refactor:优化认证服务器，暴露用户不存在异常

2024-12-22 20:54:26 +08:00 · 2021-04-28 23:13:12 +08:00 · 2021-04-28 23:13:12 +08:00 · 23b271338f
commit 23b271338f
parent 08a78772ac
4 changed files with 17 additions and 21 deletions
--- a/youlai-auth/src/main/java/com/youlai/auth/config/AuthorizationServerConfig.java
+++ b/youlai-auth/src/main/java/com/youlai/auth/config/AuthorizationServerConfig.java
@ -17,6 +17,7 @@ import org.springframework.http.HttpHeaders;
 import org.springframework.http.MediaType;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
+import org.springframework.security.crypto.factory.PasswordEncoderFactories;
 import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.security.oauth2.common.DefaultOAuth2AccessToken;
 import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
@ -48,7 +49,6 @@ public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdap
    private DataSource dataSource;
    private AuthenticationManager authenticationManager;
    private UserDetailsServiceImpl userDetailsService;
-    private PasswordEncoder passwordEncoder;

    /**
     * 配置客户端详情(数据库)
@ -72,9 +72,7 @@ public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdap
        tokenEnhancers.add(tokenEnhancer());
        tokenEnhancers.add(jwtAccessTokenConverter());
        tokenEnhancerChain.setTokenEnhancers(tokenEnhancers);
-
        endpoints
-
                .authenticationManager(authenticationManager)
                .accessTokenConverter(jwtAccessTokenConverter())
                .tokenEnhancer(tokenEnhancerChain)
@ -94,14 +92,12 @@ public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdap

    /**
     * 自定义认证异常响应数据
-     *
-     * @return
     */
    @Bean
    public AuthenticationEntryPoint authenticationEntryPoint() {
        return (request, response, e) -> {
            response.setStatus(HttpStatus.HTTP_OK);
-            response.setHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_UTF8_VALUE);
+            response.setHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE);
            response.setHeader("Access-Control-Allow-Origin", "*");
            response.setHeader("Cache-Control", "no-cache");
            Result result = Result.failed(ResultCode.CLIENT_AUTHENTICATION_FAILED);
@ -126,8 +122,7 @@ public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdap
     */
    @Bean
    public KeyPair keyPair() {
-        KeyStoreKeyFactory factory = new KeyStoreKeyFactory(
-                new ClassPathResource("youlai.jks"), "123456".toCharArray());
+        KeyStoreKeyFactory factory = new KeyStoreKeyFactory(new ClassPathResource("youlai.jks"), "123456".toCharArray());
        KeyPair keyPair = factory.getKeyPair("youlai", "123456".toCharArray());
        return keyPair;
    }
@ -151,9 +146,19 @@ public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdap
    @Bean
    public DaoAuthenticationProvider authenticationProvider() {
        DaoAuthenticationProvider provider = new DaoAuthenticationProvider();
-        provider.setHideUserNotFoundExceptions(false);
+        provider.setHideUserNotFoundExceptions(false); // 用户不存在异常抛出
        provider.setUserDetailsService(userDetailsService);
-        provider.setPasswordEncoder(passwordEncoder);
+        provider.setPasswordEncoder(passwordEncoder());
        return provider;
    }
+
+    /**
+     * 密码编码器
+     * 密码判读 DaoAuthenticationProvider#additionalAuthenticationChecks
+     * @return
+     */
+    @Bean
+    public PasswordEncoder passwordEncoder() {
+        return PasswordEncoderFactories.createDelegatingPasswordEncoder();
+    }
 }
--- a/youlai-auth/src/main/java/com/youlai/auth/config/WebSecurityConfig.java
+++ b/youlai-auth/src/main/java/com/youlai/auth/config/WebSecurityConfig.java
@ -30,17 +30,10 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
                .csrf().disable();
    }

-    /**
-     * 如果不配置SpringBoot会自动配置一个AuthenticationManager,覆盖掉内存中的用户
-     */
    @Bean
-    public AuthenticationManager authenticationManagerBean() throws Exception {
+    public AuthenticationManager authenticationManager() throws Exception {
        return super.authenticationManagerBean();
    }

-    @Bean
-    public PasswordEncoder passwordEncoder() {
-        return PasswordEncoderFactories.createDelegatingPasswordEncoder();
-    }

 }
--- a/youlai-auth/src/main/java/com/youlai/auth/exception/AuthExceptionHandler.java
+++ b/youlai-auth/src/main/java/com/youlai/auth/exception/AuthExceptionHandler.java
@ -24,7 +24,6 @@ public class AuthExceptionHandler {
        return Result.failed(ResultCode.USER_NOT_EXIST);
    }

-
    /**
     * 用户名和密码异常
     *
--- a/youlai-auth/src/main/java/com/youlai/auth/service/UserDetailsServiceImpl.java
+++ b/youlai-auth/src/main/java/com/youlai/auth/service/UserDetailsServiceImpl.java
@ -19,7 +19,6 @@ import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.core.userdetails.UsernameNotFoundException;
 import org.springframework.stereotype.Service;

-
 /**
 * 自定义用户认证和授权
 */
@ -40,7 +39,7 @@ public class UserDetailsServiceImpl implements UserDetailsService {
        switch (clientId) {
            case AuthConstants.ADMIN_CLIENT_ID: // 后台用户
                result = userFeignClient.getUserByUsername(username);
-                log.info("获取用户信息：{}",result.toString());
+                log.info("获取用户信息：{}", result.toString());
                if (ResultCode.SUCCESS.getCode().equals(result.getCode())) {
                    UserDTO userDTO = (UserDTO) result.getData();
                    user = new User(userDTO);