⚡ 优化身份提供商

eiam-authentication/eiam-authentication-dingtalk/src/main/java/cn/topiam/employee/authentication/dingtalk/configurer/DingtalkOAuth2AuthenticationConfigurer.java

@@ -17,6 +17,7 @@
  */
 package cn.topiam.employee.authentication.dingtalk.configurer;
 
+import org.springframework.http.HttpMethod;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer;
 import org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter;
@@ -31,6 +32,10 @@ import cn.topiam.employee.authentication.dingtalk.filter.DingtalkOAuth2Authoriza
 import cn.topiam.employee.authentication.dingtalk.filter.DingtalkOauthAuthenticationFilter;
 import cn.topiam.employee.common.repository.authentication.IdentityProviderRepository;
 
+import lombok.NonNull;
+import lombok.Setter;
+import static cn.topiam.employee.support.security.util.HttpSecurityFilterOrderRegistrationUtils.putFilterBefore;
+
 /**
  * 认证配置
  *
@@ -40,6 +45,10 @@ import cn.topiam.employee.common.repository.authentication.IdentityProviderRepos
 @SuppressWarnings("AlibabaClassNamingShouldBeCamel")
 public final class DingtalkOAuth2AuthenticationConfigurer extends
                                                           AbstractAuthenticationFilterConfigurer<HttpSecurity, DingtalkOAuth2AuthenticationConfigurer, DingtalkOauthAuthenticationFilter> {
+    @Setter
+    @NonNull
+    private String                           loginProcessingUrl = DingtalkOauthAuthenticationFilter.DEFAULT_FILTER_PROCESSES_URI;
+
     private final IdentityProviderRepository identityProviderRepository;
     private final UserIdpService             userIdpService;
 
@@ -60,28 +69,25 @@ public final class DingtalkOAuth2AuthenticationConfigurer extends
      */
     @Override
     protected RequestMatcher createLoginProcessingUrlMatcher(String loginProcessingUrl) {
-        return new AntPathRequestMatcher(loginProcessingUrl);
+        return new AntPathRequestMatcher(loginProcessingUrl, HttpMethod.GET.name());
     }
 
     @Override
     public void init(HttpSecurity http) throws Exception {
         //钉钉登录认证
-        DingtalkOauthAuthenticationFilter loginAuthenticationFilter = new DingtalkOauthAuthenticationFilter(
+        this.setAuthenticationFilter(
-            identityProviderRepository, userIdpService);
+            new DingtalkOauthAuthenticationFilter(identityProviderRepository, userIdpService));
-        this.setAuthenticationFilter(loginAuthenticationFilter);
+        putFilterBefore(http, this.getAuthenticationFilter(),
-        //处理URL
+            OAuth2LoginAuthenticationFilter.class);
-        super.loginProcessingUrl(DingtalkOauthAuthenticationFilter.DEFAULT_FILTER_PROCESSES_URI);
-        super.init(http);
-    }
 
-    @Override
-    public void configure(HttpSecurity http) throws Exception {
         //钉钉请求重定向
-        DingtalkOAuth2AuthorizationRequestRedirectFilter requestRedirectFilter = new DingtalkOAuth2AuthorizationRequestRedirectFilter(
+        http.addFilterBefore(
-            identityProviderRepository);
+            new DingtalkOAuth2AuthorizationRequestRedirectFilter(identityProviderRepository),
-        http.addFilterBefore(requestRedirectFilter, OAuth2AuthorizationRequestRedirectFilter.class);
+            OAuth2AuthorizationRequestRedirectFilter.class);
-        http.addFilterBefore(this.getAuthenticationFilter(), OAuth2LoginAuthenticationFilter.class);
+
-        super.configure(http);
+        //登录处理地址
+        super.loginProcessingUrl(loginProcessingUrl);
+        super.init(http);
     }
 
     public RequestMatcher getRequestMatcher() {

eiam-authentication/eiam-authentication-dingtalk/src/main/java/cn/topiam/employee/authentication/dingtalk/configurer/DingtalkScanCodeAuthenticationConfigurer.java

@@ -17,6 +17,7 @@
  */
 package cn.topiam.employee.authentication.dingtalk.configurer;
 
+import org.springframework.http.HttpMethod;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer;
 import org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter;
@@ -31,6 +32,10 @@ import cn.topiam.employee.authentication.dingtalk.filter.DingtalkScanCodeAuthent
 import cn.topiam.employee.authentication.dingtalk.filter.DingtalkScanCodeAuthorizationRequestGetFilter;
 import cn.topiam.employee.common.repository.authentication.IdentityProviderRepository;
 
+import lombok.NonNull;
+import lombok.Setter;
+import static cn.topiam.employee.support.security.util.HttpSecurityFilterOrderRegistrationUtils.putFilterBefore;
+
 /**
  * 认证配置
  *
@@ -39,6 +44,10 @@ import cn.topiam.employee.common.repository.authentication.IdentityProviderRepos
  */
 public final class DingtalkScanCodeAuthenticationConfigurer extends
                                                             AbstractAuthenticationFilterConfigurer<HttpSecurity, DingtalkScanCodeAuthenticationConfigurer, DingtalkScanCodeAuthenticationFilter> {
+    @Setter
+    @NonNull
+    private String                           loginProcessingUrl = DingtalkScanCodeAuthenticationFilter.DEFAULT_FILTER_PROCESSES_URI;
+
     private final IdentityProviderRepository identityProviderRepository;
     private final UserIdpService             userIdpService;
 
@@ -59,28 +68,25 @@ public final class DingtalkScanCodeAuthenticationConfigurer extends
      */
     @Override
     protected RequestMatcher createLoginProcessingUrlMatcher(String loginProcessingUrl) {
-        return new AntPathRequestMatcher(loginProcessingUrl);
+        return new AntPathRequestMatcher(loginProcessingUrl, HttpMethod.GET.name());
     }
 
     @Override
     public void init(HttpSecurity http) throws Exception {
         //钉钉扫码登录认证
-        DingtalkScanCodeAuthenticationFilter loginAuthenticationFilter = new DingtalkScanCodeAuthenticationFilter(
+        this.setAuthenticationFilter(
-            identityProviderRepository, userIdpService);
+            new DingtalkScanCodeAuthenticationFilter(identityProviderRepository, userIdpService));
-        this.setAuthenticationFilter(loginAuthenticationFilter);
+        putFilterBefore(http, this.getAuthenticationFilter(),
-        //处理URL
+            OAuth2LoginAuthenticationFilter.class);
-        super.loginProcessingUrl(DingtalkScanCodeAuthenticationFilter.DEFAULT_FILTER_PROCESSES_URI);
-        super.init(http);
-    }
 
