mirror of
https://gitee.com/log4j/pig.git
synced 2024-12-22 20:54:25 +08:00
fix(auth): Boot jdk17 版本启动时SecurityFilterChain报错
Closes IBB9HM
This commit is contained in:
parent
6877d1a4ae
commit
d2f3176147
@ -4,7 +4,7 @@ body:
|
|||||||
- type: dropdown
|
- type: dropdown
|
||||||
id: version
|
id: version
|
||||||
attributes:
|
attributes:
|
||||||
label: PIG版本
|
label: PIG版本(提问先右上角 Star ♥️)
|
||||||
options:
|
options:
|
||||||
- "不处理PIGX或其他魔改版本"
|
- "不处理PIGX或其他魔改版本"
|
||||||
- "3.8"
|
- "3.8"
|
||||||
@ -22,7 +22,7 @@ body:
|
|||||||
- type: textarea
|
- type: textarea
|
||||||
id: desired-solution
|
id: desired-solution
|
||||||
attributes:
|
attributes:
|
||||||
label: 问题描述
|
label: 问题描述,提供详细截图和报错
|
||||||
description: 详细问题,提供相应截图和日志,一分钟的描述不需要期望别人花半小时帮你排查
|
description: 详细问题,提供相应截图和日志,一分钟的描述不需要期望别人花半小时帮你排查
|
||||||
validations:
|
validations:
|
||||||
required: true
|
required: true
|
||||||
|
@ -27,9 +27,6 @@ import com.pig4cloud.pig.auth.support.handler.PigAuthenticationSuccessEventHandl
|
|||||||
import com.pig4cloud.pig.auth.support.password.OAuth2ResourceOwnerPasswordAuthenticationProvider;
|
import com.pig4cloud.pig.auth.support.password.OAuth2ResourceOwnerPasswordAuthenticationProvider;
|
||||||
import com.pig4cloud.pig.auth.support.sms.OAuth2ResourceOwnerSmsAuthenticationProvider;
|
import com.pig4cloud.pig.auth.support.sms.OAuth2ResourceOwnerSmsAuthenticationProvider;
|
||||||
import com.pig4cloud.pig.common.core.constant.SecurityConstants;
|
import com.pig4cloud.pig.common.core.constant.SecurityConstants;
|
||||||
import com.pig4cloud.pig.common.security.component.PermitAllUrlProperties;
|
|
||||||
import com.pig4cloud.pig.common.security.component.PigBearerTokenExtractor;
|
|
||||||
import com.pig4cloud.pig.common.security.component.ResourceAuthExceptionEntryPoint;
|
|
||||||
import lombok.RequiredArgsConstructor;
|
import lombok.RequiredArgsConstructor;
|
||||||
import org.springframework.context.annotation.Bean;
|
import org.springframework.context.annotation.Bean;
|
||||||
import org.springframework.context.annotation.Configuration;
|
import org.springframework.context.annotation.Configuration;
|
||||||
@ -38,18 +35,14 @@ import org.springframework.core.annotation.Order;
|
|||||||
import org.springframework.security.authentication.AuthenticationManager;
|
import org.springframework.security.authentication.AuthenticationManager;
|
||||||
import org.springframework.security.config.Customizer;
|
import org.springframework.security.config.Customizer;
|
||||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||||
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
|
|
||||||
import org.springframework.security.config.annotation.web.configurers.HeadersConfigurer;
|
|
||||||
import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService;
|
import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService;
|
||||||
import org.springframework.security.oauth2.server.authorization.config.annotation.web.configurers.OAuth2AuthorizationServerConfigurer;
|
import org.springframework.security.oauth2.server.authorization.config.annotation.web.configurers.OAuth2AuthorizationServerConfigurer;
|
||||||
import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings;
|
import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings;
|
||||||
import org.springframework.security.oauth2.server.authorization.token.OAuth2TokenGenerator;
|
import org.springframework.security.oauth2.server.authorization.token.OAuth2TokenGenerator;
|
||||||
import org.springframework.security.oauth2.server.resource.introspection.OpaqueTokenIntrospector;
|
|
||||||
import org.springframework.security.web.DefaultSecurityFilterChain;
|
import org.springframework.security.web.DefaultSecurityFilterChain;
|
||||||
import org.springframework.security.web.SecurityFilterChain;
|
import org.springframework.security.web.SecurityFilterChain;
|
||||||
import org.springframework.security.web.authentication.AuthenticationConverter;
|
import org.springframework.security.web.authentication.AuthenticationConverter;
|
||||||
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
|
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
