mirror of
https://gitee.com/log4j/pig.git
synced 2024-12-31 08:14:18 +08:00
🎨 简化 OAuth 2.1 配置
1. 使用静态方法 OAuth2AuthorizationServerConfiguration.applyDefaultSecurity(http),缺省 authorizeRequests.anyRequest().authenticated()、csrf.ignoringRequestMatchers(endpointsMatcher) 等等 2. 使用 HttpSecurity 获取 OAuth 2.1 配置中的 OAuth2AuthorizationServerConfigurer 对象 3. 删除部分 HttpSecurity.apply
This commit is contained in:
parent
6991cdad55
commit
73ee2777e8
@ -35,6 +35,7 @@ import org.springframework.core.annotation.Order;
|
|||||||
import org.springframework.security.authentication.AuthenticationManager;
|
import org.springframework.security.authentication.AuthenticationManager;
|
||||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||||
import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService;
|
import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService;
|
||||||
|
import org.springframework.security.oauth2.server.authorization.config.annotation.web.configuration.OAuth2AuthorizationServerConfiguration;
|
||||||
import org.springframework.security.oauth2.server.authorization.config.annotation.web.configurers.OAuth2AuthorizationServerConfigurer;
|
import org.springframework.security.oauth2.server.authorization.config.annotation.web.configurers.OAuth2AuthorizationServerConfigurer;
|
||||||
import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings;
|
import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings;
|
||||||
import org.springframework.security.oauth2.server.authorization.token.DelegatingOAuth2TokenGenerator;
|
import org.springframework.security.oauth2.server.authorization.token.DelegatingOAuth2TokenGenerator;
|
||||||
@ -44,7 +45,6 @@ import org.springframework.security.oauth2.server.authorization.web.authenticati
|
|||||||
import org.springframework.security.web.DefaultSecurityFilterChain;
|
import org.springframework.security.web.DefaultSecurityFilterChain;
|
||||||
import org.springframework.security.web.SecurityFilterChain;
|
import org.springframework.security.web.SecurityFilterChain;
|
||||||
import org.springframework.security.web.authentication.AuthenticationConverter;
|
import org.springframework.security.web.authentication.AuthenticationConverter;
|
||||||
import org.springframework.security.web.util.matcher.RequestMatcher;
|
|
||||||
|
|
||||||
import java.util.Arrays;
|
import java.util.Arrays;
|
||||||
|
|
||||||
@ -63,23 +63,29 @@ public class AuthorizationServerConfiguration {
|
|||||||
@Bean
|
@Bean
|
||||||
@Order(Ordered.HIGHEST_PRECEDENCE)
|
@Order(Ordered.HIGHEST_PRECEDENCE)
|
||||||
public SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception {
|
public SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception {
|
||||||
OAuth2AuthorizationServerConfigurer authorizationServerConfigurer = new OAuth2AuthorizationServerConfigurer();
|
|
||||||
|
|
||||||
http.apply(authorizationServerConfigurer.tokenEndpoint((tokenEndpoint) -> {// 个性化认证授权端点
|
// OAuth 2.1 默认配置
|
||||||
|
// 缺省配置:authorizeRequests.anyRequest().authenticated()、
|
||||||
|
// csrf.ignoringRequestMatchers(endpointsMatcher) 等等
|
||||||
|
OAuth2AuthorizationServerConfiguration.applyDefaultSecurity(http);
|
||||||
|
|
||||||
|
// 使用 HttpSecurity 获取 OAuth 2.1 配置中的 OAuth2AuthorizationServerConfigurer 对象
|
||||||
|
OAuth2AuthorizationServerConfigurer authorizationServerConfigurer = http
|
||||||
|
.getConfigurer(OAuth2AuthorizationServerConfigurer.class);
|
||||||
|
|
||||||
|
authorizationServerConfigurer.tokenEndpoint((tokenEndpoint) -> {// 个性化认证授权端点
|
||||||
tokenEndpoint.accessTokenRequestConverter(accessTokenRequestConverter()) // 注入自定义的授权认证Converter
|
tokenEndpoint.accessTokenRequestConverter(accessTokenRequestConverter()) // 注入自定义的授权认证Converter
|
||||||
.accessTokenResponseHandler(new PigAuthenticationSuccessEventHandler()) // 登录成功处理器
|
.accessTokenResponseHandler(new PigAuthenticationSuccessEventHandler()) // 登录成功处理器
|
||||||
.errorResponseHandler(new PigAuthenticationFailureEventHandler());// 登录失败处理器
|
.errorResponseHandler(new PigAuthenticationFailureEventHandler());// 登录失败处理器
|
||||||
}).clientAuthentication(oAuth2ClientAuthenticationConfigurer -> // 个性化客户端认证
|
}).clientAuthentication(oAuth2ClientAuthenticationConfigurer -> // 个性化客户端认证
|
||||||
oAuth2ClientAuthenticationConfigurer.errorResponseHandler(new PigAuthenticationFailureEventHandler()))// 处理客户端认证异常
|
oAuth2ClientAuthenticationConfigurer.errorResponseHandler(new PigAuthenticationFailureEventHandler()))// 处理客户端认证异常
|
||||||
.authorizationEndpoint(authorizationEndpoint -> authorizationEndpoint// 授权码端点个性化confirm页面
|
.authorizationEndpoint(authorizationEndpoint -> authorizationEndpoint// 授权码端点个性化confirm页面
|
||||||
.consentPage(SecurityConstants.CUSTOM_CONSENT_PAGE_URI)));
|
.consentPage(SecurityConstants.CUSTOM_CONSENT_PAGE_URI));
|
||||||
|
|
||||||
RequestMatcher endpointsMatcher = authorizationServerConfigurer.getEndpointsMatcher();
|
DefaultSecurityFilterChain securityFilterChain = authorizationServerConfigurer
|
||||||
DefaultSecurityFilterChain securityFilterChain = http.requestMatcher(endpointsMatcher)
|
.authorizationService(authorizationService)// redis存储token的实现
|
||||||
.authorizeRequests(authorizeRequests -> authorizeRequests.anyRequest().authenticated())
|
.authorizationServerSettings(
|
||||||
.apply(authorizationServerConfigurer.authorizationService(authorizationService)// redis存储token的实现
|
AuthorizationServerSettings.builder().issuer(SecurityConstants.PROJECT_LICENSE).build())
|
||||||
.authorizationServerSettings(
|
|
||||||
AuthorizationServerSettings.builder().issuer(SecurityConstants.PROJECT_LICENSE).build()))
|
|
||||||
// 授权码登录的登录页个性化
|
// 授权码登录的登录页个性化
|
||||||
.and()
|
.and()
|
||||||
.apply(new FormIdentityLoginConfigurer())
|
.apply(new FormIdentityLoginConfigurer())
|
||||||
|
Loading…
Reference in New Issue
Block a user