Spring Security 6.1 Lambda

2024-12-31 08:14:18 +08:00 · 2023-05-26 10:34:50 +08:00 · 2023-05-26 10:34:50 +08:00 · 4aaf739854
commit 4aaf739854
parent ff6759e2a5
4 changed files with 42 additions and 17 deletions
--- a/pig-auth/src/main/java/com/pig4cloud/pig/auth/config/WebSecurityConfiguration.java
+++ b/pig-auth/src/main/java/com/pig4cloud/pig/auth/config/WebSecurityConfiguration.java
@ -22,6 +22,9 @@ import org.springframework.context.annotation.Bean;
 import org.springframework.core.annotation.Order;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
 import org.springframework.security.config.annotation.web.configurers.HeadersConfigurer;
 import org.springframework.security.config.annotation.web.configurers.RequestCacheConfigurer;
 import org.springframework.security.web.SecurityFilterChain;
 /**
@ -42,8 +45,10 @@ public class WebSecurityConfiguration {
 	@Bean
 	SecurityFilterChain defaultSecurityFilterChain(HttpSecurity http) throws Exception {
 		http.authorizeHttpRequests(authorizeRequests -> authorizeRequests.requestMatchers("/token/*").permitAll()// 开放自定义的部分端点
-				.anyRequest().authenticated()).headers().frameOptions().sameOrigin()// 避免iframe同源无法登录
+				.anyRequest().authenticated()).headers(httpSecurityHeadersConfigurer -> {
-				.and().apply(new FormIdentityLoginConfigurer()); // 表单登录个性化
+					// 避免iframe同源无法登录
 					httpSecurityHeadersConfigurer.frameOptions(HeadersConfigurer.FrameOptionsConfig::sameOrigin);
 				}).apply(new FormIdentityLoginConfigurer()); // 表单登录个性化
 		// 处理 UsernamePasswordAuthenticationToken
 		http.authenticationProvider(new PigDaoAuthenticationProvider());
 		return http.build();
@ -51,7 +56,7 @@ public class WebSecurityConfiguration {
 	/**
 	 * 暴露静态资源
-	 *
+	 * <p>
 	 * https://github.com/spring-projects/spring-security/issues/10938
 	 * @param http
 	 * @return
@ -61,8 +66,9 @@ public class WebSecurityConfiguration {
 	@Order(0)
 	SecurityFilterChain resources(HttpSecurity http) throws Exception {
 		http.securityMatchers((matchers) -> matchers.requestMatchers("/actuator/**", "/css/**", "/error"))
-				.authorizeHttpRequests((authorize) -> authorize.anyRequest().permitAll()).requestCache().disable()
+				.authorizeHttpRequests((authorize) -> authorize.anyRequest().permitAll())
-				.securityContext().disable().sessionManagement().disable();
+				.requestCache(RequestCacheConfigurer::disable).securityContext(AbstractHttpConfigurer::disable)
 				.sessionManagement(AbstractHttpConfigurer::disable);
 		return http.build();
 	}
--- a/pig-auth/src/main/java/com/pig4cloud/pig/auth/support/core/FormIdentityLoginConfigurer.java
+++ b/pig-auth/src/main/java/com/pig4cloud/pig/auth/support/core/FormIdentityLoginConfigurer.java
@ -8,7 +8,7 @@ import org.springframework.security.config.annotation.web.configurers.AbstractHt
 /**
 * @author lengleng
 * @data 2022-06-04
- *
+ * <p>
 * 基于授权码模式 统一认证登录 spring security & sas 都可以使用 所以抽取成 HttpConfigurer
 */
 public final class FormIdentityLoginConfigurer
@ -21,9 +21,13 @@ public final class FormIdentityLoginConfigurer
 			formLogin.loginProcessingUrl("/token/form");
 			formLogin.failureHandler(new FormAuthenticationFailureHandler());
-		}).logout() // SSO登出成功处理
+		}).logout(httpSecurityLogoutConfigurer -> {
-				.logoutSuccessHandler(new SsoLogoutSuccessHandler()).deleteCookies("JSESSIONID")
+			// SSO登出成功处理
-				.invalidateHttpSession(true).and().csrf().disable();
+			httpSecurityLogoutConfigurer.logoutSuccessHandler(new SsoLogoutSuccessHandler()).deleteCookies("JSESSIONID")
 					.invalidateHttpSession(true);
 		}
 		).csrf(AbstractHttpConfigurer::disable);
