diff --git a/pig-auth/src/main/java/com/pig4cloud/pig/auth/support/filter/ValidateCodeFilter.java b/pig-auth/src/main/java/com/pig4cloud/pig/auth/support/filter/ValidateCodeFilter.java index 091e3c2b..cf673731 100644 --- a/pig-auth/src/main/java/com/pig4cloud/pig/auth/support/filter/ValidateCodeFilter.java +++ b/pig-auth/src/main/java/com/pig4cloud/pig/auth/support/filter/ValidateCodeFilter.java @@ -7,6 +7,7 @@ package com.pig4cloud.pig.auth.support.filter; * @date 2024/4/3 */ +import cn.dev33.satoken.oauth2.consts.SaOAuth2Consts; import cn.hutool.core.util.StrUtil; import cn.hutool.http.ContentType; import com.fasterxml.jackson.databind.ObjectMapper; @@ -24,7 +25,6 @@ import jakarta.servlet.http.HttpServletResponse; import lombok.RequiredArgsConstructor; import lombok.extern.slf4j.Slf4j; import org.springframework.data.redis.core.RedisTemplate; -import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames; import org.springframework.stereotype.Component; import org.springframework.web.filter.OncePerRequestFilter; @@ -59,7 +59,7 @@ public class ValidateCodeFilter extends OncePerRequestFilter { } // 如果登录URL 但是刷新token的请求,直接向下执行 - String grantType = request.getParameter(OAuth2ParameterNames.GRANT_TYPE); + String grantType = request.getParameter(SaOAuth2Consts.Param.grant_type); if (StrUtil.equals(SecurityConstants.REFRESH_TOKEN, grantType)) { filterChain.doFilter(request, response); return; diff --git a/pig-boot/src/main/java/com/pig4cloud/pig/bootstrap/PigBootSecurityServerConfiguration.java b/pig-boot/src/main/java/com/pig4cloud/pig/bootstrap/PigBootSecurityServerConfiguration.java deleted file mode 100644 index 6bc2754e..00000000 --- a/pig-boot/src/main/java/com/pig4cloud/pig/bootstrap/PigBootSecurityServerConfiguration.java +++ /dev/null @@ -1,158 +0,0 @@ -/* - * - * Copyright (c) 2018-2025, lengleng All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * Neither the name of the pig4cloud.com developer nor the names of its - * contributors may be used to endorse or promote products derived from - * this software without specific prior written permission. - * Author: lengleng (wangiegie@gmail.com) - * - */ - -package com.pig4cloud.pig.bootstrap; - -import com.pig4cloud.pig.auth.support.core.PigDaoAuthenticationProvider; -import com.pig4cloud.pig.auth.support.filter.PasswordDecoderFilter; -import com.pig4cloud.pig.auth.support.filter.ValidateCodeFilter; -import com.pig4cloud.pig.auth.support.handler.PigAuthenticationFailureEventHandler; -import com.pig4cloud.pig.auth.support.handler.PigAuthenticationSuccessEventHandler; -import com.pig4cloud.pig.auth.support.password.OAuth2ResourceOwnerPasswordAuthenticationProvider; -import com.pig4cloud.pig.auth.support.sms.OAuth2ResourceOwnerSmsAuthenticationProvider; -import com.pig4cloud.pig.common.core.constant.SecurityConstants; -import com.pig4cloud.pig.common.security.component.PermitAllUrlProperties; -import com.pig4cloud.pig.common.security.component.PigBearerTokenExtractor; -import com.pig4cloud.pig.common.security.component.ResourceAuthExceptionEntryPoint; -import lombok.RequiredArgsConstructor; -import org.springframework.context.annotation.Bean; -import org.springframework.context.annotation.Configuration; -import org.springframework.core.Ordered; -import org.springframework.core.annotation.Order; -import org.springframework.security.authentication.AuthenticationManager; -import org.springframework.security.config.Customizer; -import org.springframework.security.config.annotation.web.builders.HttpSecurity; -import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer; -import org.springframework.security.config.annotation.web.configurers.HeadersConfigurer; -import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService; -import org.springframework.security.oauth2.server.authorization.config.annotation.web.configurers.OAuth2AuthorizationServerConfigurer; -import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings; -import org.springframework.security.oauth2.server.authorization.token.OAuth2TokenGenerator; -import org.springframework.security.oauth2.server.resource.introspection.OpaqueTokenIntrospector; -import org.springframework.security.web.DefaultSecurityFilterChain; -import org.springframework.security.web.SecurityFilterChain; -import org.springframework.security.web.authentication.AuthenticationConverter; -import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; -import