jczz_unified_auth.git

parent: 62fdbdb8 | patch | commit | ignore whitespace

zrj

2024-06-11 4069aa1d01bb4ce98ea154940a46d5c014252897

鉴权调整

2 files modified

	blade-auth/src/main/java/org/springblade/auth/config/SecurityConfiguration.java	27 ●●●●● patch \| view \| raw \| blame \| history
	blade-auth/src/main/java/org/springblade/auth/handle/TokenFilterHandle.java	65 ●●●●● patch \| view \| raw \| blame \| history

 blade-auth/src/main/java/org/springblade/auth/config/SecurityConfiguration.java

@@ -5,7 +5,6 @@
import org.springblade.auth.constant.Oauth2Constants;
import org.springblade.auth.handle.TokenFilterHandle;
import org.springblade.auth.support.BladePasswordEncoderFactories;
import org.springblade.core.secure.registry.SecureRegistry;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
@@ -16,7 +15,6 @@
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;

import javax.annotation.Resource;

/**
@@ -35,31 +33,6 @@
    @Autowired
    private TokenFilterHandle tokenFilterHandle;

    /**
     * 安全框架配置
     */
    @Bean
    public SecureRegistry secureRegistry() {
        SecureRegistry secureRegistry = new SecureRegistry();
        secureRegistry.setEnabled(true);
        secureRegistry.excludePathPatterns("/oauth/login");
        secureRegistry.excludePathPatterns("/oauth/authorize");
        secureRegistry.excludePathPatterns("/oauth/form");
        secureRegistry.excludePathPatterns("/oauth/token");
        secureRegistry.excludePathPatterns("/blade-system/menu/routes");
        secureRegistry.excludePathPatterns("/blade-system/menu/auth-routes");
        secureRegistry.excludePathPatterns("/blade-system/menu/top-menu");
        secureRegistry.excludePathPatterns("/blade-system/tenant/info");
        secureRegistry.excludePathPatterns("/blade-flow/process/resource-view");
        secureRegistry.excludePathPatterns("/blade-flow/process/diagram-view");
        secureRegistry.excludePathPatterns("/blade-flow/manager/check-upload");
        secureRegistry.excludePathPatterns("/doc.html");
        secureRegistry.excludePathPatterns("/js/**");
        secureRegistry.excludePathPatterns("/webjars/**");
        secureRegistry.excludePathPatterns("/swagger-resources/**");
        secureRegistry.excludePathPatterns("/druid/**");
        return secureRegistry;
    }

    @Bean
    @Override

 blade-auth/src/main/java/org/springblade/auth/handle/TokenFilterHandle.java

@@ -2,14 +2,17 @@

import com.alibaba.nacos.common.utils.StringUtils;
import io.jsonwebtoken.Claims;
import org.springblade.auth.utils.TokenUtil;
import org.springblade.core.jwt.JwtUtil;
import org.springblade.core.launch.constant.TokenConstant;
import org.springblade.core.secure.registry.SecureRegistry;
import org.springblade.core.tool.utils.CollectionUtil;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
import org.springframework.util.AntPathMatcher;
import org.springframework.util.PathMatcher;
import org.springframework.web.filter.OncePerRequestFilter;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
@@ -18,6 +21,7 @@
import java.io.IOException;
import java.io.OutputStreamWriter;
import java.io.PrintWriter;
import java.util.List;

/**
 * token 校验过滤器
@@ -25,10 +29,44 @@
@Configuration
public class TokenFilterHandle extends OncePerRequestFilter {

