fix(auth): Boot jdk17 版本启动时SecurityFilterChain报错

Closes IBB9HM
2024-12-22 12:48:58 +08:00 · 2024-12-14 13:25:18 +08:00 · 2024-12-14 13:25:18 +08:00 · d2f3176147
commit d2f3176147
parent 6877d1a4ae
2 changed files with 59 additions and 92 deletions
--- a/.gitee/ISSUE_TEMPLATE/issue.yml
+++ b/.gitee/ISSUE_TEMPLATE/issue.yml
@ -4,7 +4,7 @@ body:
  - type: dropdown
    id: version
    attributes:
-      label: PIG版本
+      label: PIG版本（提问先右上角 Star ♥️）
      options:
        - "不处理PIGX或其他魔改版本"
        - "3.8"
@ -22,7 +22,7 @@ body:
  - type: textarea
    id: desired-solution
    attributes:
-      label: 问题描述
+      label: 问题描述，提供详细截图和报错
      description: 详细问题，提供相应截图和日志，一分钟的描述不需要期望别人花半小时帮你排查
    validations:
      required: true
--- a/pig-boot/src/main/java/com/pig4cloud/pig/bootstrap/PigBootSecurityServerConfiguration.java
+++ b/pig-boot/src/main/java/com/pig4cloud/pig/bootstrap/PigBootSecurityServerConfiguration.java
@ -27,9 +27,6 @@ import com.pig4cloud.pig.auth.support.handler.PigAuthenticationSuccessEventHandl
 import com.pig4cloud.pig.auth.support.password.OAuth2ResourceOwnerPasswordAuthenticationProvider;
 import com.pig4cloud.pig.auth.support.sms.OAuth2ResourceOwnerSmsAuthenticationProvider;
 import com.pig4cloud.pig.common.core.constant.SecurityConstants;
 import com.pig4cloud.pig.common.security.component.PermitAllUrlProperties;
 import com.pig4cloud.pig.common.security.component.PigBearerTokenExtractor;
 import com.pig4cloud.pig.common.security.component.ResourceAuthExceptionEntryPoint;
 import lombok.RequiredArgsConstructor;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
@ -38,18 +35,14 @@ import org.springframework.core.annotation.Order;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.config.Customizer;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
 import org.springframework.security.config.annotation.web.configurers.HeadersConfigurer;
 import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService;
 import org.springframework.security.oauth2.server.authorization.config.annotation.web.configurers.OAuth2AuthorizationServerConfigurer;
 import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings;
 import org.springframework.security.oauth2.server.authorization.token.OAuth2TokenGenerator;
 import org.springframework.security.oauth2.server.resource.introspection.OpaqueTokenIntrospector;
 import org.springframework.security.web.DefaultSecurityFilterChain;
 import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.authentication.AuthenticationConverter;
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
 import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
 /**
 * @author lengleng 认证授权服务器配置
@ -58,101 +51,75 @@ import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
@RequiredArgsConstructor
 public class PigBootSecurityServerConfiguration {
-	private final ResourceAuthExceptionEntryPoint resourceAuthExceptionEntryPoint;
+    private final AuthenticationConverter accessTokenRequestConverter;
-	private final OpaqueTokenIntrospector customOpaqueTokenIntrospector;
+    private final OAuth2AuthorizationService authorizationService;
-	private final AuthenticationConverter accessTokenRequestConverter;
+    private final PasswordDecoderFilter passwordDecoderFilter;
-	private final OAuth2AuthorizationService authorizationService;
+    private final OAuth2TokenGenerator oAuth2TokenGenerator;
-	private final PigBearerTokenExtractor pigBearerTokenExtractor;
+    private final ValidateCodeFilter validateCodeFilter;
-	private final PasswordDecoderFilter passwordDecoderFilter;
+    @Bean
    @Order(Ordered.HIGHEST_PRECEDENCE)
    public SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception {
