gitee
/
eiam
mirror of https://gitee.com/topiam/eiam
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

优化身份提供商

pull/37/head
smallbun 2023-08-26 18:09:56 +08:00
parent cbfc9a5460
commit b24dda711d
22 changed files with 252 additions and 261 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
eiam-authentication/eiam-authentication-dingtalk/src/main/java/cn/topiam/employee/authentication/dingtalk/configurer/DingtalkOAuth2AuthenticationConfigurer.java
View File

@ -17,6 +17,7 @@
*/
package cn.topiam.employee.authentication.dingtalk.configurer;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer;
import org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter;
@ -31,6 +32,10 @@ import cn.topiam.employee.authentication.dingtalk.filter.DingtalkOAuth2Authoriza
import cn.topiam.employee.authentication.dingtalk.filter.DingtalkOauthAuthenticationFilter;
import cn.topiam.employee.common.repository.authentication.IdentityProviderRepository;
import lombok.NonNull;
import lombok.Setter;
import static cn.topiam.employee.support.security.util.HttpSecurityFilterOrderRegistrationUtils.putFilterBefore;
/**
*
*
@ -40,6 +45,10 @@ import cn.topiam.employee.common.repository.authentication.IdentityProviderRepos
@SuppressWarnings("AlibabaClassNamingShouldBeCamel")
public final class DingtalkOAuth2AuthenticationConfigurer extends
AbstractAuthenticationFilterConfigurer<HttpSecurity, DingtalkOAuth2AuthenticationConfigurer, DingtalkOauthAuthenticationFilter> {
@Setter
@NonNull
private String loginProcessingUrl = DingtalkOauthAuthenticationFilter.DEFAULT_FILTER_PROCESSES_URI;
private final IdentityProviderRepository identityProviderRepository;
private final UserIdpService userIdpService;
@ -60,28 +69,25 @@ public final class DingtalkOAuth2AuthenticationConfigurer extends
*/
@Override
protected RequestMatcher createLoginProcessingUrlMatcher(String loginProcessingUrl) {
return new AntPathRequestMatcher(loginProcessingUrl);
return new AntPathRequestMatcher(loginProcessingUrl, HttpMethod.GET.name());
}
@Override
public void init(HttpSecurity http) throws Exception {
//钉钉登录认证
DingtalkOauthAuthenticationFilter loginAuthenticationFilter = new DingtalkOauthAuthenticationFilter(
identityProviderRepository, userIdpService);
this.setAuthenticationFilter(loginAuthenticationFilter);
//处理URL
super.loginProcessingUrl(DingtalkOauthAuthenticationFilter.DEFAULT_FILTER_PROCESSES_URI);
super.init(http);
}
this.setAuthenticationFilter(
new DingtalkOauthAuthenticationFilter(identityProviderRepository, userIdpService));
putFilterBefore(http, this.getAuthenticationFilter(),
OAuth2LoginAuthenticationFilter.class);
@Override
public void configure(HttpSecurity http) throws Exception {
//钉钉请求重定向
DingtalkOAuth2AuthorizationRequestRedirectFilter requestRedirectFilter = new DingtalkOAuth2AuthorizationRequestRedirectFilter(
identityProviderRepository);
http.addFilterBefore(requestRedirectFilter, OAuth2AuthorizationRequestRedirectFilter.class);
http.addFilterBefore(this.getAuthenticationFilter(), OAuth2LoginAuthenticationFilter.class);
super.configure(http);
http.addFilterBefore(
new DingtalkOAuth2AuthorizationRequestRedirectFilter(identityProviderRepository),
OAuth2AuthorizationRequestRedirectFilter.class);
//登录处理地址
super.loginProcessingUrl(loginProcessingUrl);
super.init(http);
}
public RequestMatcher getRequestMatcher() {

36
eiam-authentication/eiam-authentication-dingtalk/src/main/java/cn/topiam/employee/authentication/dingtalk/configurer/DingtalkScanCodeAuthenticationConfigurer.java
View File

