mirror of
https://gitee.com/log4j/pig.git
synced 2024-12-31 08:14:18 +08:00
🎨 简化 OAuth 2.1 配置
1. 使用静态方法 OAuth2AuthorizationServerConfiguration.applyDefaultSecurity(http),缺省 authorizeRequests.anyRequest().authenticated()、csrf.ignoringRequestMatchers(endpointsMatcher) 等等 2. 使用 HttpSecurity 获取 OAuth 2.1 配置中的 OAuth2AuthorizationServerConfigurer 对象 3. 删除部分 HttpSecurity.apply
This commit is contained in:
parent
6991cdad55
commit
73ee2777e8
@ -35,6 +35,7 @@ import org.springframework.core.annotation.Order;
|
||||
import org.springframework.security.authentication.AuthenticationManager;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService;
|
||||
import org.springframework.security.oauth2.server.authorization.config.annotation.web.configuration.OAuth2AuthorizationServerConfiguration;
|
||||
import org.springframework.security.oauth2.server.authorization.config.annotation.web.configurers.OAuth2AuthorizationServerConfigurer;
|
||||
import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings;
|
||||
import org.springframework.security.oauth2.server.authorization.token.DelegatingOAuth2TokenGenerator;
|
||||
@ -44,7 +45,6 @@ import org.springframework.security.oauth2.server.authorization.web.authenticati
|
||||
import org.springframework.security.web.DefaultSecurityFilterChain;
|
||||
import org.springframework.security.web.SecurityFilterChain;
|
||||
import org.springframework.security.web.authentication.AuthenticationConverter;
|
||||
import org.springframework.security.web.util.matcher.RequestMatcher;
|
||||
|
||||
import java.util.Arrays;
|
||||
|
||||
@ -63,23 +63,29 @@ public class AuthorizationServerConfiguration {
|
||||
@Bean
|
||||
@Order(Ordered.HIGHEST_PRECEDENCE)
|
||||
public SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception {
|
||||
OAuth2AuthorizationServerConfigurer authorizationServerConfigurer = new OAuth2AuthorizationServerConfigurer();
|
||||
|
||||
http.apply(authorizationServerConfigurer.tokenEndpoint((tokenEndpoint) -> {// 个性化认证授权端点
|
||||
// OAuth 2.1 默认配置
|
||||
// 缺省配置:authorizeRequests.anyRequest().authenticated()、
|
||||
// csrf.ignoringRequestMatchers(endpointsMatcher) 等等
|
||||
OAuth2AuthorizationServerConfiguration.applyDefaultSecurity(http);
|
||||
|
||||
// 使用 HttpSecurity 获取 OAuth 2.1 配置中的 OAuth2AuthorizationServerConfigurer 对象
|
||||
OAuth2AuthorizationServerConfigurer authorizationServerConfigurer = http
|
||||
.getConfigurer(OAuth2AuthorizationServerConfigurer.class);
|
||||
|
||||
authorizationServerConfigurer.tokenEndpoint((tokenEndpoint) -> {// 个性化认证授权端点
|
||||
tokenEndpoint.accessTokenRequestConverter(accessTokenRequestConverter()) // 注入自定义的授权认证Converter
|
||||
.accessTokenResponseHandler(new PigAuthenticationSuccessEventHandler()) // 登录成功处理器
|
||||
.errorResponseHandler(new PigAuthenticationFailureEventHandler());// 登录失败处理器
|
||||
}).clientAuthentication(oAuth2ClientAuthenticationConfigurer -> // 个性化客户端认证
|
||||
oAuth2ClientAuthenticationConfigurer.errorResponseHandler(new PigAuthenticationFailureEventHandler()))// 处理客户端认证异常
|
||||
.authorizationEndpoint(authorizationEndpoint -> authorizationEndpoint// 授权码端点个性化confirm页面
|
||||
.consentPage(SecurityConstants.CUSTOM_CONSENT_PAGE_URI)));
|
||||
.consentPage(SecurityConstants.CUSTOM_CONSENT_PAGE_URI));
|
||||
|
||||
RequestMatcher endpointsMatcher = authorizationServerConfigurer.getEndpointsMatcher();
|
||||
DefaultSecurityFilterChain securityFilterChain = http.requestMatcher(endpointsMatcher)
|
||||
.authorizeRequests(authorizeRequests -> authorizeRequests.anyRequest().authenticated())
|
||||
.apply(authorizationServerConfigurer.authorizationService(authorizationService)// redis存储token的实现
|
||||
DefaultSecurityFilterChain securityFilterChain = authorizationServerConfigurer
|
||||
.authorizationService(authorizationService)// redis存储token的实现
|
||||
.authorizationServerSettings(
|
||||
AuthorizationServerSettings.builder().issuer(SecurityConstants.PROJECT_LICENSE).build()))
|
||||
AuthorizationServerSettings.builder().issuer(SecurityConstants.PROJECT_LICENSE).build())
|
||||
// 授权码登录的登录页个性化
|
||||
.and()
|
||||
.apply(new FormIdentityLoginConfigurer())
|
||||
|
Loading…
Reference in New Issue
Block a user