diff --git a/eiam-authentication/eiam-authentication-dingtalk/src/main/java/cn/topiam/employee/authentication/dingtalk/configurer/DingtalkOAuth2AuthenticationConfigurer.java b/eiam-authentication/eiam-authentication-dingtalk/src/main/java/cn/topiam/employee/authentication/dingtalk/configurer/DingtalkOAuth2AuthenticationConfigurer.java index 3de61076..f66d370e 100644 --- a/eiam-authentication/eiam-authentication-dingtalk/src/main/java/cn/topiam/employee/authentication/dingtalk/configurer/DingtalkOAuth2AuthenticationConfigurer.java +++ b/eiam-authentication/eiam-authentication-dingtalk/src/main/java/cn/topiam/employee/authentication/dingtalk/configurer/DingtalkOAuth2AuthenticationConfigurer.java @@ -17,6 +17,7 @@ */ package cn.topiam.employee.authentication.dingtalk.configurer; +import org.springframework.http.HttpMethod; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer; import org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter; @@ -31,6 +32,10 @@ import cn.topiam.employee.authentication.dingtalk.filter.DingtalkOAuth2Authoriza import cn.topiam.employee.authentication.dingtalk.filter.DingtalkOauthAuthenticationFilter; import cn.topiam.employee.common.repository.authentication.IdentityProviderRepository; +import lombok.NonNull; +import lombok.Setter; +import static cn.topiam.employee.support.security.util.HttpSecurityFilterOrderRegistrationUtils.putFilterBefore; + /** * 认证配置 * @@ -40,6 +45,10 @@ import cn.topiam.employee.common.repository.authentication.IdentityProviderRepos @SuppressWarnings("AlibabaClassNamingShouldBeCamel") public final class DingtalkOAuth2AuthenticationConfigurer extends AbstractAuthenticationFilterConfigurer { + @Setter + @NonNull + private String loginProcessingUrl = DingtalkOauthAuthenticationFilter.DEFAULT_FILTER_PROCESSES_URI; + private final IdentityProviderRepository identityProviderRepository; private final UserIdpService userIdpService; @@ -60,28 +69,25 @@ public final class DingtalkOAuth2AuthenticationConfigurer extends */ @Override protected RequestMatcher createLoginProcessingUrlMatcher(String loginProcessingUrl) { - return new AntPathRequestMatcher(loginProcessingUrl); + return new AntPathRequestMatcher(loginProcessingUrl, HttpMethod.GET.name()); } @Override public void init(HttpSecurity http) throws Exception { //钉钉登录认证 - DingtalkOauthAuthenticationFilter loginAuthenticationFilter = new DingtalkOauthAuthenticationFilter( - identityProviderRepository, userIdpService); - this.setAuthenticationFilter(loginAuthenticationFilter); - //处理URL - super.loginProcessingUrl(DingtalkOauthAuthenticationFilter.DEFAULT_FILTER_PROCESSES_URI); - super.init(http); - } + this.setAuthenticationFilter( + new DingtalkOauthAuthenticationFilter(identityProviderRepository, userIdpService)); + putFilterBefore(http, this.getAuthenticationFilter(), + OAuth2LoginAuthenticationFilter.class); - @Override - public void configure(HttpSecurity http) throws Exception { //钉钉请求重定向 - DingtalkOAuth2AuthorizationRequestRedirectFilter requestRedirectFilter = new DingtalkOAuth2AuthorizationRequestRedirectFilter( - identityProviderRepository); - http.addFilterBefore(requestRedirectFilter, OAuth2AuthorizationRequestRedirectFilter.class); - http.addFilterBefore(this.getAuthenticationFilter(), OAuth2LoginAuthenticationFilter.class); - super.configure(http); + http.addFilterBefore( + new DingtalkOAuth2AuthorizationRequestRedirectFilter(identityProviderRepository), + OAuth2AuthorizationRequestRedirectFilter.class); + + //登录处理地址 + super.loginProcessingUrl(loginProcessingUrl); + super.init(http); } public RequestMatcher getRequestMatcher() { diff --git a/eiam-authentication/eiam-authentication-dingtalk/src/main/java/cn/topiam/employee/authentication/dingtalk/configurer/DingtalkScanCodeAuthenticationConfigurer.java b/eiam-authentication/eiam-authentication-dingtalk/src/main/java/cn/topiam/employee/authentication/dingtalk/configurer/DingtalkScanCodeAuthenticationConfigurer.java index 9448f832..5dd48625 100644 --- a/eiam-authentication/eiam-authentication-dingtalk/src/main/java/cn/topiam/employee/authentication/dingtalk/configurer/DingtalkScanCodeAuthenticationConfigurer.java +++ b/eiam-authentication/eiam-authentication-dingtalk/src/main/java/cn/topiam/employee/authentication/dingtalk/configurer/DingtalkScanCodeAuthenticationConfigurer.java @@ -17,6 +17,7 @@ */ package cn.topiam.employee.authentication.dingtalk.configurer; +import org.springframework.http.HttpMethod; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer; import org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter; @@ -31,6 +32,10 @@ import cn.topiam.employee.authentication.dingtalk.filter.DingtalkScanCodeAuthent import cn.topiam.employee.authentication.dingtalk.filter.DingtalkScanCodeAuthorizationRequestGetFilter; import cn.topiam.employee.common.repository.authentication.IdentityProviderRepository; +import lombok.NonNull; +import lombok.Setter; +import static cn.topiam.employee.support.security.util.HttpSecurityFilterOrderRegistrationUtils.putFilterBefore; + /** * 认证配置 * @@ -39,6 +44,10 @@ import cn.topiam.employee.common.repository.authentication.IdentityProviderRepos */ public final class DingtalkScanCodeAuthenticationConfigurer extends AbstractAuthenticationFilterConfigurer { + @Setter + @NonNull + private String loginProcessingUrl = DingtalkScanCodeAuthenticationFilter.DEFAULT_FILTER_PROCESSES_URI; + private final IdentityProviderRepository identityProviderRepository; private final UserIdpService userIdpService; @@ -59,28 +68,25 @@ public final class DingtalkScanCodeAuthenticationConfigurer extends */ @Override protected RequestMatcher createLoginProcessingUrlMatcher(String loginProcessingUrl) { - return new AntPathRequestMatcher(loginProcessingUrl); + return new AntPathRequestMatcher(loginProcessingUrl, HttpMethod.GET.name()); } @Override public void init(HttpSecurity http) throws Exception { //钉钉扫码登录认证 - DingtalkScanCodeAuthenticationFilter loginAuthenticationFilter = new DingtalkScanCodeAuthenticationFilter( - identityProviderRepository, userIdpService); - this.setAuthenticationFilter(loginAuthenticationFilter); - //处理URL - super.loginProcessingUrl(DingtalkScanCodeAuthenticationFilter.DEFAULT_FILTER_PROCESSES_URI); - super.init(http); - } + this.setAuthenticationFilter( + new DingtalkScanCodeAuthenticationFilter(identityProviderRepository, userIdpService)); + putFilterBefore(http, this.getAuthenticationFilter(), + OAuth2LoginAuthenticationFilter.class); - @Override - public void configure(HttpSecurity http) throws Exception { //钉钉请求重定向 - DingtalkScanCodeAuthorizationRequestGetFilter requestRedirectFilter = new DingtalkScanCodeAuthorizationRequestGetFilter( - identityProviderRepository); - http.addFilterBefore(requestRedirectFilter, OAuth2AuthorizationRequestRedirectFilter.class); - http.addFilterBefore(this.getAuthenticationFilter(), OAuth2LoginAuthenticationFilter.class); - super.configure(http); + http.addFilterBefore( + new DingtalkScanCodeAuthorizationRequestGetFilter(identityProviderRepository), + OAuth2AuthorizationRequestRedirectFilter.class); + + //登录处理网址 + super.loginProcessingUrl(this.loginProcessingUrl); + super.init(http); } public RequestMatcher getRequestMatcher() { diff --git a/eiam-authentication/eiam-authentication-dingtalk/src/main/java/cn/topiam/employee/authentication/dingtalk/filter/DingtalkOauthAuthenticationFilter.java b/eiam-authentication/eiam-authentication-dingtalk/src/main/java/cn/topiam/employee/authentication/dingtalk/filter/DingtalkOauthAuthenticationFilter.java index ac7cd9ac..f8b20859 100644 --- a/eiam-authentication/eiam-authentication-dingtalk/src/main/java/cn/topiam/employee/authentication/dingtalk/filter/DingtalkOauthAuthenticationFilter.java +++ b/eiam-authentication/eiam-authentication-dingtalk/src/main/java/cn/topiam/employee/authentication/dingtalk/filter/DingtalkOauthAuthenticationFilter.java @@ -25,7 +25,6 @@ import java.util.concurrent.TimeUnit; import org.apache.commons.lang3.StringUtils; import org.springframework.http.HttpMethod; -import org.springframework.security.authentication.AuthenticationServiceException; import org.springframework.security.core.Authentication; import org.springframework.security.core.AuthenticationException; import org.springframework.security.oauth2.core.OAuth2AuthenticationException; @@ -63,6 +62,7 @@ import jakarta.servlet.http.HttpServletResponse; import static cn.topiam.employee.authentication.common.IdentityProviderType.DINGTALK_OAUTH; import static cn.topiam.employee.authentication.common.IdentityProviderType.DINGTALK_QR; import static cn.topiam.employee.authentication.common.constant.AuthenticationConstants.