints.tokenStore(tokenStore())
                        // 自定义token
                        .tokenEnhancer(tokenEnhancer())
                // 配置认证管理器
                .authenticationManager(authenticationManager)
                // 配置用户详情server，密码模式必须
                .userDetailsService(userDetailsService)
                // 配置授权码模式授权码服务,不配置默认为内存模式
                .authorizationCodeServices(authorizationCodeServices())
                // 配置grant_type模式，如果不配置则默认使用密码模式、简化模式、验证码模式以及刷新token模式，如果配置了只使用配置中，默认配置失效
                // 具体可以查询AuthorizationServerEndpointsConfigurer中的getDefaultTokenGranters方法
                .tokenGranter(tokenGranter(endpoints));
        // 配置TokenServices参数
        DefaultTokenServices tokenServices = new DefaultTokenServices();
        tokenServices.setTokenStore(endpoints.getTokenStore());
        // 是否支持刷新Token
        tokenServices.setSupportRefreshToken(true);
        tokenServices.setReuseRefreshToken(true);
        tokenServices.setClientDetailsService(endpoints.getClientDetailsService());
        tokenServices.setTokenEnhancer(endpoints.getTokenEnhancer());
        // 设置accessToken和refreshToken的默认超时时间(如果clientDetails的为null就取默认的，如果clientDetails的不为null取clientDetails中的)
        tokenServices.setAccessTokenValiditySeconds((int) TimeUnit.HOURS.toSeconds(2));
        tokenServices.setRefreshTokenValiditySeconds((int) TimeUnit.DAYS.toSeconds(30));
        endpoints.tokenServices(tokenServices);
        endpoints.exceptionTranslator(new ExceptionHandle());
    }


    @Override
    public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
        security
                .allowFormAuthenticationForClients()
                .tokenKeyAccess("isAuthenticated()")
                .checkTokenAccess("permitAll()");
    }

    /**
     * 返回的token自定义化
     *
     * @return
     */
    @Bean
    public TokenEnhancer tokenEnhancer() {
        return (accessToken, authentication) -> new ApiOauthTokenResponse(accessToken);
    }

    /**
     * 创建grant_type列表
     * @param endpoints
     * @return
     */
    @Bean
    public TokenGranter tokenGranter(AuthorizationServerEndpointsConfigurer endpoints) {
        List<TokenGranter> list = new ArrayList<>();
        // 这里配置密码模式、刷新token模式、自定义手机号验证码模式、授权码模式、简化模式
        list.add(new ResourceOwnerPasswordTokenGranter(authenticationManager, endpoints.getTokenServices(), endpoints.getClientDetailsService(), endpoints.getOAuth2RequestFactory()));
        list.add(new RefreshTokenGranter(endpoints.getTokenServices(), endpoints.getClientDetailsService(), endpoints.getOAuth2RequestFactory()));
        list.add(new MobileCodeTokenGranter(authenticationManager,endpoints.getTokenServices(), endpoints.getClientDetailsService(), endpoints.getOAuth2RequestFactory()));
        list.add(new AuthorizationCodeTokenGranter(endpoints.getTokenServices(),endpoints.getAuthorizationCodeServices(), endpoints.getClientDetailsService(), endpoints.getOAuth2RequestFactory()));
        list.add(new ImplicitTokenGranter(endpoints.getTokenServices(),endpoints.getClientDetailsService(),endpoints.getOAuth2RequestFactory()));
        return new CompositeTokenGranter(list);
    }
}
\ No newline at end of file
+package cn.poile.ucs.auth.config;