@ -17,6 +17,7 @@
*/
package cn.topiam.employee.authentication.dingtalk.configurer;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer;
import org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter;
@ -31,6 +32,10 @@ import cn.topiam.employee.authentication.dingtalk.filter.DingtalkScanCodeAuthent
import cn.topiam.employee.authentication.dingtalk.filter.DingtalkScanCodeAuthorizationRequestGetFilter;
import cn.topiam.employee.common.repository.authentication.IdentityProviderRepository;
import lombok.NonNull;
import lombok.Setter;
import static cn.topiam.employee.support.security.util.HttpSecurityFilterOrderRegistrationUtils.putFilterBefore;
/**
*
*
@ -39,6 +44,10 @@ import cn.topiam.employee.common.repository.authentication.IdentityProviderRepos
*/
public final class DingtalkScanCodeAuthenticationConfigurer extends
AbstractAuthenticationFilterConfigurer<HttpSecurity, DingtalkScanCodeAuthenticationConfigurer, DingtalkScanCodeAuthenticationFilter> {
@Setter
@NonNull
private String loginProcessingUrl = DingtalkScanCodeAuthenticationFilter.DEFAULT_FILTER_PROCESSES_URI;
private final IdentityProviderRepository identityProviderRepository;
private final UserIdpService userIdpService;
@ -59,28 +68,25 @@ public final class DingtalkScanCodeAuthenticationConfigurer extends
*/
@Override
protected RequestMatcher createLoginProcessingUrlMatcher(String loginProcessingUrl) {
return new AntPathRequestMatcher(loginProcessingUrl);
return new AntPathRequestMatcher(loginProcessingUrl, HttpMethod.GET.name());
}
@Override
public void init(HttpSecurity http) throws Exception {
//钉钉扫码登录认证
DingtalkScanCodeAuthenticationFilter loginAuthenticationFilter = new DingtalkScanCodeAuthenticationFilter(
identityProviderRepository, userIdpService);
this.setAuthenticationFilter(loginAuthenticationFilter);
//处理URL
super.loginProcessingUrl(DingtalkScanCodeAuthenticationFilter.DEFAULT_FILTER_PROCESSES_URI);
super.init(http);
}
this.setAuthenticationFilter(
new DingtalkScanCodeAuthenticationFilter(identityProviderRepository, userIdpService));
putFilterBefore(http, this.getAuthenticationFilter(),
OAuth2LoginAuthenticationFilter.class);
@Override
public void configure(HttpSecurity http) throws Exception {
//钉钉请求重定向
DingtalkScanCodeAuthorizationRequestGetFilter requestRedirectFilter = new DingtalkScanCodeAuthorizationRequestGetFilter(
identityProviderRepository);
http.addFilterBefore(requestRedirectFilter, OAuth2AuthorizationRequestRedirectFilter.class);
http.addFilterBefore(this.getAuthenticationFilter(), OAuth2LoginAuthenticationFilter.class);
super.configure(http);
http.addFilterBefore(
new DingtalkScanCodeAuthorizationRequestGetFilter(identityProviderRepository),
OAuth2AuthorizationRequestRedirectFilter.class);
//登录处理网址
super.loginProcessingUrl(this.loginProcessingUrl);
super.init(http);
}
public RequestMatcher getRequestMatcher() {

8
eiam-authentication/eiam-authentication-dingtalk/src/main/java/cn/topiam/employee/authentication/dingtalk/filter/DingtalkOauthAuthenticationFilter.java
View File

@ -25,7 +25,6 @@ import java.util.concurrent.TimeUnit;
import org.apache.commons.lang3.StringUtils;
import org.springframework.http.HttpMethod;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
@ -63,6 +62,7 @@ import jakarta.servlet.http.HttpServletResponse;
import static cn.topiam.employee.authentication.common.IdentityProviderType.DINGTALK_OAUTH;
import static cn.topiam.employee.authentication.common.IdentityProviderType.DINGTALK_QR;
import static cn.topiam.employee.authentication.common.constant.AuthenticationConstants.*;
import static cn.topiam.employee.authentication.dingtalk.constant.DingTalkAuthenticationConstants.AUTH_CODE;
/**
*
@ -90,7 +90,7 @@ public class DingtalkOauthAuthenticationFilter extends AbstractIdpAuthentication
*/
public DingtalkOauthAuthenticationFilter(IdentityProviderRepository identityProviderRepository,
UserIdpService userIdpService) {
super(DEFAULT_FILTER_PROCESSES_URI, userIdpService, identityProviderRepository);
super(REQUEST_MATCHER, userIdpService, identityProviderRepository);
}
/**
@ -105,10 +105,6 @@ public class DingtalkOauthAuthenticationFilter extends AbstractIdpAuthentication
public Authentication attemptAuthentication(HttpServletRequest request,
HttpServletResponse response) throws AuthenticationException,
IOException {
if (!REQUEST_MATCHER.matches(request)) {
throw new AuthenticationServiceException(
"Authentication method not supported: " + request.getMethod());
}
OAuth2AuthorizationRequest authorizationRequest = getOauth2AuthorizationRequest(request,
response);
TraceUtils.put(UUID.randomUUID().toString());

