From 4aaf739854c13ec3396b0abf7aabc4aec0422a1f Mon Sep 17 00:00:00 2001
From: TwelveT <2471835953@qq.com>
Date: Fri, 26 May 2023 10:34:50 +0800
Subject: [PATCH] Spring Security 6.1 Lambda

---
 .../auth/config/WebSecurityConfiguration.java | 16 +++++++++----
 .../core/FormIdentityLoginConfigurer.java     | 12 ++++++----
 .../PigResourceServerConfiguration.java       |  8 +++++--
 .../monitor/config/WebSecurityConfigurer.java | 23 ++++++++++++++-----
 4 files changed, 42 insertions(+), 17 deletions(-)

diff --git a/pig-auth/src/main/java/com/pig4cloud/pig/auth/config/WebSecurityConfiguration.java b/pig-auth/src/main/java/com/pig4cloud/pig/auth/config/WebSecurityConfiguration.java
index c8ded5f8..8c9cc5ca 100755
--- a/pig-auth/src/main/java/com/pig4cloud/pig/auth/config/WebSecurityConfiguration.java
+++ b/pig-auth/src/main/java/com/pig4cloud/pig/auth/config/WebSecurityConfiguration.java
@@ -22,6 +22,9 @@ import org.springframework.context.annotation.Bean;
 import org.springframework.core.annotation.Order;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
+import org.springframework.security.config.annotation.web.configurers.HeadersConfigurer;
+import org.springframework.security.config.annotation.web.configurers.RequestCacheConfigurer;
 import org.springframework.security.web.SecurityFilterChain;
 
 /**
@@ -42,8 +45,10 @@ public class WebSecurityConfiguration {
 	@Bean
 	SecurityFilterChain defaultSecurityFilterChain(HttpSecurity http) throws Exception {
 		http.authorizeHttpRequests(authorizeRequests -> authorizeRequests.requestMatchers("/token/*").permitAll()// 开放自定义的部分端点
-				.anyRequest().authenticated()).headers().frameOptions().sameOrigin()// 避免iframe同源无法登录
-				.and().apply(new FormIdentityLoginConfigurer()); // 表单登录个性化
+				.anyRequest().authenticated()).headers(httpSecurityHeadersConfigurer -> {
+					// 避免iframe同源无法登录
+					httpSecurityHeadersConfigurer.frameOptions(HeadersConfigurer.FrameOptionsConfig::sameOrigin);
+				}).apply(new FormIdentityLoginConfigurer()); // 表单登录个性化
 		// 处理 UsernamePasswordAuthenticationToken
 		http.authenticationProvider(new PigDaoAuthenticationProvider());
 		return http.build();
@@ -51,7 +56,7 @@ public class WebSecurityConfiguration {
 
 	/**
 	 * 暴露静态资源
-	 *
+	 * <p>
 	 * https://github.com/spring-projects/spring-security/issues/10938
 	 * @param http
 	 * @return
@@ -61,8 +66,9 @@ public class WebSecurityConfiguration {
 	@Order(0)
 	SecurityFilterChain resources(HttpSecurity http) throws Exception {
 		http.securityMatchers((matchers) -> matchers.requestMatchers("/actuator/**", "/css/**", "/error"))
-				.authorizeHttpRequests((authorize) -> authorize.anyRequest().permitAll()).requestCache().disable()
-				.securityContext().disable().sessionManagement().disable();
+				.authorizeHttpRequests((authorize) -> authorize.anyRequest().permitAll())
+				.requestCache(RequestCacheConfigurer::disable).securityContext(AbstractHttpConfigurer::disable)
+				.sessionManagement(AbstractHttpConfigurer::disable);
 		return http.build();
 	}
 
diff --git a/pig-auth/src/main/java/com/pig4cloud/pig/auth/support/core/FormIdentityLoginConfigurer.java b/pig-auth/src/main/java/com/pig4cloud/pig/auth/support/core/FormIdentityLoginConfigurer.java
index c836e238..bb869487 100644
--- a/pig-auth/src/main/java/com/pig4cloud/pig/auth/support/core/FormIdentityLoginConfigurer.java
+++ b/pig-auth/src/main/java/com/pig4cloud/pig/auth/support/core/FormIdentityLoginConfigurer.java
@@ -8,7 +8,7 @@ import org.springframework.security.config.annotation.web.configurers.AbstractHt
 /**
  * @author lengleng
  * @data 2022-06-04
- *
+ * <p>
  * 基于授权码模式 统一认证登录 spring security & sas 都可以使用 所以抽取成 HttpConfigurer
  */
 public final class FormIdentityLoginConfigurer
@@ -21,9 +21,13 @@ public final class FormIdentityLoginConfigurer
 			formLogin.loginProcessingUrl("/token/form");
 			formLogin.failureHandler(new FormAuthenticationFailureHandler());
 
