修复github无法登录授权问题

2024-12-26 03:38:53 +00:00 · 2020-08-21 15:25:17 +08:00 · 2020-08-21 15:25:17 +08:00 · d51fbe02a8
commit d51fbe02a8
parent 96786ec566
5 changed files with 84 additions and 24 deletions
--- a/src/main/java/io/qyi/e5/config/security/GithubAuth2AuthenticationConfig.java
+++ b/src/main/java/io/qyi/e5/config/security/GithubAuth2AuthenticationConfig.java
@ -0,0 +1,48 @@
+package io.qyi.e5.config.security;
+
+import io.qyi.e5.config.security.filter.GithubLoginAuthenticationFilter;
+import lombok.extern.slf4j.Slf4j;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.config.annotation.SecurityConfigurerAdapter;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.web.DefaultSecurityFilterChain;
+import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
+import org.springframework.stereotype.Component;
+
+/**
+ * @program: e5
+ * @description:
+ * @author: 落叶随风
+ * @create: 2020-02-28 16:24
+ **/
+@Component
+@Slf4j
+public class GithubAuth2AuthenticationConfig extends SecurityConfigurerAdapter<DefaultSecurityFilterChain, HttpSecurity> {
+    @Autowired
+    UsernamePasswordAuthenticationProvider usernamePasswordAuthenticationProvider;
+    @Autowired
+    SecurityAuthenticationHandler securityAuthenticationHandler;
+
+
+    @Override
+    public void configure(HttpSecurity http) throws Exception {
+        GithubLoginAuthenticationFilter authenticationFilter = new GithubLoginAuthenticationFilter();
+
+        log.info("自定义用户认证处理逻辑");
+//        自定义用户认证处理逻辑时，需要指定AuthenticationManager，否则无法认证
+        authenticationFilter.setAuthenticationManager(http.getSharedObject(AuthenticationManager.class));
+
+//      指定自定义的认证成功和失败的处理器
+        authenticationFilter.setAuthenticationSuccessHandler(securityAuthenticationHandler);
+        authenticationFilter.setAuthenticationFailureHandler(securityAuthenticationHandler);
+//        把自定义的用户名密码认证过滤器和处理器添加到UsernamePasswordAuthenticationFilter过滤器之前
+        http.authenticationProvider(usernamePasswordAuthenticationProvider)
+                .addFilterBefore(authenticationFilter, UsernamePasswordAuthenticationFilter.class);
+
+
+    }
+
+}
--- a/src/main/java/io/qyi/e5/config/security/SecurityConfig.java
+++ b/src/main/java/io/qyi/e5/config/security/SecurityConfig.java
@ -1,12 +1,10 @@
 package io.qyi.e5.config.security;

 import io.qyi.e5.config.security.filter.LinkTokenAuthenticationFilter;
-import io.qyi.e5.config.security.filter.LoginAuthenticationFilter;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.annotation.Configuration;
-import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.config.annotation.ObjectPostProcessor;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
@ -39,6 +37,10 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
    @Autowired
    UrlInvocationSecurityMetadataSourceService myInvocationSecurityMetadataSourceService;

+    @Autowired
+    GithubAuth2AuthenticationConfig githubAuth2AuthenticationConfig;
+
+
    @Value("${web.static.filtrate}")
    String[] webFiltrate;

@ -50,43 +52,43 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
    @Override
    public void configure(WebSecurity web) throws Exception {
 //        super.configure(web);
-        /*放行静态资源*/
+        /*放行静态资源,这里放行不会去执行 AbstractAuthenticationProcessingFilter */
        web.ignoring().antMatchers(webFiltrate);
+
    }

    //  通过重载该方法，可配置如何通过拦截器保护请求。
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        System.out.println("HttpSecurity http");
+
        /*自定义*/
-        http.csrf().disable();
-        LoginAuthenticationFilter authenticationFilter = new LoginAuthenticationFilter();
+        log.info("注册gituhb授权登录");
+//        http.authorizeRequests().antMatchers("/user/login", "/user/loginFrom", "/auth2/getGithubUrl").permitAll()// 指定相应的请求 不需要验证
+////                .and()
+////                .authorizeRequests().antMatchers("/quartz/**").permitAll()//测试
+//                .anyRequest()// 任何请求
+//                .authenticated();// 都需要身份认证

-        log.info("自定义用户认证处理逻辑");
-//        自定义用户认证处理逻辑时，需要指定AuthenticationManager，否则无法认证
-        authenticationFilter.setAuthenticationManager(http.getSharedObject(AuthenticationManager.class));
-
-//      指定自定义的认证成功和失败的处理器
-        authenticationFilter.setAuthenticationSuccessHandler(securityAuthenticationHandler);
-        authenticationFilter.setAuthenticationFailureHandler(securityAuthenticationHandler);
-
-//        把自定义的用户名密码认证过滤器和处理器添加到UsernamePasswordAuthenticationFilter过滤器之前
-        http.authenticationProvider(usernamePasswordAuthenticationProvider).addFilterBefore(authenticationFilter, UsernamePasswordAuthenticationFilter.class);
-        http.authorizeRequests().anyRequest().authenticated().withObjectPostProcessor(filterSecurityInterceptorObjectPostProcessor());
+        /*验证token*/
        http.addFilterBefore(new LinkTokenAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class);
-
+        http.csrf().disable().apply(githubAuth2AuthenticationConfig);
+        /*添加自定义权限管理器*/
+        http.authorizeRequests().anyRequest().authenticated().withObjectPostProcessor(filterSecurityInterceptorObjectPostProcessor());
        /*关闭创建session*/
        http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
    }