-    @Override
-    public void configure(HttpSecurity http) throws Exception {
         //钉钉请求重定向
-        DingtalkScanCodeAuthorizationRequestGetFilter requestRedirectFilter = new DingtalkScanCodeAuthorizationRequestGetFilter(
+        http.addFilterBefore(
-            identityProviderRepository);
+            new DingtalkScanCodeAuthorizationRequestGetFilter(identityProviderRepository),
-        http.addFilterBefore(requestRedirectFilter, OAuth2AuthorizationRequestRedirectFilter.class);
+            OAuth2AuthorizationRequestRedirectFilter.class);
-        http.addFilterBefore(this.getAuthenticationFilter(), OAuth2LoginAuthenticationFilter.class);
+
-        super.configure(http);
+        //登录处理网址
+        super.loginProcessingUrl(this.loginProcessingUrl);
+        super.init(http);
     }
 
     public RequestMatcher getRequestMatcher() {

eiam-authentication/eiam-authentication-dingtalk/src/main/java/cn/topiam/employee/authentication/dingtalk/filter/DingtalkOauthAuthenticationFilter.java

@@ -25,7 +25,6 @@ import java.util.concurrent.TimeUnit;
 
 import org.apache.commons.lang3.StringUtils;
 import org.springframework.http.HttpMethod;
-import org.springframework.security.authentication.AuthenticationServiceException;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
@@ -63,6 +62,7 @@ import jakarta.servlet.http.HttpServletResponse;
 import static cn.topiam.employee.authentication.common.IdentityProviderType.DINGTALK_OAUTH;
 import static cn.topiam.employee.authentication.common.IdentityProviderType.DINGTALK_QR;
 import static cn.topiam.employee.authentication.common.constant.AuthenticationConstants.*;
+import static cn.topiam.employee.authentication.dingtalk.constant.DingTalkAuthenticationConstants.AUTH_CODE;
 
 /**
  * 钉钉认证过滤器
@@ -90,7 +90,7 @@ public class DingtalkOauthAuthenticationFilter extends AbstractIdpAuthentication
      */
     public DingtalkOauthAuthenticationFilter(IdentityProviderRepository identityProviderRepository,
                                              UserIdpService userIdpService) {
-        super(DEFAULT_FILTER_PROCESSES_URI, userIdpService, identityProviderRepository);
+        super(REQUEST_MATCHER, userIdpService, identityProviderRepository);
     }
 
     /**
@@ -105,10 +105,6 @@ public class DingtalkOauthAuthenticationFilter extends AbstractIdpAuthentication
     public Authentication attemptAuthentication(HttpServletRequest request,
                                                 HttpServletResponse response) throws AuthenticationException,
                                                                               IOException {
-        if (!REQUEST_MATCHER.matches(request)) {
-            throw new AuthenticationServiceException(
-                "Authentication method not supported: " + request.getMethod());
-        }
         OAuth2AuthorizationRequest authorizationRequest = getOauth2AuthorizationRequest(request,
             response);
         TraceUtils.put(UUID.randomUUID().toString());

eiam-authentication/eiam-authentication-dingtalk/src/main/java/cn/topiam/employee/authentication/dingtalk/filter/DingtalkScanCodeAuthenticationFilter.java

@@ -25,7 +25,6 @@ import java.util.concurrent.TimeUnit;
 
 import org.apache.commons.lang3.StringUtils;
 import org.springframework.http.HttpMethod;
-import org.springframework.security.authentication.AuthenticationServiceException;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
@@ -96,7 +95,7 @@ public class DingtalkScanCodeAuthenticationFilter extends
      */
     public DingtalkScanCodeAuthenticationFilter(IdentityProviderRepository identityProviderRepository,
                                                 UserIdpService userIdpService) {
-        super(DEFAULT_FILTER_PROCESSES_URI, userIdpService, identityProviderRepository);
+        super(REQUEST_MATCHER, userIdpService, identityProviderRepository);
     }
 
     /**
@@ -111,10 +110,6 @@ public class DingtalkScanCodeAuthenticationFilter extends
     public Authentication attemptAuthentication(HttpServletRequest request,
                                                 HttpServletResponse response) throws AuthenticationException,
                                                                               IOException {
-        if (!REQUEST_MATCHER.matches(request)) {
-            throw new AuthenticationServiceException(
-                "Authentication method not supported: " + request.getMethod());
-        }
         //@formatter:off
         OAuth2AuthorizationRequest authorizationRequest = getOauth2AuthorizationRequest(request,
             response);

eiam-authentication/eiam-authentication-feishu/src/main/java/cn/topiam/employee/authentication/feishu/configurer/FeiShuScanCodeAuthenticationConfigurer.java

@@ -17,6 +17,7 @@
  */
 package cn.topiam.employee.authentication.feishu.configurer;
 
+import org.springframework.http.HttpMethod;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer;
 import org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter;
@@ -31,6 +32,10 @@ import cn.topiam.employee.authentication.feishu.filter.FeiShuAuthorizationReques
 import cn.topiam.employee.authentication.feishu.filter.FeiShuLoginAuthenticationFilter;
 import cn.topiam.employee.common.repository.authentication.IdentityProviderRepository;
 
+import lombok.NonNull;
+import lombok.Setter;
+import static cn.topiam.employee.support.security.util.HttpSecurityFilterOrderRegistrationUtils.putFilterBefore;
+
 /**
  * 认证配置
  *
@@ -39,7 +44,9 @@ import cn.topiam.employee.common.repository.authentication.IdentityProviderRepos
  */
 public final class FeiShuScanCodeAuthenticationConfigurer extends
                                                           AbstractAuthenticationFilterConfigurer<HttpSecurity, FeiShuScanCodeAuthenticationConfigurer, FeiShuLoginAuthenticationFilter> {
-
+    @Setter
+    @NonNull
+    private String                           loginProcessingUrl = FeiShuLoginAuthenticationFilter.DEFAULT_FILTER_PROCESSES_URI;
     private final IdentityProviderRepository identityProviderRepository;
     private final UserIdpService             userIdpService;
 
@@ -60,28 +67,25 @@ public final class FeiShuScanCodeAuthenticationConfigurer extends
      */
     @Override
     protected RequestMatcher createLoginProcessingUrlMatcher(String loginProcessingUrl) {
-        return new AntPathRequestMatcher(loginProcessingUrl);
+        return new AntPathRequestMatcher(loginProcessingUrl, HttpMethod.GET.name());
     }
 
     @Override
     public void init(HttpSecurity http) throws Exception {
         //飞书登录认证
-        FeiShuLoginAuthenticationFilter loginAuthenticationFilter = new FeiShuLoginAuthenticationFilter(
+        this.setAuthenticationFilter(
-            identityProviderRepository, userIdpService);
+            new FeiShuLoginAuthenticationFilter(identityProviderRepository, userIdpService));
-        this.setAuthenticationFilter(loginAuthenticationFilter);
+        putFilterBefore(http, this.getAuthenticationFilter(),
-        //处理URL
+            OAuth2LoginAuthenticationFilter.class);
-        super.loginProcessingUrl(FeiShuLoginAuthenticationFilter.DEFAULT_FILTER_PROCESSES_URI);
-        super.init(http);
-    }
 