import cn.poile.ucs.auth.granter.MobileCodeTokenGranter;
import cn.poile.ucs.auth.response.ApiOauthTokenResponse;
import cn.poile.ucs.auth.service.impl.SysClientServiceImpl;
import cn.poile.ucs.auth.service.impl.SysUserServiceImpl;
import cn.poile.ucs.auth.vo.UserDetailImpl;
import lombok.extern.log4j.Log4j2;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Primary;
import org.springframework.data.redis.connection.RedisConnectionFactory;
import org.springframework.data.redis.core.RedisTemplate;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;
import org.springframework.security.oauth2.provider.CompositeTokenGranter;
import org.springframework.security.oauth2.provider.OAuth2Authentication;
import org.springframework.security.oauth2.provider.OAuth2Request;
import org.springframework.security.oauth2.provider.TokenGranter;
import org.springframework.security.oauth2.provider.client.ClientCredentialsTokenGranter;
import org.springframework.security.oauth2.provider.code.AuthorizationCodeServices;
import org.springframework.security.oauth2.provider.code.AuthorizationCodeTokenGranter;
import org.springframework.security.oauth2.provider.implicit.ImplicitTokenGranter;
import org.springframework.security.oauth2.provider.password.ResourceOwnerPasswordTokenGranter;
import org.springframework.security.oauth2.provider.refresh.RefreshTokenGranter;
import org.springframework.security.oauth2.provider.token.AuthenticationKeyGenerator;
import org.springframework.security.oauth2.provider.token.DefaultTokenServices;
import org.springframework.security.oauth2.provider.token.TokenEnhancer;
import org.springframework.security.oauth2.provider.token.TokenStore;
import org.springframework.security.oauth2.provider.token.store.redis.RedisTokenStore;

import java.math.BigInteger;
import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.ArrayList;
import java.util.List;
import java.util.concurrent.TimeUnit;

/**
 * 认证配置
 *
 * @author: yaohw
 * @create: 2019-09-30 16:12
 **/
@Log4j2
@Configuration
@EnableAuthorizationServer
public class AuthorizationConfig extends AuthorizationServerConfigurerAdapter {

    @Autowired
    private AuthenticationManager authenticationManager;

    @Autowired
    private SysUserServiceImpl userDetailsService;

    @Autowired
    private SysClientServiceImpl clientDetailsService;

    @Autowired
    private RedisConnectionFactory redisConnectionFactory;


    @Autowired
    private RedisTemplate<String, Object> redisTemplate;


    /**
     * 自定义token唯一key
     *
     * @return AuthenticationKeyGenerator
     */
    private AuthenticationKeyGenerator keyGenerator() {
        return new AuthenticationKeyGenerator() {
            /**
             * @param authentication an OAuth2Authentication
             * @return a unique key identifying the authentication
             */
            @Override
            public String extractKey(OAuth2Authentication authentication) {
                OAuth2Request oAuth2Request = authentication.getOAuth2Request();
                String clientId = oAuth2Request.getClientId();
                Object sourcePrincipal = authentication.getPrincipal();
                String value = null;
                if (sourcePrincipal instanceof String) {
                    String principal = (String) sourcePrincipal;
                    value = principal + clientId;
                } else {
                    UserDetailImpl principal = (UserDetailImpl) sourcePrincipal;
                    value = principal.getId() + clientId;
                }
                MessageDigest digest;
                try {
                    digest = MessageDigest.getInstance("MD5");
                    byte[] bytes = digest.digest(value.getBytes(StandardCharsets.UTF_8));
                    return String.format("%032x", new BigInteger(1, bytes));
                } catch (NoSuchAlgorithmException nsae) {
                    throw new IllegalStateException("MD5 algorithm not available.  Fatal (should be in the JDK).", nsae);
                }
            }
        };
    }


    /**
     * 配置token存储，这个配置token存到redis中
     *
     * @return tokenStore
     */
    @Bean
    public TokenStore tokenStore() {
        RedisTokenStore redisTokenStore = new RedisTokenStore(redisConnectionFactory);
        redisTokenStore.setAuthenticationKeyGenerator(keyGenerator());
        return redisTokenStore;
    }

    /**
     * 配置授权码模式授权码服务,不配置默认为内存模式
     *
     * @return
     */
    @Primary
    @Bean
    public AuthorizationCodeServices authorizationCodeServices() {
        return new RedisAuthorizationCodeServices(redisConnectionFactory);
    }

    /**
     * 配置客户端详情
     *
     * @param clients
     * @throws Exception
     */
    @Override
    public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
        clients.withClientDetails(clientDetailsService);
    }

