微调

bf296e19 · inroi · b7e6c299 · bf296e19 · bf296e19 · bf296e19
--- a/lic-system/src/main/java/com/system/oauth/config/BigOAuth2AuthenticationManager.java
+++ b/lic-system/src/main/java/com/system/oauth/config/BigOAuth2AuthenticationManager.java
+package com.system.oauth.config;
+
+import org.springframework.security.authentication.AnonymousAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.core.authority.AuthorityUtils;
+import org.springframework.security.oauth2.common.exceptions.InvalidTokenException;
+import org.springframework.security.oauth2.provider.authentication.OAuth2AuthenticationManager;
+
+import java.util.UUID;
+
+/**解决带过期token请求免登录接口被拦截
+ * 认证管理器
+ * 继承于原本的OAuth2认证管理器,替代原本的认证管理器
+ * 目的是做到如果原来的认证管理器如果提取token并认证失败报错的话,提供一个匿名的访问认证 {@link AnonymousAuthenticationToken}
+ * 最终效果是实现即时请求 无须认证 的接口时带着 过期 或 无效 的 token 时,可以正常继续请求而不会因为 过期或无效的token 导致请求失败
+ */
+public class BigOAuth2AuthenticationManager extends OAuth2AuthenticationManager {
+
+    @Override
+    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
+        try {
+            return super.authenticate(authentication);
+        } catch (AuthenticationException | InvalidTokenException e) {
+            return new AnonymousAuthenticationToken(UUID.randomUUID().toString(), "anonymousUser", AuthorityUtils.createAuthorityList("ROLE_ANONYMOUS"));
+        }
+    }
+}
\ No newline at end of file
--- a/lic-system/src/main/java/com/system/oauth/config/CustomAuthenticationEntryPoint.java
+++ b/lic-system/src/main/java/com/system/oauth/config/CustomAuthenticationEntryPoint.java
+package com.system.oauth.config;
+
+import com.system.framework.core.response.StarBosResult;
+import com.system.utils.JsonUtil;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.http.HttpStatus;
+import org.springframework.security.authentication.BadCredentialsException;
+import org.springframework.security.authentication.InsufficientAuthenticationException;
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint;
+import org.springframework.stereotype.Component;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+
+/**
+ * Oauth2异常信息返回处理
+ *
+ * @author ly_rical
+ */
+@Component
+@Slf4j
+public class CustomAuthenticationEntryPoint extends OAuth2AuthenticationEntryPoint {
+
+    @Override
+    public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException e) throws IOException, ServletException {
+        log.error(e.getMessage());
+        //如果是client_id和client_secret相关异常 返回自定义的数据格式
+        if (e instanceof BadCredentialsException) {
+            response.setStatus(HttpStatus.OK.value());
+            response.setHeader("Content-Type", "application/json;charset=UTF-8");
+
+            StarBosResult<Boolean> result = StarBosResult.fail(912, "INVALID_CLIENT");
+            result.setData(false);
+            response.getWriter().write(JsonUtil.toString(result));
+        } else if (e instanceof InsufficientAuthenticationException) {
+            //如果是没有携带token
+            InsufficientAuthenticationException a = (InsufficientAuthenticationException) e;
+            response.setStatus(HttpStatus.UNAUTHORIZED.value());
+            response.setHeader("Content-Type", "application/json;charset=UTF-8");
+            StarBosResult<Boolean> result = StarBosResult.fail(911, "未携带TOKEN或无效TOKEN");
+            result.setData(false);
+            response.getWriter().write(JsonUtil.toString(result));
+        } else {
+            super.commence(request, response, e);
+        }
+    }
+}
--- a/lic-system/src/main/java/com/system/oauth/config/OAuth2Config.java
+++ b/lic-system/src/main/java/com/system/oauth/config/OAuth2Config.java
@@ -14,6 +14,7 @@ import org.springframework.security.oauth2.config.annotation.web.configuration.E
 import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
 import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;
 import org.springframework.security.oauth2.provider.ClientDetailsService;
+import org.springframework.security.oauth2.provider.client.ClientCredentialsTokenEndpointFilter;
 import org.springframework.security.oauth2.provider.client.JdbcClientDetailsService;
 import org.springframework.security.oauth2.provider.code.AuthorizationCodeServices;
 import org.springframework.security.oauth2.provider.code.JdbcAuthorizationCodeServices;
@@ -77,7 +78,6 @@ public class OAuth2Config extends AuthorizationServerConfigurerAdapter {
    }


-
    @Bean
    public AuthorizationServerTokenServices tokenService() {
        DefaultTokenServices service = new DefaultTokenServices();
@@ -125,6 +125,12 @@ public class OAuth2Config extends AuthorizationServerConfigurerAdapter {

    @Override
    public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
+        //        过滤器添加Oauth2异常信息返回处理
+        ClientCredentialsTokenEndpointFilter filter = new ClientCredentialsTokenEndpointFilter();
+        filter.setAuthenticationManager(authenticationManager);
+        filter.setAuthenticationEntryPoint(new CustomAuthenticationEntryPoint());
+        filter.afterPropertiesSet();
+        security.addTokenEndpointAuthenticationFilter(filter);
        security.allowFormAuthenticationForClients();
 //        security.checkTokenAccess("isAuthenticated()");
 //        security.tokenKeyAccess("isAuthenticated()");

--- a/lic-system/src/main/java/com/system/oauth/config/ResourceServerConfig.java
+++ b/lic-system/src/main/java/com/system/oauth/config/ResourceServerConfig.java
@@ -6,6 +6,7 @@ import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
 import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
+import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;

 //
 @Configuration
@@ -34,6 +35,14 @@ public class ResourceServerConfig extends ResourceServerConfigurerAdapter {
 //    }

    @Override
+    public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
+        //oauth2添加异常信息管理
+        resources.authenticationEntryPoint(new CustomAuthenticationEntryPoint());
+        //添加认证管理器 解决带过期token请求免登录接口被拦截
+        resources.authenticationManager(new BigOAuth2AuthenticationManager());
+    }
+
+    @Override
    public void configure(HttpSecurity http) throws Exception {

        http
@@ -42,7 +51,7 @@ public class ResourceServerConfig extends ResourceServerConfigurerAdapter {
                .antMatchers("/auth/login").permitAll()//登录接口
                .antMatchers("/auth/getCaptcha").permitAll()
                .antMatchers("/user/image").permitAll()
-                .antMatchers("/swagger-ui.html","/webjars/**","/swagger-resources/**","/v2/**","doc.html","/").permitAll()
+                .antMatchers("/swagger-ui.html", "/webjars/**", "/swagger-resources/**", "/v2/**", "doc.html", "/").permitAll()
                .antMatchers("/test").permitAll()
                .antMatchers("/webSocketApi/**").permitAll()
                .antMatchers("/websocket/**").permitAll()