遗留问题，无法登录

2024-12-26 03:38:53 +00:00 · 2020-08-20 14:09:52 +08:00 · 2020-08-20 14:09:52 +08:00 · 96786ec566
commit 96786ec566
parent 62886be7c2
5 changed files with 47 additions and 65 deletions
--- a/src/main/java/io/qyi/e5/bean/core/WebExceptionAspect.java
+++ b/src/main/java/io/qyi/e5/bean/core/WebExceptionAspect.java
@ -4,6 +4,7 @@ import com.baomidou.mybatisplus.core.toolkit.StringUtils;
 import com.fasterxml.jackson.core.JsonGenerator;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import io.qyi.e5.util.ResultUtil;
+import lombok.extern.slf4j.Slf4j;
 import org.aspectj.lang.JoinPoint;
 import org.aspectj.lang.annotation.AfterThrowing;
 import org.aspectj.lang.annotation.Aspect;
@ -26,6 +27,7 @@ import java.io.PrintWriter;
 **/
@Aspect
@Component
+@Slf4j
 public class WebExceptionAspect {
    private final Logger logger = LoggerFactory.getLogger(this.getClass());

@ -58,6 +60,11 @@ public class WebExceptionAspect {
     * @param content 输出内容
     */
    public static void writeContent(Integer code, String content, long time) {
+        if (RequestContextHolder.getRequestAttributes()==null) {
+            log.error("writeContent 异常!");
+            return;
+        }
+
        HttpServletResponse response = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes())
                .getResponse();
        response.setCharacterEncoding("UTF-8");
--- a/src/main/java/io/qyi/e5/config/security/SecurityConfig.java
+++ b/src/main/java/io/qyi/e5/config/security/SecurityConfig.java
@ -1,11 +1,17 @@
 package io.qyi.e5.config.security;

 import io.qyi.e5.config.security.filter.LinkTokenAuthenticationFilter;
+import io.qyi.e5.config.security.filter.LoginAuthenticationFilter;
+import lombok.extern.slf4j.Slf4j;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.config.annotation.ObjectPostProcessor;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.builders.WebSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.config.http.SessionCreationPolicy;
@ -20,42 +26,59 @@ import org.springframework.security.web.authentication.UsernamePasswordAuthentic
 **/
@Configuration
@EnableWebSecurity //开启wen安全功能
+@EnableGlobalMethodSecurity(prePostEnabled = true)
+@Slf4j
 public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    SecurityAuthenticationHandler securityAuthenticationHandler;
-
-
    @Autowired
-    UsernamePasswordAuthenticationConfig usernamePasswordAuthenticationConfig;
-
+    UsernamePasswordAuthenticationProvider usernamePasswordAuthenticationProvider;
    @Autowired
    UrlAccessDecisionManager myAccessDecisionManager;
-
    @Autowired
    UrlInvocationSecurityMetadataSourceService myInvocationSecurityMetadataSourceService;

+    @Value("${web.static.filtrate}")
+    String[] webFiltrate;

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        System.out.println("AuthenticationManagerBuilder auth");
    }