    @Override
    public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
        // 配置token存储，一般配置redis存储
        endpoints.tokenStore(tokenStore())
                // 自定义token
                .tokenEnhancer(tokenEnhancer())
                // 配置认证管理器
                .authenticationManager(authenticationManager)
                // 配置用户详情server，密码模式必须
                .userDetailsService(userDetailsService)
                // 配置授权码模式授权码服务,不配置默认为内存模式
                .authorizationCodeServices(authorizationCodeServices())
                // 配置grant_type模式，如果不配置则默认使用密码模式、简化模式、验证码模式以及刷新token模式，如果配置了只使用配置中，默认配置失效
                // 具体可以查询AuthorizationServerEndpointsConfigurer中的getDefaultTokenGranters方法
                .tokenGranter(tokenGranter(endpoints));
        // 配置TokenServices参数
        DefaultTokenServices tokenServices = new DefaultTokenServices();
        tokenServices.setTokenStore(endpoints.getTokenStore());
        // 是否支持刷新Token
        tokenServices.setSupportRefreshToken(true);
        tokenServices.setReuseRefreshToken(true);
        tokenServices.setClientDetailsService(endpoints.getClientDetailsService());
        tokenServices.setTokenEnhancer(endpoints.getTokenEnhancer());
        // 设置accessToken和refreshToken的默认超时时间(如果clientDetails的为null就取默认的，如果clientDetails的不为null取clientDetails中的)
        tokenServices.setAccessTokenValiditySeconds((int) TimeUnit.HOURS.toSeconds(2));
        tokenServices.setRefreshTokenValiditySeconds((int) TimeUnit.DAYS.toSeconds(30));
        endpoints.tokenServices(tokenServices);
        endpoints.exceptionTranslator(new ExceptionHandle());
    }


    @Override
    public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
        security
                .allowFormAuthenticationForClients()
                .tokenKeyAccess("isAuthenticated()")
                .checkTokenAccess("permitAll()");
    }

    /**
     * 返回的token自定义化
     *
     * @return
     */
    @Bean
    public TokenEnhancer tokenEnhancer() {
        return (accessToken, authentication) -> new ApiOauthTokenResponse(accessToken);
    }

    /**
     * 创建grant_type列表
     *
     * @param endpoints
     * @return
     */
    @Bean
    public TokenGranter tokenGranter(AuthorizationServerEndpointsConfigurer endpoints) {
        List<TokenGranter> list = new ArrayList<>();
        // 这里配置密码模式、刷新token模式、自定义手机号验证码模式、授权码模式、简化模式、客户端模式
        list.add(new ResourceOwnerPasswordTokenGranter(authenticationManager, endpoints.getTokenServices(), endpoints.getClientDetailsService(), endpoints.getOAuth2RequestFactory()));
        list.add(new RefreshTokenGranter(endpoints.getTokenServices(), endpoints.getClientDetailsService(), endpoints.getOAuth2RequestFactory()));
        list.add(new MobileCodeTokenGranter(authenticationManager, endpoints.getTokenServices(), endpoints.getClientDetailsService(), endpoints.getOAuth2RequestFactory()));
        list.add(new AuthorizationCodeTokenGranter(endpoints.getTokenServices(), endpoints.getAuthorizationCodeServices(), endpoints.getClientDetailsService(), endpoints.getOAuth2RequestFactory()));
        list.add(new ImplicitTokenGranter(endpoints.getTokenServices(), endpoints.getClientDetailsService(), endpoints.getOAuth2RequestFactory()));
        list.add(new ClientCredentialsTokenGranter(endpoints.getTokenServices(), endpoints.getClientDetailsService(), endpoints.getOAuth2RequestFactory()));
        return new CompositeTokenGranter(list);
    }
}
\ No newline at end of file
diff --git a/auth-server/src/main/java/cn/poile/ucs/auth/config/ExceptionHandle.java b/auth-server/src/main/java/cn/poile/ucs/auth/config/ExceptionHandle.java
index 24fcb55..d51acdb 100644
--- a/auth-server/src/main/java/cn/poile/ucs/auth/config/ExceptionHandle.java
+++ b/auth-server/src/main/java/cn/poile/ucs/auth/config/ExceptionHandle.java
@@ -11,10 +11,7 @@ import org.springframework.security.authentication.AccountExpiredException;
 import org.springframework.security.authentication.BadCredentialsException;
 import org.springframework.security.authentication.CredentialsExpiredException;
 import org.springframework.security.authentication.LockedException;
-import org.springframework.security.oauth2.common.exceptions.InvalidGrantException;
-import org.springframework.security.oauth2.common.exceptions.InvalidScopeException;
-import org.springframework.security.oauth2.common.exceptions.OAuth2Exception;
-import org.springframework.security.oauth2.common.exceptions.UnsupportedGrantTypeException;
+import org.springframework.security.oauth2.common.exceptions.*;
 import org.springframework.security.oauth2.provider.error.WebResponseExceptionTranslator;
 import org.springframework.web.bind.annotation.ExceptionHandler;
 import org.springframework.web.bind.annotation.ResponseBody;
@@ -108,6 +105,11 @@ public class ExceptionHandle implements WebResponseExceptionTranslator<OAuth2Exc
         // 范围不正确
         if (e instanceof InvalidScopeException) {
 