7
eiam-authentication/eiam-authentication-dingtalk/src/main/java/cn/topiam/employee/authentication/dingtalk/filter/DingtalkScanCodeAuthenticationFilter.java
View File

@ -25,7 +25,6 @@ import java.util.concurrent.TimeUnit;
import org.apache.commons.lang3.StringUtils;
import org.springframework.http.HttpMethod;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
@ -96,7 +95,7 @@ public class DingtalkScanCodeAuthenticationFilter extends
*/
public DingtalkScanCodeAuthenticationFilter(IdentityProviderRepository identityProviderRepository,
UserIdpService userIdpService) {
super(DEFAULT_FILTER_PROCESSES_URI, userIdpService, identityProviderRepository);
super(REQUEST_MATCHER, userIdpService, identityProviderRepository);
}
/**
@ -111,10 +110,6 @@ public class DingtalkScanCodeAuthenticationFilter extends
public Authentication attemptAuthentication(HttpServletRequest request,
HttpServletResponse response) throws AuthenticationException,
IOException {
if (!REQUEST_MATCHER.matches(request)) {
throw new AuthenticationServiceException(
"Authentication method not supported: " + request.getMethod());
}
//@formatter:off
OAuth2AuthorizationRequest authorizationRequest = getOauth2AuthorizationRequest(request,
response);

36
eiam-authentication/eiam-authentication-feishu/src/main/java/cn/topiam/employee/authentication/feishu/configurer/FeiShuScanCodeAuthenticationConfigurer.java
View File

@ -17,6 +17,7 @@
*/
package cn.topiam.employee.authentication.feishu.configurer;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer;
import org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter;
@ -31,6 +32,10 @@ import cn.topiam.employee.authentication.feishu.filter.FeiShuAuthorizationReques
import cn.topiam.employee.authentication.feishu.filter.FeiShuLoginAuthenticationFilter;
import cn.topiam.employee.common.repository.authentication.IdentityProviderRepository;
import lombok.NonNull;
import lombok.Setter;
import static cn.topiam.employee.support.security.util.HttpSecurityFilterOrderRegistrationUtils.putFilterBefore;
/**
*
*
@ -39,7 +44,9 @@ import cn.topiam.employee.common.repository.authentication.IdentityProviderRepos
*/
public final class FeiShuScanCodeAuthenticationConfigurer extends
AbstractAuthenticationFilterConfigurer<HttpSecurity, FeiShuScanCodeAuthenticationConfigurer, FeiShuLoginAuthenticationFilter> {
@Setter
@NonNull
private String loginProcessingUrl = FeiShuLoginAuthenticationFilter.DEFAULT_FILTER_PROCESSES_URI;
private final IdentityProviderRepository identityProviderRepository;
private final UserIdpService userIdpService;
@ -60,28 +67,25 @@ public final class FeiShuScanCodeAuthenticationConfigurer extends
*/
@Override
protected RequestMatcher createLoginProcessingUrlMatcher(String loginProcessingUrl) {
return new AntPathRequestMatcher(loginProcessingUrl);
return new AntPathRequestMatcher(loginProcessingUrl, HttpMethod.GET.name());
}
@Override
public void init(HttpSecurity http) throws Exception {
//飞书登录认证
FeiShuLoginAuthenticationFilter loginAuthenticationFilter = new FeiShuLoginAuthenticationFilter(
identityProviderRepository, userIdpService);
this.setAuthenticationFilter(loginAuthenticationFilter);
//处理URL
super.loginProcessingUrl(FeiShuLoginAuthenticationFilter.DEFAULT_FILTER_PROCESSES_URI);
super.init(http);
}
this.setAuthenticationFilter(
new FeiShuLoginAuthenticationFilter(identityProviderRepository, userIdpService));
putFilterBefore(http, this.getAuthenticationFilter(),
OAuth2LoginAuthenticationFilter.class);
@Override
public void configure(HttpSecurity http) throws Exception {
//飞书请求重定向
FeiShuAuthorizationRequestRedirectFilter requestRedirectFilter = new FeiShuAuthorizationRequestRedirectFilter(
identityProviderRepository);
http.addFilterBefore(requestRedirectFilter, OAuth2AuthorizationRequestRedirectFilter.class);
http.addFilterBefore(this.getAuthenticationFilter(), OAuth2LoginAuthenticationFilter.class);
super.configure(http);
http.addFilterBefore(
new FeiShuAuthorizationRequestRedirectFilter(identityProviderRepository),
OAuth2AuthorizationRequestRedirectFilter.class);
//登录处理网址
super.loginProcessingUrl(this.loginProcessingUrl);
super.init(http);
}
public RequestMatcher getRequestMatcher() {