    /**
     * 安全框架配置
     */
    @Bean
    public SecureRegistry secureRegistry() {
        SecureRegistry secureRegistry = new SecureRegistry();
        secureRegistry.setEnabled(true);
        secureRegistry.excludePathPatterns("/oauth/login");
        secureRegistry.excludePathPatterns("/oauth/authorize");
        secureRegistry.excludePathPatterns("/oauth/form");
        secureRegistry.excludePathPatterns("/oauth/token");
        secureRegistry.excludePathPatterns("/blade-system/menu/routes");
        secureRegistry.excludePathPatterns("/blade-system/menu/auth-routes");
        secureRegistry.excludePathPatterns("/blade-system/menu/top-menu");
        secureRegistry.excludePathPatterns("/blade-system/tenant/info");
        secureRegistry.excludePathPatterns("/blade-flow/process/resource-view");
        secureRegistry.excludePathPatterns("/blade-flow/process/diagram-view");
        secureRegistry.excludePathPatterns("/blade-flow/manager/check-upload");
        secureRegistry.excludePathPatterns("/doc.html");
        secureRegistry.excludePathPatterns("/js/**");
        secureRegistry.excludePathPatterns("/webjars/**");
        secureRegistry.excludePathPatterns("/swagger-resources/**");
        secureRegistry.excludePathPatterns("/druid/**");
        return secureRegistry;
    }


    @Override
    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
        throws ServletException, IOException {
        String requestURI = request.getRequestURI();
        // 白名单url 放行
        if (filterWhiteUrl(requestURI)){
            filterChain.doFilter(request, response);
            return;
        }

        // 获取请求头
        String auth = request.getHeader("Blade-Auth");
        if (StringUtils.isBlank(auth)) {
            // 无授权处理
@@ -49,10 +87,6 @@
                    = new UsernamePasswordAuthenticationToken(account, null);
                authenticationToken.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
                SecurityContextHolder.getContext().setAuthentication(authenticationToken);
            }else {
                // 无授权处理
                unAuthResponse(response);
                return;
            }
        }else {
            // 无授权处理
@@ -64,6 +98,25 @@
    }

    /**
     * 白名单url 放行
     * @param requestURI
     * @return
     */
    private boolean filterWhiteUrl(String requestURI) {
        List<String> whiteList = secureRegistry().getExcludePatterns();
        if (CollectionUtil.isNotEmpty(whiteList)) {
            PathMatcher matcher = new AntPathMatcher();
            for (String releaseUrl : whiteList) {
                boolean match = matcher.match(releaseUrl, requestURI);
                if (match) {
                    return true;
                }
            }
        }
        return false;
    }

    /**
     * 无授权处理
     * @param response
     * @throws IOException

			@@ -5,7 +5,6 @@
			import org.springblade.auth.constant.Oauth2Constants;
			import org.springblade.auth.handle.TokenFilterHandle;
			import org.springblade.auth.support.BladePasswordEncoderFactories;
			import org.springblade.core.secure.registry.SecureRegistry;
			import org.springframework.beans.factory.annotation.Autowired;
			import org.springframework.context.annotation.Bean;
			import org.springframework.context.annotation.Configuration;
			@@ -16,7 +15,6 @@
			import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
			import org.springframework.security.crypto.password.PasswordEncoder;
			import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;

			import javax.annotation.Resource;

			/**
			@@ -35,31 +33,6 @@
			@Autowired
			private TokenFilterHandle tokenFilterHandle;

			/**
			* 安全框架配置
			*/
			@Bean
			public SecureRegistry secureRegistry() {
			SecureRegistry secureRegistry = new SecureRegistry();
			secureRegistry.setEnabled(true);
			secureRegistry.excludePathPatterns("/oauth/login");
			secureRegistry.excludePathPatterns("/oauth/authorize");
			secureRegistry.excludePathPatterns("/oauth/form");
			secureRegistry.excludePathPatterns("/oauth/token");
			secureRegistry.excludePathPatterns("/blade-system/menu/routes");
			secureRegistry.excludePathPatterns("/blade-system/menu/auth-routes");
			secureRegistry.excludePathPatterns("/blade-system/menu/top-menu");
			secureRegistry.excludePathPatterns("/blade-system/tenant/info");
			secureRegistry.excludePathPatterns("/blade-flow/process/resource-view");
			secureRegistry.excludePathPatterns("/blade-flow/process/diagram-view");
			secureRegistry.excludePathPatterns("/blade-flow/manager/check-upload");
			secureRegistry.excludePathPatterns("/doc.html");
			secureRegistry.excludePathPatterns("/js/**");
			secureRegistry.excludePathPatterns("/webjars/**");
			secureRegistry.excludePathPatterns("/swagger-resources/**");
			secureRegistry.excludePathPatterns("/druid/**");
			return secureRegistry;
			}

