mirror of
https://github.com/luoye663/e5.git
synced 2024-12-25 11:18:50 +00:00
修复github无法登录授权问题
This commit is contained in:
parent
96786ec566
commit
d51fbe02a8
@ -0,0 +1,48 @@
|
||||
package io.qyi.e5.config.security;
|
||||
|
||||
import io.qyi.e5.config.security.filter.GithubLoginAuthenticationFilter;
|
||||
import lombok.extern.slf4j.Slf4j;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.security.authentication.AuthenticationManager;
|
||||
import org.springframework.security.config.annotation.SecurityConfigurerAdapter;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.web.DefaultSecurityFilterChain;
|
||||
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
|
||||
import org.springframework.stereotype.Component;
|
||||
|
||||
/**
|
||||
* @program: e5
|
||||
* @description:
|
||||
* @author: 落叶随风
|
||||
* @create: 2020-02-28 16:24
|
||||
**/
|
||||
@Component
|
||||
@Slf4j
|
||||
public class GithubAuth2AuthenticationConfig extends SecurityConfigurerAdapter<DefaultSecurityFilterChain, HttpSecurity> {
|
||||
@Autowired
|
||||
UsernamePasswordAuthenticationProvider usernamePasswordAuthenticationProvider;
|
||||
@Autowired
|
||||
SecurityAuthenticationHandler securityAuthenticationHandler;
|
||||
|
||||
|
||||
@Override
|
||||
public void configure(HttpSecurity http) throws Exception {
|
||||
GithubLoginAuthenticationFilter authenticationFilter = new GithubLoginAuthenticationFilter();
|
||||
|
||||
log.info("自定义用户认证处理逻辑");
|
||||
// 自定义用户认证处理逻辑时,需要指定AuthenticationManager,否则无法认证
|
||||
authenticationFilter.setAuthenticationManager(http.getSharedObject(AuthenticationManager.class));
|
||||
|
||||
// 指定自定义的认证成功和失败的处理器
|
||||
authenticationFilter.setAuthenticationSuccessHandler(securityAuthenticationHandler);
|
||||
authenticationFilter.setAuthenticationFailureHandler(securityAuthenticationHandler);
|
||||
// 把自定义的用户名密码认证过滤器和处理器添加到UsernamePasswordAuthenticationFilter过滤器之前
|
||||
http.authenticationProvider(usernamePasswordAuthenticationProvider)
|
||||
.addFilterBefore(authenticationFilter, UsernamePasswordAuthenticationFilter.class);
|
||||
|
||||
|
||||
}
|
||||
|
||||
}
|
@ -1,12 +1,10 @@
|
||||
package io.qyi.e5.config.security;
|
||||
|
||||
import io.qyi.e5.config.security.filter.LinkTokenAuthenticationFilter;
|
||||
import io.qyi.e5.config.security.filter.LoginAuthenticationFilter;
|
||||
import lombok.extern.slf4j.Slf4j;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.beans.factory.annotation.Value;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.security.authentication.AuthenticationManager;
|
||||
import org.springframework.security.config.annotation.ObjectPostProcessor;
|
||||
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
|
||||
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
|
||||
@ -39,6 +37,10 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
|
||||
@Autowired
|
||||
UrlInvocationSecurityMetadataSourceService myInvocationSecurityMetadataSourceService;
|
||||
|
||||
@Autowired
|
||||
GithubAuth2AuthenticationConfig githubAuth2AuthenticationConfig;
|
||||
|
||||
|
||||
@Value("${web.static.filtrate}")
|
||||
String[] webFiltrate;
|
||||
|
||||
@ -50,43 +52,43 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
|
||||
@Override
|
||||
public void configure(WebSecurity web) throws Exception {
|
||||
// super.configure(web);
|
||||
/*放行静态资源*/
|
||||
/*放行静态资源,这里放行不会去执行 AbstractAuthenticationProcessingFilter */
|
||||
web.ignoring().antMatchers(webFiltrate);
|
||||
|
||||
}
|
||||
|
||||
