[重构] 参考 Spring Security 和 Spring Authorization Server 标准代码写法,重构资源服务器和授权服务器配置代码。
This commit is contained in:
码匠君
parent
b68b34e358
commit
dadee44fd6
11
README.md
11
README.md
|
|
@ -236,11 +236,12 @@ dante-cloud
|
|||
|
||||
**Dante Cloud 技术解析高级文档(Cookbook) 专栏【试行】**
|
||||
|
||||
| 序号 | 文章标题 | 付费 | 说明 | 扫码阅读 |
|
||||
|:--:|-------------------------------|:--:|---------------------------------------------------------------------------|------------------------------------------------------------------------|
|
||||
| 1 | Dante Cloud 及相关知识学习方法和学习路径的建议 | 免费 | |  |
|
||||
| 2 | OAuth 2 中的 Scope 与 Role 深度解析 | 付费 | 全网独家,深度解析 OAuth2 协议中和 Spring Security 生态各组件中 Scope 和 Role 概念与原理,以及在实战中的应用 |  |
|
||||
| 3 | Spring Boot 3 之自动配置与注入顺序控制 | 付费 | Spring 生态重要知识点,掌握步入微服务的关键开关 |  |
|
||||
| 序号 | 文章标题 | 付费 | 说明 | 扫码阅读 |
|
||||
|:--:|-------------------------------------------------------------------------------------|:--------:|---------------------------------------------------------------------------|----------------------------------------------------------------|
|
||||
| 1 | [Dante Cloud 及相关知识学习方法和学习路径的建议](https://www.foxitsoftware.cn/bhds/read/qwcqbq) | 免费 | |  |
|
||||
| 2 | [OAuth 2 中的 Scope 与 Role 深度解析](https://www.foxitsoftware.cn/bhds/payRead/3nxj3r/) | 付费,有试读章节 | 全网独家,深度解析 OAuth2 协议中和 Spring Security 生态各组件中 Scope 和 Role 概念与原理,以及在实战中的应用 |  |
|
||||
| 3 | [Spring Boot 3 之自动配置与注入顺序控制](https://www.foxitsoftware.cn/bhds/payRead/1vzfy1/) | 付费,有试读章节 | Spring 生态重要知识点,掌握步入微服务的关键开关 |  |
|
||||
| 4 | [Spring Cloud 之 Session 共享及一致性处理](https://www.foxitsoftware.cn/bhds/payRead/pmq4wy) | 付费,有试读章节 | 深入浅出剖析微服务架构 Session 共享技术难点 |  |
|
||||
|
||||
## [8]、授权协议
|
||||
|
||||
|
|
|
|||
|
|
@ -44,9 +44,9 @@ import org.springframework.context.annotation.Import;
|
|||
DistributedArchitectureConfiguration.class,
|
||||
MonocoqueArchitectureConfiguration.class
|
||||
})
|
||||
public class ArchitectureStrategyConfiguration {
|
||||
public class ArchitectureStrategyAutoConfiguration {
|
||||
|
||||
private static final Logger log = LoggerFactory.getLogger(ArchitectureStrategyConfiguration.class);
|
||||
private static final Logger log = LoggerFactory.getLogger(ArchitectureStrategyAutoConfiguration.class);
|
||||
|
||||
@PostConstruct
|
||||
public void postConstruct() {
|
||||
|
|
@ -29,13 +29,14 @@ import cn.herodotus.engine.assistant.core.definition.constants.DefaultConstants;
|
|||
import cn.herodotus.engine.assistant.core.utils.ResourceUtils;
|
||||
import cn.herodotus.engine.oauth2.authentication.customizer.HerodotusJwtTokenCustomizer;
|
||||
import cn.herodotus.engine.oauth2.authentication.customizer.HerodotusOpaqueTokenCustomizer;
|
||||
import cn.herodotus.engine.oauth2.authentication.form.OAuth2FormLoginUrlConfigurer;
|
||||
import cn.herodotus.engine.oauth2.authentication.form.OAuth2FormLoginConfigurerCustomer;
|
||||
import cn.herodotus.engine.oauth2.authentication.oidc.HerodotusOidcUserInfoMapper;
|
||||
import cn.herodotus.engine.oauth2.authentication.properties.OAuth2AuthenticationProperties;
|
||||
import cn.herodotus.engine.oauth2.authentication.provider.*;
|
||||
import cn.herodotus.engine.oauth2.authentication.response.DefaultOAuth2AuthenticationEventPublisher;
|
||||
import cn.herodotus.engine.oauth2.authentication.utils.OAuth2ConfigurerUtils;
|
||||
import cn.herodotus.engine.oauth2.authorization.customizer.HerodotusTokenStrategyConfigurer;
|
||||