7
eiam-authentication/eiam-authentication-feishu/src/main/java/cn/topiam/employee/authentication/feishu/filter/FeiShuLoginAuthenticationFilter.java
View File

@ -25,7 +25,6 @@ import java.util.Objects;
import org.apache.commons.lang3.StringUtils;
import org.apache.http.message.BasicHeader;
import org.springframework.http.HttpMethod;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
@ -76,7 +75,7 @@ public class FeiShuLoginAuthenticationFilter extends AbstractIdpAuthenticationPr
*/
public FeiShuLoginAuthenticationFilter(IdentityProviderRepository identityProviderRepository,
UserIdpService userIdpService) {
super(DEFAULT_FILTER_PROCESSES_URI, userIdpService, identityProviderRepository);
super(REQUEST_MATCHER, userIdpService, identityProviderRepository);
}
/**
@ -91,10 +90,6 @@ public class FeiShuLoginAuthenticationFilter extends AbstractIdpAuthenticationPr
public Authentication attemptAuthentication(HttpServletRequest request,
HttpServletResponse response) throws AuthenticationException,
IOException {
if (!REQUEST_MATCHER.matches(request)) {
throw new AuthenticationServiceException(
"Authentication method not supported: " + request.getMethod());
}
OAuth2AuthorizationRequest authorizationRequest = getOauth2AuthorizationRequest(request,
response);
RequestMatcher.MatchResult matcher = REQUEST_MATCHER.matcher(request);

36
eiam-authentication/eiam-authentication-gitee/src/main/java/cn/topiam/employee/authentication/gitee/configurer/GiteeAuthenticationConfigurer.java
View File