-		}).logout() // SSO登出成功处理
-				.logoutSuccessHandler(new SsoLogoutSuccessHandler()).deleteCookies("JSESSIONID")
-				.invalidateHttpSession(true).and().csrf().disable();
+		}).logout(httpSecurityLogoutConfigurer -> {
+			// SSO登出成功处理
+			httpSecurityLogoutConfigurer.logoutSuccessHandler(new SsoLogoutSuccessHandler()).deleteCookies("JSESSIONID")
+					.invalidateHttpSession(true);
+		}
+
+		).csrf(AbstractHttpConfigurer::disable);
 	}
 
 }
diff --git a/pig-common/pig-common-security/src/main/java/com/pig4cloud/pig/common/security/component/PigResourceServerConfiguration.java b/pig-common/pig-common-security/src/main/java/com/pig4cloud/pig/common/security/component/PigResourceServerConfiguration.java
index 858168ee..eec84daa 100644
--- a/pig-common/pig-common-security/src/main/java/com/pig4cloud/pig/common/security/component/PigResourceServerConfiguration.java
+++ b/pig-common/pig-common-security/src/main/java/com/pig4cloud/pig/common/security/component/PigResourceServerConfiguration.java
@@ -24,13 +24,15 @@ import org.springframework.core.Ordered;
 import org.springframework.core.annotation.Order;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
+import org.springframework.security.config.annotation.web.configurers.HeadersConfigurer;
 import org.springframework.security.oauth2.server.resource.introspection.OpaqueTokenIntrospector;
 import org.springframework.security.web.SecurityFilterChain;
 
 /**
  * @author lengleng
  * @date 2022-06-04
- *
+ * <p>
  * 资源服务器认证授权配置
  */
 @Slf4j
@@ -57,7 +59,9 @@ public class PigResourceServerConfiguration {
 						oauth2 -> oauth2.opaqueToken(token -> token.introspector(customOpaqueTokenIntrospector))
 								.authenticationEntryPoint(resourceAuthExceptionEntryPoint)
 								.bearerTokenResolver(pigBearerTokenExtractor))
-				.headers().frameOptions().disable().and().csrf().disable();
+				.headers(httpSecurityHeadersConfigurer -> httpSecurityHeadersConfigurer
+						.frameOptions(HeadersConfigurer.FrameOptionsConfig::disable))
+				.csrf(AbstractHttpConfigurer::disable);
 
 		return http.build();
 	}
diff --git a/pig-visual/pig-monitor/src/main/java/com/pig4cloud/pig/monitor/config/WebSecurityConfigurer.java b/pig-visual/pig-monitor/src/main/java/com/pig4cloud/pig/monitor/config/WebSecurityConfigurer.java
index 3685a239..5d07246a 100755
--- a/pig-visual/pig-monitor/src/main/java/com/pig4cloud/pig/monitor/config/WebSecurityConfigurer.java
+++ b/pig-visual/pig-monitor/src/main/java/com/pig4cloud/pig/monitor/config/WebSecurityConfigurer.java
@@ -20,6 +20,8 @@ import de.codecentric.boot.admin.server.config.AdminServerProperties;
 import org.springframework.context.annotation.Bean;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
+import org.springframework.security.config.annotation.web.configurers.HeadersConfigurer;
 import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
 
@@ -49,12 +51,21 @@ public class WebSecurityConfigurer {
 		SavedRequestAwareAuthenticationSuccessHandler successHandler = new SavedRequestAwareAuthenticationSuccessHandler();
 		successHandler.setTargetUrlParameter("redirectTo");
 		successHandler.setDefaultTargetUrl(adminContextPath + "/");
-		http.headers().frameOptions().disable().and().authorizeHttpRequests()
-				.requestMatchers(adminContextPath + "/assets/**", adminContextPath + "/login",
-						adminContextPath + "/instances/**", adminContextPath + "/actuator/**")
-				.permitAll().anyRequest().authenticated().and().formLogin().loginPage(adminContextPath + "/login")
-				.successHandler(successHandler).and().logout().logoutUrl(adminContextPath + "/logout").and().httpBasic()
-				.and().csrf().disable();
+		http.headers(httpSecurityHeadersConfigurer -> {
+			httpSecurityHeadersConfigurer.frameOptions(HeadersConfigurer.FrameOptionsConfig::disable);
+		}).authorizeHttpRequests(authorizationManagerRequestMatcherRegistry -> {
+			authorizationManagerRequestMatcherRegistry
+					.requestMatchers(adminContextPath + "/assets/**", adminContextPath + "/login",
+							adminContextPath + "/instances/**", adminContextPath + "/actuator/**")
+					.permitAll().anyRequest().authenticated();
+
+		}).formLogin(httpSecurityFormLoginConfigurer -> {
+			httpSecurityFormLoginConfigurer.loginPage(adminContextPath + "/login");
+			httpSecurityFormLoginConfigurer.successHandler(successHandler);
+		}).logout(httpSecurityLogoutConfigurer -> {
+			httpSecurityLogoutConfigurer.logoutUrl(adminContextPath + "/logout");
+		}).httpBasic(httpSecurityHttpBasicConfigurer -> {
+		}).csrf(AbstractHttpConfigurer::disable);
 		return http.build();
 	}