*; +import static cn.topiam.employee.authentication.dingtalk.constant.DingTalkAuthenticationConstants.AUTH_CODE; /** * 钉钉认证过滤器 @@ -90,7 +90,7 @@ public class DingtalkOauthAuthenticationFilter extends AbstractIdpAuthentication */ public DingtalkOauthAuthenticationFilter(IdentityProviderRepository identityProviderRepository, UserIdpService userIdpService) { - super(DEFAULT_FILTER_PROCESSES_URI, userIdpService, identityProviderRepository); + super(REQUEST_MATCHER, userIdpService, identityProviderRepository); } /** @@ -105,10 +105,6 @@ public class DingtalkOauthAuthenticationFilter extends AbstractIdpAuthentication public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException, IOException { - if (!REQUEST_MATCHER.matches(request)) { - throw new AuthenticationServiceException( - "Authentication method not supported: " + request.getMethod()); - } OAuth2AuthorizationRequest authorizationRequest = getOauth2AuthorizationRequest(request, response); TraceUtils.put(UUID.randomUUID().toString()); diff --git a/eiam-authentication/eiam-authentication-dingtalk/src/main/java/cn/topiam/employee/authentication/dingtalk/filter/DingtalkScanCodeAuthenticationFilter.java b/eiam-authentication/eiam-authentication-dingtalk/src/main/java/cn/topiam/employee/authentication/dingtalk/filter/DingtalkScanCodeAuthenticationFilter.java index 1bba4f4a..f219cde5 100644 --- a/eiam-authentication/eiam-authentication-dingtalk/src/main/java/cn/topiam/employee/authentication/dingtalk/filter/DingtalkScanCodeAuthenticationFilter.java +++ b/eiam-authentication/eiam-authentication-dingtalk/src/main/java/cn/topiam/employee/authentication/dingtalk/filter/DingtalkScanCodeAuthenticationFilter.java @@ -25,7 +25,6 @@ import java.util.concurrent.TimeUnit; import org.apache.commons.lang3.StringUtils; import org.springframework.http.HttpMethod; -import org.springframework.security.authentication.AuthenticationServiceException; import org.springframework.security.core.Authentication; import org.springframework.security.core.AuthenticationException; import org.springframework.security.oauth2.core.OAuth2AuthenticationException; @@ -96,7 +95,7 @@ public class DingtalkScanCodeAuthenticationFilter extends */ public DingtalkScanCodeAuthenticationFilter(IdentityProviderRepository identityProviderRepository, UserIdpService userIdpService) { - super(DEFAULT_FILTER_PROCESSES_URI, userIdpService, identityProviderRepository); + super(REQUEST_MATCHER, userIdpService, identityProviderRepository); } /** @@ -111,10 +110,6 @@ public class DingtalkScanCodeAuthenticationFilter extends public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException, IOException { - if (!REQUEST_MATCHER.matches(request)) { - throw new AuthenticationServiceException( - "Authentication method not supported: " + request.getMethod()); - } //@formatter:off OAuth2AuthorizationRequest authorizationRequest = getOauth2AuthorizationRequest(request, response); diff --git a/eiam-authentication/eiam-authentication-feishu/src/main/java/cn/topiam/employee/authentication/feishu/configurer/FeiShuScanCodeAuthenticationConfigurer.java b/eiam-authentication/eiam-authentication-feishu/src/main/java/cn/topiam/employee/authentication/feishu/configurer/FeiShuScanCodeAuthenticationConfigurer.java index 922a806d..ecc9bc72 100644 --- a/eiam-authentication/eiam-authentication-feishu/src/main/java/cn/topiam/employee/authentication/feishu/configurer/FeiShuScanCodeAuthenticationConfigurer.java +++ b/eiam-authentication/eiam-authentication-feishu/src/main/java/cn/topiam/employee/authentication/feishu/configurer/FeiShuScanCodeAuthenticationConfigurer.java @@ -17,6 +17,7 @@ */ package cn.topiam.employee.authentication.feishu.configurer; +import org.springframework.http.HttpMethod; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer; import org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter; @@ -31,6 +32,10 @@ import cn.topiam.employee.authentication.feishu.filter.FeiShuAuthorizationReques import cn.topiam.employee.authentication.feishu.filter.FeiShuLoginAuthenticationFilter; import cn.topiam.employee.common.repository.authentication.IdentityProviderRepository; +import lombok.NonNull; +import lombok.Setter; +import static cn.topiam.employee.support.security.util.HttpSecurityFilterOrderRegistrationUtils.putFilterBefore; + /** * 认证配置 * @@ -39,7 +44,9 @@ import cn.topiam.employee.common.repository.authentication.IdentityProviderRepos */ public final class FeiShuScanCodeAuthenticationConfigurer extends AbstractAuthenticationFilterConfigurer { - + @Setter + @NonNull + private String loginProcessingUrl = FeiShuLoginAuthenticationFilter.DEFAULT_FILTER_PROCESSES_URI; private final IdentityProviderRepository identityProviderRepository; private final UserIdpService userIdpService; @@ -60,28 +67,25 @@ public final class FeiShuScanCodeAuthenticationConfigurer extends */ @Override protected RequestMatcher createLoginProcessingUrlMatcher(String loginProcessingUrl) { - return new AntPathRequestMatcher(loginProcessingUrl); + return new AntPathRequestMatcher(loginProcessingUrl, HttpMethod.GET.name()); } @Override public void init(HttpSecurity http) throws Exception { //飞书登录认证 - FeiShuLoginAuthenticationFilter loginAuthenticationFilter = new FeiShuLoginAuthenticationFilter( - identityProviderRepository, userIdpService); - this.setAuthenticationFilter(loginAuthenticationFilter); - //处理URL - super.loginProcessingUrl(FeiShuLoginAuthenticationFilter.DEFAULT_FILTER_PROCESSES_URI); - super.init(http); - } + this.setAuthenticationFilter( + new FeiShuLoginAuthenticationFilter(identityProviderRepository, userIdpService)); + putFilterBefore(http, this.getAuthenticationFilter(), + OAuth2LoginAuthenticationFilter.class); - @Override - public void configure(HttpSecurity http) throws Exception { //飞书请求重定向 - FeiShuAuthorizationRequestRedirectFilter requestRedirectFilter = new FeiShuAuthorizationRequestRedirectFilter( - identityProviderRepository); - http.addFilterBefore(requestRedirectFilter, OAuth2AuthorizationRequestRedirectFilter.class); - http.addFilterBefore(this.getAuthenticationFilter(), OAuth2LoginAuthenticationFilter.class); - super.configure(http); + http.addFilterBefore( + new FeiShuAuthorizationRequestRedirectFilter(identityProviderRepository), + OAuth2AuthorizationRequestRedirectFilter.class); + + //登录处理网址 + super.loginProcessingUrl(this.loginProcessingUrl); + super.init(http); } public RequestMatcher getRequestMatcher() { diff --git a/eiam-authentication/eiam-authentication-feishu/src/main/java/cn/topiam/employee/authentication/feishu/filter/FeiShuLoginAuthenticationFilter.java