!454 spring authorization server apply已过时

Merge pull request !454 from twelvet/jdk17-dev
This commit is contained in:
lbw 2023-12-14 02:09:32 +00:00 committed by Gitee
commit b53256bc18
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
6 changed files with 36 additions and 29 deletions

View File

@ -33,6 +33,7 @@ import org.springframework.context.annotation.Configuration;
import org.springframework.core.Ordered; import org.springframework.core.Ordered;
import org.springframework.core.annotation.Order; import org.springframework.core.annotation.Order;
import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.Customizer;
import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService; import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService;
import org.springframework.security.oauth2.server.authorization.config.annotation.web.configurers.OAuth2AuthorizationServerConfigurer; import org.springframework.security.oauth2.server.authorization.config.annotation.web.configurers.OAuth2AuthorizationServerConfigurer;
@ -65,14 +66,14 @@ public class AuthorizationServerConfiguration {
public SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception { public SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception {
OAuth2AuthorizationServerConfigurer authorizationServerConfigurer = new OAuth2AuthorizationServerConfigurer(); OAuth2AuthorizationServerConfigurer authorizationServerConfigurer = new OAuth2AuthorizationServerConfigurer();
http.apply(authorizationServerConfigurer.tokenEndpoint((tokenEndpoint) -> {// 个性化认证授权端点 http.with(authorizationServerConfigurer.tokenEndpoint((tokenEndpoint) -> {// 个性化认证授权端点
tokenEndpoint.accessTokenRequestConverter(accessTokenRequestConverter()) // 注入自定义的授权认证Converter tokenEndpoint.accessTokenRequestConverter(accessTokenRequestConverter()) // 注入自定义的授权认证Converter
.accessTokenResponseHandler(new PigAuthenticationSuccessEventHandler()) // 登录成功处理器 .accessTokenResponseHandler(new PigAuthenticationSuccessEventHandler()) // 登录成功处理器
.errorResponseHandler(new PigAuthenticationFailureEventHandler());// 登录失败处理器 .errorResponseHandler(new PigAuthenticationFailureEventHandler());// 登录失败处理器
}).clientAuthentication(oAuth2ClientAuthenticationConfigurer -> // 个性化客户端认证 }).clientAuthentication(oAuth2ClientAuthenticationConfigurer -> // 个性化客户端认证
oAuth2ClientAuthenticationConfigurer.errorResponseHandler(new PigAuthenticationFailureEventHandler()))// 处理客户端认证异常 oAuth2ClientAuthenticationConfigurer.errorResponseHandler(new PigAuthenticationFailureEventHandler()))// 处理客户端认证异常
.authorizationEndpoint(authorizationEndpoint -> authorizationEndpoint// 授权码端点个性化confirm页面 .authorizationEndpoint(authorizationEndpoint -> authorizationEndpoint// 授权码端点个性化confirm页面
.consentPage(SecurityConstants.CUSTOM_CONSENT_PAGE_URI))); .consentPage(SecurityConstants.CUSTOM_CONSENT_PAGE_URI)), Customizer.withDefaults());
AntPathRequestMatcher[] requestMatchers = new AntPathRequestMatcher[] { AntPathRequestMatcher[] requestMatchers = new AntPathRequestMatcher[] {
AntPathRequestMatcher.antMatcher("/token/**"), AntPathRequestMatcher.antMatcher("/actuator/**"), AntPathRequestMatcher.antMatcher("/token/**"), AntPathRequestMatcher.antMatcher("/actuator/**"),
@ -83,10 +84,11 @@ public class AuthorizationServerConfiguration {
authorizeRequests.requestMatchers(requestMatchers).permitAll(); authorizeRequests.requestMatchers(requestMatchers).permitAll();
authorizeRequests.anyRequest().authenticated(); authorizeRequests.anyRequest().authenticated();
}) })
.apply(authorizationServerConfigurer.authorizationService(authorizationService)// redis存储token的实现 .with(authorizationServerConfigurer.authorizationService(authorizationService)// redis存储token的实现
.authorizationServerSettings( .authorizationServerSettings(
AuthorizationServerSettings.builder().issuer(SecurityConstants.PROJECT_LICENSE).build())); AuthorizationServerSettings.builder().issuer(SecurityConstants.PROJECT_LICENSE).build()),
http.apply(new FormIdentityLoginConfigurer()); Customizer.withDefaults());
http.with(new FormIdentityLoginConfigurer(), Customizer.withDefaults());
DefaultSecurityFilterChain securityFilterChain = http.build(); DefaultSecurityFilterChain securityFilterChain = http.build();
// 注入自定义授权模式实现 // 注入自定义授权模式实现

