修复github无法登录授权问题

src/main/java/io/qyi/e5/config/security/GithubAuth2AuthenticationConfig.java

@@ -0,0 +1,48 @@
+package io.qyi.e5.config.security;
+
+import io.qyi.e5.config.security.filter.GithubLoginAuthenticationFilter;
+import lombok.extern.slf4j.Slf4j;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.config.annotation.SecurityConfigurerAdapter;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.web.DefaultSecurityFilterChain;
+import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
+import org.springframework.stereotype.Component;
+
+/**
+ * @program: e5
+ * @description:
+ * @author: 落叶随风
+ * @create: 2020-02-28 16:24
+ **/
+@Component
+@Slf4j
+public class GithubAuth2AuthenticationConfig extends SecurityConfigurerAdapter<DefaultSecurityFilterChain, HttpSecurity> {
+    @Autowired
+    UsernamePasswordAuthenticationProvider usernamePasswordAuthenticationProvider;
+    @Autowired
+    SecurityAuthenticationHandler securityAuthenticationHandler;
+
+
+    @Override
+    public void configure(HttpSecurity http) throws Exception {
+        GithubLoginAuthenticationFilter authenticationFilter = new GithubLoginAuthenticationFilter();
+
+        log.info("自定义用户认证处理逻辑");
+//        自定义用户认证处理逻辑时，需要指定AuthenticationManager，否则无法认证
+        authenticationFilter.setAuthenticationManager(http.getSharedObject(AuthenticationManager.class));
+
+//      指定自定义的认证成功和失败的处理器
+        authenticationFilter.setAuthenticationSuccessHandler(securityAuthenticationHandler);
+        authenticationFilter.setAuthenticationFailureHandler(securityAuthenticationHandler);
+//        把自定义的用户名密码认证过滤器和处理器添加到UsernamePasswordAuthenticationFilter过滤器之前
+        http.authenticationProvider(usernamePasswordAuthenticationProvider)
+                .addFilterBefore(authenticationFilter, UsernamePasswordAuthenticationFilter.class);
+
+
+    }
+
+}

src/main/java/io/qyi/e5/config/security/SecurityConfig.java

@@ -1,12 +1,10 @@
 package io.qyi.e5.config.security;
 
 import io.qyi.e5.config.security.filter.LinkTokenAuthenticationFilter;
-import io.qyi.e5.config.security.filter.LoginAuthenticationFilter;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.annotation.Configuration;
-import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.config.annotation.ObjectPostProcessor;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
@@ -39,6 +37,10 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
     @Autowired
     UrlInvocationSecurityMetadataSourceService myInvocationSecurityMetadataSourceService;
 
+    @Autowired
+    GithubAuth2AuthenticationConfig githubAuth2AuthenticationConfig;
+
+
     @Value("${web.static.filtrate}")
     String[] webFiltrate;
 
@@ -50,43 +52,43 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
     @Override
     public void configure(WebSecurity web) throws Exception {
 //        super.configure(web);
-        /*放行静态资源*/
+        /*放行静态资源,这里放行不会去执行 AbstractAuthenticationProcessingFilter */
         web.ignoring().antMatchers(webFiltrate);
+
     }
 
     //  通过重载该方法，可配置如何通过拦截器保护请求。
     @Override
     protected void configure(HttpSecurity http) throws Exception {
         System.out.println("HttpSecurity http");
+
         /*自定义*/
-        http.csrf().disable();
+        log.info("注册gituhb授权登录");
-        LoginAuthenticationFilter authenticationFilter = new LoginAuthenticationFilter();
+//        http.authorizeRequests().antMatchers("/user/login", "/user/loginFrom", "/auth2/getGithubUrl").permitAll()// 指定相应的请求 不需要验证
+////                .and()
+////                .authorizeRequests().antMatchers("/quartz/**").permitAll()//测试
+//                .anyRequest()// 任何请求
+//                .authenticated();// 都需要身份认证
 
-        log.info("自定义用户认证处理逻辑");
+        /*验证token*/
-//        自定义用户认证处理逻辑时，需要指定AuthenticationManager，否则无法认证
-        authenticationFilter.setAuthenticationManager(http.getSharedObject(AuthenticationManager.class));
-
-//      指定自定义的认证成功和失败的处理器
-        authenticationFilter.setAuthenticationSuccessHandler(securityAuthenticationHandler);
-        authenticationFilter.setAuthenticationFailureHandler(securityAuthenticationHandler);
-
-//        把自定义的用户名密码认证过滤器和处理器添加到UsernamePasswordAuthenticationFilter过滤器之前
-        http.authenticationProvider(usernamePasswordAuthenticationProvider).addFilterBefore(authenticationFilter, UsernamePasswordAuthenticationFilter.class);
-        http.authorizeRequests().anyRequest().authenticated().withObjectPostProcessor(filterSecurityInterceptorObjectPostProcessor());
         http.addFilterBefore(new LinkTokenAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class);
-
+        http.csrf().disable().apply(githubAuth2AuthenticationConfig);
+        /*添加自定义权限管理器*/
+        http.authorizeRequests().anyRequest().authenticated().withObjectPostProcessor(filterSecurityInterceptorObjectPostProcessor());
         /*关闭创建session*/
         http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
     }
 