b/eiam-authentication/eiam-authentication-feishu/src/main/java/cn/topiam/employee/authentication/feishu/filter/FeiShuLoginAuthenticationFilter.java index 133f5298..d5cd58ab 100644 --- a/eiam-authentication/eiam-authentication-feishu/src/main/java/cn/topiam/employee/authentication/feishu/filter/FeiShuLoginAuthenticationFilter.java +++ b/eiam-authentication/eiam-authentication-feishu/src/main/java/cn/topiam/employee/authentication/feishu/filter/FeiShuLoginAuthenticationFilter.java @@ -25,7 +25,6 @@ import java.util.Objects; import org.apache.commons.lang3.StringUtils; import org.apache.http.message.BasicHeader; import org.springframework.http.HttpMethod; -import org.springframework.security.authentication.AuthenticationServiceException; import org.springframework.security.core.Authentication; import org.springframework.security.core.AuthenticationException; import org.springframework.security.oauth2.core.OAuth2AuthenticationException; @@ -76,7 +75,7 @@ public class FeiShuLoginAuthenticationFilter extends AbstractIdpAuthenticationPr */ public FeiShuLoginAuthenticationFilter(IdentityProviderRepository identityProviderRepository, UserIdpService userIdpService) { - super(DEFAULT_FILTER_PROCESSES_URI, userIdpService, identityProviderRepository); + super(REQUEST_MATCHER, userIdpService, identityProviderRepository); } /** @@ -91,10 +90,6 @@ public class FeiShuLoginAuthenticationFilter extends AbstractIdpAuthenticationPr public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException, IOException { - if (!REQUEST_MATCHER.matches(request)) { - throw new AuthenticationServiceException( - "Authentication method not supported: " + request.getMethod()); - } OAuth2AuthorizationRequest authorizationRequest = getOauth2AuthorizationRequest(request, response); RequestMatcher.MatchResult matcher = REQUEST_MATCHER.matcher(request); diff --git a/eiam-authentication/eiam-authentication-gitee/src/main/java/cn/topiam/employee/authentication/gitee/configurer/GiteeAuthenticationConfigurer.java b/eiam-authentication/eiam-authentication-gitee/src/main/java/cn/topiam/employee/authentication/gitee/configurer/GiteeAuthenticationConfigurer.java index c71a71d9..0bc3fa2f 100644 --- a/eiam-authentication/eiam-authentication-gitee/src/main/java/cn/topiam/employee/authentication/gitee/configurer/GiteeAuthenticationConfigurer.java +++ b/eiam-authentication/eiam-authentication-gitee/src/main/java/cn/topiam/employee/authentication/gitee/configurer/GiteeAuthenticationConfigurer.java @@ -17,6 +17,7 @@ */ package cn.topiam.employee.authentication.gitee.configurer; +import org.springframework.http.HttpMethod; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer; import org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter; @@ -31,6 +32,10 @@ import cn.topiam.employee.authentication.gitee.filter.GiteeAuthorizationRequestR import cn.topiam.employee.authentication.gitee.filter.GiteeLoginAuthenticationFilter; import cn.topiam.employee.common.repository.authentication.IdentityProviderRepository; +import lombok.NonNull; +import lombok.Setter; +import static cn.topiam.employee.support.security.util.HttpSecurityFilterOrderRegistrationUtils.putFilterBefore; + /** * 认证配置 * @@ -39,7 +44,9 @@ import cn.topiam.employee.common.repository.authentication.IdentityProviderRepos */ public final class GiteeAuthenticationConfigurer extends AbstractAuthenticationFilterConfigurer { - + @Setter + @NonNull + private String loginProcessingUrl = GiteeLoginAuthenticationFilter.DEFAULT_FILTER_PROCESSES_URI; private final IdentityProviderRepository identityProviderRepository; private final UserIdpService userIdpService; @@ -60,28 +67,25 @@ public final class GiteeAuthenticationConfigurer extends */ @Override protected RequestMatcher createLoginProcessingUrlMatcher(String loginProcessingUrl) { - return new AntPathRequestMatcher(loginProcessingUrl); + return new AntPathRequestMatcher(loginProcessingUrl, HttpMethod.GET.name()); } @Override public void init(HttpSecurity http) throws Exception { //Gitee登录认证 - GiteeLoginAuthenticationFilter loginAuthenticationFilter = new GiteeLoginAuthenticationFilter( - identityProviderRepository, userIdpService); - this.setAuthenticationFilter(loginAuthenticationFilter); - //处理URL - super.loginProcessingUrl(GiteeLoginAuthenticationFilter.DEFAULT_FILTER_PROCESSES_URI); - super.init(http); - } + this.setAuthenticationFilter( + new GiteeLoginAuthenticationFilter(identityProviderRepository, userIdpService)); + putFilterBefore(http, this.getAuthenticationFilter(), + OAuth2LoginAuthenticationFilter.class); - @Override - public void configure(HttpSecurity http) throws Exception { //Gitee扫码请求重定向 - GiteeAuthorizationRequestRedirectFilter requestRedirectFilter = new GiteeAuthorizationRequestRedirectFilter( - identityProviderRepository); - http.addFilterBefore(requestRedirectFilter, OAuth2AuthorizationRequestRedirectFilter.class); - http.addFilterBefore(this.getAuthenticationFilter(), OAuth2LoginAuthenticationFilter.class); - super.configure(http); + http.addFilterBefore( + new GiteeAuthorizationRequestRedirectFilter(identityProviderRepository), + OAuth2AuthorizationRequestRedirectFilter.class); + + //登录处理地址 + super.loginProcessingUrl(this.loginProcessingUrl); + super.init(http); } public RequestMatcher getRequestMatcher() { diff --git a/eiam-authentication/eiam-authentication-gitee/src/main/java/cn/topiam/employee/authentication/gitee/filter/GiteeLoginAuthenticationFilter.java b/eiam-authentication/eiam-authentication-gitee/src/main/java/cn/topiam/employee/authentication/gitee/filter/GiteeLoginAuthenticationFilter.java index b2d62740..251bba8b 100644 --- a/eiam-authentication/eiam-authentication-gitee/src/main/java/cn/topiam/employee/authentication/gitee/filter/GiteeLoginAuthenticationFilter.java +++ b/eiam-authentication/eiam-authentication-gitee/src/main/java/cn/topiam/employee/authentication/gitee/filter/GiteeLoginAuthenticationFilter.java @@ -24,7 +24,6 @@ import java.util.Objects; import org.apache.commons.lang3.StringUtils; import org.springframework.http.HttpMethod; -import org.springframework.security.authentication.AuthenticationServiceException; import org.springframework.security.core.Authentication; import org.springframework.security.core.AuthenticationException; import org.springframework.security.oauth2.core.OAuth2AuthenticationException; @@ -80,7 +79,7 @@ public class GiteeLoginAuthenticationFilter extends AbstractIdpAuthenticationPro */ public GiteeLoginAuthenticationFilter(IdentityProviderRepository identityProviderRepository, UserIdpService userIdpService) { - super(DEFAULT_FILTER_PROCESSES_URI, userIdpService, identityProviderRepository); + super(REQUEST_MATCHER, userIdpService, identityProviderRepository); } /** @@ -95,10 +94,6 @@ public class GiteeLoginAuthenticationFilter extends AbstractIdpAuthenticationPro public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException, IOException { - if (!REQUEST_MATCHER.matches(request)) { - throw new AuthenticationServiceException( - "Authentication method not supported: " + request.getMethod()); - } OAuth2AuthorizationRequest authorizationRequest = getOauth2AuthorizationRequest(request, response); RequestMatcher.MatchResult matcher = REQUEST_MATCHER.matcher(request); diff --git a/eiam-authentication/eiam-authentication-github/src/main/java/cn/topiam/employee/authentication/github/configurer/GithubOauthAuthenticationConfigurer.java b/eiam-authentication/eiam-authentication-github/src/main/java/cn/topiam/employee/authentication/github/configurer/GithubOauthAuthenticationConfigurer.java index 89c6ad06..36230414 100644 --- a/eiam-authentication/eiam-authentication-github/src/main/java/cn/topiam/employee/authentication/github/configurer/GithubOauthAuthenticationConfigurer.java +++ b/eiam-authentication/eiam-authentication-github/src/main/java/cn/topiam/employee/authentication/github/configurer/GithubOauthAuthenticationConfigurer.java @@ -17,6 +17,7 @@ */ package cn.topiam.employee.authentication.github.configurer; +import org.springframework.http.HttpMethod; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer; import org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter; @@ -31,6 +32,10 @@ import cn.topiam.employee.authentication.github.filter.GithubOAuth2Authorization import cn.topiam.employee.authentication.github.filter.GithubOAuth2LoginAuthenticationFilter; import cn.topiam.employee.common.repository.authentication.IdentityProviderRepository; +import lombok.NonNull; +import lombok.Setter; +import static cn.topiam.employee.support.security.util.HttpSecurityFilterOrderRegistrationUtils.putFilterBefore; + /** * 认证配置 * @@ -39,7 +44,9 @@ import cn.topiam.employee.common.repository.authentication.IdentityProviderRepos */ public final class GithubOauthAuthenticationConfigurer extends AbstractAuthenticationFilterConfigurer { - + @Setter + @NonNull + private String loginProcessingUrl = GithubOAuth2LoginAuthenticationFilter.DEFAULT_FILTER_PROCESSES_URI; private final IdentityProviderRepository identityProviderRepository; private final UserIdpService userIdpService; @@ -60,30 +67,25 @@ public final class GithubOauthAuthenticationConfigurer extends */ @Override protected RequestMatcher createLoginProcessingUrlMatcher(String loginProcessingUrl) { - return new AntPathRequestMatcher(loginProcessingUrl); + return new AntPathRequestMatcher(loginProcessingUrl, HttpMethod.GET.name()); } @Override public void init(HttpSecurity http) throws Exception { - //设置登录成功失败处理器 //Github扫码登录认证 - GithubOAuth2LoginAuthenticationFilter loginAuthenticationFilter = new GithubOAuth2LoginAuthenticationFilter( - identityProviderRepository, userIdpService); - this.setAuthenticationFilter(loginAuthenticationFilter); - //处理URL - super.loginProcessingUrl( - GithubOAuth2LoginAuthenticationFilter.DEFAULT_FILTER_PROCESSES_URI); - super.init(http); - } + this.setAuthenticationFilter( + new GithubOAuth2LoginAuthenticationFilter(identityProviderRepository, userIdpService)); + putFilterBefore(http, this.getAuthenticationFilter(), + OAuth2LoginAuthenticationFilter.class); - @Override - public void configure(HttpSecurity http) throws Exception { //GITHUB请求重定向 - GithubOAuth2AuthorizationRequestRedirectFilter requestRedirectFilter = new GithubOAuth2AuthorizationRequestRedirectFilter( - identityProviderRepository); - http.addFilterBefore(requestRedirectFilter, OAuth2AuthorizationRequestRedirectFilter.class); - http.addFilterBefore(this.getAuthenticationFilter(), OAuth2LoginAuthenticationFilter.class); - super.configure(http); + http.addFilterBefore( + new GithubOAuth2AuthorizationRequestRedirectFilter(identityProviderRepository), + OAuth2AuthorizationRequestRedirectFilter.class); + + //登录处理地址 + super.loginProcessingUrl(this.loginProcessingUrl); + super.init(http); } public RequestMatcher getRequestMatcher() { diff --git a/eiam-authentication/eiam-authentication-github/src/main/java/cn/topiam/employee/authentication/github/filter/GithubOAuth2LoginAuthenticationFilter.java b/eiam-authentication/eiam-authentication-github/src/main/java/cn/topiam/employee/authentication/github/filter/GithubOAuth2LoginAuthenticationFilter.java index 95982b5e..5d006b6e 100644 --- a/eiam-authentication/eiam-authentication-github/src/main/java/cn/topiam/employee/authentication/github/filter/GithubOAuth2LoginAuthenticationFilter.java +++ b/eiam-authentication/eiam-authentication-github/src/main/java/cn/topiam/employee/authentication/github/filter/GithubOAuth2LoginAuthenticationFilter.java @@ -25,7 +25,6 @@ import java.util.UUID; import org.apache.commons.lang3.StringUtils; import org.springframework.http.*; -import org.springframework.security.authentication.AuthenticationServiceException; import org.springframework.security.core.Authentication; import org.springframework.security.core.AuthenticationException; import org.springframework.security.oauth2.core.OAuth2AuthenticationException; @@ -80,7 +79,7 @@ public class GithubOAuth2LoginAuthenticationFilter extends */ public GithubOAuth2LoginAuthenticationFilter(IdentityProviderRepository identityProviderRepository, UserIdpService userIdpService) { - super(DEFAULT_FILTER_PROCESSES_URI, userIdpService, identityProviderRepository); + super(REQUEST_MATCHER, userIdpService, identityProviderRepository); } /** @@ -95,10 +94,6 @@ public class GithubOAuth2LoginAuthenticationFilter extends public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException, IOException { - if (!REQUEST_MATCHER.matches(request)) { - throw new AuthenticationServiceException( - "Authentication method not supported: " + request.getMethod()); - } OAuth2AuthorizationRequest authorizationRequest = getOauth2AuthorizationRequest(request, response); TraceUtils.put(UUID.randomUUID().toString()); diff --git a/eiam-authentication/eiam-authentication-mail/src/main/java/cn/topiam/employee/authentication/otp/mail/MailOtpAuthenticationConfigurer.java b/eiam-authentication/eiam-authentication-mail/src/main/java/cn/topiam/employee/authentication/otp/mail/configurer/MailOtpAuthenticationConfigurer.java similarity index 73% rename from eiam-authentication/eiam-authentication-mail/src/main/java/cn/topiam/employee/authentication/otp/mail/MailOtpAuthenticationConfigurer.java rename to eiam-authentication/eiam-authentication-mail/src/main/java/cn/topiam/employee/authentication/otp/mail/configurer/MailOtpAuthenticationConfigurer.java index c21c2572..b7608026 100644 --- a/eiam-authentication/eiam-authentication-mail/src/main/java/cn/topiam/employee/authentication/otp/mail/MailOtpAuthenticationConfigurer.java +++ b/eiam-authentication/eiam-authentication-mail/src/main/java/cn/topiam/employee/authentication/otp/mail/configurer/MailOtpAuthenticationConfigurer.java @@ -15,19 +15,26 @@ * You should have received a copy of the GNU Affero General Public License * along with this program. If not, see . */ -package cn.topiam.employee.authentication.otp.mail; +package cn.topiam.employee.authentication.otp.mail.configurer; +import org.springframework.http.HttpMethod; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer; import org.springframework.security.core.userdetails.UserDetailsService; -import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; +import org.springframework.security.oauth2.client.web.OAuth2LoginAuthenticationFilter; import org.springframework.security.web.util.matcher.AntPathRequestMatcher; import org.springframework.security.web.util.matcher.RequestMatcher; import org.springframework.util.Assert; +import cn.topiam.employee.authentication.otp.mail.filter.MailOtpAuthenticationFilter; +import cn.topiam.employee.authentication.otp.mail.filter.SendMailOtpFilter; import cn.topiam.employee.common.repository.account.UserRepository; import cn.topiam.employee.core.security.otp.OtpContextHelp; +import lombok.NonNull; +import lombok.Setter; +import static cn.topiam.employee.support.security.util.HttpSecurityFilterOrderRegistrationUtils.putFilterAfter; + /** * 认证配置 * @@ -37,46 +44,27 @@ import cn.topiam.employee.core.security.otp.OtpContextHelp; public class MailOtpAuthenticationConfigurer extends AbstractAuthenticationFilterConfigurer { - /** - * Create the {@link RequestMatcher} given a loginProcessingUrl - * - * @param loginProcessingUrl creates the {@link RequestMatcher} based upon the - * loginProcessingUrl - * @return the {@link RequestMatcher} to use based upon the loginProcessingUrl - */ - @Override - protected RequestMatcher createLoginProcessingUrlMatcher(String loginProcessingUrl) { - return new AntPathRequestMatcher(loginProcessingUrl); - } + @Setter + @NonNull + private String loginProcessingUrl = MailOtpAuthenticationFilter.DEFAULT_FILTER_PROCESSES_URI; @Override public void init(HttpSecurity http) throws Exception { - //OTP - MailOtpAuthenticationFilter loginAuthenticationFilter = getAbstractOtpAuthenticationFilter(); - this.setAuthenticationFilter(loginAuthenticationFilter); - //处理URL - super.loginProcessingUrl(loginAuthenticationFilter.getFilterProcessesUri()); + //邮箱OTP发送 + http.addFilterBefore(new SendMailOtpFilter(userRepository, otpContextHelp), + OAuth2LoginAuthenticationFilter.class); + //邮箱OTP认证 + this.setAuthenticationFilter( + new MailOtpAuthenticationFilter(userDetailsService, otpContextHelp)); + putFilterAfter(http, this.getAuthenticationFilter(), SendMailOtpFilter.class); + + //登录处理地址 + super.loginProcessingUrl(this.loginProcessingUrl); super.init(http); } - @Override - public void configure(HttpSecurity http) throws Exception { - SendMailOtpFilter sendOtpFilter = getAbstractSendOtpFilter(); - http.addFilterAfter(sendOtpFilter, UsernamePasswordAuthenticationFilter.class); - http.addFilterAfter(this.getAuthenticationFilter(), sendOtpFilter.getClass()); - super.configure(http); - } - public RequestMatcher getRequestMatcher() { - return getAbstractOtpAuthenticationFilter().getRequestMatcher(); - } - - public MailOtpAuthenticationFilter getAbstractOtpAuthenticationFilter() { - return new MailOtpAuthenticationFilter(userDetailsService, otpContextHelp); - } - - public SendMailOtpFilter getAbstractSendOtpFilter() { - return new SendMailOtpFilter(userRepository, otpContextHelp); + return MailOtpAuthenticationFilter.getRequestMatcher(); } private final UserRepository userRepository; @@ -95,6 +83,18 @@ public class MailOtpAuthenticationConfigurer extends this.otpContextHelp = otpContextHelp; } + /** + * Create the {@link RequestMatcher} given a loginProcessingUrl + * + * @param loginProcessingUrl creates the {@link RequestMatcher} based upon the + * loginProcessingUrl + * @return the {@link RequestMatcher} to use based upon the loginProcessingUrl + */ + @Override + protected RequestMatcher createLoginProcessingUrlMatcher(String loginProcessingUrl) { + return new AntPathRequestMatcher(loginProcessingUrl, HttpMethod.POST.name()); + } + public static MailOtpAuthenticationConfigurer mailOtp(UserRepository userRepository, UserDetailsService userDetailsService, OtpContextHelp otpContextHelp) { diff --git a/eiam-authentication/eiam-authentication-mail/src/main/java/cn/topiam/employee/authentication/otp/mail/MailOtpAuthenticationFilter.java b/eiam-authentication/eiam-authentication-mail/src/main/java/cn/topiam/employee/authentication/otp/mail/filter/MailOtpAuthenticationFilter.java similarity index 97% rename from eiam-authentication/eiam-authentication-mail/src/main/java/cn/topiam/employee/authentication/otp/mail/MailOtpAuthenticationFilter.java rename to eiam-authentication/eiam-authentication-mail/src/main/java/cn/topiam/employee/authentication/otp/mail/filter/MailOtpAuthenticationFilter.java index 61a61545..45be98a2 100644 --- a/eiam-authentication/eiam-authentication-mail/src/main/java/cn/topiam/employee/authentication/otp/mail/MailOtpAuthenticationFilter.java +++ b/eiam-authentication/eiam-authentication-mail/src/main/java/cn/topiam/employee/authentication/otp/mail/filter/MailOtpAuthenticationFilter.java @@ -15,7 +15,7 @@ * You should have received a copy of the GNU Affero General Public License * along with this program. If not, see . */ -package cn.topiam.employee.authentication.otp.mail; +package cn.topiam.employee.authentication.otp.mail.filter; import org.apache.commons.lang3.StringUtils; import org.slf4j.Logger; @@ -77,8 +77,6 @@ public class MailOtpAuthenticationFilter extends AbstractAuthenticationProcessin */ private boolean postOnly = true; - public RequestMatcher captchaLoginMatcher; - @Override public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException { @@ -185,8 +183,8 @@ public class MailOtpAuthenticationFilter extends AbstractAuthenticationProcessin this.codeParameter = codeParameter; } - public RequestMatcher getRequestMatcher() { - return captchaLoginMatcher; + public static RequestMatcher getRequestMatcher() { + return MAIL_LOGIN_MATCHER; } private final OtpContextHelp otpContextHelp; @@ -198,6 +196,5 @@ public class MailOtpAuthenticationFilter extends AbstractAuthenticationProcessin super(MAIL_LOGIN_MATCHER); this.userDetailsService = userDetailsService; this.otpContextHelp = otpContextHelp; - this.captchaLoginMatcher = MAIL_LOGIN_MATCHER; } } diff --git a/eiam-authentication/eiam-authentication-mail/src/main/java/cn/topiam/employee/authentication/otp/mail/SendMailOtpFilter.java b/eiam-authentication/eiam-authentication-mail/src/main/java/cn/topiam/employee/authentication/otp/mail/filter/SendMailOtpFilter.java similarity index 98% rename from eiam-authentication/eiam-authentication-mail/src/main/java/cn/topiam/employee/authentication/otp/mail/SendMailOtpFilter.java rename to eiam-authentication/eiam-authentication-mail/src/main/java/cn/topiam/employee/authentication/otp/mail/filter/SendMailOtpFilter.java index 455ee19a..4db99d97 100644 --- a/eiam-authentication/eiam-authentication-mail/src/main/java/cn/topiam/employee/authentication/otp/mail/SendMailOtpFilter.java +++ b/eiam-authentication/eiam-authentication-mail/src/main/java/cn/topiam/employee/authentication/otp/mail/filter/SendMailOtpFilter.java @@ -15,7 +15,7 @@ * You should have received a copy of the GNU Affero General Public License * along with this program. If not, see . */ -package cn.topiam.employee.authentication.otp.mail; +package cn.topiam.employee.authentication.otp.mail.filter; import java.io.IOException; import java.util.Objects; diff --git a/eiam-authentication/eiam-authentication-qq/src/main/java/cn/topiam/employee/authentication/qq/configurer/QqOauthAuthenticationConfigurer.java b/eiam-authentication/eiam-authentication-qq/src/main/java/cn/topiam/employee/authentication/qq/configurer/QqOauthAuthenticationConfigurer.java index e1d5681b..50ee3826 100644 --- a/eiam-authentication/eiam-authentication-qq/src/main/java/cn/topiam/employee/authentication/qq/configurer/QqOauthAuthenticationConfigurer.java +++ b/eiam-authentication/eiam-authentication-qq/src/main/java/cn/topiam/employee/authentication/qq/configurer/QqOauthAuthenticationConfigurer.java @@ -17,6 +17,7 @@ */ package cn.topiam.employee.authentication.qq.configurer; +import org.springframework.http.HttpMethod; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer; import org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter; @@ -31,6 +32,10 @@ import cn.topiam.employee.authentication.qq.filter.QqOAuth2AuthorizationRequestR import cn.topiam.employee.authentication.qq.filter.QqOAuth2LoginAuthenticationFilter; import cn.topiam.employee.common.repository.authentication.IdentityProviderRepository; +import lombok.NonNull; +import lombok.Setter; +import static cn.topiam.employee.support.security.util.HttpSecurityFilterOrderRegistrationUtils.putFilterBefore; + /** * 认证配置 * @@ -40,6 +45,10 @@ import cn.topiam.employee.common.repository.authentication.IdentityProviderRepos public final class QqOauthAuthenticationConfigurer extends AbstractAuthenticationFilterConfigurer { + @Setter + @NonNull + private String loginProcessingUrl = QqOAuth2LoginAuthenticationFilter.DEFAULT_FILTER_PROCESSES_URI; + private final IdentityProviderRepository identityProviderRepository; private final UserIdpService userIdpService; @@ -60,29 +69,25 @@ public final class QqOauthAuthenticationConfigurer extends */ @Override protected RequestMatcher createLoginProcessingUrlMatcher(String loginProcessingUrl) { - return new AntPathRequestMatcher(loginProcessingUrl); + return new AntPathRequestMatcher(loginProcessingUrl, HttpMethod.GET.name()); } @Override public void init(HttpSecurity http) throws Exception { - //设置登录成功失败处理器 //QQ扫码登录认证 - QqOAuth2LoginAuthenticationFilter loginAuthenticationFilter = new QqOAuth2LoginAuthenticationFilter( - identityProviderRepository, userIdpService); - this.setAuthenticationFilter(loginAuthenticationFilter); - //处理URL - super.loginProcessingUrl(QqOAuth2LoginAuthenticationFilter.DEFAULT_FILTER_PROCESSES_URI); - super.init(http); - } + this.setAuthenticationFilter( + new QqOAuth2LoginAuthenticationFilter(identityProviderRepository, userIdpService)); + putFilterBefore(http, this.getAuthenticationFilter(), + OAuth2LoginAuthenticationFilter.class); - @Override - public void configure(HttpSecurity http) throws Exception { //QQ扫码请求重定向 - QqOAuth2AuthorizationRequestRedirectFilter requestRedirectFilter = new QqOAuth2AuthorizationRequestRedirectFilter( - identityProviderRepository); - http.addFilterBefore(requestRedirectFilter, OAuth2AuthorizationRequestRedirectFilter.class); - http.addFilterBefore(this.getAuthenticationFilter(), OAuth2LoginAuthenticationFilter.class); - super.configure(http); + http.addFilterBefore( + new QqOAuth2AuthorizationRequestRedirectFilter(identityProviderRepository), + OAuth2AuthorizationRequestRedirectFilter.class); + + //QQ登录处理地址 + super.loginProcessingUrl(loginProcessingUrl); + super.init(http); } public RequestMatcher getRequestMatcher() { diff --git a/eiam-authentication/eiam-authentication-qq/src/main/java/cn/topiam/employee/authentication/qq/filter/QqOAuth2LoginAuthenticationFilter.java b/eiam-authentication/eiam-authentication-qq/src/main/java/cn/topiam/employee/authentication/qq/filter/QqOAuth2LoginAuthenticationFilter.java index 31f666ea..e43eeb57 100644 --- a/eiam-authentication/eiam-authentication-qq/src/main/java/cn/topiam/employee/authentication/qq/filter/QqOAuth2LoginAuthenticationFilter.java +++ b/eiam-authentication/eiam-authentication-qq/src/main/java/cn/topiam/employee/authentication/qq/filter/QqOAuth2LoginAuthenticationFilter.java @@ -25,7 +25,6 @@ import java.util.UUID; import org.apache.commons.lang3.StringUtils; import org.springframework.http.HttpMethod; -import org.springframework.security.authentication.AuthenticationServiceException; import org.springframework.security.core.Authentication; import org.springframework.security.core.AuthenticationException; import org.springframework.security.oauth2.core.OAuth2AuthenticationException; @@ -82,7 +81,7 @@ public class QqOAuth2LoginAuthenticationFilter extends AbstractIdpAuthentication */ public QqOAuth2LoginAuthenticationFilter(IdentityProviderRepository identityProviderRepository, UserIdpService userIdpService) { - super(DEFAULT_FILTER_PROCESSES_URI, userIdpService, identityProviderRepository); + super(REQUEST_MATCHER, userIdpService, identityProviderRepository); } /** @@ -97,10 +96,6 @@ public class QqOAuth2LoginAuthenticationFilter extends AbstractIdpAuthentication public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException, IOException { - if (!REQUEST_MATCHER.matches(request)) { - throw new AuthenticationServiceException( - "Authentication method not supported: " + request.getMethod()); - } OAuth2AuthorizationRequest authorizationRequest = getOauth2AuthorizationRequest(request, response); TraceUtils.put(UUID.randomUUID().toString()); diff --git a/eiam-authentication/eiam-authentication-sms/src/main/java/cn/topiam/employee/authentication/otp/sms/SmsOtpAuthenticationConfigurer.java b/eiam-authentication/eiam-authentication-sms/src/main/java/cn/topiam/employee/authentication/otp/sms/configurer/SmsOtpAuthenticationConfigurer.java similarity index 74% rename from eiam-authentication/eiam-authentication-sms/src/main/java/cn/topiam/employee/authentication/otp/sms/SmsOtpAuthenticationConfigurer.java rename to eiam-authentication/eiam-authentication-sms/src/main/java/cn/topiam/employee/authentication/otp/sms/configurer/SmsOtpAuthenticationConfigurer.java index 1b8bc20a..e7f08faf 100644 --- a/eiam-authentication/eiam-authentication-sms/src/main/java/cn/topiam/employee/authentication/otp/sms/SmsOtpAuthenticationConfigurer.java +++ b/eiam-authentication/eiam-authentication-sms/src/main/java/cn/topiam/employee/authentication/otp/sms/configurer/SmsOtpAuthenticationConfigurer.java @@ -15,19 +15,26 @@ * You should have received a copy of the GNU Affero General Public License * along with this program. If not, see . */ -package cn.topiam.employee.authentication.otp.sms; +package cn.topiam.employee.authentication.otp.sms.configurer; +import org.springframework.http.HttpMethod; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer; import org.springframework.security.core.userdetails.UserDetailsService; -import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; +import org.springframework.security.oauth2.client.web.OAuth2LoginAuthenticationFilter; import org.springframework.security.web.util.matcher.AntPathRequestMatcher; import org.springframework.security.web.util.matcher.RequestMatcher; import org.springframework.util.Assert; +import cn.topiam.employee.authentication.otp.sms.filter.SendSmsOtpFilter; +import cn.topiam.employee.authentication.otp.sms.filter.SmsOtpAuthenticationFilter; import cn.topiam.employee.common.repository.account.UserRepository; import cn.topiam.employee.core.security.otp.OtpContextHelp; +import lombok.NonNull; +import lombok.Setter; +import static cn.topiam.employee.support.security.util.HttpSecurityFilterOrderRegistrationUtils.putFilterAfter; + /** * 认证配置 * @@ -36,47 +43,27 @@ import cn.topiam.employee.core.security.otp.OtpContextHelp; */ public class SmsOtpAuthenticationConfigurer extends AbstractAuthenticationFilterConfigurer { - - /** - * Create the {@link RequestMatcher} given a loginProcessingUrl - * - * @param loginProcessingUrl creates the {@link RequestMatcher} based upon the - * loginProcessingUrl - * @return the {@link RequestMatcher} to use based upon the loginProcessingUrl - */ - @Override - protected RequestMatcher createLoginProcessingUrlMatcher(String loginProcessingUrl) { - return new AntPathRequestMatcher(loginProcessingUrl); - } + @Setter + @NonNull + private String loginProcessingUrl = SmsOtpAuthenticationFilter.DEFAULT_FILTER_PROCESSES_URI; @Override public void init(HttpSecurity http) throws Exception { + http.addFilterBefore(new SendSmsOtpFilter(userRepository, otpContextHelp), + OAuth2LoginAuthenticationFilter.class); + //OTP - SmsOtpAuthenticationFilter loginAuthenticationFilter = getAbstractOtpAuthenticationFilter(); - this.setAuthenticationFilter(loginAuthenticationFilter); - //处理URL - super.loginProcessingUrl(loginAuthenticationFilter.getFilterProcessesUri()); + this.setAuthenticationFilter( + new SmsOtpAuthenticationFilter(userDetailsService, otpContextHelp)); + putFilterAfter(http, this.getAuthenticationFilter(), SendSmsOtpFilter.class); + + //登录处理地址 + super.loginProcessingUrl(this.loginProcessingUrl); super.init(http); } - @Override - public void configure(HttpSecurity http) throws Exception { - SendSmsOtpFilter sendOtpFilter = getAbstractSendOtpFilter(); - http.addFilterAfter(sendOtpFilter, UsernamePasswordAuthenticationFilter.class); - http.addFilterAfter(this.getAuthenticationFilter(), sendOtpFilter.getClass()); - super.configure(http); - } - public