import cn.herodotus.engine.oauth2.authorization.customizer.OAuth2ResourceServerConfigurerCustomer;
|
||||
import cn.herodotus.engine.oauth2.authorization.customizer.OAuth2SessionManagementConfigurerCustomer;
|
||||
import cn.herodotus.engine.oauth2.authorization.properties.OAuth2AuthorizationProperties;
|
||||
import cn.herodotus.engine.oauth2.core.definition.service.ClientDetailsService;
|
||||
import cn.herodotus.engine.oauth2.core.enums.Certificate;
|
||||
|
|
@ -60,7 +61,6 @@ import org.springframework.core.Ordered;
|
|||
import org.springframework.core.annotation.Order;
|
||||
import org.springframework.core.io.Resource;
|
||||
import org.springframework.security.authentication.AuthenticationProvider;
|
||||
import org.springframework.security.config.Customizer;
|
||||
import org.springframework.security.config.annotation.ObjectPostProcessor;
|
||||
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
|
|
@ -82,7 +82,6 @@ import org.springframework.security.rsa.crypto.KeyStoreKeyFactory;
|
|||
import org.springframework.security.web.SecurityFilterChain;
|
||||
import org.springframework.security.web.access.intercept.AuthorizationFilter;
|
||||
import org.springframework.security.web.authentication.AuthenticationConverter;
|
||||
import org.springframework.security.web.authentication.session.SessionAuthenticationStrategy;
|
||||
import org.springframework.security.web.util.matcher.RequestMatcher;
|
||||
|
||||
import java.io.IOException;
|
||||
|
|
@ -117,12 +116,12 @@ public class AuthorizationServerAutoConfiguration {
|
|||
UserDetailsService userDetailsService,
|
||||
ClientDetailsService clientDetailsService,
|
||||
HttpCryptoProcessor httpCryptoProcessor,
|
||||
HerodotusTokenStrategyConfigurer herodotusTokenStrategyConfigurer,
|
||||
OAuth2FormLoginUrlConfigurer formLoginUrlConfigurer,
|
||||
OAuth2AuthenticationProperties authenticationProperties,
|
||||
OAuth2DeviceVerificationResponseHandler deviceVerificationResponseHandler,
|
||||
OidcClientRegistrationResponseHandler clientRegistrationResponseHandler,
|
||||
SessionAuthenticationStrategy sessionAuthenticationStrategy
|
||||
OAuth2FormLoginConfigurerCustomer oauth2FormLoginConfigurerCustomer,
|
||||
OAuth2ResourceServerConfigurerCustomer oauth2ResourceServerConfigurerCustomer,
|
||||
OAuth2SessionManagementConfigurerCustomer oauth2sessionManagementConfigurerCustomer
|
||||
) throws Exception {
|
||||
|
||||
log.debug("[Herodotus] |- Bean [Authorization Server Security Filter Chain] Auto Configure.");
|
||||
|
|
@ -203,7 +202,7 @@ public class AuthorizationServerAutoConfiguration {
|
|||
.authorizeHttpRequests(authorizeRequests -> authorizeRequests.anyRequest().authenticated())
|
||||
// 禁用对 OAuth2 Authorization Server 相关 endpoint 的 CSRF 防御
|
||||
.csrf(csrf -> csrf.ignoringRequestMatchers(endpointsMatcher))
|
||||
.oauth2ResourceServer(herodotusTokenStrategyConfigurer::from);
|
||||
.oauth2ResourceServer(oauth2ResourceServerConfigurerCustomer);
|
||||
|
||||
// 这里增加 DefaultAuthenticationEventPublisher 配置,是为了解决 ProviderManager 在初次使用时,外部定义DefaultAuthenticationEventPublisher 不会注入问题
|
||||
// 外部注入DefaultAuthenticationEventPublisher是标准配置方法,两处都保留是为了保险,还需要深入研究才能决定去掉哪个。
|
||||
|
|
@ -213,8 +212,8 @@ public class AuthorizationServerAutoConfiguration {
|
|||
|
||||
// build() 方法会让以上所有的配置生效
|
||||
SecurityFilterChain securityFilterChain = httpSecurity
|
||||
.formLogin(formLoginUrlConfigurer::from)
|
||||