-    @Override
-    public void configure(HttpSecurity http) throws Exception {
         //飞书请求重定向
-        FeiShuAuthorizationRequestRedirectFilter requestRedirectFilter = new FeiShuAuthorizationRequestRedirectFilter(
+        http.addFilterBefore(
-            identityProviderRepository);
+            new FeiShuAuthorizationRequestRedirectFilter(identityProviderRepository),
-        http.addFilterBefore(requestRedirectFilter, OAuth2AuthorizationRequestRedirectFilter.class);
+            OAuth2AuthorizationRequestRedirectFilter.class);
-        http.addFilterBefore(this.getAuthenticationFilter(), OAuth2LoginAuthenticationFilter.class);
+
-        super.configure(http);
+        //登录处理网址
+        super.loginProcessingUrl(this.loginProcessingUrl);
+        super.init(http);
     }
 
     public RequestMatcher getRequestMatcher() {

eiam-authentication/eiam-authentication-feishu/src/main/java/cn/topiam/employee/authentication/feishu/filter/FeiShuLoginAuthenticationFilter.java

@@ -25,7 +25,6 @@ import java.util.Objects;
 import org.apache.commons.lang3.StringUtils;
 import org.apache.http.message.BasicHeader;
 import org.springframework.http.HttpMethod;
-import org.springframework.security.authentication.AuthenticationServiceException;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
@@ -76,7 +75,7 @@ public class FeiShuLoginAuthenticationFilter extends AbstractIdpAuthenticationPr
      */
     public FeiShuLoginAuthenticationFilter(IdentityProviderRepository identityProviderRepository,
                                            UserIdpService userIdpService) {
-        super(DEFAULT_FILTER_PROCESSES_URI, userIdpService, identityProviderRepository);
+        super(REQUEST_MATCHER, userIdpService, identityProviderRepository);
     }
 
     /**
@@ -91,10 +90,6 @@ public class FeiShuLoginAuthenticationFilter extends AbstractIdpAuthenticationPr
     public Authentication attemptAuthentication(HttpServletRequest request,
                                                 HttpServletResponse response) throws AuthenticationException,
                                                                               IOException {
-        if (!REQUEST_MATCHER.matches(request)) {
-            throw new AuthenticationServiceException(
-                "Authentication method not supported: " + request.getMethod());
-        }
         OAuth2AuthorizationRequest authorizationRequest = getOauth2AuthorizationRequest(request,
             response);
         RequestMatcher.MatchResult matcher = REQUEST_MATCHER.matcher(request);

eiam-authentication/eiam-authentication-gitee/src/main/java/cn/topiam/employee/authentication/gitee/configurer/GiteeAuthenticationConfigurer.java

@@ -17,6 +17,7 @@
  */
 package cn.topiam.employee.authentication.gitee.configurer;
 
+import org.springframework.http.HttpMethod;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer;
 import org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter;
@@ -31,6 +32,10 @@ import cn.topiam.employee.authentication.gitee.filter.GiteeAuthorizationRequestR
 import cn.topiam.employee.authentication.gitee.filter.GiteeLoginAuthenticationFilter;
 import cn.topiam.employee.common.repository.authentication.IdentityProviderRepository;
 
+import lombok.NonNull;
+import lombok.Setter;
+import static cn.topiam.employee.support.security.util.HttpSecurityFilterOrderRegistrationUtils.putFilterBefore;
+
 /**
  * 认证配置
  *
@@ -39,7 +44,9 @@ import cn.topiam.employee.common.repository.authentication.IdentityProviderRepos
  */
 public final class GiteeAuthenticationConfigurer extends
                                                  AbstractAuthenticationFilterConfigurer<HttpSecurity, GiteeAuthenticationConfigurer, GiteeLoginAuthenticationFilter> {
-
+    @Setter
+    @NonNull
+    private String                           loginProcessingUrl = GiteeLoginAuthenticationFilter.DEFAULT_FILTER_PROCESSES_URI;
     private final IdentityProviderRepository identityProviderRepository;
     private final UserIdpService             userIdpService;
 
@@ -60,28 +67,25 @@ public final class GiteeAuthenticationConfigurer extends
      */
     @Override
     protected RequestMatcher createLoginProcessingUrlMatcher(String loginProcessingUrl) {
-        return new AntPathRequestMatcher(loginProcessingUrl);
+        return new AntPathRequestMatcher(loginProcessingUrl, HttpMethod.GET.name());
     }
 
     @Override
     public void init(HttpSecurity http) throws Exception {
         //Gitee登录认证
-        GiteeLoginAuthenticationFilter loginAuthenticationFilter = new GiteeLoginAuthenticationFilter(
+        this.setAuthenticationFilter(
-            identityProviderRepository, userIdpService);
+            new GiteeLoginAuthenticationFilter(identityProviderRepository, userIdpService));
-        this.setAuthenticationFilter(loginAuthenticationFilter);
+        putFilterBefore(http, this.getAuthenticationFilter(),
-        //处理URL
+            OAuth2LoginAuthenticationFilter.class);
-        super.loginProcessingUrl(GiteeLoginAuthenticationFilter.DEFAULT_FILTER_PROCESSES_URI);
-        super.init(http);
-    }
 
-    @Override
-    public void configure(HttpSecurity http) throws Exception {
         //Gitee扫码请求重定向
-        GiteeAuthorizationRequestRedirectFilter requestRedirectFilter = new GiteeAuthorizationRequestRedirectFilter(
+        http.addFilterBefore(
-            identityProviderRepository);
+            new GiteeAuthorizationRequestRedirectFilter(identityProviderRepository),
-        http.addFilterBefore(requestRedirectFilter, OAuth2AuthorizationRequestRedirectFilter.class);
+            OAuth2AuthorizationRequestRedirectFilter.class);
-        http.addFilterBefore(this.getAuthenticationFilter(), OAuth2LoginAuthenticationFilter.class);
+
-        super.configure(http);
+        //登录处理地址
+        super.loginProcessingUrl(this.loginProcessingUrl);
+        super.init(http);
     }
 
     public RequestMatcher getRequestMatcher() {

eiam-authentication/eiam-authentication-gitee/src/main/java/cn/topiam/employee/authentication/gitee/filter/GiteeLoginAuthenticationFilter.java

@@ -24,7 +24,6 @@ import java.util.Objects;
 
 import org.apache.commons.lang3.StringUtils;
 import org.springframework.http.HttpMethod;
-import org.springframework.security.authentication.AuthenticationServiceException;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
@@ -80,7 +79,7 @@ public class GiteeLoginAuthenticationFilter extends AbstractIdpAuthenticationPro
      */
     public GiteeLoginAuthenticationFilter(IdentityProviderRepository identityProviderRepository,
                                           UserIdpService userIdpService) {
-        super(DEFAULT_FILTER_PROCESSES_URI, userIdpService, identityProviderRepository);
+        super(REQUEST_MATCHER, userIdpService, identityProviderRepository);
     }
 