RequestMatcher getRequestMatcher() { - return getAbstractOtpAuthenticationFilter().getRequestMatcher(); - } - - public SmsOtpAuthenticationFilter getAbstractOtpAuthenticationFilter() { - return new SmsOtpAuthenticationFilter(userDetailsService, otpContextHelp); - } - - public SendSmsOtpFilter getAbstractSendOtpFilter() { - return new SendSmsOtpFilter(userRepository, otpContextHelp); + return SendSmsOtpFilter.getRequestMatcher(); } private final UserRepository userRepository; @@ -95,6 +82,18 @@ public class SmsOtpAuthenticationConfigurer extends this.otpContextHelp = otpContextHelp; } + /** + * Create the {@link RequestMatcher} given a loginProcessingUrl + * + * @param loginProcessingUrl creates the {@link RequestMatcher} based upon the + * loginProcessingUrl + * @return the {@link RequestMatcher} to use based upon the loginProcessingUrl + */ + @Override + protected RequestMatcher createLoginProcessingUrlMatcher(String loginProcessingUrl) { + return new AntPathRequestMatcher(loginProcessingUrl, HttpMethod.POST.name()); + } + public static SmsOtpAuthenticationConfigurer smsOtp(UserRepository userRepository, UserDetailsService userDetailsService, OtpContextHelp otpContextHelp) { diff --git a/eiam-authentication/eiam-authentication-sms/src/main/java/cn/topiam/employee/authentication/otp/sms/SendSmsOtpFilter.java b/eiam-authentication/eiam-authentication-sms/src/main/java/cn/topiam/employee/authentication/otp/sms/filter/SendSmsOtpFilter.java similarity index 97% rename from eiam-authentication/eiam-authentication-sms/src/main/java/cn/topiam/employee/authentication/otp/sms/SendSmsOtpFilter.java rename to eiam-authentication/eiam-authentication-sms/src/main/java/cn/topiam/employee/authentication/otp/sms/filter/SendSmsOtpFilter.java index 83a4fc12..1ef9d3aa 100644 --- a/eiam-authentication/eiam-authentication-sms/src/main/java/cn/topiam/employee/authentication/otp/sms/SendSmsOtpFilter.java +++ b/eiam-authentication/eiam-authentication-sms/src/main/java/cn/topiam/employee/authentication/otp/sms/filter/SendSmsOtpFilter.java @@ -15,7 +15,7 @@ * You should have received a copy of the GNU Affero General Public License * along with this program. If not, see . */ -package cn.topiam.employee.authentication.otp.sms; +package cn.topiam.employee.authentication.otp.sms.filter; import java.io.IOException; import java.util.Objects; @@ -77,7 +77,7 @@ public class SendSmsOtpFilter extends OncePerRequestFilter { sendOtp(response, recipient); } - public RequestMatcher getRequestMatcher() { + public static RequestMatcher getRequestMatcher() { return SMS_SEND_OPT_MATCHER; } diff --git a/eiam-authentication/eiam-authentication-sms/src/main/java/cn/topiam/employee/authentication/otp/sms/SmsOtpAuthenticationFilter.java b/eiam-authentication/eiam-authentication-sms/src/main/java/cn/topiam/employee/authentication/otp/sms/filter/SmsOtpAuthenticationFilter.java similarity index 99% rename from eiam-authentication/eiam-authentication-sms/src/main/java/cn/topiam/employee/authentication/otp/sms/SmsOtpAuthenticationFilter.java rename to eiam-authentication/eiam-authentication-sms/src/main/java/cn/topiam/employee/authentication/otp/sms/filter/SmsOtpAuthenticationFilter.java index 07de0049..30d516e0 100644 --- a/eiam-authentication/eiam-authentication-sms/src/main/java/cn/topiam/employee/authentication/otp/sms/SmsOtpAuthenticationFilter.java +++ b/eiam-authentication/eiam-authentication-sms/src/main/java/cn/topiam/employee/authentication/otp/sms/filter/SmsOtpAuthenticationFilter.java @@ -15,7 +15,7 @@ * You should have received a copy of the GNU Affero General Public License * along with this program. If not, see . */ -package cn.topiam.employee.authentication.otp.sms; +package cn.topiam.employee.authentication.otp.sms.filter; import org.apache.commons.lang3.StringUtils; import org.slf4j.Logger; diff --git a/eiam-authentication/eiam-authentication-wechat/src/main/java/cn/topiam/employee/authentication/wechat/configurer/WeChatScanCodeAuthenticationConfigurer.java b/eiam-authentication/eiam-authentication-wechat/src/main/java/cn/topiam/employee/authentication/wechat/configurer/WeChatScanCodeAuthenticationConfigurer.java index df983107..5cdd5db7 100644 --- a/eiam-authentication/eiam-authentication-wechat/src/main/java/cn/topiam/employee/authentication/wechat/configurer/WeChatScanCodeAuthenticationConfigurer.java +++ b/eiam-authentication/eiam-authentication-wechat/src/main/java/cn/topiam/employee/authentication/wechat/configurer/WeChatScanCodeAuthenticationConfigurer.java @@ -17,6 +17,7 @@ */ package cn.topiam.employee.authentication.wechat.configurer; +import org.springframework.http.HttpMethod; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer; import org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter; @@ -31,6 +32,10 @@ import cn.topiam.employee.authentication.wechat.filter.WeChatScanCodeAuthorizati import cn.topiam.employee.authentication.wechat.filter.WeChatScanCodeLoginAuthenticationFilter; import cn.topiam.employee.common.repository.authentication.IdentityProviderRepository; +import lombok.NonNull; +import lombok.Setter; +import static cn.topiam.employee.support.security.util.HttpSecurityFilterOrderRegistrationUtils.putFilterBefore; + /** * 认证配置 * @@ -39,7 +44,9 @@ import cn.topiam.employee.common.repository.authentication.IdentityProviderRepos */ public final class WeChatScanCodeAuthenticationConfigurer extends AbstractAuthenticationFilterConfigurer { - + @Setter + @NonNull + private String loginProcessingUrl = WeChatScanCodeLoginAuthenticationFilter.DEFAULT_FILTER_PROCESSES_URI; private final IdentityProviderRepository identityProviderRepository; private final UserIdpService userIdpService; @@ -60,29 +67,25 @@ public final class WeChatScanCodeAuthenticationConfigurer extends */ @Override protected RequestMatcher createLoginProcessingUrlMatcher(String loginProcessingUrl) { - return new AntPathRequestMatcher(loginProcessingUrl); + return new AntPathRequestMatcher(loginProcessingUrl, HttpMethod.GET.name()); } @Override public void init(HttpSecurity http) throws Exception { - //微信扫码登录认证 - WeChatScanCodeLoginAuthenticationFilter loginAuthenticationFilter = new WeChatScanCodeLoginAuthenticationFilter( - identityProviderRepository, userIdpService); - this.setAuthenticationFilter(loginAuthenticationFilter); - //处理URL - super.loginProcessingUrl( - WeChatScanCodeLoginAuthenticationFilter.DEFAULT_FILTER_PROCESSES_URI); - super.init(http); - } + //扫码登录重定向地址 + http.addFilterBefore( + new WeChatScanCodeAuthorizationRequestRedirectFilter(identityProviderRepository), + OAuth2AuthorizationRequestRedirectFilter.class); - @Override - public void configure(HttpSecurity http) throws Exception { - //微信扫码请求重定向 - WeChatScanCodeAuthorizationRequestRedirectFilter requestRedirectFilter = new WeChatScanCodeAuthorizationRequestRedirectFilter( - identityProviderRepository); - http.addFilterBefore(requestRedirectFilter, OAuth2AuthorizationRequestRedirectFilter.class); - http.addFilterBefore(this.getAuthenticationFilter(), OAuth2LoginAuthenticationFilter.class); - super.configure(http); + //微信扫码登录认证 + this.setAuthenticationFilter(new WeChatScanCodeLoginAuthenticationFilter( + identityProviderRepository, userIdpService)); + putFilterBefore(http, this.getAuthenticationFilter(), + OAuth2LoginAuthenticationFilter.class); + + //登录处理地址 + super.loginProcessingUrl(loginProcessingUrl); + super.init(http); } public RequestMatcher getRequestMatcher() { diff --git