View File

@ -20,6 +20,7 @@ import com.pig4cloud.pig.auth.support.core.FormIdentityLoginConfigurer;
import com.pig4cloud.pig.auth.support.core.PigDaoAuthenticationProvider; import com.pig4cloud.pig.auth.support.core.PigDaoAuthenticationProvider;
import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Bean;
import org.springframework.core.annotation.Order; import org.springframework.core.annotation.Order;
import org.springframework.security.config.Customizer;
import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer; import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
@ -48,7 +49,7 @@ public class WebSecurityConfiguration {
.permitAll()// 开放自定义的部分端点 .permitAll()// 开放自定义的部分端点
.anyRequest() .anyRequest()
.authenticated()).headers(header -> header.frameOptions(HeadersConfigurer.FrameOptionsConfig::sameOrigin)// 避免iframe同源无法登录许iframe .authenticated()).headers(header -> header.frameOptions(HeadersConfigurer.FrameOptionsConfig::sameOrigin)// 避免iframe同源无法登录许iframe
).apply(new FormIdentityLoginConfigurer()); // 表单登录个性化 ).with(new FormIdentityLoginConfigurer(), Customizer.withDefaults()); // 表单登录个性化
// 处理 UsernamePasswordAuthenticationToken // 处理 UsernamePasswordAuthenticationToken
http.authenticationProvider(new PigDaoAuthenticationProvider()); http.authenticationProvider(new PigDaoAuthenticationProvider());
return http.build(); return http.build();

View File

@ -24,9 +24,9 @@ import java.util.*;
public class CustomeOAuth2AccessTokenGenerator implements OAuth2TokenGenerator<OAuth2AccessToken> { public class CustomeOAuth2AccessTokenGenerator implements OAuth2TokenGenerator<OAuth2AccessToken> {
private OAuth2TokenCustomizer<OAuth2TokenClaimsContext> accessTokenCustomizer; private OAuth2TokenCustomizer<OAuth2TokenClaimsContext> accessTokenCustomizer;
private final StringKeyGenerator accessTokenGenerator =
new Base64StringKeyGenerator(Base64.getUrlEncoder().withoutPadding(), 96);
private final StringKeyGenerator accessTokenGenerator = new Base64StringKeyGenerator(
Base64.getUrlEncoder().withoutPadding(), 96);
@Nullable @Nullable
@Override @Override
@ -85,8 +85,8 @@ public class CustomeOAuth2AccessTokenGenerator implements OAuth2TokenGenerator<O
OAuth2TokenClaimsSet accessTokenClaimsSet = claimsBuilder.build(); OAuth2TokenClaimsSet accessTokenClaimsSet = claimsBuilder.build();
return new CustomeOAuth2AccessTokenGenerator.OAuth2AccessTokenClaims(OAuth2AccessToken.TokenType.BEARER, return new CustomeOAuth2AccessTokenGenerator.OAuth2AccessTokenClaims(OAuth2AccessToken.TokenType.BEARER,
this.accessTokenGenerator.generateKey(), accessTokenClaimsSet.getIssuedAt(), accessTokenClaimsSet.getExpiresAt(), this.accessTokenGenerator.generateKey(), accessTokenClaimsSet.getIssuedAt(),
context.getAuthorizedScopes(), accessTokenClaimsSet.getClaims()); accessTokenClaimsSet.getExpiresAt(), context.getAuthorizedScopes(), accessTokenClaimsSet.getClaims());
} }
/** /**

View File

@ -111,7 +111,7 @@ public class PigDaoAuthenticationProvider extends AbstractUserDetailsAuthenticat
.filter(service -> service.support(finalClientId, grantType)) .filter(service -> service.support(finalClientId, grantType))
.max(Comparator.comparingInt(Ordered::getOrder)); .max(Comparator.comparingInt(Ordered::getOrder));
if (!optional.isPresent()) { if (optional.isEmpty()) {
throw new InternalAuthenticationServiceException("UserDetailsService error , not register"); throw new InternalAuthenticationServiceException("UserDetailsService error , not register");
} }

View File

@ -48,13 +48,17 @@ public class PigInitQuartzJob implements InitializingBean {
sysJobService.list().forEach(sysjob -> { sysJobService.list().forEach(sysjob -> {
if (PigQuartzEnum.JOB_STATUS_RELEASE.getType().equals(sysjob.getJobStatus())) { if (PigQuartzEnum.JOB_STATUS_RELEASE.getType().equals(sysjob.getJobStatus())) {
taskUtil.removeJob(sysjob, scheduler); taskUtil.removeJob(sysjob, scheduler);
} else if (PigQuartzEnum.JOB_STATUS_RUNNING.getType().equals(sysjob.getJobStatus())) { }
else if (PigQuartzEnum.JOB_STATUS_RUNNING.getType().equals(sysjob.getJobStatus())) {
taskUtil.resumeJob(sysjob, scheduler); taskUtil.resumeJob(sysjob, scheduler);
} else if (PigQuartzEnum.JOB_STATUS_NOT_RUNNING.getType().equals(sysjob.getJobStatus())) { }
else if (PigQuartzEnum.JOB_STATUS_NOT_RUNNING.getType().equals(sysjob.getJobStatus())) {
taskUtil.pauseJob(sysjob, scheduler); taskUtil.pauseJob(sysjob, scheduler);
} else { }
else {
taskUtil.removeJob(sysjob, scheduler); taskUtil.removeJob(sysjob, scheduler);
} }
}); });
} }
} }