From 73ee2777e8d2591da90c5acc5f7e55e1f799a465 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E5=BE=90=E6=99=93=E4=BC=9F?= <xuxiaowei@xuxiaowei.com.cn>
Date: Mon, 3 Apr 2023 15:45:29 +0800
Subject: [PATCH] =?UTF-8?q?:art:=20=E7=AE=80=E5=8C=96=20OAuth=202.1=20?=
 =?UTF-8?q?=E9=85=8D=E7=BD=AE=201.=20=E4=BD=BF=E7=94=A8=E9=9D=99=E6=80=81?=
 =?UTF-8?q?=E6=96=B9=E6=B3=95=20OAuth2AuthorizationServerConfiguration.app?=
 =?UTF-8?q?lyDefaultSecurity(http)=EF=BC=8C=E7=BC=BA=E7=9C=81=20authorizeR?=
 =?UTF-8?q?equests.anyRequest().authenticated()=E3=80=81csrf.ignoringReque?=
 =?UTF-8?q?stMatchers(endpointsMatcher)=20=E7=AD=89=E7=AD=89=202.=20?=
 =?UTF-8?q?=E4=BD=BF=E7=94=A8=20HttpSecurity=20=E8=8E=B7=E5=8F=96=20OAuth?=
 =?UTF-8?q?=202.1=20=E9=85=8D=E7=BD=AE=E4=B8=AD=E7=9A=84=20OAuth2Authoriza?=
 =?UTF-8?q?tionServerConfigurer=20=E5=AF=B9=E8=B1=A1=203.=20=E5=88=A0?=
 =?UTF-8?q?=E9=99=A4=E9=83=A8=E5=88=86=20HttpSecurity.apply?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../AuthorizationServerConfiguration.java     | 26 ++++++++++++-------
 1 file changed, 16 insertions(+), 10 deletions(-)

diff --git a/pig-auth/src/main/java/com/pig4cloud/pig/auth/config/AuthorizationServerConfiguration.java b/pig-auth/src/main/java/com/pig4cloud/pig/auth/config/AuthorizationServerConfiguration.java
index f90d4dce..8f1d0b8c 100755
--- a/pig-auth/src/main/java/com/pig4cloud/pig/auth/config/AuthorizationServerConfiguration.java
+++ b/pig-auth/src/main/java/com/pig4cloud/pig/auth/config/AuthorizationServerConfiguration.java
@@ -35,6 +35,7 @@ import org.springframework.core.annotation.Order;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService;
+import org.springframework.security.oauth2.server.authorization.config.annotation.web.configuration.OAuth2AuthorizationServerConfiguration;
 import org.springframework.security.oauth2.server.authorization.config.annotation.web.configurers.OAuth2AuthorizationServerConfigurer;
 import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings;
 import org.springframework.security.oauth2.server.authorization.token.DelegatingOAuth2TokenGenerator;
@@ -44,7 +45,6 @@ import org.springframework.security.oauth2.server.authorization.web.authenticati
 import org.springframework.security.web.DefaultSecurityFilterChain;
 import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.authentication.AuthenticationConverter;
-import org.springframework.security.web.util.matcher.RequestMatcher;
 
 import java.util.Arrays;
 
@@ -63,23 +63,29 @@ public class AuthorizationServerConfiguration {
 	@Bean
 	@Order(Ordered.HIGHEST_PRECEDENCE)
 	public SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception {
-		OAuth2AuthorizationServerConfigurer authorizationServerConfigurer = new OAuth2AuthorizationServerConfigurer();
 
-		http.apply(authorizationServerConfigurer.tokenEndpoint((tokenEndpoint) -> {// 个性化认证授权端点
+		// OAuth 2.1 默认配置
+		// 缺省配置：authorizeRequests.anyRequest().authenticated()、
+		// csrf.ignoringRequestMatchers(endpointsMatcher) 等等
+		OAuth2AuthorizationServerConfiguration.applyDefaultSecurity(http);
+
+		// 使用 HttpSecurity 获取 OAuth 2.1 配置中的 OAuth2AuthorizationServerConfigurer 对象
+		OAuth2AuthorizationServerConfigurer authorizationServerConfigurer = http
+			.getConfigurer(OAuth2AuthorizationServerConfigurer.class);
+
+		authorizationServerConfigurer.tokenEndpoint((tokenEndpoint) -> {// 个性化认证授权端点
 			tokenEndpoint.accessTokenRequestConverter(accessTokenRequestConverter()) // 注入自定义的授权认证Converter
 				.accessTokenResponseHandler(new PigAuthenticationSuccessEventHandler()) // 登录成功处理器
 				.errorResponseHandler(new PigAuthenticationFailureEventHandler());// 登录失败处理器
 		}).clientAuthentication(oAuth2ClientAuthenticationConfigurer -> // 个性化客户端认证
 		oAuth2ClientAuthenticationConfigurer.errorResponseHandler(new PigAuthenticationFailureEventHandler()))// 处理客户端认证异常
 			.authorizationEndpoint(authorizationEndpoint -> authorizationEndpoint// 授权码端点个性化confirm页面
-				.consentPage(SecurityConstants.CUSTOM_CONSENT_PAGE_URI)));
+				.consentPage(SecurityConstants.CUSTOM_CONSENT_PAGE_URI));
 
-		RequestMatcher endpointsMatcher = authorizationServerConfigurer.getEndpointsMatcher();
-		DefaultSecurityFilterChain securityFilterChain = http.requestMatcher(endpointsMatcher)
-			.authorizeRequests(authorizeRequests -> authorizeRequests.anyRequest().authenticated())
-			.apply(authorizationServerConfigurer.authorizationService(authorizationService)// redis存储token的实现
-				.authorizationServerSettings(
-						AuthorizationServerSettings.builder().issuer(SecurityConstants.PROJECT_LICENSE).build()))
+		DefaultSecurityFilterChain securityFilterChain = authorizationServerConfigurer
+			.authorizationService(authorizationService)// redis存储token的实现
+			.authorizationServerSettings(
+					AuthorizationServerSettings.builder().issuer(SecurityConstants.PROJECT_LICENSE).build())
 			// 授权码登录的登录页个性化
 			.and()
 			.apply(new FormIdentityLoginConfigurer())