+        }
+        // 无效的认证类型
+        if (e instanceof InvalidClientException) {
+            log.error(UNAUTHORIZED_GRANT_TYPE_CLIENT_CREDENTIALS.getErrorMsg(), e);
+            return new CustomOauthTokenException(UNAUTHORIZED_GRANT_TYPE_CLIENT_CREDENTIALS);
         }
         log.error("未知认证异常:{0}", e);
         return new CustomOauthTokenException(SYSTEM_ERROR.getErrorCode(), SYSTEM_ERROR.getErrorMsg());
diff --git a/auth-server/src/main/java/cn/poile/ucs/auth/constant/ErrorEnum.java b/auth-server/src/main/java/cn/poile/ucs/auth/constant/ErrorEnum.java
index 748ce8e..56f7b2d 100644
--- a/auth-server/src/main/java/cn/poile/ucs/auth/constant/ErrorEnum.java
+++ b/auth-server/src/main/java/cn/poile/ucs/auth/constant/ErrorEnum.java
@@ -66,6 +66,11 @@ public enum ErrorEnum {
      */
     INVALID_REQUEST(1011, "无效请求或请求不接受"),
 
+    /**
+     * 无效请求
+     */
+    UNAUTHORIZED_GRANT_TYPE_CLIENT_CREDENTIALS(1012, "未经授权的授权机制-客户端"),
+
 
     /**
      * 系统异常
diff --git a/auth-server/src/main/java/cn/poile/ucs/auth/controller/SysClientController.java b/auth-server/src/main/java/cn/poile/ucs/auth/controller/SysClientController.java
index b0e9c8e..5c731bb 100644
--- a/auth-server/src/main/java/cn/poile/ucs/auth/controller/SysClientController.java
+++ b/auth-server/src/main/java/cn/poile/ucs/auth/controller/SysClientController.java
@@ -1,9 +1,16 @@
 package cn.poile.ucs.auth.controller;
 
-
+import cn.poile.ucs.auth.entity.SysClient;
+import cn.poile.ucs.auth.service.ISysClientService;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.oauth2.provider.ClientDetails;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
 
+import javax.validation.Valid;
+
 /**
  * <p>
  * 前端控制器
@@ -13,7 +20,20 @@ import org.springframework.web.bind.annotation.RestController;
  * @since 2020-09-07
  */
 @RestController
-@RequestMapping("/sysClient")
+@RequestMapping("/sys-client")
 public class SysClientController extends BaseController {
 
-}
+    @Autowired
+    private ISysClientService iSysClientService;
+
+    /**
+     * 保存客户端
+     *
+     * @param client
+     * @return
+     */
+    @PostMapping("save")
+    public ClientDetails save(@Valid @RequestBody SysClient client) {
+        return iSysClientService.addClient(client);
+    }
+}
\ No newline at end of file
diff --git a/auth-server/src/main/java/cn/poile/ucs/auth/exception/CustomOauthTokenException.java b/auth-server/src/main/java/cn/poile/ucs/auth/exception/CustomOauthTokenException.java
index 710b53f..fb339cd 100644
--- a/auth-server/src/main/java/cn/poile/ucs/auth/exception/CustomOauthTokenException.java
+++ b/auth-server/src/main/java/cn/poile/ucs/auth/exception/CustomOauthTokenException.java
@@ -1,6 +1,7 @@
 package cn.poile.ucs.auth.exception;
 
