⚡ 优化auth，去除过时配置

4 years ago · 0effb30de8
3 changed files with 1 additions and 90 deletions
--- a/blade-auth/src/main/java/org/springblade/auth/config/BladeResourceServerConfiguration.java
+++ b/blade-auth/src/main/java/org/springblade/auth/config/BladeResourceServerConfiguration.java
@ -22,7 +22,6 @@ import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
 import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
-import org.springframework.security.web.authentication.AuthenticationSuccessHandler;

 /**
 * 自定义登录成功配置
@ -34,17 +33,11 @@ import org.springframework.security.web.authentication.AuthenticationSuccessHand
@EnableResourceServer
 public class BladeResourceServerConfiguration extends ResourceServerConfigurerAdapter {

-	/**
-	 * 自定义登录成功处理器
-	 */
-	private final AuthenticationSuccessHandler appLoginInSuccessHandler;
-
 	@Override
 	@SneakyThrows
 	public void configure(HttpSecurity http) {
 		http.headers().frameOptions().disable();
 		http.formLogin()
-			.successHandler(appLoginInSuccessHandler)
 			.and()
 			.authorizeRequests()
 			.antMatchers(
--- a/blade-auth/src/main/java/org/springblade/auth/config/SecurityConfiguration.java
+++ b/blade-auth/src/main/java/org/springblade/auth/config/SecurityConfiguration.java
@ -50,7 +50,7 @@ public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
 	@Override
 	@SneakyThrows
 	protected void configure(HttpSecurity http) {
-		http.httpBasic().and().csrf().disable();
+		http.httpBasic().and().csrf().disable().authorizeRequests().anyRequest().fullyAuthenticated();
 	}

 }
--- a/blade-auth/src/main/java/org/springblade/auth/handler/AppLoginInSuccessHandler.java
+++ b/blade-auth/src/main/java/org/springblade/auth/handler/AppLoginInSuccessHandler.java
@ -1,82 +0,0 @@
-/*
- *      Copyright (c) 2018-2028, Chill Zhuang All rights reserved.
- *
- *  Redistribution and use in source and binary forms, with or without
- *  modification, are permitted provided that the following conditions are met:
- *
- *  Redistributions of source code must retain the above copyright notice,
- *  this list of conditions and the following disclaimer.
- *  Redistributions in binary form must reproduce the above copyright
- *  notice, this list of conditions and the following disclaimer in the
- *  documentation and/or other materials provided with the distribution.
- *  Neither the name of the dreamlu.net developer nor the names of its
- *  contributors may be used to endorse or promote products derived from
- *  this software without specific prior written permission.
- *  Author: Chill 庄骞 (smallchill@163.com)
- */
-package org.springblade.auth.handler;
-
-import lombok.AllArgsConstructor;
-import lombok.extern.slf4j.Slf4j;
-import org.springblade.auth.utils.TokenUtil;
-import org.springblade.core.tool.jackson.JsonUtil;
-import org.springframework.http.MediaType;
-import org.springframework.security.core.Authentication;
-import org.springframework.security.crypto.password.PasswordEncoder;
-import org.springframework.security.oauth2.common.OAuth2AccessToken;
-import org.springframework.security.oauth2.common.exceptions.UnapprovedClientAuthenticationException;
-import org.springframework.security.oauth2.provider.*;
-import org.springframework.security.oauth2.provider.token.AuthorizationServerTokenServices;
-import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
-import org.springframework.stereotype.Component;
-
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import java.io.IOException;
-import java.util.HashMap;
-
-/**
- * APP登录成功处理器
- *
- * @author Chill
- */
-@Slf4j
-@AllArgsConstructor
-@Component("appLoginInSuccessHandler")
-public class AppLoginInSuccessHandler extends SavedRequestAwareAuthenticationSuccessHandler {
-
-	private final PasswordEncoder passwordEncoder;
-
-	private final ClientDetailsService clientDetailsService;
-
-	private final AuthorizationServerTokenServices authorizationServerTokenServices;
-
-	@Override
-	public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws ServletException, IOException {
-		log.info("【AppLoginInSuccessHandler】 onAuthenticationSuccess authentication={}", authentication);
-
-		String[] tokens = TokenUtil.extractAndDecodeHeader();
-		if (tokens.length != 2) {
-			throw new UnapprovedClientAuthenticationException("client对应的配置信息不存在");
-		}
-		String clientId = tokens[0];
-		String clientSecret = tokens[1];
-
-		ClientDetails clientDetails = clientDetailsService.loadClientByClientId(clientId);
-		if (clientDetails == null) {
-			throw new UnapprovedClientAuthenticationException("clientId 对应的配置信息不存在" + clientId);
-		} else if (!passwordEncoder.matches(clientSecret, clientDetails.getClientSecret())) {
-			throw new UnapprovedClientAuthenticationException("clientSecret 不匹配" + clientId);
-		}
-
-		TokenRequest tokenRequest = new TokenRequest(new HashMap<>(16), clientId, clientDetails.getScope(), "app");
-		OAuth2Request oAuth2Request = tokenRequest.createOAuth2Request(clientDetails);
-		OAuth2Authentication oAuth2Authentication = new OAuth2Authentication(oAuth2Request, authentication);
-		OAuth2AccessToken token = authorizationServerTokenServices.createAccessToken(oAuth2Authentication);
-
-		response.setContentType(MediaType.APPLICATION_JSON_UTF8_VALUE);
-		response.getWriter().write(JsonUtil.toJson(token));
-	}
-
-}