a/eiam-authentication/eiam-authentication-wechat/src/main/java/cn/topiam/employee/authentication/wechat/filter/WeChatScanCodeLoginAuthenticationFilter.java b/eiam-authentication/eiam-authentication-wechat/src/main/java/cn/topiam/employee/authentication/wechat/filter/WeChatScanCodeLoginAuthenticationFilter.java index f45ccb37..2413551f 100644 --- a/eiam-authentication/eiam-authentication-wechat/src/main/java/cn/topiam/employee/authentication/wechat/filter/WeChatScanCodeLoginAuthenticationFilter.java +++ b/eiam-authentication/eiam-authentication-wechat/src/main/java/cn/topiam/employee/authentication/wechat/filter/WeChatScanCodeLoginAuthenticationFilter.java @@ -24,7 +24,6 @@ import java.util.Objects; import org.apache.commons.lang3.StringUtils; import org.springframework.http.HttpMethod; -import org.springframework.security.authentication.AuthenticationServiceException; import org.springframework.security.core.Authentication; import org.springframework.security.core.AuthenticationException; import org.springframework.security.oauth2.core.OAuth2AuthenticationException; @@ -80,7 +79,7 @@ public class WeChatScanCodeLoginAuthenticationFilter extends */ public WeChatScanCodeLoginAuthenticationFilter(IdentityProviderRepository identityProviderRepository, UserIdpService userIdpService) { - super(DEFAULT_FILTER_PROCESSES_URI, userIdpService, identityProviderRepository); + super(REQUEST_MATCHER, userIdpService, identityProviderRepository); } /** @@ -95,10 +94,6 @@ public class WeChatScanCodeLoginAuthenticationFilter extends public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException, IOException { - if (!REQUEST_MATCHER.matches(request)) { - throw new AuthenticationServiceException( - "Authentication method not supported: " + request.getMethod()); - } OAuth2AuthorizationRequest authorizationRequest = getOauth2AuthorizationRequest(request, response); RequestMatcher.MatchResult matcher = REQUEST_MATCHER.matcher(request); diff --git a/eiam-authentication/eiam-authentication-wechatwork/src/main/java/cn/topiam/employee/authentication/wechatwork/configurer/WeChatWorkScanCodeAuthenticationConfigurer.java b/eiam-authentication/eiam-authentication-wechatwork/src/main/java/cn/topiam/employee/authentication/wechatwork/configurer/WeChatWorkScanCodeAuthenticationConfigurer.java index 521806e6..a0d64662 100644 --- a/eiam-authentication/eiam-authentication-wechatwork/src/main/java/cn/topiam/employee/authentication/wechatwork/configurer/WeChatWorkScanCodeAuthenticationConfigurer.java +++ b/eiam-authentication/eiam-authentication-wechatwork/src/main/java/cn/topiam/employee/authentication/wechatwork/configurer/WeChatWorkScanCodeAuthenticationConfigurer.java @@ -17,6 +17,7 @@ */ package cn.topiam.employee.authentication.wechatwork.configurer; +import org.springframework.http.HttpMethod; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer; import org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter; @@ -31,6 +32,10 @@ import cn.topiam.employee.authentication.wechatwork.filter.WeChatWorkScanCodeAut import cn.topiam.employee.authentication.wechatwork.filter.WeChatWorkScanCodeLoginAuthenticationFilter; import cn.topiam.employee.common.repository.authentication.IdentityProviderRepository; +import lombok.NonNull; +import lombok.Setter; +import static cn.topiam.employee.support.security.util.HttpSecurityFilterOrderRegistrationUtils.putFilterBefore; + /** * 认证配置 * @@ -39,6 +44,9 @@ import cn.topiam.employee.common.repository.authentication.IdentityProviderRepos */ public final class WeChatWorkScanCodeAuthenticationConfigurer extends AbstractAuthenticationFilterConfigurer { + @Setter + @NonNull + private String loginProcessingUrl = WeChatWorkScanCodeLoginAuthenticationFilter.DEFAULT_FILTER_PROCESSES_URI; private final IdentityProviderRepository identityProviderRepository; private final UserIdpService userIdpService; @@ -60,29 +68,25 @@ public final class WeChatWorkScanCodeAuthenticationConfigurer extends */ @Override protected RequestMatcher createLoginProcessingUrlMatcher(String loginProcessingUrl) { - return new AntPathRequestMatcher(loginProcessingUrl); + return new AntPathRequestMatcher(loginProcessingUrl, HttpMethod.GET.name()); } @Override public void init(HttpSecurity http) throws Exception { - //微信扫码登录认证 - WeChatWorkScanCodeLoginAuthenticationFilter loginAuthenticationFilter = new WeChatWorkScanCodeLoginAuthenticationFilter( - identityProviderRepository, userIdpService); - this.setAuthenticationFilter(loginAuthenticationFilter); - //处理URL - super.loginProcessingUrl( - WeChatWorkScanCodeLoginAuthenticationFilter.DEFAULT_FILTER_PROCESSES_URI); - super.init(http); - } - - @Override - public void configure(HttpSecurity http) throws Exception { //企业微信扫码请求重定向 - WeChatWorkScanCodeAuthorizationRequestRedirectFilter requestRedirectFilter = new WeChatWorkScanCodeAuthorizationRequestRedirectFilter( - identityProviderRepository); - http.addFilterBefore(requestRedirectFilter, OAuth2AuthorizationRequestRedirectFilter.class); - http.addFilterBefore(this.getAuthenticationFilter(), OAuth2LoginAuthenticationFilter.class); - super.configure(http); + http.addFilterBefore( + new WeChatWorkScanCodeAuthorizationRequestRedirectFilter(identityProviderRepository), + OAuth2AuthorizationRequestRedirectFilter.class); + + //微信扫码登录认证 + this.setAuthenticationFilter(new WeChatWorkScanCodeLoginAuthenticationFilter( + identityProviderRepository, userIdpService)); + putFilterBefore(http, this.getAuthenticationFilter(), + OAuth2LoginAuthenticationFilter.class); + + //登录处理地址 + super.loginProcessingUrl(this.loginProcessingUrl); + super.init(http); } public RequestMatcher getRequestMatcher() { diff --git a/eiam-authentication/eiam-authentication-wechatwork/src/main/java/cn/topiam/employee/authentication/wechatwork/filter/WeChatWorkScanCodeLoginAuthenticationFilter.java b/eiam-authentication/eiam-authentication-wechatwork/src/main/java/cn/topiam/employee/authentication/wechatwork/filter/WeChatWorkScanCodeLoginAuthenticationFilter.java index 6c3943a1..53e840d1 100644 --- a/eiam-authentication/eiam-authentication-wechatwork/src/main/java/cn/topiam/employee/authentication/wechatwork/filter/WeChatWorkScanCodeLoginAuthenticationFilter.java +++ b/eiam-authentication/eiam-authentication-wechatwork/src/main/java/cn/topiam/employee/authentication/wechatwork/filter/WeChatWorkScanCodeLoginAuthenticationFilter.java @@ -26,7 +26,6 @@ import java.util.concurrent.TimeUnit; import org.apache.commons.lang3.StringUtils; import org.springframework.http.HttpMethod; -import org.springframework.security.authentication.AuthenticationServiceException; import org.springframework.security.core.Authentication; import org.springframework.security.core.AuthenticationException; import org.springframework.security.oauth2.core.OAuth2AuthenticationException; @@ -82,7 +81,7 @@ public class WeChatWorkScanCodeLoginAuthenticationFilter extends */ public WeChatWorkScanCodeLoginAuthenticationFilter(IdentityProviderRepository identityProviderRepository, UserIdpService userIdpService) { - super(DEFAULT_FILTER_PROCESSES_URI, userIdpService, identityProviderRepository); + super(REQUEST_MATCHER, userIdpService, identityProviderRepository); } /** @@ -97,10 +96,6 @@ public class WeChatWorkScanCodeLoginAuthenticationFilter extends public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException, IOException { - if (!REQUEST_MATCHER.matches(request)) { - throw new AuthenticationServiceException( - "Authentication method not supported: " + request.getMethod()); - } TraceUtils.put(UUID.randomUUID().toString()); OAuth2AuthorizationRequest authorizationRequest = getOauth2AuthorizationRequest(request, response);