    /**
     * 自定义 FilterSecurityInterceptor  ObjectPostProcessor 以替换默认配置达到动态权限的目的
+     *
     * @return ObjectPostProcessor
     */
    private ObjectPostProcessor<FilterSecurityInterceptor> filterSecurityInterceptorObjectPostProcessor() {
        return new ObjectPostProcessor<FilterSecurityInterceptor>() {
            @Override
            public <O extends FilterSecurityInterceptor> O postProcess(O object) {
+                log.info("加载自定义url权限");
                object.setAccessDecisionManager(myAccessDecisionManager);
                object.setSecurityMetadataSource(myInvocationSecurityMetadataSourceService);
                return object;
--- a/src/main/java/io/qyi/e5/config/security/UrlAccessDecisionManager.java
+++ b/src/main/java/io/qyi/e5/config/security/UrlAccessDecisionManager.java
@ -25,18 +25,18 @@ import java.util.Iterator;
 public class UrlAccessDecisionManager implements AccessDecisionManager {
    @Override
    public void decide(Authentication authentication, Object o, Collection<ConfigAttribute> collection) throws AccessDeniedException, InsufficientAuthenticationException {
-        log.info("进入权限判断!");
+        log.debug("进入权限判断!");
        if (collection == null) {
            return;
        }
-        log.info("object is a URL. {}", o.toString());
+        log.debug("object is a URL. {}", o.toString());
        //所请求的资源拥有的权限(一个资源对多个权限)
        Iterator<ConfigAttribute> iterator = collection.iterator();
        while (iterator.hasNext()) {
            ConfigAttribute configAttribute = iterator.next();
            //访问所请求资源所需要的权限
            String needPermission = configAttribute.getAttribute();
-            log.info("访问 " + o.toString() + " 需要的权限是：" + needPermission);
+            log.debug("访问 " + o.toString() + " 需要的权限是：" + needPermission);
            if (needPermission == null) {
                break;
            }
--- a/src/main/java/io/qyi/e5/config/security/UrlInvocationSecurityMetadataSourceService.java
+++ b/src/main/java/io/qyi/e5/config/security/UrlInvocationSecurityMetadataSourceService.java
@ -32,8 +32,10 @@ public class UrlInvocationSecurityMetadataSourceService implements FilterInvocat
        Collection<ConfigAttribute> array;
        ConfigAttribute cfg;
        Map<String, String> permissions = new HashMap<>();
+        /*这里只是简单的配置*/
        permissions.put("/admin/**", "admin");
        permissions.put("/**", "user");
+        permissions.put("/auth2/**", "ROLE_ANONYMOUS");
        Iterator<Map.Entry<String, String>> iterator = permissions.entrySet().iterator();
        while (iterator.hasNext()) {
            Map.Entry<String, String> next = iterator.next();
--- a/src/main/java/io/qyi/e5/config/security/filter/GithubLoginAuthenticationFilter.java
+++ b/src/main/java/io/qyi/e5/config/security/filter/GithubLoginAuthenticationFilter.java
@ -3,7 +3,9 @@ package io.qyi.e5.config.security.filter;
 import io.qyi.e5.config.security.UsernamePasswordAuthenticationToken;
 import lombok.extern.slf4j.Slf4j;
 import org.apache.commons.lang3.StringUtils;
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpMethod;
+import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.authentication.AuthenticationServiceException;
 import org.springframework.security.authentication.InternalAuthenticationServiceException;
 import org.springframework.security.core.Authentication;
@ -12,6 +14,7 @@ import org.springframework.security.core.userdetails.UsernameNotFoundException;
 import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;
 import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
 import org.springframework.security.web.util.matcher.RequestMatcher;
+import org.springframework.stereotype.Component;

 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
@ -25,23 +28,27 @@ import java.io.IOException;
 * @create: 2020-02-28 11:56
 **/
@Slf4j
-public class LoginAuthenticationFilter extends AbstractAuthenticationProcessingFilter {
-    protected LoginAuthenticationFilter(String defaultFilterProcessesUrl) {
+public class GithubLoginAuthenticationFilter extends AbstractAuthenticationProcessingFilter {
+
+
+    protected GithubLoginAuthenticationFilter(String defaultFilterProcessesUrl) {
        super(defaultFilterProcessesUrl);
    }

-    protected LoginAuthenticationFilter(RequestMatcher requiresAuthenticationRequestMatcher) {
+    protected GithubLoginAuthenticationFilter(RequestMatcher requiresAuthenticationRequestMatcher) {
        super(requiresAuthenticationRequestMatcher);
    }

-    public LoginAuthenticationFilter() {
+    public GithubLoginAuthenticationFilter() {
        super(new AntPathRequestMatcher("/auth2/receive", "GET"));
        log.info("注册 LoginAuthenticationFilter");
    }


+
    @Override
    public Authentication attemptAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws AuthenticationException, IOException, ServletException {
+        log.info("接收github回调参数!");
        /*if (!httpServletRequest.getMethod().equals(HttpMethod.POST.name())) {
            throw new AuthenticationServiceException("不支持该验证方法: " + httpServletRequest.getMethod());
        } else {
@ -73,4 +80,5 @@ public class LoginAuthenticationFilter extends AbstractAuthenticationProcessingF
    private void setDetails(HttpServletRequest request, UsernamePasswordAuthenticationToken authRequest) {
        authRequest.setDetails(authenticationDetailsSource.buildDetails(request));
    }
+
 }