     /**
@@ -95,10 +94,6 @@ public class GiteeLoginAuthenticationFilter extends AbstractIdpAuthenticationPro
     public Authentication attemptAuthentication(HttpServletRequest request,
                                                 HttpServletResponse response) throws AuthenticationException,
                                                                               IOException {
-        if (!REQUEST_MATCHER.matches(request)) {
-            throw new AuthenticationServiceException(
-                "Authentication method not supported: " + request.getMethod());
-        }
         OAuth2AuthorizationRequest authorizationRequest = getOauth2AuthorizationRequest(request,
             response);
         RequestMatcher.MatchResult matcher = REQUEST_MATCHER.matcher(request);

eiam-authentication/eiam-authentication-github/src/main/java/cn/topiam/employee/authentication/github/configurer/GithubOauthAuthenticationConfigurer.java

@@ -17,6 +17,7 @@
  */
 package cn.topiam.employee.authentication.github.configurer;
 
+import org.springframework.http.HttpMethod;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer;
 import org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter;
@@ -31,6 +32,10 @@ import cn.topiam.employee.authentication.github.filter.GithubOAuth2Authorization
 import cn.topiam.employee.authentication.github.filter.GithubOAuth2LoginAuthenticationFilter;
 import cn.topiam.employee.common.repository.authentication.IdentityProviderRepository;
 
+import lombok.NonNull;
+import lombok.Setter;
+import static cn.topiam.employee.support.security.util.HttpSecurityFilterOrderRegistrationUtils.putFilterBefore;
+
 /**
  * 认证配置
  *
@@ -39,7 +44,9 @@ import cn.topiam.employee.common.repository.authentication.IdentityProviderRepos
  */
 public final class GithubOauthAuthenticationConfigurer extends
                                                        AbstractAuthenticationFilterConfigurer<HttpSecurity, GithubOauthAuthenticationConfigurer, GithubOAuth2LoginAuthenticationFilter> {
-
+    @Setter
+    @NonNull
+    private String                           loginProcessingUrl = GithubOAuth2LoginAuthenticationFilter.DEFAULT_FILTER_PROCESSES_URI;
     private final IdentityProviderRepository identityProviderRepository;
     private final UserIdpService             userIdpService;
 
@@ -60,30 +67,25 @@ public final class GithubOauthAuthenticationConfigurer extends
      */
     @Override
     protected RequestMatcher createLoginProcessingUrlMatcher(String loginProcessingUrl) {
-        return new AntPathRequestMatcher(loginProcessingUrl);
+        return new AntPathRequestMatcher(loginProcessingUrl, HttpMethod.GET.name());
     }
 
     @Override
     public void init(HttpSecurity http) throws Exception {
-        //设置登录成功失败处理器
         //Github扫码登录认证
-        GithubOAuth2LoginAuthenticationFilter loginAuthenticationFilter = new GithubOAuth2LoginAuthenticationFilter(
+        this.setAuthenticationFilter(
-            identityProviderRepository, userIdpService);
+            new GithubOAuth2LoginAuthenticationFilter(identityProviderRepository, userIdpService));
-        this.setAuthenticationFilter(loginAuthenticationFilter);
+        putFilterBefore(http, this.getAuthenticationFilter(),
-        //处理URL
+            OAuth2LoginAuthenticationFilter.class);
-        super.loginProcessingUrl(
-            GithubOAuth2LoginAuthenticationFilter.DEFAULT_FILTER_PROCESSES_URI);
-        super.init(http);
-    }
 
-    @Override
-    public void configure(HttpSecurity http) throws Exception {
         //GITHUB请求重定向
-        GithubOAuth2AuthorizationRequestRedirectFilter requestRedirectFilter = new GithubOAuth2AuthorizationRequestRedirectFilter(
+        http.addFilterBefore(
-            identityProviderRepository);
+            new GithubOAuth2AuthorizationRequestRedirectFilter(identityProviderRepository),
-        http.addFilterBefore(requestRedirectFilter, OAuth2AuthorizationRequestRedirectFilter.class);
+            OAuth2AuthorizationRequestRedirectFilter.class);
-        http.addFilterBefore(this.getAuthenticationFilter(), OAuth2LoginAuthenticationFilter.class);
+
-        super.configure(http);
+        //登录处理地址
+        super.loginProcessingUrl(this.loginProcessingUrl);
+        super.init(http);
     }
 
     public RequestMatcher getRequestMatcher() {

eiam-authentication/eiam-authentication-github/src/main/java/cn/topiam/employee/authentication/github/filter/GithubOAuth2LoginAuthenticationFilter.java

@@ -25,7 +25,6 @@ import java.util.UUID;
 
 import org.apache.commons.lang3.StringUtils;
 import org.springframework.http.*;
-import org.springframework.security.authentication.AuthenticationServiceException;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
@@ -80,7 +79,7 @@ public class GithubOAuth2LoginAuthenticationFilter extends
      */
     public GithubOAuth2LoginAuthenticationFilter(IdentityProviderRepository identityProviderRepository,
                                                  UserIdpService userIdpService) {
-        super(DEFAULT_FILTER_PROCESSES_URI, userIdpService, identityProviderRepository);
+        super(REQUEST_MATCHER, userIdpService, identityProviderRepository);
     }
 
     /**
@@ -95,10 +94,6 @@ public class GithubOAuth2LoginAuthenticationFilter extends
     public Authentication attemptAuthentication(HttpServletRequest request,
                                                 HttpServletResponse response) throws AuthenticationException,
                                                                               IOException {
-        if (!REQUEST_MATCHER.matches(request)) {
-            throw new AuthenticationServiceException(
-                "Authentication method not supported: " + request.getMethod());
-        }
         OAuth2AuthorizationRequest authorizationRequest = getOauth2AuthorizationRequest(request,
             response);
         TraceUtils.put(UUID.randomUUID().toString());

eiam-authentication/eiam-authentication-mail/src/main/java/cn/topiam/employee/authentication/otp/mail/configurer/MailOtpAuthenticationConfigurer.java

@@ -15,19 +15,26 @@
  * You should have received a copy of the GNU Affero General Public License
  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  */
-package cn.topiam.employee.authentication.otp.mail;
+package cn.topiam.employee.authentication.otp.mail.configurer;
 
+import org.springframework.http.HttpMethod;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer;
 import org.springframework.security.core.userdetails.UserDetailsService;
-import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
+import org.springframework.security.oauth2.client.web.OAuth2LoginAuthenticationFilter;
 import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
 import org.springframework.security.web.util.matcher.RequestMatcher;
 import org.springframework.util.Assert;
 
+import cn.topiam.employee.authentication.otp.mail.filter.MailOtpAuthenticationFilter;
+import cn.topiam.employee.authentication.otp.mail.filter.SendMailOtpFilter;
 import cn.topiam.employee.common.repository.account.UserRepository;
 import cn.topiam.employee.core.security.otp.OtpContextHelp;
 
+import lombok.NonNull;
+import lombok.Setter;
+import static cn.topiam.employee.support.security.util.HttpSecurityFilterOrderRegistrationUtils.putFilterAfter;
+
 /**
  * 认证配置
  *
@@ -37,46 +44,27 @@ import cn.topiam.employee.core.security.otp.OtpContextHelp;
 public class MailOtpAuthenticationConfigurer extends
                                              AbstractAuthenticationFilterConfigurer<HttpSecurity, MailOtpAuthenticationConfigurer, MailOtpAuthenticationFilter> {
 