// 通过重载该方法,可配置如何通过拦截器保护请求。
|
||||
@Override
|
||||
protected void configure(HttpSecurity http) throws Exception {
|
||||
System.out.println("HttpSecurity http");
|
||||
|
||||
/*自定义*/
|
||||
http.csrf().disable();
|
||||
LoginAuthenticationFilter authenticationFilter = new LoginAuthenticationFilter();
|
||||
log.info("注册gituhb授权登录");
|
||||
// http.authorizeRequests().antMatchers("/user/login", "/user/loginFrom", "/auth2/getGithubUrl").permitAll()// 指定相应的请求 不需要验证
|
||||
//// .and()
|
||||
//// .authorizeRequests().antMatchers("/quartz/**").permitAll()//测试
|
||||
// .anyRequest()// 任何请求
|
||||
// .authenticated();// 都需要身份认证
|
||||
|
||||
log.info("自定义用户认证处理逻辑");
|
||||
// 自定义用户认证处理逻辑时,需要指定AuthenticationManager,否则无法认证
|
||||
authenticationFilter.setAuthenticationManager(http.getSharedObject(AuthenticationManager.class));
|
||||
|
||||
// 指定自定义的认证成功和失败的处理器
|
||||
authenticationFilter.setAuthenticationSuccessHandler(securityAuthenticationHandler);
|
||||
authenticationFilter.setAuthenticationFailureHandler(securityAuthenticationHandler);
|
||||
|
||||
// 把自定义的用户名密码认证过滤器和处理器添加到UsernamePasswordAuthenticationFilter过滤器之前
|
||||
http.authenticationProvider(usernamePasswordAuthenticationProvider).addFilterBefore(authenticationFilter, UsernamePasswordAuthenticationFilter.class);
|
||||
http.authorizeRequests().anyRequest().authenticated().withObjectPostProcessor(filterSecurityInterceptorObjectPostProcessor());
|
||||
/*验证token*/
|
||||
http.addFilterBefore(new LinkTokenAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class);
|
||||
|
||||
http.csrf().disable().apply(githubAuth2AuthenticationConfig);
|
||||
/*添加自定义权限管理器*/
|
||||
http.authorizeRequests().anyRequest().authenticated().withObjectPostProcessor(filterSecurityInterceptorObjectPostProcessor());
|
||||
/*关闭创建session*/
|
||||
http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
|
||||
}
|
||||
|
||||
/**
|
||||
* 自定义 FilterSecurityInterceptor ObjectPostProcessor 以替换默认配置达到动态权限的目的
|
||||
*
|
||||
* @return ObjectPostProcessor
|
||||
*/
|
||||
private ObjectPostProcessor<FilterSecurityInterceptor> filterSecurityInterceptorObjectPostProcessor() {
|
||||
return new ObjectPostProcessor<FilterSecurityInterceptor>() {
|
||||
@Override
|
||||
public <O extends FilterSecurityInterceptor> O postProcess(O object) {
|
||||
log.info("加载自定义url权限");
|
||||
object.setAccessDecisionManager(myAccessDecisionManager);
|
||||
object.setSecurityMetadataSource(myInvocationSecurityMetadataSourceService);
|
||||
return object;
|
||||
|
@ -25,18 +25,18 @@ import java.util.Iterator;
|
||||
public class UrlAccessDecisionManager implements AccessDecisionManager {
|
||||
@Override
|
||||
public void decide(Authentication authentication, Object o, Collection<ConfigAttribute> collection) throws AccessDeniedException, InsufficientAuthenticationException {
|
||||
log.info("进入权限判断!");
|
||||
log.debug("进入权限判断!");
|
||||
if (collection == null) {
|
||||
return;
|
||||
}
|
||||
log.info("object is a URL. {}", o.toString());
|
||||
log.debug("object is a URL. {}", o.toString());
|
||||
//所请求的资源拥有的权限(一个资源对多个权限)
|
||||
Iterator<ConfigAttribute> iterator = collection.iterator();
|
||||
while (iterator.hasNext()) {
|
||||
ConfigAttribute configAttribute = iterator.next();
|
||||
//访问所请求资源所需要的权限
|
||||
String needPermission = configAttribute.getAttribute();
|
||||
log.info("访问 " + o.toString() + " 需要的权限是:" + needPermission);
|
||||
log.debug("访问 " + o.toString() + " 需要的权限是:" + needPermission);
|
||||
if (needPermission == null) {
|
||||
break;