@ -17,6 +17,7 @@
*/
package cn.topiam.employee.authentication.gitee.configurer;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer;
import org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter;
@ -31,6 +32,10 @@ import cn.topiam.employee.authentication.gitee.filter.GiteeAuthorizationRequestR
import cn.topiam.employee.authentication.gitee.filter.GiteeLoginAuthenticationFilter;
import cn.topiam.employee.common.repository.authentication.IdentityProviderRepository;
import lombok.NonNull;
import lombok.Setter;
import static cn.topiam.employee.support.security.util.HttpSecurityFilterOrderRegistrationUtils.putFilterBefore;
/**
*
*
@ -39,7 +44,9 @@ import cn.topiam.employee.common.repository.authentication.IdentityProviderRepos
*/
public final class GiteeAuthenticationConfigurer extends
AbstractAuthenticationFilterConfigurer<HttpSecurity, GiteeAuthenticationConfigurer, GiteeLoginAuthenticationFilter> {
@Setter
@NonNull
private String loginProcessingUrl = GiteeLoginAuthenticationFilter.DEFAULT_FILTER_PROCESSES_URI;
private final IdentityProviderRepository identityProviderRepository;
private final UserIdpService userIdpService;
@ -60,28 +67,25 @@ public final class GiteeAuthenticationConfigurer extends
*/
@Override
protected RequestMatcher createLoginProcessingUrlMatcher(String loginProcessingUrl) {
return new AntPathRequestMatcher(loginProcessingUrl);
return new AntPathRequestMatcher(loginProcessingUrl, HttpMethod.GET.name());
}
@Override
public void init(HttpSecurity http) throws Exception {
//Gitee登录认证
GiteeLoginAuthenticationFilter loginAuthenticationFilter = new GiteeLoginAuthenticationFilter(
identityProviderRepository, userIdpService);
this.setAuthenticationFilter(loginAuthenticationFilter);
//处理URL
super.loginProcessingUrl(GiteeLoginAuthenticationFilter.DEFAULT_FILTER_PROCESSES_URI);
super.init(http);
}
this.setAuthenticationFilter(
new GiteeLoginAuthenticationFilter(identityProviderRepository, userIdpService));
putFilterBefore(http, this.getAuthenticationFilter(),
OAuth2LoginAuthenticationFilter.class);
@Override
public void configure(HttpSecurity http) throws Exception {
//Gitee扫码请求重定向
GiteeAuthorizationRequestRedirectFilter requestRedirectFilter = new GiteeAuthorizationRequestRedirectFilter(
identityProviderRepository);
http.addFilterBefore(requestRedirectFilter, OAuth2AuthorizationRequestRedirectFilter.class);
http.addFilterBefore(this.getAuthenticationFilter(), OAuth2LoginAuthenticationFilter.class);
super.configure(http);
http.addFilterBefore(
new GiteeAuthorizationRequestRedirectFilter(identityProviderRepository),
OAuth2AuthorizationRequestRedirectFilter.class);
//登录处理地址
super.loginProcessingUrl(this.loginProcessingUrl);
super.init(http);
}
public RequestMatcher getRequestMatcher() {

7
eiam-authentication/eiam-authentication-gitee/src/main/java/cn/topiam/employee/authentication/gitee/filter/GiteeLoginAuthenticationFilter.java
View File

@ -24,7 +24,6 @@ import java.util.Objects;
import org.apache.commons.lang3.StringUtils;
import org.springframework.http.HttpMethod;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
@ -80,7 +79,7 @@ public class GiteeLoginAuthenticationFilter extends AbstractIdpAuthenticationPro
*/
public GiteeLoginAuthenticationFilter(IdentityProviderRepository identityProviderRepository,
UserIdpService userIdpService) {
super(DEFAULT_FILTER_PROCESSES_URI, userIdpService, identityProviderRepository);
super(REQUEST_MATCHER, userIdpService, identityProviderRepository);
}
/**
@ -95,10 +94,6 @@ public class GiteeLoginAuthenticationFilter extends AbstractIdpAuthenticationPro
public Authentication attemptAuthentication(HttpServletRequest request,
HttpServletResponse response) throws AuthenticationException,
IOException {
if (!REQUEST_MATCHER.matches(request)) {
throw new AuthenticationServiceException(
"Authentication method not supported: " + request.getMethod());
}
OAuth2AuthorizationRequest authorizationRequest = getOauth2AuthorizationRequest(request,
response);
RequestMatcher.MatchResult matcher = REQUEST_MATCHER.matcher(request);

38
eiam-authentication/eiam-authentication-github/src/main/java/cn/topiam/employee/authentication/github/configurer/GithubOauthAuthenticationConfigurer.java
View File