 	}
 }
--- a/pig-common/pig-common-security/src/main/java/com/pig4cloud/pig/common/security/component/PigResourceServerConfiguration.java
+++ b/pig-common/pig-common-security/src/main/java/com/pig4cloud/pig/common/security/component/PigResourceServerConfiguration.java
@ -24,13 +24,15 @@ import org.springframework.core.Ordered;
 import org.springframework.core.annotation.Order;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
 import org.springframework.security.config.annotation.web.configurers.HeadersConfigurer;
 import org.springframework.security.oauth2.server.resource.introspection.OpaqueTokenIntrospector;
 import org.springframework.security.web.SecurityFilterChain;
 /**
 * @author lengleng
 * @date 2022-06-04
- *
+ * <p>
 * 资源服务器认证授权配置
 */
@Slf4j
@ -57,7 +59,9 @@ public class PigResourceServerConfiguration {
 						oauth2 -> oauth2.opaqueToken(token -> token.introspector(customOpaqueTokenIntrospector))
 								.authenticationEntryPoint(resourceAuthExceptionEntryPoint)
 								.bearerTokenResolver(pigBearerTokenExtractor))
-				.headers().frameOptions().disable().and().csrf().disable();
+				.headers(httpSecurityHeadersConfigurer -> httpSecurityHeadersConfigurer
 						.frameOptions(HeadersConfigurer.FrameOptionsConfig::disable))
 				.csrf(AbstractHttpConfigurer::disable);
 		return http.build();
 	}
--- a/pig-visual/pig-monitor/src/main/java/com/pig4cloud/pig/monitor/config/WebSecurityConfigurer.java
+++ b/pig-visual/pig-monitor/src/main/java/com/pig4cloud/pig/monitor/config/WebSecurityConfigurer.java
@ -20,6 +20,8 @@ import de.codecentric.boot.admin.server.config.AdminServerProperties;
 import org.springframework.context.annotation.Bean;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
 import org.springframework.security.config.annotation.web.configurers.HeadersConfigurer;
 import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
@ -49,12 +51,21 @@ public class WebSecurityConfigurer {
 		SavedRequestAwareAuthenticationSuccessHandler successHandler = new SavedRequestAwareAuthenticationSuccessHandler();
 		successHandler.setTargetUrlParameter("redirectTo");
 		successHandler.setDefaultTargetUrl(adminContextPath + "/");
-		http.headers().frameOptions().disable().and().authorizeHttpRequests()
+		http.headers(httpSecurityHeadersConfigurer -> {
-				.requestMatchers(adminContextPath + "/assets/**", adminContextPath + "/login",
+			httpSecurityHeadersConfigurer.frameOptions(HeadersConfigurer.FrameOptionsConfig::disable);
-						adminContextPath + "/instances/**", adminContextPath + "/actuator/**")
+		}).authorizeHttpRequests(authorizationManagerRequestMatcherRegistry -> {
-				.permitAll().anyRequest().authenticated().and().formLogin().loginPage(adminContextPath + "/login")
+			authorizationManagerRequestMatcherRegistry
-				.successHandler(successHandler).and().logout().logoutUrl(adminContextPath + "/logout").and().httpBasic()
+					.requestMatchers(adminContextPath + "/assets/**", adminContextPath + "/login",
-				.and().csrf().disable();
+							adminContextPath + "/instances/**", adminContextPath + "/actuator/**")
 					.permitAll().anyRequest().authenticated();
 		}).formLogin(httpSecurityFormLoginConfigurer -> {
 			httpSecurityFormLoginConfigurer.loginPage(adminContextPath + "/login");
 			httpSecurityFormLoginConfigurer.successHandler(successHandler);
 		}).logout(httpSecurityLogoutConfigurer -> {
 			httpSecurityLogoutConfigurer.logoutUrl(adminContextPath + "/logout");
 		}).httpBasic(httpSecurityHttpBasicConfigurer -> {
 		}).csrf(AbstractHttpConfigurer::disable);
 		return http.build();
 	}