.sessionManagement(management -> management.sessionAuthenticationStrategy(sessionAuthenticationStrategy))
|
||||
.formLogin(oauth2FormLoginConfigurerCustomer)
|
||||
.sessionManagement(oauth2sessionManagementConfigurerCustomer)
|
||||
.addFilterBefore(new MultiTenantFilter(), AuthorizationFilter.class)
|
||||
.build();
|
||||
|
||||
|
|
@ -277,20 +276,6 @@ public class AuthorizationServerAutoConfiguration {
|
|||
return OAuth2AuthorizationServerConfiguration.jwtDecoder(jwkSource);
|
||||
}
|
||||
|
||||
@Bean
|
||||
public OAuth2TokenCustomizer<JwtEncodingContext> jwtTokenCustomizer() {
|
||||
HerodotusJwtTokenCustomizer herodotusJwtTokenCustomizer = new HerodotusJwtTokenCustomizer();
|
||||
log.trace("[Herodotus] |- Bean [OAuth2 Jwt Token Customizer] Auto Configure.");
|
||||
return herodotusJwtTokenCustomizer;
|
||||
}
|
||||
|
||||
@Bean
|
||||
public OAuth2TokenCustomizer<OAuth2TokenClaimsContext> opaqueTokenCustomizer() {
|
||||
HerodotusOpaqueTokenCustomizer herodotusOpaqueTokenCustomizer = new HerodotusOpaqueTokenCustomizer();
|
||||
log.trace("[Herodotus] |- Bean [OAuth2 Opaque Token Customizer] Auto Configure.");
|
||||
return herodotusOpaqueTokenCustomizer;
|
||||
}
|
||||
|
||||
@Bean
|
||||
public AuthorizationServerSettings authorizationServerSettings(EndpointProperties endpointProperties) {
|
||||
return AuthorizationServerSettings.builder()
|
||||
|
|
|
|||
|
|
@ -29,9 +29,9 @@ import cn.herodotus.engine.captcha.core.processor.CaptchaRendererFactory;
|
|||
import cn.herodotus.engine.oauth2.authentication.form.OAuth2FormLoginSecureConfigurer;
|
||||
import cn.herodotus.engine.oauth2.authentication.properties.OAuth2AuthenticationProperties;
|
||||
import cn.herodotus.engine.oauth2.authentication.response.DefaultOAuth2AuthenticationEventPublisher;
|
||||
import cn.herodotus.engine.oauth2.authorization.customizer.HerodotusTokenStrategyConfigurer;
|
||||
import cn.herodotus.engine.oauth2.authorization.processor.SecurityAuthorizationManager;
|
||||
import cn.herodotus.engine.oauth2.authorization.processor.SecurityMatcherConfigurer;
|
||||
import cn.herodotus.engine.oauth2.authorization.customizer.OAuth2AuthorizeHttpRequestsConfigurerCustomer;
|
||||
import cn.herodotus.engine.oauth2.authorization.customizer.OAuth2ResourceServerConfigurerCustomer;
|
||||
import cn.herodotus.engine.oauth2.authorization.customizer.OAuth2SessionManagementConfigurerCustomer;
|
||||
import cn.herodotus.engine.oauth2.core.definition.service.ClientDetailsService;
|
||||
import cn.herodotus.engine.oauth2.core.definition.strategy.StrategyUserDetailsService;
|
||||
import cn.herodotus.engine.oauth2.core.response.HerodotusAccessDeniedHandler;
|
||||
|
|
@ -41,26 +41,18 @@ import cn.herodotus.engine.oauth2.management.processor.HerodotusUserDetailsServi
|
|||
import cn.herodotus.engine.oauth2.management.service.OAuth2ApplicationService;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
import org.springframework.boot.actuate.autoconfigure.security.servlet.EndpointRequest;
|
||||
import org.springframework.boot.autoconfigure.AutoConfiguration;
|
||||
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
|
||||
import org.springframework.context.ApplicationContext;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.security.authentication.AuthenticationEventPublisher;
|
||||
import org.springframework.security.config.Customizer;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
|
||||
import org.springframework.security.core.session.SessionRegistry;