-    /**
+    @Setter
-     * Create the {@link RequestMatcher} given a loginProcessingUrl
+    @NonNull
-     *
+    private String loginProcessingUrl = MailOtpAuthenticationFilter.DEFAULT_FILTER_PROCESSES_URI;
-     * @param loginProcessingUrl creates the {@link RequestMatcher} based upon the
-     *                           loginProcessingUrl
-     * @return the {@link RequestMatcher} to use based upon the loginProcessingUrl
-     */
-    @Override
-    protected RequestMatcher createLoginProcessingUrlMatcher(String loginProcessingUrl) {
-        return new AntPathRequestMatcher(loginProcessingUrl);
-    }
 
     @Override
     public void init(HttpSecurity http) throws Exception {
-        //OTP
+        //邮箱OTP发送
-        MailOtpAuthenticationFilter loginAuthenticationFilter = getAbstractOtpAuthenticationFilter();
+        http.addFilterBefore(new SendMailOtpFilter(userRepository, otpContextHelp),
-        this.setAuthenticationFilter(loginAuthenticationFilter);
+            OAuth2LoginAuthenticationFilter.class);
-        //处理URL
+        //邮箱OTP认证
-        super.loginProcessingUrl(loginAuthenticationFilter.getFilterProcessesUri());
+        this.setAuthenticationFilter(
+            new MailOtpAuthenticationFilter(userDetailsService, otpContextHelp));
+        putFilterAfter(http, this.getAuthenticationFilter(), SendMailOtpFilter.class);
+
+        //登录处理地址
+        super.loginProcessingUrl(this.loginProcessingUrl);
         super.init(http);
     }
 
-    @Override
-    public void configure(HttpSecurity http) throws Exception {
-        SendMailOtpFilter sendOtpFilter = getAbstractSendOtpFilter();
-        http.addFilterAfter(sendOtpFilter, UsernamePasswordAuthenticationFilter.class);
-        http.addFilterAfter(this.getAuthenticationFilter(), sendOtpFilter.getClass());
-        super.configure(http);
-    }
-
     public RequestMatcher getRequestMatcher() {
-        return getAbstractOtpAuthenticationFilter().getRequestMatcher();
+        return MailOtpAuthenticationFilter.getRequestMatcher();
-    }
-
-    public MailOtpAuthenticationFilter getAbstractOtpAuthenticationFilter() {
-        return new MailOtpAuthenticationFilter(userDetailsService, otpContextHelp);
-    }
-
-    public SendMailOtpFilter getAbstractSendOtpFilter() {
-        return new SendMailOtpFilter(userRepository, otpContextHelp);
     }
 
     private final UserRepository     userRepository;
@@ -95,6 +83,18 @@ public class MailOtpAuthenticationConfigurer extends
         this.otpContextHelp = otpContextHelp;
     }
 
+    /**
+     * Create the {@link RequestMatcher} given a loginProcessingUrl
+     *
+     * @param loginProcessingUrl creates the {@link RequestMatcher} based upon the
+     *                           loginProcessingUrl
+     * @return the {@link RequestMatcher} to use based upon the loginProcessingUrl
+     */
+    @Override
+    protected RequestMatcher createLoginProcessingUrlMatcher(String loginProcessingUrl) {
+        return new AntPathRequestMatcher(loginProcessingUrl, HttpMethod.POST.name());
+    }
+
     public static MailOtpAuthenticationConfigurer mailOtp(UserRepository userRepository,
                                                           UserDetailsService userDetailsService,
                                                           OtpContextHelp otpContextHelp) {

eiam-authentication/eiam-authentication-mail/src/main/java/cn/topiam/employee/authentication/otp/mail/filter/MailOtpAuthenticationFilter.java

@@ -15,7 +15,7 @@
  * You should have received a copy of the GNU Affero General Public License
  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  */
-package cn.topiam.employee.authentication.otp.mail;
+package cn.topiam.employee.authentication.otp.mail.filter;
 
 import org.apache.commons.lang3.StringUtils;
 import org.slf4j.Logger;
@@ -77,8 +77,6 @@ public class MailOtpAuthenticationFilter extends AbstractAuthenticationProcessin
      */
     private boolean                    postOnly                     = true;
 
-    public RequestMatcher              captchaLoginMatcher;
-
     @Override
     public Authentication attemptAuthentication(HttpServletRequest request,
                                                 HttpServletResponse response) throws AuthenticationException {
@@ -185,8 +183,8 @@ public class MailOtpAuthenticationFilter extends AbstractAuthenticationProcessin
         this.codeParameter = codeParameter;
     }
 
-    public RequestMatcher getRequestMatcher() {
+    public static RequestMatcher getRequestMatcher() {
-        return captchaLoginMatcher;
+        return MAIL_LOGIN_MATCHER;
     }
 
     private final OtpContextHelp     otpContextHelp;
@@ -198,6 +196,5 @@ public class MailOtpAuthenticationFilter extends AbstractAuthenticationProcessin
         super(MAIL_LOGIN_MATCHER);
         this.userDetailsService = userDetailsService;
         this.otpContextHelp = otpContextHelp;
-        this.captchaLoginMatcher = MAIL_LOGIN_MATCHER;
     }
 }

eiam-authentication/eiam-authentication-mail/src/main/java/cn/topiam/employee/authentication/otp/mail/filter/SendMailOtpFilter.java

@@ -15,7 +15,7 @@
  * You should have received a copy of the GNU Affero General Public License
  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  */
-package cn.topiam.employee.authentication.otp.mail;
+package cn.topiam.employee.authentication.otp.mail.filter;
 
 import java.io.IOException;
 import java.util.Objects;

eiam-authentication/eiam-authentication-qq/src/main/java/cn/topiam/employee/authentication/qq/configurer/QqOauthAuthenticationConfigurer.java

@@ -17,6 +17,7 @@
  */
 package cn.topiam.employee.authentication.qq.configurer;
 
+import org.springframework.http.HttpMethod;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer;
 import org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter;
@@ -31,6 +32,10 @@ import cn.topiam.employee.authentication.qq.filter.QqOAuth2AuthorizationRequestR
 import cn.topiam.employee.authentication.qq.filter.QqOAuth2LoginAuthenticationFilter;
 import cn.topiam.employee.common.repository.authentication.IdentityProviderRepository;
 
+import lombok.NonNull;
+import lombok.Setter;
+import static cn.topiam.employee.support.security.util.HttpSecurityFilterOrderRegistrationUtils.putFilterBefore;
+
 /**
  * 认证配置
  *
@@ -40,6 +45,10 @@ import cn.topiam.employee.common.repository.authentication.IdentityProviderRepos
 public final class QqOauthAuthenticationConfigurer extends
                                                    AbstractAuthenticationFilterConfigurer<HttpSecurity, QqOauthAuthenticationConfigurer, QqOAuth2LoginAuthenticationFilter> {
 