|
||||||
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @author lengleng 认证授权服务器配置
|
* @author lengleng 认证授权服务器配置
|
||||||
@ -58,29 +51,22 @@ import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
|
|||||||
@RequiredArgsConstructor
|
@RequiredArgsConstructor
|
||||||
public class PigBootSecurityServerConfiguration {
|
public class PigBootSecurityServerConfiguration {
|
||||||
|
|
||||||
private final ResourceAuthExceptionEntryPoint resourceAuthExceptionEntryPoint;
|
|
||||||
|
|
||||||
private final OpaqueTokenIntrospector customOpaqueTokenIntrospector;
|
|
||||||
|
|
||||||
private final AuthenticationConverter accessTokenRequestConverter;
|
private final AuthenticationConverter accessTokenRequestConverter;
|
||||||
|
|
||||||
private final OAuth2AuthorizationService authorizationService;
|
private final OAuth2AuthorizationService authorizationService;
|
||||||
|
|
||||||
private final PigBearerTokenExtractor pigBearerTokenExtractor;
|
|
||||||
|
|
||||||
private final PasswordDecoderFilter passwordDecoderFilter;
|
private final PasswordDecoderFilter passwordDecoderFilter;
|
||||||
|
|
||||||
private final OAuth2TokenGenerator oAuth2TokenGenerator;
|
private final OAuth2TokenGenerator oAuth2TokenGenerator;
|
||||||
|
|
||||||
private final ValidateCodeFilter validateCodeFilter;
|
private final ValidateCodeFilter validateCodeFilter;
|
||||||
|
|
||||||
private final PermitAllUrlProperties permitAllUrl;
|
|
||||||
|
|
||||||
@Bean
|
@Bean
|
||||||
@Order(Ordered.HIGHEST_PRECEDENCE)
|
@Order(Ordered.HIGHEST_PRECEDENCE)
|
||||||
public SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception {
|
public SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception {
|
||||||
OAuth2AuthorizationServerConfigurer authorizationServerConfigurer = new OAuth2AuthorizationServerConfigurer();
|
OAuth2AuthorizationServerConfigurer authorizationServerConfigurer = new OAuth2AuthorizationServerConfigurer();
|
||||||
|
// 配置授权服务器的安全策略,只有/oauth2/**的请求才会走如下的配置
|
||||||
|
http.securityMatcher("/oauth2/**");
|
||||||
// 增加验证码过滤器
|
// 增加验证码过滤器
|
||||||
http.addFilterBefore(validateCodeFilter, UsernamePasswordAuthenticationFilter.class);
|
http.addFilterBefore(validateCodeFilter, UsernamePasswordAuthenticationFilter.class);
|
||||||
// 增加密码解密过滤器
|
// 增加密码解密过滤器
|
||||||
@ -99,25 +85,6 @@ public class PigBootSecurityServerConfiguration {
|
|||||||
AuthorizationServerSettings.builder().issuer(SecurityConstants.PROJECT_LICENSE).build()),
|
AuthorizationServerSettings.builder().issuer(SecurityConstants.PROJECT_LICENSE).build()),
|
||||||
Customizer.withDefaults());
|
Customizer.withDefaults());
|
||||||
|
|
||||||
// 资源服务器配置
|
|
||||||
AntPathRequestMatcher[] requestMatchers = permitAllUrl.getUrls()
|
|
||||||
.stream()
|
|
||||||
.map(AntPathRequestMatcher::new)
|
|
||||||
.toList()
|
|
||||||
.toArray(new AntPathRequestMatcher[] {});
|
|
||||||
|
|
||||||
http.authorizeHttpRequests(authorizeRequests -> authorizeRequests.requestMatchers(requestMatchers)
|
|
||||||
.permitAll()
|
|
||||||
.anyRequest()
|
|
||||||
.authenticated())
|
|
||||||
.oauth2ResourceServer(
|
|
||||||
oauth2 -> oauth2.opaqueToken(token -> token.introspector(customOpaqueTokenIntrospector))
|
|
||||||
.authenticationEntryPoint(resourceAuthExceptionEntryPoint)
|
|
||||||
.bearerTokenResolver(pigBearerTokenExtractor))
|
|
||||||
.exceptionHandling(configurer -> configurer.authenticationEntryPoint(resourceAuthExceptionEntryPoint))
|
|
||||||
.headers(headers -> headers.frameOptions(HeadersConfigurer.FrameOptionsConfig::disable))
|
|
||||||
.csrf(AbstractHttpConfigurer::disable);
|
|
||||||
|
|
||||||
http.with(authorizationServerConfigurer.authorizationService(authorizationService)// redis存储token的实现
|
http.with(authorizationServerConfigurer.authorizationService(authorizationService)// redis存储token的实现
|
||||||
.authorizationServerSettings(
|
.authorizationServerSettings(
|
||||||
AuthorizationServerSettings.builder().issuer(SecurityConstants.PROJECT_LICENSE).build()),
|
AuthorizationServerSettings.builder().issuer(SecurityConstants.PROJECT_LICENSE).build()),
|
||||||
|
Loading…
Reference in New Issue
Block a user