 import cn.poile.ucs.auth.common.CustomOauthTokenExceptionJsonSerializer;
+import cn.poile.ucs.auth.constant.ErrorEnum;
 import com.fasterxml.jackson.databind.annotation.JsonSerialize;
 import lombok.Data;
 import lombok.EqualsAndHashCode;
@@ -33,4 +34,10 @@ public class CustomOauthTokenException extends OAuth2Exception {
         setCode(code);
         setMessage(message);
     }
+
+    public CustomOauthTokenException(ErrorEnum errorEnum) {
+        super(errorEnum.getErrorMsg());
+        setCode(errorEnum.getErrorCode());
+        setMessage(errorEnum.getErrorMsg());
+    }
 }
diff --git a/auth-server/src/main/java/cn/poile/ucs/auth/service/ISysClientService.java b/auth-server/src/main/java/cn/poile/ucs/auth/service/ISysClientService.java
index 0f3d909..f6109be 100644
--- a/auth-server/src/main/java/cn/poile/ucs/auth/service/ISysClientService.java
+++ b/auth-server/src/main/java/cn/poile/ucs/auth/service/ISysClientService.java
@@ -2,6 +2,7 @@ package cn.poile.ucs.auth.service;
 
 import cn.poile.ucs.auth.entity.SysClient;
 import com.baomidou.mybatisplus.extension.service.IService;
+import org.springframework.security.oauth2.provider.ClientDetails;
 
 /**
  * <p>
@@ -13,4 +14,11 @@ import com.baomidou.mybatisplus.extension.service.IService;
  */
 public interface ISysClientService extends IService<SysClient> {
 
+    /**
+     * 客户端保存
+     *
+     * @param client
+     * @return
+     */
+    ClientDetails addClient(SysClient client);
 }
diff --git a/auth-server/src/main/java/cn/poile/ucs/auth/service/impl/SysClientServiceImpl.java b/auth-server/src/main/java/cn/poile/ucs/auth/service/impl/SysClientServiceImpl.java
index c52c5bb..68b5480 100644
--- a/auth-server/src/main/java/cn/poile/ucs/auth/service/impl/SysClientServiceImpl.java
+++ b/auth-server/src/main/java/cn/poile/ucs/auth/service/impl/SysClientServiceImpl.java
@@ -8,13 +8,16 @@ import cn.poile.ucs.auth.service.ISysClientService;
 import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
 import com.baomidou.mybatisplus.extension.service.impl.ServiceImpl;
 import com.google.common.collect.Sets;
+import lombok.extern.slf4j.Slf4j;
 import org.apache.commons.lang.StringUtils;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.security.oauth2.provider.ClientDetails;
 import org.springframework.security.oauth2.provider.ClientDetailsService;
 import org.springframework.security.oauth2.provider.ClientRegistrationException;
 import org.springframework.security.oauth2.provider.client.BaseClientDetails;
 import org.springframework.stereotype.Service;
+import org.springframework.util.Assert;
 
 import java.util.ArrayList;
 import java.util.Arrays;
@@ -28,12 +31,16 @@ import java.util.List;
  * @author yaohw
  * @since 2020-09-07
  */
+@Slf4j
 @Service
 public class SysClientServiceImpl extends ServiceImpl<SysClientMapper, SysClient> implements ISysClientService, ClientDetailsService {
 
     @Autowired
     private ISysAuthorityService sysAuthorityService;
 
+    @Autowired
+    public PasswordEncoder passwordEncoder;
+
     private static final String SEPARATOR = ",";
 
     /**
@@ -109,5 +116,22 @@ public class SysClientServiceImpl extends ServiceImpl<SysClientMapper, SysClient
         return baseClientDetails;
     }
 
