🎨 简化 OAuth 2.1 配置

1. 使用静态方法 OAuth2AuthorizationServerConfiguration.applyDefaultSecurity(http),缺省 authorizeRequests.anyRequest().authenticated()、csrf.ignoringRequestMatchers(endpointsMatcher) 等等
2. 使用 HttpSecurity 获取 OAuth 2.1 配置中的 OAuth2AuthorizationServerConfigurer 对象
3. 删除部分 HttpSecurity.apply
This commit is contained in:
徐晓伟 2023-04-03 15:45:29 +08:00
parent 6991cdad55
commit 73ee2777e8

View File

@ -35,6 +35,7 @@ import org.springframework.core.annotation.Order;
import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService; import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService;
import org.springframework.security.oauth2.server.authorization.config.annotation.web.configuration.OAuth2AuthorizationServerConfiguration;
import org.springframework.security.oauth2.server.authorization.config.annotation.web.configurers.OAuth2AuthorizationServerConfigurer; import org.springframework.security.oauth2.server.authorization.config.annotation.web.configurers.OAuth2AuthorizationServerConfigurer;
import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings; import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings;
import org.springframework.security.oauth2.server.authorization.token.DelegatingOAuth2TokenGenerator; import org.springframework.security.oauth2.server.authorization.token.DelegatingOAuth2TokenGenerator;
@ -44,7 +45,6 @@ import org.springframework.security.oauth2.server.authorization.web.authenticati
import org.springframework.security.web.DefaultSecurityFilterChain; import org.springframework.security.web.DefaultSecurityFilterChain;
import org.springframework.security.web.SecurityFilterChain; import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.AuthenticationConverter; import org.springframework.security.web.authentication.AuthenticationConverter;
import org.springframework.security.web.util.matcher.RequestMatcher;
import java.util.Arrays; import java.util.Arrays;
@ -63,23 +63,29 @@ public class AuthorizationServerConfiguration {
@Bean @Bean
@Order(Ordered.HIGHEST_PRECEDENCE) @Order(Ordered.HIGHEST_PRECEDENCE)
public SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception { public SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception {
OAuth2AuthorizationServerConfigurer authorizationServerConfigurer = new OAuth2AuthorizationServerConfigurer();
http.apply(authorizationServerConfigurer.tokenEndpoint((tokenEndpoint) -> {// 个性化认证授权端点 // OAuth 2.1 默认配置
// 缺省配置authorizeRequests.anyRequest().authenticated()
// csrf.ignoringRequestMatchers(endpointsMatcher) 等等
OAuth2AuthorizationServerConfiguration.applyDefaultSecurity(http);
// 使用 HttpSecurity 获取 OAuth 2.1 配置中的 OAuth2AuthorizationServerConfigurer 对象
OAuth2AuthorizationServerConfigurer authorizationServerConfigurer = http
.getConfigurer(OAuth2AuthorizationServerConfigurer.class);
authorizationServerConfigurer.tokenEndpoint((tokenEndpoint) -> {// 个性化认证授权端点
tokenEndpoint.accessTokenRequestConverter(accessTokenRequestConverter()) // 注入自定义的授权认证Converter tokenEndpoint.accessTokenRequestConverter(accessTokenRequestConverter()) // 注入自定义的授权认证Converter
.accessTokenResponseHandler(new PigAuthenticationSuccessEventHandler()) // 登录成功处理器 .accessTokenResponseHandler(new PigAuthenticationSuccessEventHandler()) // 登录成功处理器
.errorResponseHandler(new PigAuthenticationFailureEventHandler());// 登录失败处理器 .errorResponseHandler(new PigAuthenticationFailureEventHandler());// 登录失败处理器
}).clientAuthentication(oAuth2ClientAuthenticationConfigurer -> // 个性化客户端认证 }).clientAuthentication(oAuth2ClientAuthenticationConfigurer -> // 个性化客户端认证
oAuth2ClientAuthenticationConfigurer.errorResponseHandler(new PigAuthenticationFailureEventHandler()))// 处理客户端认证异常 oAuth2ClientAuthenticationConfigurer.errorResponseHandler(new PigAuthenticationFailureEventHandler()))// 处理客户端认证异常
.authorizationEndpoint(authorizationEndpoint -> authorizationEndpoint// 授权码端点个性化confirm页面 .authorizationEndpoint(authorizationEndpoint -> authorizationEndpoint// 授权码端点个性化confirm页面
.consentPage(SecurityConstants.CUSTOM_CONSENT_PAGE_URI))); .consentPage(SecurityConstants.CUSTOM_CONSENT_PAGE_URI));
RequestMatcher endpointsMatcher = authorizationServerConfigurer.getEndpointsMatcher(); DefaultSecurityFilterChain securityFilterChain = authorizationServerConfigurer
DefaultSecurityFilterChain securityFilterChain = http.requestMatcher(endpointsMatcher) .authorizationService(authorizationService)// redis存储token的实现
.authorizeRequests(authorizeRequests -> authorizeRequests.anyRequest().authenticated()) .authorizationServerSettings(
.apply(authorizationServerConfigurer.authorizationService(authorizationService)// redis存储token的实现 AuthorizationServerSettings.builder().issuer(SecurityConstants.PROJECT_LICENSE).build())
.authorizationServerSettings(
AuthorizationServerSettings.builder().issuer(SecurityConstants.PROJECT_LICENSE).build()))
// 授权码登录的登录页个性化 // 授权码登录的登录页个性化
.and() .and()
.apply(new FormIdentityLoginConfigurer()) .apply(new FormIdentityLoginConfigurer())