|
||||
import org.springframework.security.core.userdetails.UserDetailsService;
|
||||
import org.springframework.security.crypto.factory.PasswordEncoderFactories;
|
||||
import org.springframework.security.crypto.password.PasswordEncoder;
|
||||
import org.springframework.security.web.SecurityFilterChain;
|
||||
import org.springframework.security.web.authentication.session.SessionAuthenticationStrategy;
|
||||
import org.springframework.security.web.session.HttpSessionEventPublisher;
|
||||
import org.springframework.session.FindByIndexNameSessionRepository;
|
||||
import org.springframework.session.Session;
|
||||
import org.springframework.session.security.SpringSessionBackedSessionRegistry;
|
||||
|
||||
/**
|
||||
* <p>Description: 默认安全配置 </p>
|
||||
|
|
@ -80,10 +72,9 @@ public class DefaultSecurityAutoConfiguration {
|
|||
UserDetailsService userDetailsService,
|
||||
OAuth2AuthenticationProperties authenticationProperties,
|
||||
CaptchaRendererFactory captchaRendererFactory,
|
||||
SecurityMatcherConfigurer securityMatcherConfigurer,
|
||||
SecurityAuthorizationManager securityAuthorizationManager,
|
||||
HerodotusTokenStrategyConfigurer herodotusTokenStrategyConfigurer,
|
||||
SessionAuthenticationStrategy sessionAuthenticationStrategy
|
||||
OAuth2SessionManagementConfigurerCustomer oauth2SessionManagementConfigurerCustomer,
|
||||
OAuth2ResourceServerConfigurerCustomer oauth2ResourceServerConfigurerCustomer,
|
||||
OAuth2AuthorizeHttpRequestsConfigurerCustomer oauth2AuthorizeHttpRequestsConfigurerCustomer
|
||||
) throws Exception {
|
||||
|
||||
log.debug("[Herodotus] |- Bean [Default Security Filter Chain] Auto Configure.");
|
||||
|
|
@ -92,17 +83,13 @@ public class DefaultSecurityAutoConfiguration {
|
|||
|
||||
// @formatter:off
|
||||
httpSecurity
|
||||
.authorizeHttpRequests(authorizeRequests -> authorizeRequests
|
||||
.requestMatchers(securityMatcherConfigurer.getPermitAllArray()).permitAll()
|
||||
.requestMatchers(securityMatcherConfigurer.getStaticResourceArray()).permitAll()
|
||||
.requestMatchers(EndpointRequest.toAnyEndpoint()).permitAll()
|
||||
.anyRequest().access(securityAuthorizationManager))
|
||||
.sessionManagement(management -> management.sessionAuthenticationStrategy(sessionAuthenticationStrategy))
|
||||
.authorizeHttpRequests(oauth2AuthorizeHttpRequestsConfigurerCustomer)
|
||||
.sessionManagement(oauth2SessionManagementConfigurerCustomer)
|
||||
.exceptionHandling(exceptions -> {
|
||||
exceptions.authenticationEntryPoint(new HerodotusAuthenticationEntryPoint());
|
||||
exceptions.accessDeniedHandler(new HerodotusAccessDeniedHandler());
|
||||
})
|
||||
.oauth2ResourceServer(herodotusTokenStrategyConfigurer::from)
|
||||
.oauth2ResourceServer(oauth2ResourceServerConfigurerCustomer)
|
||||
.apply(new OAuth2FormLoginSecureConfigurer<>(userDetailsService, authenticationProperties, captchaRendererFactory));
|
||||
|
||||
// @formatter:on
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
cn.herodotus.dante.authentication.autoconfigure.AuthenticationAutoConfiguration
|
||||
cn.herodotus.engine.oauth2.authorization.configuration.OAuth2AuthorizationConfiguration
|
||||
cn.herodotus.dante.module.security.configuration.SecurityModuleConfiguration
|
||||
cn.herodotus.dante.authentication.autoconfigure.ArchitectureStrategyConfiguration
|
||||
cn.herodotus.dante.authentication.autoconfigure.ArchitectureStrategyAutoConfiguration