+    @Setter
+    @NonNull
+    private String                           loginProcessingUrl = QqOAuth2LoginAuthenticationFilter.DEFAULT_FILTER_PROCESSES_URI;
+
     private final IdentityProviderRepository identityProviderRepository;
     private final UserIdpService             userIdpService;
 
@@ -60,29 +69,25 @@ public final class QqOauthAuthenticationConfigurer extends
      */
     @Override
     protected RequestMatcher createLoginProcessingUrlMatcher(String loginProcessingUrl) {
-        return new AntPathRequestMatcher(loginProcessingUrl);
+        return new AntPathRequestMatcher(loginProcessingUrl, HttpMethod.GET.name());
     }
 
     @Override
     public void init(HttpSecurity http) throws Exception {
-        //设置登录成功失败处理器
         //QQ扫码登录认证
-        QqOAuth2LoginAuthenticationFilter loginAuthenticationFilter = new QqOAuth2LoginAuthenticationFilter(
+        this.setAuthenticationFilter(
-            identityProviderRepository, userIdpService);
+            new QqOAuth2LoginAuthenticationFilter(identityProviderRepository, userIdpService));
-        this.setAuthenticationFilter(loginAuthenticationFilter);
+        putFilterBefore(http, this.getAuthenticationFilter(),
-        //处理URL
+            OAuth2LoginAuthenticationFilter.class);
-        super.loginProcessingUrl(QqOAuth2LoginAuthenticationFilter.DEFAULT_FILTER_PROCESSES_URI);
-        super.init(http);
-    }
 
-    @Override
-    public void configure(HttpSecurity http) throws Exception {
         //QQ扫码请求重定向
-        QqOAuth2AuthorizationRequestRedirectFilter requestRedirectFilter = new QqOAuth2AuthorizationRequestRedirectFilter(
+        http.addFilterBefore(
-            identityProviderRepository);
+            new QqOAuth2AuthorizationRequestRedirectFilter(identityProviderRepository),
-        http.addFilterBefore(requestRedirectFilter, OAuth2AuthorizationRequestRedirectFilter.class);
+            OAuth2AuthorizationRequestRedirectFilter.class);
-        http.addFilterBefore(this.getAuthenticationFilter(), OAuth2LoginAuthenticationFilter.class);
+
-        super.configure(http);
+        //QQ登录处理地址
+        super.loginProcessingUrl(loginProcessingUrl);
+        super.init(http);
     }
 
     public RequestMatcher getRequestMatcher() {

eiam-authentication/eiam-authentication-qq/src/main/java/cn/topiam/employee/authentication/qq/filter/QqOAuth2LoginAuthenticationFilter.java

@@ -25,7 +25,6 @@ import java.util.UUID;
 
 import org.apache.commons.lang3.StringUtils;
 import org.springframework.http.HttpMethod;
-import org.springframework.security.authentication.AuthenticationServiceException;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
@@ -82,7 +81,7 @@ public class QqOAuth2LoginAuthenticationFilter extends AbstractIdpAuthentication
      */
     public QqOAuth2LoginAuthenticationFilter(IdentityProviderRepository identityProviderRepository,
                                              UserIdpService userIdpService) {
-        super(DEFAULT_FILTER_PROCESSES_URI, userIdpService, identityProviderRepository);
+        super(REQUEST_MATCHER, userIdpService, identityProviderRepository);
     }
 
     /**
@@ -97,10 +96,6 @@ public class QqOAuth2LoginAuthenticationFilter extends AbstractIdpAuthentication
     public Authentication attemptAuthentication(HttpServletRequest request,
                                                 HttpServletResponse response) throws AuthenticationException,
                                                                               IOException {
-        if (!REQUEST_MATCHER.matches(request)) {
-            throw new AuthenticationServiceException(
-                "Authentication method not supported: " + request.getMethod());
-        }
         OAuth2AuthorizationRequest authorizationRequest = getOauth2AuthorizationRequest(request,
             response);
         TraceUtils.put(UUID.randomUUID().toString());

eiam-authentication/eiam-authentication-sms/src/main/java/cn/topiam/employee/authentication/otp/sms/configurer/SmsOtpAuthenticationConfigurer.java

@@ -15,19 +15,26 @@
  * You should have received a copy of the GNU Affero General Public License
  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  */
-package cn.topiam.employee.authentication.otp.sms;
+package cn.topiam.employee.authentication.otp.sms.configurer;
 
+import org.springframework.http.HttpMethod;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer;
 import org.springframework.security.core.userdetails.UserDetailsService;
-import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
+import org.springframework.security.oauth2.client.web.OAuth2LoginAuthenticationFilter;
 import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
 import org.springframework.security.web.util.matcher.RequestMatcher;
 import org.springframework.util.Assert;
 
+import cn.topiam.employee.authentication.otp.sms.filter.SendSmsOtpFilter;
+import cn.topiam.employee.authentication.otp.sms.filter.SmsOtpAuthenticationFilter;
 import cn.topiam.employee.common.repository.account.UserRepository;
 import cn.topiam.employee.core.security.otp.OtpContextHelp;
 
+import lombok.NonNull;
+import lombok.Setter;
+import static cn.topiam.employee.support.security.util.HttpSecurityFilterOrderRegistrationUtils.putFilterAfter;
+
 /**
  * 认证配置
  *
@@ -36,47 +43,27 @@ import cn.topiam.employee.core.security.otp.OtpContextHelp;
  */
 public class SmsOtpAuthenticationConfigurer extends
                                             AbstractAuthenticationFilterConfigurer<HttpSecurity, SmsOtpAuthenticationConfigurer, SmsOtpAuthenticationFilter> {
-
+    @Setter
-    /**
+    @NonNull
-     * Create the {@link RequestMatcher} given a loginProcessingUrl
+    private String loginProcessingUrl = SmsOtpAuthenticationFilter.DEFAULT_FILTER_PROCESSES_URI;
-     *
-     * @param loginProcessingUrl creates the {@link RequestMatcher} based upon the
-     *                           loginProcessingUrl
-     * @return the {@link RequestMatcher} to use based upon the loginProcessingUrl
-     */
-    @Override
-    protected RequestMatcher createLoginProcessingUrlMatcher(String loginProcessingUrl) {
-        return new AntPathRequestMatcher(loginProcessingUrl);
-    }
 
     @Override
     public void init(HttpSecurity http) throws Exception {
+        http.addFilterBefore(new SendSmsOtpFilter(userRepository, otpContextHelp),
+            OAuth2LoginAuthenticationFilter.class);
+
         //OTP
-        SmsOtpAuthenticationFilter loginAuthenticationFilter = getAbstractOtpAuthenticationFilter();
+        this.setAuthenticationFilter(
-        this.setAuthenticationFilter(loginAuthenticationFilter);
+            new SmsOtpAuthenticationFilter(userDetailsService, otpContextHelp));
-        //处理URL
+        putFilterAfter(http, this.getAuthenticationFilter(), SendSmsOtpFilter.class);
-        super.loginProcessingUrl(loginAuthenticationFilter.getFilterProcessesUri());
+
+        //登录处理地址
+        super.loginProcessingUrl(this.loginProcessingUrl);
         super.init(http);
     }
 