			@Bean
			@Override

			@@ -2,14 +2,17 @@

			import com.alibaba.nacos.common.utils.StringUtils;
			import io.jsonwebtoken.Claims;
			import org.springblade.auth.utils.TokenUtil;
			import org.springblade.core.jwt.JwtUtil;
			import org.springblade.core.launch.constant.TokenConstant;
			import org.springblade.core.secure.registry.SecureRegistry;
			import org.springblade.core.tool.utils.CollectionUtil;
			import org.springframework.context.annotation.Bean;
			import org.springframework.context.annotation.Configuration;
			import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
			import org.springframework.security.core.context.SecurityContext;
			import org.springframework.security.core.context.SecurityContextHolder;
			import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
			import org.springframework.util.AntPathMatcher;
			import org.springframework.util.PathMatcher;
			import org.springframework.web.filter.OncePerRequestFilter;
			import javax.servlet.FilterChain;
			import javax.servlet.ServletException;
			@@ -18,6 +21,7 @@
			import java.io.IOException;
			import java.io.OutputStreamWriter;
			import java.io.PrintWriter;
			import java.util.List;

			/**
			* token 校验过滤器
			@@ -25,10 +29,44 @@
			@Configuration
			public class TokenFilterHandle extends OncePerRequestFilter {

			/**
			* 安全框架配置
			*/
			@Bean
			public SecureRegistry secureRegistry() {
			SecureRegistry secureRegistry = new SecureRegistry();
			secureRegistry.setEnabled(true);
			secureRegistry.excludePathPatterns("/oauth/login");
			secureRegistry.excludePathPatterns("/oauth/authorize");
			secureRegistry.excludePathPatterns("/oauth/form");
			secureRegistry.excludePathPatterns("/oauth/token");
			secureRegistry.excludePathPatterns("/blade-system/menu/routes");
			secureRegistry.excludePathPatterns("/blade-system/menu/auth-routes");
			secureRegistry.excludePathPatterns("/blade-system/menu/top-menu");
			secureRegistry.excludePathPatterns("/blade-system/tenant/info");
			secureRegistry.excludePathPatterns("/blade-flow/process/resource-view");
			secureRegistry.excludePathPatterns("/blade-flow/process/diagram-view");
			secureRegistry.excludePathPatterns("/blade-flow/manager/check-upload");
			secureRegistry.excludePathPatterns("/doc.html");
			secureRegistry.excludePathPatterns("/js/**");
			secureRegistry.excludePathPatterns("/webjars/**");
			secureRegistry.excludePathPatterns("/swagger-resources/**");
			secureRegistry.excludePathPatterns("/druid/**");
			return secureRegistry;
			}


			@Override
			protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
			throws ServletException, IOException {
			String requestURI = request.getRequestURI();
			// 白名单url 放行
			if (filterWhiteUrl(requestURI)){
			filterChain.doFilter(request, response);
			return;
			}

			// 获取请求头
			String auth = request.getHeader("Blade-Auth");
			if (StringUtils.isBlank(auth)) {
			// 无授权处理
			@@ -49,10 +87,6 @@
			= new UsernamePasswordAuthenticationToken(account, null);
			authenticationToken.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
			SecurityContextHolder.getContext().setAuthentication(authenticationToken);
			}else {
			// 无授权处理
			unAuthResponse(response);
			return;
			}
			}else {
			// 无授权处理
			@@ -64,6 +98,25 @@
			}

			/**
			* 白名单url 放行
			* @param requestURI
			* @return
			*/
			private boolean filterWhiteUrl(String requestURI) {
			List<String> whiteList = secureRegistry().getExcludePatterns();
			if (CollectionUtil.isNotEmpty(whiteList)) {
			PathMatcher matcher = new AntPathMatcher();
			for (String releaseUrl : whiteList) {
			boolean match = matcher.match(releaseUrl, requestURI);
			if (match) {
			return true;
			}
			}
			}
			return false;
			}

			/**
			* 无授权处理
			* @param response
			* @throws IOException