@ -17,6 +17,7 @@
*/
package cn.topiam.employee.authentication.github.configurer;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer;
import org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter;
@ -31,6 +32,10 @@ import cn.topiam.employee.authentication.github.filter.GithubOAuth2Authorization
import cn.topiam.employee.authentication.github.filter.GithubOAuth2LoginAuthenticationFilter;
import cn.topiam.employee.common.repository.authentication.IdentityProviderRepository;
import lombok.NonNull;
import lombok.Setter;
import static cn.topiam.employee.support.security.util.HttpSecurityFilterOrderRegistrationUtils.putFilterBefore;
/**
*
*
@ -39,7 +44,9 @@ import cn.topiam.employee.common.repository.authentication.IdentityProviderRepos
*/
public final class GithubOauthAuthenticationConfigurer extends
AbstractAuthenticationFilterConfigurer<HttpSecurity, GithubOauthAuthenticationConfigurer, GithubOAuth2LoginAuthenticationFilter> {
@Setter
@NonNull
private String loginProcessingUrl = GithubOAuth2LoginAuthenticationFilter.DEFAULT_FILTER_PROCESSES_URI;
private final IdentityProviderRepository identityProviderRepository;
private final UserIdpService userIdpService;
@ -60,30 +67,25 @@ public final class GithubOauthAuthenticationConfigurer extends
*/
@Override
protected RequestMatcher createLoginProcessingUrlMatcher(String loginProcessingUrl) {
return new AntPathRequestMatcher(loginProcessingUrl);
return new AntPathRequestMatcher(loginProcessingUrl, HttpMethod.GET.name());
}
@Override
public void init(HttpSecurity http) throws Exception {
//设置登录成功失败处理器
//Github扫码登录认证
GithubOAuth2LoginAuthenticationFilter loginAuthenticationFilter = new GithubOAuth2LoginAuthenticationFilter(
identityProviderRepository, userIdpService);
this.setAuthenticationFilter(loginAuthenticationFilter);
//处理URL
super.loginProcessingUrl(
GithubOAuth2LoginAuthenticationFilter.DEFAULT_FILTER_PROCESSES_URI);
super.init(http);
}
this.setAuthenticationFilter(
new GithubOAuth2LoginAuthenticationFilter(identityProviderRepository, userIdpService));
putFilterBefore(http, this.getAuthenticationFilter(),
OAuth2LoginAuthenticationFilter.class);
@Override
public void configure(HttpSecurity http) throws Exception {
//GITHUB请求重定向
GithubOAuth2AuthorizationRequestRedirectFilter requestRedirectFilter = new GithubOAuth2AuthorizationRequestRedirectFilter(
identityProviderRepository);
http.addFilterBefore(requestRedirectFilter, OAuth2AuthorizationRequestRedirectFilter.class);
http.addFilterBefore(this.getAuthenticationFilter(), OAuth2LoginAuthenticationFilter.class);
super.configure(http);
http.addFilterBefore(
new GithubOAuth2AuthorizationRequestRedirectFilter(identityProviderRepository),
OAuth2AuthorizationRequestRedirectFilter.class);
//登录处理地址
super.loginProcessingUrl(this.loginProcessingUrl);
super.init(http);
}
public RequestMatcher getRequestMatcher() {

7
eiam-authentication/eiam-authentication-github/src/main/java/cn/topiam/employee/authentication/github/filter/GithubOAuth2LoginAuthenticationFilter.java
View File

@ -25,7 +25,6 @@ import java.util.UUID;
import org.apache.commons.lang3.StringUtils;
import org.springframework.http.*;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
@ -80,7 +79,7 @@ public class GithubOAuth2LoginAuthenticationFilter extends
*/
public GithubOAuth2LoginAuthenticationFilter(IdentityProviderRepository identityProviderRepository,
UserIdpService userIdpService) {
super(DEFAULT_FILTER_PROCESSES_URI, userIdpService, identityProviderRepository);
super(REQUEST_MATCHER, userIdpService, identityProviderRepository);
}
/**
@ -95,10 +94,6 @@ public class GithubOAuth2LoginAuthenticationFilter extends
public Authentication attemptAuthentication(HttpServletRequest request,
HttpServletResponse response) throws AuthenticationException,
IOException {
if (!REQUEST_MATCHER.matches(request)) {
throw new AuthenticationServiceException(
"Authentication method not supported: " + request.getMethod());
}
OAuth2AuthorizationRequest authorizationRequest = getOauth2AuthorizationRequest(request,
response);
TraceUtils.put(UUID.randomUUID().toString());

70
eiam-authentication/eiam-authentication-mail/src/main/java/cn/topiam/employee/authentication/otp/mail/MailOtpAuthenticationConfigurer.java → eiam-authentication/eiam-authentication-mail/src/main/java/cn/topiam/employee/authentication/otp/mail/configurer/MailOtpAuthenticationConfigurer.java
View File

