fix(auth): Boot jdk17 版本启动时SecurityFilterChain报错

Closes IBB9HM
This commit is contained in:
冷冷 2024-12-14 13:25:18 +08:00
parent 6877d1a4ae
commit d2f3176147
2 changed files with 59 additions and 92 deletions

View File

@ -4,7 +4,7 @@ body:
- type: dropdown - type: dropdown
id: version id: version
attributes: attributes:
label: PIG版本 label: PIG版本(提问先右上角 Star ♥️)
options: options:
- "不处理PIGX或其他魔改版本" - "不处理PIGX或其他魔改版本"
- "3.8" - "3.8"
@ -22,7 +22,7 @@ body:
- type: textarea - type: textarea
id: desired-solution id: desired-solution
attributes: attributes:
label: 问题描述 label: 问题描述,提供详细截图和报错
description: 详细问题,提供相应截图和日志,一分钟的描述不需要期望别人花半小时帮你排查 description: 详细问题,提供相应截图和日志,一分钟的描述不需要期望别人花半小时帮你排查
validations: validations:
required: true required: true

View File

@ -27,9 +27,6 @@ import com.pig4cloud.pig.auth.support.handler.PigAuthenticationSuccessEventHandl
import com.pig4cloud.pig.auth.support.password.OAuth2ResourceOwnerPasswordAuthenticationProvider; import com.pig4cloud.pig.auth.support.password.OAuth2ResourceOwnerPasswordAuthenticationProvider;
import com.pig4cloud.pig.auth.support.sms.OAuth2ResourceOwnerSmsAuthenticationProvider; import com.pig4cloud.pig.auth.support.sms.OAuth2ResourceOwnerSmsAuthenticationProvider;
import com.pig4cloud.pig.common.core.constant.SecurityConstants; import com.pig4cloud.pig.common.core.constant.SecurityConstants;
import com.pig4cloud.pig.common.security.component.PermitAllUrlProperties;
import com.pig4cloud.pig.common.security.component.PigBearerTokenExtractor;
import com.pig4cloud.pig.common.security.component.ResourceAuthExceptionEntryPoint;
import lombok.RequiredArgsConstructor; import lombok.RequiredArgsConstructor;
import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Configuration;
@ -38,18 +35,14 @@ import org.springframework.core.annotation.Order;
import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.Customizer; import org.springframework.security.config.Customizer;
import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
import org.springframework.security.config.annotation.web.configurers.HeadersConfigurer;
import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService; import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService;
import org.springframework.security.oauth2.server.authorization.config.annotation.web.configurers.OAuth2AuthorizationServerConfigurer; import org.springframework.security.oauth2.server.authorization.config.annotation.web.configurers.OAuth2AuthorizationServerConfigurer;
import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings; import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings;
import org.springframework.security.oauth2.server.authorization.token.OAuth2TokenGenerator; import org.springframework.security.oauth2.server.authorization.token.OAuth2TokenGenerator;
import org.springframework.security.oauth2.server.resource.introspection.OpaqueTokenIntrospector;
import org.springframework.security.web.DefaultSecurityFilterChain; import org.springframework.security.web.DefaultSecurityFilterChain;
import org.springframework.security.web.SecurityFilterChain; import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.AuthenticationConverter; import org.springframework.security.web.authentication.AuthenticationConverter;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
/** /**
* @author lengleng 认证授权服务器配置 * @author lengleng 认证授权服务器配置
@ -58,29 +51,22 @@ import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
@RequiredArgsConstructor @RequiredArgsConstructor
public class PigBootSecurityServerConfiguration { public class PigBootSecurityServerConfiguration {
private final ResourceAuthExceptionEntryPoint resourceAuthExceptionEntryPoint;
private final OpaqueTokenIntrospector customOpaqueTokenIntrospector;
private final AuthenticationConverter accessTokenRequestConverter; private final AuthenticationConverter accessTokenRequestConverter;
private final OAuth2AuthorizationService authorizationService; private final OAuth2AuthorizationService authorizationService;
private final PigBearerTokenExtractor pigBearerTokenExtractor;
private final PasswordDecoderFilter passwordDecoderFilter; private final PasswordDecoderFilter passwordDecoderFilter;
private final OAuth2TokenGenerator oAuth2TokenGenerator; private final OAuth2TokenGenerator oAuth2TokenGenerator;
private final ValidateCodeFilter validateCodeFilter; private final ValidateCodeFilter validateCodeFilter;
private final PermitAllUrlProperties permitAllUrl;
@Bean @Bean
@Order(Ordered.HIGHEST_PRECEDENCE) @Order(Ordered.HIGHEST_PRECEDENCE)
public SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception { public SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception {
OAuth2AuthorizationServerConfigurer authorizationServerConfigurer = new OAuth2AuthorizationServerConfigurer(); OAuth2AuthorizationServerConfigurer authorizationServerConfigurer = new OAuth2AuthorizationServerConfigurer();
// 配置授权服务器的安全策略只有/oauth2/**的请求才会走如下的配置
http.securityMatcher("/oauth2/**");
// 增加验证码过滤器 // 增加验证码过滤器
http.addFilterBefore(validateCodeFilter, UsernamePasswordAuthenticationFilter.class); http.addFilterBefore(validateCodeFilter, UsernamePasswordAuthenticationFilter.class);
// 增加密码解密过滤器 // 增加密码解密过滤器
@ -99,25 +85,6 @@ public class PigBootSecurityServerConfiguration {
AuthorizationServerSettings.builder().issuer(SecurityConstants.PROJECT_LICENSE).build()), AuthorizationServerSettings.builder().issuer(SecurityConstants.PROJECT_LICENSE).build()),
Customizer.withDefaults()); Customizer.withDefaults());
// 资源服务器配置
AntPathRequestMatcher[] requestMatchers = permitAllUrl.getUrls()
.stream()
.map(AntPathRequestMatcher::new)
.toList()
.toArray(new AntPathRequestMatcher[] {});
http.authorizeHttpRequests(authorizeRequests -> authorizeRequests.requestMatchers(requestMatchers)
.permitAll()
.anyRequest()
.authenticated())
.oauth2ResourceServer(
oauth2 -> oauth2.opaqueToken(token -> token.introspector(customOpaqueTokenIntrospector))
.authenticationEntryPoint(resourceAuthExceptionEntryPoint)
.bearerTokenResolver(pigBearerTokenExtractor))
.exceptionHandling(configurer -> configurer.authenticationEntryPoint(resourceAuthExceptionEntryPoint))
.headers(headers -> headers.frameOptions(HeadersConfigurer.FrameOptionsConfig::disable))
.csrf(AbstractHttpConfigurer::disable);
http.with(authorizationServerConfigurer.authorizationService(authorizationService)// redis存储token的实现 http.with(authorizationServerConfigurer.authorizationService(authorizationService)// redis存储token的实现
.authorizationServerSettings( .authorizationServerSettings(
AuthorizationServerSettings.builder().issuer(SecurityConstants.PROJECT_LICENSE).build()), AuthorizationServerSettings.builder().issuer(SecurityConstants.PROJECT_LICENSE).build()),