-    @Override
-    public void configure(HttpSecurity http) throws Exception {
-        SendSmsOtpFilter sendOtpFilter = getAbstractSendOtpFilter();
-        http.addFilterAfter(sendOtpFilter, UsernamePasswordAuthenticationFilter.class);
-        http.addFilterAfter(this.getAuthenticationFilter(), sendOtpFilter.getClass());
-        super.configure(http);
-    }
-
     public RequestMatcher getRequestMatcher() {
-        return getAbstractOtpAuthenticationFilter().getRequestMatcher();
+        return SendSmsOtpFilter.getRequestMatcher();
-    }
-
-    public SmsOtpAuthenticationFilter getAbstractOtpAuthenticationFilter() {
-        return new SmsOtpAuthenticationFilter(userDetailsService, otpContextHelp);
-    }
-
-    public SendSmsOtpFilter getAbstractSendOtpFilter() {
-        return new SendSmsOtpFilter(userRepository, otpContextHelp);
     }
 
     private final UserRepository     userRepository;
@@ -95,6 +82,18 @@ public class SmsOtpAuthenticationConfigurer extends
         this.otpContextHelp = otpContextHelp;
     }
 
+    /**
+     * Create the {@link RequestMatcher} given a loginProcessingUrl
+     *
+     * @param loginProcessingUrl creates the {@link RequestMatcher} based upon the
+     *                           loginProcessingUrl
+     * @return the {@link RequestMatcher} to use based upon the loginProcessingUrl
+     */
+    @Override
+    protected RequestMatcher createLoginProcessingUrlMatcher(String loginProcessingUrl) {
+        return new AntPathRequestMatcher(loginProcessingUrl, HttpMethod.POST.name());
+    }
+
     public static SmsOtpAuthenticationConfigurer smsOtp(UserRepository userRepository,
                                                         UserDetailsService userDetailsService,
                                                         OtpContextHelp otpContextHelp) {

eiam-authentication/eiam-authentication-sms/src/main/java/cn/topiam/employee/authentication/otp/sms/filter/SendSmsOtpFilter.java

@@ -15,7 +15,7 @@
  * You should have received a copy of the GNU Affero General Public License
  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  */
-package cn.topiam.employee.authentication.otp.sms;
+package cn.topiam.employee.authentication.otp.sms.filter;
 
 import java.io.IOException;
 import java.util.Objects;
@@ -77,7 +77,7 @@ public class SendSmsOtpFilter extends OncePerRequestFilter {
         sendOtp(response, recipient);
     }
 
-    public RequestMatcher getRequestMatcher() {
+    public static RequestMatcher getRequestMatcher() {
         return SMS_SEND_OPT_MATCHER;
     }
 

eiam-authentication/eiam-authentication-sms/src/main/java/cn/topiam/employee/authentication/otp/sms/filter/SmsOtpAuthenticationFilter.java

@@ -15,7 +15,7 @@
  * You should have received a copy of the GNU Affero General Public License
  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  */
-package cn.topiam.employee.authentication.otp.sms;
+package cn.topiam.employee.authentication.otp.sms.filter;
 
 import org.apache.commons.lang3.StringUtils;
 import org.slf4j.Logger;

eiam-authentication/eiam-authentication-wechat/src/main/java/cn/topiam/employee/authentication/wechat/configurer/WeChatScanCodeAuthenticationConfigurer.java

@@ -17,6 +17,7 @@
  */
 package cn.topiam.employee.authentication.wechat.configurer;
 
+import org.springframework.http.HttpMethod;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer;
 import org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter;
@@ -31,6 +32,10 @@ import cn.topiam.employee.authentication.wechat.filter.WeChatScanCodeAuthorizati
 import cn.topiam.employee.authentication.wechat.filter.WeChatScanCodeLoginAuthenticationFilter;
 import cn.topiam.employee.common.repository.authentication.IdentityProviderRepository;
 
+import lombok.NonNull;
+import lombok.Setter;
+import static cn.topiam.employee.support.security.util.HttpSecurityFilterOrderRegistrationUtils.putFilterBefore;
+
 /**
  * 认证配置
  *
@@ -39,7 +44,9 @@ import cn.topiam.employee.common.repository.authentication.IdentityProviderRepos
  */
 public final class WeChatScanCodeAuthenticationConfigurer extends
                                                           AbstractAuthenticationFilterConfigurer<HttpSecurity, WeChatScanCodeAuthenticationConfigurer, WeChatScanCodeLoginAuthenticationFilter> {
-
+    @Setter
+    @NonNull
+    private String                           loginProcessingUrl = WeChatScanCodeLoginAuthenticationFilter.DEFAULT_FILTER_PROCESSES_URI;
     private final IdentityProviderRepository identityProviderRepository;
     private final UserIdpService             userIdpService;
 
@@ -60,29 +67,25 @@ public final class WeChatScanCodeAuthenticationConfigurer extends
      */
     @Override
     protected RequestMatcher createLoginProcessingUrlMatcher(String loginProcessingUrl) {
-        return new AntPathRequestMatcher(loginProcessingUrl);
+        return new AntPathRequestMatcher(loginProcessingUrl, HttpMethod.GET.name());
     }
 
     @Override
     public void init(HttpSecurity http) throws Exception {
-        //微信扫码登录认证
+        //扫码登录重定向地址
-        WeChatScanCodeLoginAuthenticationFilter loginAuthenticationFilter = new WeChatScanCodeLoginAuthenticationFilter(
+        http.addFilterBefore(
-            identityProviderRepository, userIdpService);
+            new WeChatScanCodeAuthorizationRequestRedirectFilter(identityProviderRepository),
-        this.setAuthenticationFilter(loginAuthenticationFilter);
+            OAuth2AuthorizationRequestRedirectFilter.class);
-        //处理URL
-        super.loginProcessingUrl(
-            WeChatScanCodeLoginAuthenticationFilter.DEFAULT_FILTER_PROCESSES_URI);
-        super.init(http);
-    }
 
-    @Override
+        //微信扫码登录认证
-    public void configure(HttpSecurity http) throws Exception {
+        this.setAuthenticationFilter(new WeChatScanCodeLoginAuthenticationFilter(
-        //微信扫码请求重定向
+            identityProviderRepository, userIdpService));
-        WeChatScanCodeAuthorizationRequestRedirectFilter requestRedirectFilter = new WeChatScanCodeAuthorizationRequestRedirectFilter(
+        putFilterBefore(http, this.getAuthenticationFilter(),
-            identityProviderRepository);
+            OAuth2LoginAuthenticationFilter.class);
-        http.addFilterBefore(requestRedirectFilter, OAuth2AuthorizationRequestRedirectFilter.class);
+
-        http.addFilterBefore(this.getAuthenticationFilter(), OAuth2LoginAuthenticationFilter.class);
+        //登录处理地址
-        super.configure(http);
+        super.loginProcessingUrl(loginProcessingUrl);
+        super.init(http);
     }
 
     public RequestMatcher getRequestMatcher() {

eiam-authentication/eiam-authentication-wechat/src/main/java/cn/topiam/employee/authentication/wechat/filter/WeChatScanCodeLoginAuthenticationFilter.java