     /**
      * 自定义 FilterSecurityInterceptor  ObjectPostProcessor 以替换默认配置达到动态权限的目的
+     *
      * @return ObjectPostProcessor
      */
     private ObjectPostProcessor<FilterSecurityInterceptor> filterSecurityInterceptorObjectPostProcessor() {
         return new ObjectPostProcessor<FilterSecurityInterceptor>() {
             @Override
             public <O extends FilterSecurityInterceptor> O postProcess(O object) {
+                log.info("加载自定义url权限");
                 object.setAccessDecisionManager(myAccessDecisionManager);
                 object.setSecurityMetadataSource(myInvocationSecurityMetadataSourceService);
                 return object;

src/main/java/io/qyi/e5/config/security/UrlAccessDecisionManager.java

@@ -25,18 +25,18 @@ import java.util.Iterator;
 public class UrlAccessDecisionManager implements AccessDecisionManager {
     @Override
     public void decide(Authentication authentication, Object o, Collection<ConfigAttribute> collection) throws AccessDeniedException, InsufficientAuthenticationException {
-        log.info("进入权限判断!");
+        log.debug("进入权限判断!");
         if (collection == null) {
             return;
         }
-        log.info("object is a URL. {}", o.toString());
+        log.debug("object is a URL. {}", o.toString());
         //所请求的资源拥有的权限(一个资源对多个权限)
         Iterator<ConfigAttribute> iterator = collection.iterator();
         while (iterator.hasNext()) {
             ConfigAttribute configAttribute = iterator.next();
             //访问所请求资源所需要的权限
             String needPermission = configAttribute.getAttribute();
-            log.info("访问 " + o.toString() + " 需要的权限是：" + needPermission);
+            log.debug("访问 " + o.toString() + " 需要的权限是：" + needPermission);
             if (needPermission == null) {
                 break;
             }

src/main/java/io/qyi/e5/config/security/UrlInvocationSecurityMetadataSourceService.java

@@ -32,8 +32,10 @@ public class UrlInvocationSecurityMetadataSourceService implements FilterInvocat
         Collection<ConfigAttribute> array;
         ConfigAttribute cfg;
         Map<String, String> permissions = new HashMap<>();
+        /*这里只是简单的配置*/
         permissions.put("/admin/**", "admin");
         permissions.put("/**", "user");
+        permissions.put("/auth2/**", "ROLE_ANONYMOUS");
         Iterator<Map.Entry<String, String>> iterator = permissions.entrySet().iterator();
         while (iterator.hasNext()) {
             Map.Entry<String, String> next = iterator.next();

src/main/java/io/qyi/e5/config/security/filter/GithubLoginAuthenticationFilter.java

@@ -3,7 +3,9 @@ package io.qyi.e5.config.security.filter;
 import io.qyi.e5.config.security.UsernamePasswordAuthenticationToken;
 import lombok.extern.slf4j.Slf4j;
 import org.apache.commons.lang3.StringUtils;
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpMethod;
+import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.authentication.AuthenticationServiceException;
 import org.springframework.security.authentication.InternalAuthenticationServiceException;
 import org.springframework.security.core.Authentication;
@@ -12,6 +14,7 @@ import org.springframework.security.core.userdetails.UsernameNotFoundException;
 import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;
 import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
 import org.springframework.security.web.util.matcher.RequestMatcher;
+import org.springframework.stereotype.Component;
 
 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
@@ -25,23 +28,27 @@ import java.io.IOException;
  * @create: 2020-02-28 11:56
  **/
 @Slf4j
-public class LoginAuthenticationFilter extends AbstractAuthenticationProcessingFilter {
+public class GithubLoginAuthenticationFilter extends AbstractAuthenticationProcessingFilter {
-    protected LoginAuthenticationFilter(String defaultFilterProcessesUrl) {
+
+
+    protected GithubLoginAuthenticationFilter(String defaultFilterProcessesUrl) {
         super(defaultFilterProcessesUrl);
     }
 
-    protected LoginAuthenticationFilter(RequestMatcher requiresAuthenticationRequestMatcher) {
+    protected GithubLoginAuthenticationFilter(RequestMatcher requiresAuthenticationRequestMatcher) {
         super(requiresAuthenticationRequestMatcher);
     }
 
-    public LoginAuthenticationFilter() {
+    public GithubLoginAuthenticationFilter() {
         super(new AntPathRequestMatcher("/auth2/receive", "GET"));
         log.info("注册 LoginAuthenticationFilter");
     }
 
 
+
     @Override
     public Authentication attemptAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws AuthenticationException, IOException, ServletException {
+        log.info("接收github回调参数!");
         /*if (!httpServletRequest.getMethod().equals(HttpMethod.POST.name())) {
             throw new AuthenticationServiceException("不支持该验证方法: " + httpServletRequest.getMethod());
         } else {
@@ -73,4 +80,5 @@ public class LoginAuthenticationFilter extends AbstractAuthenticationProcessingF
     private void setDetails(HttpServletRequest request, UsernamePasswordAuthenticationToken authRequest) {
         authRequest.setDetails(authenticationDetailsSource.buildDetails(request));
     }
+
 }