|
||||
cn.herodotus.engine.oauth2.management.configuration.OAuth2ManagementConfiguration
|
||||
cn.herodotus.dante.authentication.autoconfigure.DefaultSecurityAutoConfiguration
|
||||
cn.herodotus.dante.authentication.autoconfigure.AuthorizationServerAutoConfiguration
|
||||
|
|
|
|||
|
|
@ -25,19 +25,17 @@
|
|||
|
||||
package cn.herodotus.dante.service.autoconfigure;
|
||||
|
||||
import cn.herodotus.engine.oauth2.authorization.customizer.HerodotusTokenStrategyConfigurer;
|
||||
import cn.herodotus.engine.oauth2.authorization.processor.SecurityAuthorizationManager;
|
||||
import cn.herodotus.engine.oauth2.authorization.processor.SecurityMatcherConfigurer;
|
||||
import cn.herodotus.engine.oauth2.authorization.customizer.OAuth2AuthorizeHttpRequestsConfigurerCustomer;
|
||||
import cn.herodotus.engine.oauth2.authorization.customizer.OAuth2ResourceServerConfigurerCustomer;
|
||||
import cn.herodotus.engine.oauth2.authorization.customizer.OAuth2SessionManagementConfigurerCustomer;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
import org.springframework.boot.actuate.autoconfigure.security.servlet.EndpointRequest;
|
||||
import org.springframework.boot.autoconfigure.AutoConfiguration;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
|
||||
import org.springframework.security.web.SecurityFilterChain;
|
||||
import org.springframework.security.web.authentication.session.SessionAuthenticationStrategy;
|
||||
|
||||
/**
|
||||
* <p>Description: 资源服务器配置 </p>
|
||||
|
|
@ -54,25 +52,18 @@ public class ResourceServerAutoConfiguration {
|
|||
@Bean
|
||||
public SecurityFilterChain securityFilterChain(
|
||||
HttpSecurity httpSecurity,
|
||||
SecurityMatcherConfigurer securityMatcherConfigurer,
|
||||
SecurityAuthorizationManager securityAuthorizationManager,
|
||||
HerodotusTokenStrategyConfigurer herodotusTokenStrategyConfigurer,
|
||||
SessionAuthenticationStrategy sessionAuthenticationStrategy
|
||||
OAuth2SessionManagementConfigurerCustomer oauth2SessionManagementConfigurerCustomer,
|
||||
OAuth2ResourceServerConfigurerCustomer oauth2ResourceServerConfigurerCustomer,
|
||||
OAuth2AuthorizeHttpRequestsConfigurerCustomer oauth2AuthorizeHttpRequestsConfigurerCustomer
|
||||
) throws Exception {
|
||||
|
||||
log.debug("[Herodotus] |- Bean [Resource Server Security Filter Chain] Auto Configure.");
|
||||
|
||||
httpSecurity.csrf(AbstractHttpConfigurer::disable).cors(AbstractHttpConfigurer::disable);
|
||||
|
||||
httpSecurity.sessionManagement(management -> management.sessionAuthenticationStrategy(sessionAuthenticationStrategy));
|
||||
|
||||
httpSecurity.authorizeHttpRequests(authorizeRequests ->
|
||||
authorizeRequests
|
||||
.requestMatchers(securityMatcherConfigurer.getPermitAllArray()).permitAll()
|
||||
.requestMatchers(securityMatcherConfigurer.getStaticResourceArray()).permitAll()
|
||||
.requestMatchers(EndpointRequest.toAnyEndpoint()).permitAll()
|
||||
.anyRequest().access(securityAuthorizationManager))
|
||||
.oauth2ResourceServer(herodotusTokenStrategyConfigurer::from);
|
||||
httpSecurity.authorizeHttpRequests(oauth2AuthorizeHttpRequestsConfigurerCustomer)
|
||||
.sessionManagement(oauth2SessionManagementConfigurerCustomer)
|
||||
.oauth2ResourceServer(oauth2ResourceServerConfigurerCustomer);
|
||||
|
||||
return httpSecurity.build();
|
||||
}
|
||||
|
|
|
|||
Binary file not shown.
|
After Width: | Height: | Size: 24 KiB |
Loading…
Reference in New Issue