@@ -24,7 +24,6 @@ import java.util.Objects;
 
 import org.apache.commons.lang3.StringUtils;
 import org.springframework.http.HttpMethod;
-import org.springframework.security.authentication.AuthenticationServiceException;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
@@ -80,7 +79,7 @@ public class WeChatScanCodeLoginAuthenticationFilter extends
      */
     public WeChatScanCodeLoginAuthenticationFilter(IdentityProviderRepository identityProviderRepository,
                                                    UserIdpService userIdpService) {
-        super(DEFAULT_FILTER_PROCESSES_URI, userIdpService, identityProviderRepository);
+        super(REQUEST_MATCHER, userIdpService, identityProviderRepository);
     }
 
     /**
@@ -95,10 +94,6 @@ public class WeChatScanCodeLoginAuthenticationFilter extends
     public Authentication attemptAuthentication(HttpServletRequest request,
                                                 HttpServletResponse response) throws AuthenticationException,
                                                                               IOException {
-        if (!REQUEST_MATCHER.matches(request)) {
-            throw new AuthenticationServiceException(
-                "Authentication method not supported: " + request.getMethod());
-        }
         OAuth2AuthorizationRequest authorizationRequest = getOauth2AuthorizationRequest(request,
             response);
         RequestMatcher.MatchResult matcher = REQUEST_MATCHER.matcher(request);

eiam-authentication/eiam-authentication-wechatwork/src/main/java/cn/topiam/employee/authentication/wechatwork/configurer/WeChatWorkScanCodeAuthenticationConfigurer.java

@@ -17,6 +17,7 @@
  */
 package cn.topiam.employee.authentication.wechatwork.configurer;
 
+import org.springframework.http.HttpMethod;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer;
 import org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter;
@@ -31,6 +32,10 @@ import cn.topiam.employee.authentication.wechatwork.filter.WeChatWorkScanCodeAut
 import cn.topiam.employee.authentication.wechatwork.filter.WeChatWorkScanCodeLoginAuthenticationFilter;
 import cn.topiam.employee.common.repository.authentication.IdentityProviderRepository;
 
+import lombok.NonNull;
+import lombok.Setter;
+import static cn.topiam.employee.support.security.util.HttpSecurityFilterOrderRegistrationUtils.putFilterBefore;
+
 /**
  * 认证配置
  *
@@ -39,6 +44,9 @@ import cn.topiam.employee.common.repository.authentication.IdentityProviderRepos
  */
 public final class WeChatWorkScanCodeAuthenticationConfigurer extends
                                                               AbstractAuthenticationFilterConfigurer<HttpSecurity, WeChatWorkScanCodeAuthenticationConfigurer, WeChatWorkScanCodeLoginAuthenticationFilter> {
+    @Setter
+    @NonNull
+    private String                           loginProcessingUrl = WeChatWorkScanCodeLoginAuthenticationFilter.DEFAULT_FILTER_PROCESSES_URI;
 
     private final IdentityProviderRepository identityProviderRepository;
     private final UserIdpService             userIdpService;
@@ -60,29 +68,25 @@ public final class WeChatWorkScanCodeAuthenticationConfigurer extends
      */
     @Override
     protected RequestMatcher createLoginProcessingUrlMatcher(String loginProcessingUrl) {
-        return new AntPathRequestMatcher(loginProcessingUrl);
+        return new AntPathRequestMatcher(loginProcessingUrl, HttpMethod.GET.name());
     }
 
     @Override
     public void init(HttpSecurity http) throws Exception {
-        //微信扫码登录认证
-        WeChatWorkScanCodeLoginAuthenticationFilter loginAuthenticationFilter = new WeChatWorkScanCodeLoginAuthenticationFilter(
-            identityProviderRepository, userIdpService);
-        this.setAuthenticationFilter(loginAuthenticationFilter);
-        //处理URL
-        super.loginProcessingUrl(
-            WeChatWorkScanCodeLoginAuthenticationFilter.DEFAULT_FILTER_PROCESSES_URI);
-        super.init(http);
-    }
-
-    @Override
-    public void configure(HttpSecurity http) throws Exception {
         //企业微信扫码请求重定向
-        WeChatWorkScanCodeAuthorizationRequestRedirectFilter requestRedirectFilter = new WeChatWorkScanCodeAuthorizationRequestRedirectFilter(
+        http.addFilterBefore(
-            identityProviderRepository);
+            new WeChatWorkScanCodeAuthorizationRequestRedirectFilter(identityProviderRepository),
-        http.addFilterBefore(requestRedirectFilter, OAuth2AuthorizationRequestRedirectFilter.class);
+            OAuth2AuthorizationRequestRedirectFilter.class);
-        http.addFilterBefore(this.getAuthenticationFilter(), OAuth2LoginAuthenticationFilter.class);
+
-        super.configure(http);
+        //微信扫码登录认证
+        this.setAuthenticationFilter(new WeChatWorkScanCodeLoginAuthenticationFilter(
+            identityProviderRepository, userIdpService));
+        putFilterBefore(http, this.getAuthenticationFilter(),
+            OAuth2LoginAuthenticationFilter.class);
+
+        //登录处理地址
+        super.loginProcessingUrl(this.loginProcessingUrl);
+        super.init(http);
     }
 
     public RequestMatcher getRequestMatcher() {

eiam-authentication/eiam-authentication-wechatwork/src/main/java/cn/topiam/employee/authentication/wechatwork/filter/WeChatWorkScanCodeLoginAuthenticationFilter.java

@@ -26,7 +26,6 @@ import java.util.concurrent.TimeUnit;
 
 import org.apache.commons.lang3.StringUtils;
 import org.springframework.http.HttpMethod;
-import org.springframework.security.authentication.AuthenticationServiceException;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
@@ -82,7 +81,7 @@ public class WeChatWorkScanCodeLoginAuthenticationFilter extends
      */
     public WeChatWorkScanCodeLoginAuthenticationFilter(IdentityProviderRepository identityProviderRepository,
                                                        UserIdpService userIdpService) {
-        super(DEFAULT_FILTER_PROCESSES_URI, userIdpService, identityProviderRepository);
+        super(REQUEST_MATCHER, userIdpService, identityProviderRepository);
     }
 
     /**
@@ -97,10 +96,6 @@ public class WeChatWorkScanCodeLoginAuthenticationFilter extends
     public Authentication attemptAuthentication(HttpServletRequest request,
                                                 HttpServletResponse response) throws AuthenticationException,
                                                                               IOException {
-        if (!REQUEST_MATCHER.matches(request)) {
-            throw new AuthenticationServiceException(
-                "Authentication method not supported: " + request.getMethod());
-        }
         TraceUtils.put(UUID.randomUUID().toString());
         OAuth2AuthorizationRequest authorizationRequest = getOauth2AuthorizationRequest(request,
             response);