+    @Override
+    public void configure(WebSecurity web) throws Exception {
+//        super.configure(web);
+        /*放行静态资源*/
+        web.ignoring().antMatchers(webFiltrate);
+    }
+
    //  通过重载该方法，可配置如何通过拦截器保护请求。
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        System.out.println("HttpSecurity http");
+        /*自定义*/
+        http.csrf().disable();
+        LoginAuthenticationFilter authenticationFilter = new LoginAuthenticationFilter();
+
+        log.info("自定义用户认证处理逻辑");
+//        自定义用户认证处理逻辑时，需要指定AuthenticationManager，否则无法认证
+        authenticationFilter.setAuthenticationManager(http.getSharedObject(AuthenticationManager.class));
+
+//      指定自定义的认证成功和失败的处理器
+        authenticationFilter.setAuthenticationSuccessHandler(securityAuthenticationHandler);
+        authenticationFilter.setAuthenticationFailureHandler(securityAuthenticationHandler);
+
+//        把自定义的用户名密码认证过滤器和处理器添加到UsernamePasswordAuthenticationFilter过滤器之前
+        http.authenticationProvider(usernamePasswordAuthenticationProvider).addFilterBefore(authenticationFilter, UsernamePasswordAuthenticationFilter.class);
+        http.authorizeRequests().anyRequest().authenticated().withObjectPostProcessor(filterSecurityInterceptorObjectPostProcessor());
+        http.addFilterBefore(new LinkTokenAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class);
+
        /*关闭创建session*/
        http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
-//        http.authorizeRequests().antMatchers("/user/login", "/user/loginFrom", "/auth2/getGithubUrl").permitAll()// 指定相应的请求 不需要验证
-//                .accessDecisionManager(myAccessDecisionManager)
-        http.authorizeRequests().
-                anyRequest().authenticated().withObjectPostProcessor(filterSecurityInterceptorObjectPostProcessor());
-        http.addFilterBefore(new LinkTokenAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class);
-        /*自定义*/
-        http.csrf().disable().apply(usernamePasswordAuthenticationConfig);
-        //自定义过滤器
    }
+
    /**
     * 自定义 FilterSecurityInterceptor  ObjectPostProcessor 以替换默认配置达到动态权限的目的
     * @return ObjectPostProcessor
--- a/src/main/java/io/qyi/e5/config/security/UsernamePasswordAuthenticationConfig.java
+++ b/src/main/java/io/qyi/e5/config/security/UsernamePasswordAuthenticationConfig.java
@ -1,51 +0,0 @@
-package io.qyi.e5.config.security;
-
-import io.qyi.e5.config.security.filter.LinkTokenAuthenticationFilter;
-import io.qyi.e5.config.security.filter.LoginAuthenticationFilter;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.context.annotation.Bean;
-import org.springframework.security.authentication.AuthenticationManager;
-import org.springframework.security.config.annotation.SecurityConfigurerAdapter;
-import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.security.core.context.SecurityContextHolder;
-import org.springframework.security.web.DefaultSecurityFilterChain;
-import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
-import org.springframework.stereotype.Component;
-
-/**
- * @program: e5
- * @description:
- * @author: 落叶随风
- * @create: 2020-02-28 16:24
- **/
-@Component
-public class UsernamePasswordAuthenticationConfig extends SecurityConfigurerAdapter<DefaultSecurityFilterChain, HttpSecurity> {
-    private final Logger logger = LoggerFactory.getLogger(this.getClass());
-    @Autowired
-    UsernamePasswordAuthenticationProvider usernamePasswordAuthenticationProvider;
-    @Autowired
-    SecurityAuthenticationHandler securityAuthenticationHandler;
-
-
-    @Override
-    public void configure(HttpSecurity http) throws Exception {
-        LoginAuthenticationFilter authenticationFilter = new LoginAuthenticationFilter();
-
-
-        logger.info("自定义用户认证处理逻辑");
-//        自定义用户认证处理逻辑时，需要指定AuthenticationManager，否则无法认证
-        authenticationFilter.setAuthenticationManager(http.getSharedObject(AuthenticationManager.class));
-
-//      指定自定义的认证成功和失败的处理器
-        authenticationFilter.setAuthenticationSuccessHandler(securityAuthenticationHandler);
-        authenticationFilter.setAuthenticationFailureHandler(securityAuthenticationHandler);
-//        把自定义的用户名密码认证过滤器和处理器添加到UsernamePasswordAuthenticationFilter过滤器之前
-        http.authenticationProvider(usernamePasswordAuthenticationProvider)
-                .addFilterBefore(authenticationFilter, UsernamePasswordAuthenticationFilter.class);
-
-
-    }
-
-}
--- a/src/main/java/io/qyi/e5/config/security/filter/LinkTokenAuthenticationFilter.java
+++ b/src/main/java/io/qyi/e5/config/security/filter/LinkTokenAuthenticationFilter.java
@ -52,7 +52,7 @@ public class LinkTokenAuthenticationFilter extends OncePerRequestFilter {
        log.info("--------------Token鉴权---------------");
        /*设置跨域*/
        HttpServletResponse response = httpServletResponse;
-        response.setHeader("Access-Control-Allow-Origin", "*");
+        response.setHeader("Access-Control-Allow-Origin", "e5.qyi.io");
        response.setHeader("Access-Control-Allow-Credentials", "true");
        response.setHeader("Access-Control-Allow-Methods", "GET, HEAD, POST");
        response.setHeader("Access-Control-Max-Age", "3600");
--- a/src/main/java/io/qyi/e5/config/security/filter/LoginAuthenticationFilter.java
+++ b/src/main/java/io/qyi/e5/config/security/filter/LoginAuthenticationFilter.java
@ -1,6 +1,7 @@
 package io.qyi.e5.config.security.filter;

 import io.qyi.e5.config.security.UsernamePasswordAuthenticationToken;
+import lombok.extern.slf4j.Slf4j;
 import org.apache.commons.lang3.StringUtils;
 import org.springframework.http.HttpMethod;
 import org.springframework.security.authentication.AuthenticationServiceException;
@ -23,6 +24,7 @@ import java.io.IOException;
 * @author: 落叶随风
 * @create: 2020-02-28 11:56
 **/
+@Slf4j
 public class LoginAuthenticationFilter extends AbstractAuthenticationProcessingFilter {
    protected LoginAuthenticationFilter(String defaultFilterProcessesUrl) {
        super(defaultFilterProcessesUrl);
@ -34,6 +36,7 @@ public class LoginAuthenticationFilter extends AbstractAuthenticationProcessingF

    public LoginAuthenticationFilter() {
        super(new AntPathRequestMatcher("/auth2/receive", "GET"));
+        log.info("注册 LoginAuthenticationFilter");
    }