-
+    @Override
+    public ClientDetails addClient(SysClient client) {
+        Assert.notNull(client, "客户端不能为空");
+        Assert.hasText(client.getClientId(), "客户端代码不能为空");
+        ClientDetails clientDetails = null;
+        try {
+            clientDetails = loadClientByClientId(client.getClientId());
+        } catch (ClientRegistrationException e) {
+            log.error("客户端已存在", e);
+            return clientDetails;
+        }
+        client.setClientSecret(passwordEncoder.encode(client.getClientSecret()));
+        boolean save = save(client);
+        if (!save) {
+            throw new ClientRegistrationException("client save fail");
+        }
+        return this.buildBaseClientDetails(client);
+    }
 }
diff --git a/auth-server/src/main/resources/application-dev.yml b/auth-server/src/main/resources/application-dev.yml
index ee71750..3923804 100644
--- a/auth-server/src/main/resources/application-dev.yml
+++ b/auth-server/src/main/resources/application-dev.yml
@@ -2,7 +2,8 @@ spring:
   application:
     name: auth-server
   redis:
-    host: 127.0.0.1
+    host: 192.168.2.131
+    database: 3
     password:
     port: 6379
     timeout: 3000
@@ -15,7 +16,7 @@ spring:
   datasource:
     type: com.alibaba.druid.pool.DruidDataSource
     driver-class-name: com.mysql.jdbc.Driver
-    url: jdbc:mysql://127.0.0.1:3306/auth_db?useSSL=false
+    url: jdbc:mysql://192.168.2.131:3306/auth_db?useSSL=false
     username: root
     password: root
     druid:
@@ -51,7 +52,7 @@ spring:
 
 
 server:
-  port: 8001
+  port: 18001
 
 #服务器发现注册配置
 eureka:
diff --git a/resource-server/pom.xml b/resource-server/pom.xml
index b353e37..8073d81 100644
--- a/resource-server/pom.xml
+++ b/resource-server/pom.xml
@@ -9,7 +9,7 @@
     </parent>
     <modelVersion>4.0.0</modelVersion>
 
-    <artifactId>resources-server</artifactId>
+    <artifactId>resource-server</artifactId>
 
     <dependencies>
         <dependency>
diff --git a/resource-server/src/main/java/cn/poile/ucs/resources/controller/TestRestController.java b/resource-server/src/main/java/cn/poile/ucs/resources/controller/TestRestController.java
index cbc4bf9..db1674b 100644
--- a/resource-server/src/main/java/cn/poile/ucs/resources/controller/TestRestController.java
+++ b/resource-server/src/main/java/cn/poile/ucs/resources/controller/TestRestController.java
@@ -18,20 +18,24 @@ public class TestRestController {
 
     /**
      * 不需要token访问测试
+     *
      * @return
      */
     @GetMapping("/test/no_need_token")
-    public @ResponseBody String test() {
+    public @ResponseBody
+    String test() {
         return "no_need_token";
     }
 
     /**
      * 需要需要token访问接口测试
+     *
      * @return
      */
     @GetMapping("/test/need_token")
-    public @ResponseBody String test2(Authentication authentication) {
-        log.info("{}",authentication);
+    public @ResponseBody
+    String test2(Authentication authentication) {
+        log.info("{}", authentication);
         // 由于自定义的principal返回的是包含全部user字段的map
         Object principal = authentication.getPrincipal();
         return "need_token";
@@ -39,11 +43,13 @@ public class TestRestController {
 
     /**
      * 需要需要管理员权限
+     *
      * @return
      */
     @PreAuthorize("hasAuthority('admin')")
     @GetMapping("/test/need_admin")
-    public @ResponseBody String admin() {
+    public @ResponseBody
+    String admin() {
         return "need_admin";
     }
 
diff --git a/resource-server/src/main/resources/application-dev.yml b/resource-server/src/main/resources/application-dev.yml
index e2db31d..eb02af9 100644
--- a/resource-server/src/main/resources/application-dev.yml
+++ b/resource-server/src/main/resources/application-dev.yml
@@ -3,7 +3,7 @@ spring:
     name: resource-server
 
 server:
-  port: 8003
+  port: 18003
 
 #服务器发现注册配置
 eureka:
@@ -19,11 +19,11 @@ security:
       id: resource-server
       ## user-info-uri和token-info-uri二选择即可
       ##如果配置了user-info-uri，该资源服务器使用userInfoTokenServices远程调用认证中心接口，通过认证中心的OAuth2AuthenticationProcessingFilter完成验证工作，一般设置user-info-uri即可
-      user-info-uri: http://127.0.0.1:8001/user
+      user-info-uri: http://127.0.0.1:18001/user
       prefer-token-info: false
-    #client:
-      #client-secret: yaohw
-      #client-id: yaohw
+    client:
+      client-id: web
+      client-secret: 123456
 
 ##开启日志DEBUG级别，便于查看调试信息
 logging.level.org.springframework.security: DEBUG
\ No newline at end of file
-- 
Gitee