diff --git a/pig-auth/src/main/java/com/pig4cloud/pig/auth/support/filter/ValidateCodeFilter.java b/pig-auth/src/main/java/com/pig4cloud/pig/auth/support/filter/ValidateCodeFilter.java index 091e3c2b..cf673731 100644 --- a/pig-auth/src/main/java/com/pig4cloud/pig/auth/support/filter/ValidateCodeFilter.java +++ b/pig-auth/src/main/java/com/pig4cloud/pig/auth/support/filter/ValidateCodeFilter.java @@ -7,6 +7,7 @@ package com.pig4cloud.pig.auth.support.filter; * @date 2024/4/3 */ +import cn.dev33.satoken.oauth2.consts.SaOAuth2Consts; import cn.hutool.core.util.StrUtil; import cn.hutool.http.ContentType; import com.fasterxml.jackson.databind.ObjectMapper; @@ -24,7 +25,6 @@ import jakarta.servlet.http.HttpServletResponse; import lombok.RequiredArgsConstructor; import lombok.extern.slf4j.Slf4j; import org.springframework.data.redis.core.RedisTemplate; -import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames; import org.springframework.stereotype.Component; import org.springframework.web.filter.OncePerRequestFilter; @@ -59,7 +59,7 @@ public class ValidateCodeFilter extends OncePerRequestFilter { } // 如果登录URL 但是刷新token的请求,直接向下执行 - String grantType = request.getParameter(OAuth2ParameterNames.GRANT_TYPE); + String grantType = request.getParameter(SaOAuth2Consts.Param.grant_type); if (StrUtil.equals(SecurityConstants.REFRESH_TOKEN, grantType)) { filterChain.doFilter(request, response); return; diff --git a/pig-boot/src/main/java/com/pig4cloud/pig/bootstrap/PigBootSecurityServerConfiguration.java b/pig-boot/src/main/java/com/pig4cloud/pig/bootstrap/PigBootSecurityServerConfiguration.java deleted file mode 100644 index 6bc2754e..00000000 --- a/pig-boot/src/main/java/com/pig4cloud/pig/bootstrap/PigBootSecurityServerConfiguration.java +++ /dev/null @@ -1,158 +0,0 @@ -/* - * - * Copyright (c) 2018-2025, lengleng All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * Neither the name of the pig4cloud.com developer nor the names of its - * contributors may be used to endorse or promote products derived from - * this software without specific prior written permission. - * Author: lengleng (wangiegie@gmail.com) - * - */ - -package com.pig4cloud.pig.bootstrap; - -import com.pig4cloud.pig.auth.support.core.PigDaoAuthenticationProvider; -import com.pig4cloud.pig.auth.support.filter.PasswordDecoderFilter; -import com.pig4cloud.pig.auth.support.filter.ValidateCodeFilter; -import com.pig4cloud.pig.auth.support.handler.PigAuthenticationFailureEventHandler; -import com.pig4cloud.pig.auth.support.handler.PigAuthenticationSuccessEventHandler; -import com.pig4cloud.pig.auth.support.password.OAuth2ResourceOwnerPasswordAuthenticationProvider; -import com.pig4cloud.pig.auth.support.sms.OAuth2ResourceOwnerSmsAuthenticationProvider; -import com.pig4cloud.pig.common.core.constant.SecurityConstants; -import com.pig4cloud.pig.common.security.component.PermitAllUrlProperties; -import com.pig4cloud.pig.common.security.component.PigBearerTokenExtractor; -import com.pig4cloud.pig.common.security.component.ResourceAuthExceptionEntryPoint; -import lombok.RequiredArgsConstructor; -import org.springframework.context.annotation.Bean; -import org.springframework.context.annotation.Configuration; -import org.springframework.core.Ordered; -import org.springframework.core.annotation.Order; -import org.springframework.security.authentication.AuthenticationManager; -import org.springframework.security.config.Customizer; -import org.springframework.security.config.annotation.web.builders.HttpSecurity; -import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer; -import org.springframework.security.config.annotation.web.configurers.HeadersConfigurer; -import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService; -import org.springframework.security.oauth2.server.authorization.config.annotation.web.configurers.OAuth2AuthorizationServerConfigurer; -import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings; -import org.springframework.security.oauth2.server.authorization.token.OAuth2TokenGenerator; -import org.springframework.security.oauth2.server.resource.introspection.OpaqueTokenIntrospector; -import org.springframework.security.web.DefaultSecurityFilterChain; -import org.springframework.security.web.SecurityFilterChain; -import org.springframework.security.web.authentication.AuthenticationConverter; -import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; -import org.springframework.security.web.util.matcher.AntPathRequestMatcher; - -/** - * @author lengleng 认证授权服务器配置 - */ -@Configuration -@RequiredArgsConstructor -public class PigBootSecurityServerConfiguration { - - private final ResourceAuthExceptionEntryPoint resourceAuthExceptionEntryPoint; - - private final OpaqueTokenIntrospector customOpaqueTokenIntrospector; - - private final AuthenticationConverter accessTokenRequestConverter; - - private final OAuth2AuthorizationService authorizationService; - - private final PigBearerTokenExtractor pigBearerTokenExtractor; - - private final PasswordDecoderFilter passwordDecoderFilter; - - private final OAuth2TokenGenerator oAuth2TokenGenerator; - - private final ValidateCodeFilter validateCodeFilter; - - private final PermitAllUrlProperties permitAllUrl; - - @Bean - @Order(Ordered.HIGHEST_PRECEDENCE) - public SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception { - OAuth2AuthorizationServerConfigurer authorizationServerConfigurer = new OAuth2AuthorizationServerConfigurer(); - - // 增加验证码过滤器 - http.addFilterBefore(validateCodeFilter, UsernamePasswordAuthenticationFilter.class); - // 增加密码解密过滤器 - http.addFilterBefore(passwordDecoderFilter, UsernamePasswordAuthenticationFilter.class); - - // 认证服务器配置 - http.with(authorizationServerConfigurer.tokenEndpoint((tokenEndpoint) -> {// 个性化认证授权端点 - tokenEndpoint.accessTokenRequestConverter(accessTokenRequestConverter) // 注入自定义的授权认证Converter - .accessTokenResponseHandler(new PigAuthenticationSuccessEventHandler()) // 登录成功处理器 - .errorResponseHandler(new PigAuthenticationFailureEventHandler());// 登录失败处理器 - }).clientAuthentication(oAuth2ClientAuthenticationConfigurer -> // 个性化客户端认证 - oAuth2ClientAuthenticationConfigurer.errorResponseHandler(new PigAuthenticationFailureEventHandler()))// 处理客户端认证异常 - , Customizer.withDefaults()) - .with(authorizationServerConfigurer.authorizationService(authorizationService)// redis存储token的实现 - .authorizationServerSettings( - AuthorizationServerSettings.builder().issuer(SecurityConstants.PROJECT_LICENSE).build()), - Customizer.withDefaults()); - - // 资源服务器配置 - AntPathRequestMatcher[] requestMatchers = permitAllUrl.getUrls() - .stream() - .map(AntPathRequestMatcher::new) - .toList() - .toArray(new AntPathRequestMatcher[] {}); - - http.authorizeHttpRequests(authorizeRequests -> authorizeRequests.requestMatchers(requestMatchers) - .permitAll() - .anyRequest() - .authenticated()) - .oauth2ResourceServer( - oauth2 -> oauth2.opaqueToken(token -> token.introspector(customOpaqueTokenIntrospector)) - .authenticationEntryPoint(resourceAuthExceptionEntryPoint) - .bearerTokenResolver(pigBearerTokenExtractor)) - .exceptionHandling(configurer -> configurer.authenticationEntryPoint(resourceAuthExceptionEntryPoint)) - .headers(headers -> headers.frameOptions(HeadersConfigurer.FrameOptionsConfig::disable)) - .csrf(AbstractHttpConfigurer::disable); - - http.with(authorizationServerConfigurer.authorizationService(authorizationService)// redis存储token的实现 - .authorizationServerSettings( - AuthorizationServerSettings.builder().issuer(SecurityConstants.PROJECT_LICENSE).build()), - Customizer.withDefaults()); - - DefaultSecurityFilterChain securityFilterChain = http.build(); - - // 注入自定义授权模式实现 - addCustomOAuth2GrantAuthenticationProvider(http); - return securityFilterChain; - } - - /** - * 注入授权模式实现提供方 - *
- * 1. 密码模式
- * 2. 短信登录
- */
- @SuppressWarnings("unchecked")
- private void addCustomOAuth2GrantAuthenticationProvider(HttpSecurity http) {
- AuthenticationManager authenticationManager = http.getSharedObject(AuthenticationManager.class);
- OAuth2AuthorizationService authorizationService = http.getSharedObject(OAuth2AuthorizationService.class);
-
- OAuth2ResourceOwnerPasswordAuthenticationProvider resourceOwnerPasswordAuthenticationProvider = new OAuth2ResourceOwnerPasswordAuthenticationProvider(
- authenticationManager, authorizationService, oAuth2TokenGenerator);
-
- OAuth2ResourceOwnerSmsAuthenticationProvider resourceOwnerSmsAuthenticationProvider = new OAuth2ResourceOwnerSmsAuthenticationProvider(
- authenticationManager, authorizationService, oAuth2TokenGenerator);
-
- // 处理 UsernamePasswordAuthenticationToken
- http.authenticationProvider(new PigDaoAuthenticationProvider());
- // 处理 OAuth2ResourceOwnerPasswordAuthenticationToken
- http.authenticationProvider(resourceOwnerPasswordAuthenticationProvider);
- // 处理 OAuth2ResourceOwnerSmsAuthenticationToken
- http.authenticationProvider(resourceOwnerSmsAuthenticationProvider);
- }
-
-}
diff --git a/pig-common/pig-common-log/pom.xml b/pig-common/pig-common-log/pom.xml
index 8a94a9aa..d69653e8 100755
--- a/pig-common/pig-common-log/pom.xml
+++ b/pig-common/pig-common-log/pom.xml
@@ -49,14 +49,10 @@