        OAuth2AuthorizationServerConfigurer authorizationServerConfigurer = new OAuth2AuthorizationServerConfigurer();
        // 配置授权服务器的安全策略，只有/oauth2/**的请求才会走如下的配置
        http.securityMatcher("/oauth2/**");
        // 增加验证码过滤器
        http.addFilterBefore(validateCodeFilter, UsernamePasswordAuthenticationFilter.class);
        // 增加密码解密过滤器
        http.addFilterBefore(passwordDecoderFilter, UsernamePasswordAuthenticationFilter.class);
-	private final OAuth2TokenGenerator oAuth2TokenGenerator;
+        // 认证服务器配置
        http.with(authorizationServerConfigurer.tokenEndpoint((tokenEndpoint) -> {// 个性化认证授权端点
                            tokenEndpoint.accessTokenRequestConverter(accessTokenRequestConverter) // 注入自定义的授权认证Converter
                                    .accessTokenResponseHandler(new PigAuthenticationSuccessEventHandler()) // 登录成功处理器
                                    .errorResponseHandler(new PigAuthenticationFailureEventHandler());// 登录失败处理器
                        }).clientAuthentication(oAuth2ClientAuthenticationConfigurer -> // 个性化客户端认证
                                oAuth2ClientAuthenticationConfigurer.errorResponseHandler(new PigAuthenticationFailureEventHandler()))// 处理客户端认证异常
                        , Customizer.withDefaults())
                .with(authorizationServerConfigurer.authorizationService(authorizationService)// redis存储token的实现
                                .authorizationServerSettings(
                                        AuthorizationServerSettings.builder().issuer(SecurityConstants.PROJECT_LICENSE).build()),
                        Customizer.withDefaults());
-	private final ValidateCodeFilter validateCodeFilter;
+        http.with(authorizationServerConfigurer.authorizationService(authorizationService)// redis存储token的实现
                        .authorizationServerSettings(
                                AuthorizationServerSettings.builder().issuer(SecurityConstants.PROJECT_LICENSE).build()),
                Customizer.withDefaults());
-	private final PermitAllUrlProperties permitAllUrl;
+        DefaultSecurityFilterChain securityFilterChain = http.build();
-	@Bean
+        // 注入自定义授权模式实现
-	@Order(Ordered.HIGHEST_PRECEDENCE)
+        addCustomOAuth2GrantAuthenticationProvider(http);
-	public SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception {
+        return securityFilterChain;
-		OAuth2AuthorizationServerConfigurer authorizationServerConfigurer = new OAuth2AuthorizationServerConfigurer();
+    }
-		// 增加验证码过滤器
+    /**
-		http.addFilterBefore(validateCodeFilter, UsernamePasswordAuthenticationFilter.class);
+     * 注入授权模式实现提供方
-		// 增加密码解密过滤器
+     * <p>
-		http.addFilterBefore(passwordDecoderFilter, UsernamePasswordAuthenticationFilter.class);
+     * 1. 密码模式 </br>
     * 2. 短信登录 </br>
     */
    @SuppressWarnings("unchecked")
    private void addCustomOAuth2GrantAuthenticationProvider(HttpSecurity http) {
        AuthenticationManager authenticationManager = http.getSharedObject(AuthenticationManager.class);
        OAuth2AuthorizationService authorizationService = http.getSharedObject(OAuth2AuthorizationService.class);
-		// 认证服务器配置
+        OAuth2ResourceOwnerPasswordAuthenticationProvider resourceOwnerPasswordAuthenticationProvider = new OAuth2ResourceOwnerPasswordAuthenticationProvider(
-		http.with(authorizationServerConfigurer.tokenEndpoint((tokenEndpoint) -> {// 个性化认证授权端点
+                authenticationManager, authorizationService, oAuth2TokenGenerator);
 			tokenEndpoint.accessTokenRequestConverter(accessTokenRequestConverter) // 注入自定义的授权认证Converter
 				.accessTokenResponseHandler(new PigAuthenticationSuccessEventHandler()) // 登录成功处理器