|
||||
}
|
||||
|
@ -32,8 +32,10 @@ public class UrlInvocationSecurityMetadataSourceService implements FilterInvocat
|
||||
Collection<ConfigAttribute> array;
|
||||
ConfigAttribute cfg;
|
||||
Map<String, String> permissions = new HashMap<>();
|
||||
/*这里只是简单的配置*/
|
||||
permissions.put("/admin/**", "admin");
|
||||
permissions.put("/**", "user");
|
||||
permissions.put("/auth2/**", "ROLE_ANONYMOUS");
|
||||
Iterator<Map.Entry<String, String>> iterator = permissions.entrySet().iterator();
|
||||
while (iterator.hasNext()) {
|
||||
Map.Entry<String, String> next = iterator.next();
|
||||
|
@ -3,7 +3,9 @@ package io.qyi.e5.config.security.filter;
|
||||
import io.qyi.e5.config.security.UsernamePasswordAuthenticationToken;
|
||||
import lombok.extern.slf4j.Slf4j;
|
||||
import org.apache.commons.lang3.StringUtils;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.http.HttpMethod;
|
||||
import org.springframework.security.authentication.AuthenticationManager;
|
||||
import org.springframework.security.authentication.AuthenticationServiceException;
|
||||
import org.springframework.security.authentication.InternalAuthenticationServiceException;
|
||||
import org.springframework.security.core.Authentication;
|
||||
@ -12,6 +14,7 @@ import org.springframework.security.core.userdetails.UsernameNotFoundException;
|
||||
import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;
|
||||
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
|
||||
import org.springframework.security.web.util.matcher.RequestMatcher;
|
||||
import org.springframework.stereotype.Component;
|
||||
|
||||
import javax.servlet.ServletException;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
@ -25,23 +28,27 @@ import java.io.IOException;
|
||||
* @create: 2020-02-28 11:56
|
||||
**/
|
||||
@Slf4j
|
||||
public class LoginAuthenticationFilter extends AbstractAuthenticationProcessingFilter {
|
||||
protected LoginAuthenticationFilter(String defaultFilterProcessesUrl) {
|
||||
public class GithubLoginAuthenticationFilter extends AbstractAuthenticationProcessingFilter {
|
||||
|
||||
|
||||
protected GithubLoginAuthenticationFilter(String defaultFilterProcessesUrl) {
|
||||
super(defaultFilterProcessesUrl);
|
||||
}
|
||||
|
||||
protected LoginAuthenticationFilter(RequestMatcher requiresAuthenticationRequestMatcher) {
|
||||
protected GithubLoginAuthenticationFilter(RequestMatcher requiresAuthenticationRequestMatcher) {
|
||||
super(requiresAuthenticationRequestMatcher);
|
||||
}
|
||||
|
||||
public LoginAuthenticationFilter() {
|
||||
public GithubLoginAuthenticationFilter() {
|
||||
super(new AntPathRequestMatcher("/auth2/receive", "GET"));
|
||||
log.info("注册 LoginAuthenticationFilter");
|
||||
}
|
||||
|
||||
|
||||
|
||||
@Override
|
||||
public Authentication attemptAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws AuthenticationException, IOException, ServletException {
|
||||
log.info("接收github回调参数!");
|
||||
/*if (!httpServletRequest.getMethod().equals(HttpMethod.POST.name())) {
|
||||
throw new AuthenticationServiceException("不支持该验证方法: " + httpServletRequest.getMethod());
|
||||
} else {
|
||||
@ -73,4 +80,5 @@ public class LoginAuthenticationFilter extends AbstractAuthenticationProcessingF
|
||||
private void setDetails(HttpServletRequest request, UsernamePasswordAuthenticationToken authRequest) {
|
||||
authRequest.setDetails(authenticationDetailsSource.buildDetails(request));
|
||||
}
|
||||
|
||||
}
|
Loading…
Reference in New Issue
Block a user