org.springframework.security.web.util.matcher.AntPathRequestMatcher; - -/** - * @author lengleng 认证授权服务器配置 - */ -@Configuration -@RequiredArgsConstructor -public class PigBootSecurityServerConfiguration { - - private final ResourceAuthExceptionEntryPoint resourceAuthExceptionEntryPoint; - - private final OpaqueTokenIntrospector customOpaqueTokenIntrospector; - - private final AuthenticationConverter accessTokenRequestConverter; - - private final OAuth2AuthorizationService authorizationService; - - private final PigBearerTokenExtractor pigBearerTokenExtractor; - - private final PasswordDecoderFilter passwordDecoderFilter; - - private final OAuth2TokenGenerator oAuth2TokenGenerator; - - private final ValidateCodeFilter validateCodeFilter; - - private final PermitAllUrlProperties permitAllUrl; - - @Bean - @Order(Ordered.HIGHEST_PRECEDENCE) - public SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception { - OAuth2AuthorizationServerConfigurer authorizationServerConfigurer = new OAuth2AuthorizationServerConfigurer(); - - // 增加验证码过滤器 - http.addFilterBefore(validateCodeFilter, UsernamePasswordAuthenticationFilter.class); - // 增加密码解密过滤器 - http.addFilterBefore(passwordDecoderFilter, UsernamePasswordAuthenticationFilter.class); - - // 认证服务器配置 - http.with(authorizationServerConfigurer.tokenEndpoint((tokenEndpoint) -> {// 个性化认证授权端点 - tokenEndpoint.accessTokenRequestConverter(accessTokenRequestConverter) // 注入自定义的授权认证Converter - .accessTokenResponseHandler(new PigAuthenticationSuccessEventHandler()) // 登录成功处理器 - .errorResponseHandler(new PigAuthenticationFailureEventHandler());// 登录失败处理器 - }).clientAuthentication(oAuth2ClientAuthenticationConfigurer -> // 个性化客户端认证 - oAuth2ClientAuthenticationConfigurer.errorResponseHandler(new PigAuthenticationFailureEventHandler()))// 处理客户端认证异常 - , Customizer.withDefaults()) - .with(authorizationServerConfigurer.authorizationService(authorizationService)// redis存储token的实现 - .authorizationServerSettings( - AuthorizationServerSettings.builder().issuer(SecurityConstants.PROJECT_LICENSE).build()), - Customizer.withDefaults()); - - // 资源服务器配置 - AntPathRequestMatcher[] requestMatchers = permitAllUrl.getUrls() - .stream() - .map(AntPathRequestMatcher::new) - .toList() - .toArray(new AntPathRequestMatcher[] {}); - - http.authorizeHttpRequests(authorizeRequests -> authorizeRequests.requestMatchers(requestMatchers) - .permitAll() - .anyRequest() - .authenticated()) - .oauth2ResourceServer( - oauth2 -> oauth2.opaqueToken(token -> token.introspector(customOpaqueTokenIntrospector)) - .authenticationEntryPoint(resourceAuthExceptionEntryPoint) - .bearerTokenResolver(pigBearerTokenExtractor)) - .exceptionHandling(configurer -> configurer.authenticationEntryPoint(resourceAuthExceptionEntryPoint)) - .headers(headers -> headers.frameOptions(HeadersConfigurer.FrameOptionsConfig::disable)) - .csrf(AbstractHttpConfigurer::disable); - - http.with(authorizationServerConfigurer.authorizationService(authorizationService)// redis存储token的实现 - .authorizationServerSettings( - AuthorizationServerSettings.builder().issuer(SecurityConstants.PROJECT_LICENSE).build()), - Customizer.withDefaults()); - - DefaultSecurityFilterChain securityFilterChain = http.build(); - - // 注入自定义授权模式实现 - addCustomOAuth2GrantAuthenticationProvider(http); - return securityFilterChain; - } - - /** - * 注入授权模式实现提供方 - *

- * 1. 密码模式
- * 2. 短信登录
- */ - @SuppressWarnings("unchecked") - private void addCustomOAuth2GrantAuthenticationProvider(HttpSecurity http) { - AuthenticationManager authenticationManager = http.getSharedObject(AuthenticationManager.class); - OAuth2AuthorizationService authorizationService = http.getSharedObject(OAuth2AuthorizationService.class); - - OAuth2ResourceOwnerPasswordAuthenticationProvider resourceOwnerPasswordAuthenticationProvider = new OAuth2ResourceOwnerPasswordAuthenticationProvider( - authenticationManager, authorizationService, oAuth2TokenGenerator); - - OAuth2ResourceOwnerSmsAuthenticationProvider resourceOwnerSmsAuthenticationProvider = new OAuth2ResourceOwnerSmsAuthenticationProvider( - authenticationManager, authorizationService, oAuth2TokenGenerator); - - // 处理 UsernamePasswordAuthenticationToken - http.authenticationProvider(new PigDaoAuthenticationProvider()); - // 处理 OAuth2ResourceOwnerPasswordAuthenticationToken - http.authenticationProvider(resourceOwnerPasswordAuthenticationProvider); - // 处理 OAuth2ResourceOwnerSmsAuthenticationToken - http.authenticationProvider(resourceOwnerSmsAuthenticationProvider); - } - -} diff --git a/pig-common/pig-common-log/pom.xml b/pig-common/pig-common-log/pom.xml index 8a94a9aa..d69653e8 100755 --- a/pig-common/pig-common-log/pom.xml +++ b/pig-common/pig-common-log/pom.xml @@ -49,14 +49,10 @@ com.pig4cloud pig-upms-api - + - org.springframework.security - spring-security-core - - - org.springframework.security - spring-security-oauth2-core + cn.dev33 + sa-token-core diff --git a/pig-common/pig-common-log/src/main/java/com/pig4cloud/pig/common/log/util/SysLogUtils.java b/pig-common/pig-common-log/src/main/java/com/pig4cloud/pig/common/log/util/SysLogUtils.java index f64f93b7..d25ab8d0 100755 --- a/pig-common/pig-common-log/src/main/java/com/pig4cloud/pig/common/log/util/SysLogUtils.java +++ b/pig-common/pig-common-log/src/main/java/com/pig4cloud/pig/common/log/util/SysLogUtils.java @@ -16,6 +16,7 @@ package com.pig4cloud.pig.common.log.util; +import cn.dev33.satoken.stp.StpUtil; import cn.hutool.core.map.MapUtil; import cn.hutool.core.util.ArrayUtil; import cn.hutool.core.util.URLUtil; @@ -33,8 +34,6 @@ import org.springframework.expression.Expression; import org.springframework.expression.spel.standard.SpelExpressionParser; import org.springframework.expression.spel.support.StandardEvaluationContext; import org.springframework.http.HttpHeaders; -import org.springframework.security.core.Authentication; -import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.web.context.request.RequestContextHolder; import org.springframework.web.context.request.ServletRequestAttributes; @@ -75,11 +74,12 @@ public class SysLogUtils { * @return username */ private String getUsername() { - Authentication authentication = SecurityContextHolder.getContext().getAuthentication(); - if (authentication == null) { + + Object username = StpUtil.getLoginIdDefaultNull(); + if (Objects.isNull(username)) { return null; } - return authentication.getName(); + return username.toString(); } /** diff --git a/pig-common/pig-common-mybatis/pom.xml b/pig-common/pig-common-mybatis/pom.xml index 93efbd11..42ba6d19 100755 --- a/pig-common/pig-common-mybatis/pom.xml +++ b/pig-common/pig-common-mybatis/pom.xml @@ -62,11 +62,10 @@ spring-webmvc true - + - org.springframework.security - spring-security-core - true + cn.dev33 + sa-token-core com.pig4cloud diff --git a/pig-common/pig-common-mybatis/src/main/java/com/pig4cloud/pig/common/mybatis/config/MybatisPlusMetaObjectHandler.java b/pig-common/pig-common-mybatis/src/main/java/com/pig4cloud/pig/common/mybatis/config/MybatisPlusMetaObjectHandler.java index 67b0f7cf..d2347fc3 100644 --- a/pig-common/pig-common-mybatis/src/main/java/com/pig4cloud/pig/common/mybatis/config/MybatisPlusMetaObjectHandler.java +++ b/pig-common/pig-common-mybatis/src/main/java/com/pig4cloud/pig/common/mybatis/config/MybatisPlusMetaObjectHandler.java @@ -1,18 +1,16 @@ package com.pig4cloud.pig.common.mybatis.config; +import cn.dev33.satoken.stp.StpUtil; import cn.hutool.core.util.StrUtil; import com.baomidou.mybatisplus.core.handlers.MetaObjectHandler; import com.pig4cloud.pig.common.core.constant.CommonConstants; import lombok.extern.slf4j.Slf4j; import org.apache.ibatis.reflection.MetaObject; -import org.springframework.security.authentication.AnonymousAuthenticationToken; -import org.springframework.security.core.Authentication; -import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.util.ClassUtils; import java.nio.charset.Charset; import java.time.LocalDateTime; -import java.util.Optional; +import java.util.Objects; /** * MybatisPlus 自动填充配置 @@ -74,21 +72,16 @@ public class MybatisPlusMetaObjectHandler implements MetaObjectHandler { } /** - * 获取 spring security 当前的用户名 - * @return 当前用户名 + * 获取用户名 + * + * @return {@link String } */ private String getUserName() { - Authentication authentication = SecurityContextHolder.getContext().getAuthentication(); - // 匿名接口直接返回 - if (authentication instanceof AnonymousAuthenticationToken) { + Object username = StpUtil.getLoginIdDefaultNull(); + if (Objects.isNull(username)) { return null; } - - if (Optional.ofNullable(authentication).isPresent()) { - return authentication.getName(); - } - - return null; + return username.toString(); } }