 				.errorResponseHandler(new PigAuthenticationFailureEventHandler());// 登录失败处理器
 		}).clientAuthentication(oAuth2ClientAuthenticationConfigurer -> // 个性化客户端认证
 		oAuth2ClientAuthenticationConfigurer.errorResponseHandler(new PigAuthenticationFailureEventHandler()))// 处理客户端认证异常
 				, Customizer.withDefaults())
 			.with(authorizationServerConfigurer.authorizationService(authorizationService)// redis存储token的实现
 				.authorizationServerSettings(
 						AuthorizationServerSettings.builder().issuer(SecurityConstants.PROJECT_LICENSE).build()),
 					Customizer.withDefaults());
-		// 资源服务器配置
+        OAuth2ResourceOwnerSmsAuthenticationProvider resourceOwnerSmsAuthenticationProvider = new OAuth2ResourceOwnerSmsAuthenticationProvider(
-		AntPathRequestMatcher[] requestMatchers = permitAllUrl.getUrls()
+                authenticationManager, authorizationService, oAuth2TokenGenerator);
 			.stream()
 			.map(AntPathRequestMatcher::new)
 			.toList()
 			.toArray(new AntPathRequestMatcher[] {});
-		http.authorizeHttpRequests(authorizeRequests -> authorizeRequests.requestMatchers(requestMatchers)
+        // 处理 UsernamePasswordAuthenticationToken
-			.permitAll()
+        http.authenticationProvider(new PigDaoAuthenticationProvider());
-			.anyRequest()
+        // 处理 OAuth2ResourceOwnerPasswordAuthenticationToken
-			.authenticated())
+        http.authenticationProvider(resourceOwnerPasswordAuthenticationProvider);
-			.oauth2ResourceServer(
+        // 处理 OAuth2ResourceOwnerSmsAuthenticationToken
-					oauth2 -> oauth2.opaqueToken(token -> token.introspector(customOpaqueTokenIntrospector))
+        http.authenticationProvider(resourceOwnerSmsAuthenticationProvider);
-						.authenticationEntryPoint(resourceAuthExceptionEntryPoint)
+    }
 						.bearerTokenResolver(pigBearerTokenExtractor))
 			.exceptionHandling(configurer -> configurer.authenticationEntryPoint(resourceAuthExceptionEntryPoint))
 			.headers(headers -> headers.frameOptions(HeadersConfigurer.FrameOptionsConfig::disable))
 			.csrf(AbstractHttpConfigurer::disable);
 		http.with(authorizationServerConfigurer.authorizationService(authorizationService)// redis存储token的实现
 			.authorizationServerSettings(
 					AuthorizationServerSettings.builder().issuer(SecurityConstants.PROJECT_LICENSE).build()),
 				Customizer.withDefaults());
 		DefaultSecurityFilterChain securityFilterChain = http.build();
 		// 注入自定义授权模式实现
 		addCustomOAuth2GrantAuthenticationProvider(http);
 		return securityFilterChain;
 	}
 	/**
 	 * 注入授权模式实现提供方
 	 * <p>
 	 * 1. 密码模式 </br>
 	 * 2. 短信登录 </br>
 	 */
 	@SuppressWarnings("unchecked")
 	private void addCustomOAuth2GrantAuthenticationProvider(HttpSecurity http) {
 		AuthenticationManager authenticationManager = http.getSharedObject(AuthenticationManager.class);
 		OAuth2AuthorizationService authorizationService = http.getSharedObject(OAuth2AuthorizationService.class);
 		OAuth2ResourceOwnerPasswordAuthenticationProvider resourceOwnerPasswordAuthenticationProvider = new OAuth2ResourceOwnerPasswordAuthenticationProvider(
 				authenticationManager, authorizationService, oAuth2TokenGenerator);
 		OAuth2ResourceOwnerSmsAuthenticationProvider resourceOwnerSmsAuthenticationProvider = new OAuth2ResourceOwnerSmsAuthenticationProvider(
 				authenticationManager, authorizationService, oAuth2TokenGenerator);
 		// 处理 UsernamePasswordAuthenticationToken
 		http.authenticationProvider(new PigDaoAuthenticationProvider());
 		// 处理 OAuth2ResourceOwnerPasswordAuthenticationToken
 		http.authenticationProvider(resourceOwnerPasswordAuthenticationProvider);
 		// 处理 OAuth2ResourceOwnerSmsAuthenticationToken
 		http.authenticationProvider(resourceOwnerSmsAuthenticationProvider);
 	}
 }