@ -15,19 +15,26 @@
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
package cn.topiam.employee.authentication.otp.mail;
package cn.topiam.employee.authentication.otp.mail.configurer;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.security.oauth2.client.web.OAuth2LoginAuthenticationFilter;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.security.web.util.matcher.RequestMatcher;
import org.springframework.util.Assert;
import cn.topiam.employee.authentication.otp.mail.filter.MailOtpAuthenticationFilter;
import cn.topiam.employee.authentication.otp.mail.filter.SendMailOtpFilter;
import cn.topiam.employee.common.repository.account.UserRepository;
import cn.topiam.employee.core.security.otp.OtpContextHelp;
import lombok.NonNull;
import lombok.Setter;
import static cn.topiam.employee.support.security.util.HttpSecurityFilterOrderRegistrationUtils.putFilterAfter;
/**
*
*
@ -37,46 +44,27 @@ import cn.topiam.employee.core.security.otp.OtpContextHelp;
public class MailOtpAuthenticationConfigurer extends
AbstractAuthenticationFilterConfigurer<HttpSecurity, MailOtpAuthenticationConfigurer, MailOtpAuthenticationFilter> {
/**
* Create the {@link RequestMatcher} given a loginProcessingUrl
*
* @param loginProcessingUrl creates the {@link RequestMatcher} based upon the
* loginProcessingUrl
* @return the {@link RequestMatcher} to use based upon the loginProcessingUrl
*/
@Override
protected RequestMatcher createLoginProcessingUrlMatcher(String loginProcessingUrl) {
return new AntPathRequestMatcher(loginProcessingUrl);
}
@Setter
@NonNull
private String loginProcessingUrl = MailOtpAuthenticationFilter.DEFAULT_FILTER_PROCESSES_URI;
@Override
public void init(HttpSecurity http) throws Exception {
//OTP
MailOtpAuthenticationFilter loginAuthenticationFilter = getAbstractOtpAuthenticationFilter();
this.setAuthenticationFilter(loginAuthenticationFilter);
//处理URL
super.loginProcessingUrl(loginAuthenticationFilter.getFilterProcessesUri());
//邮箱OTP发送
http.addFilterBefore(new SendMailOtpFilter(userRepository, otpContextHelp),
OAuth2LoginAuthenticationFilter.class);
//邮箱OTP认证
this.setAuthenticationFilter(
new MailOtpAuthenticationFilter(userDetailsService, otpContextHelp));
putFilterAfter(http, this.getAuthenticationFilter(), SendMailOtpFilter.class);
//登录处理地址
super.loginProcessingUrl(this.loginProcessingUrl);
super.init(http);
}
@Override
public void configure(HttpSecurity http) throws Exception {
SendMailOtpFilter sendOtpFilter = getAbstractSendOtpFilter();
http.addFilterAfter(sendOtpFilter, UsernamePasswordAuthenticationFilter.class);
http.addFilterAfter(this.getAuthenticationFilter(), sendOtpFilter.getClass());
super.configure(http);
}
public RequestMatcher getRequestMatcher() {
return getAbstractOtpAuthenticationFilter().getRequestMatcher();
}
public MailOtpAuthenticationFilter getAbstractOtpAuthenticationFilter() {
return new MailOtpAuthenticationFilter(userDetailsService, otpContextHelp);
}
public SendMailOtpFilter getAbstractSendOtpFilter() {
return new SendMailOtpFilter(userRepository, otpContextHelp);
return MailOtpAuthenticationFilter.getRequestMatcher();
}
private final UserRepository userRepository;
@ -95,6 +83,18 @@ public class MailOtpAuthenticationConfigurer extends
this.otpContextHelp = otpContextHelp;
}
/**
* Create the {@link RequestMatcher} given a loginProcessingUrl
*
* @param loginProcessingUrl creates the {@link RequestMatcher} based upon the
* loginProcessingUrl
* @return the {@link RequestMatcher} to use based upon the loginProcessingUrl
*/
@Override
protected RequestMatcher createLoginProcessingUrlMatcher(String loginProcessingUrl) {
return new AntPathRequestMatcher(loginProcessingUrl, HttpMethod.POST.name());
}
public static MailOtpAuthenticationConfigurer mailOtp(UserRepository userRepository,
UserDetailsService userDetailsService,
OtpContextHelp otpContextHelp) {

9
eiam-authentication/eiam-authentication-mail/src/main/java/cn/topiam/employee/authentication/otp/mail/MailOtpAuthenticationFilter.java → eiam-authentication/eiam-authentication-mail/src/main/java/cn/topiam/employee/authentication/otp/mail/filter/MailOtpAuthenticationFilter.java
View File

@ -15,7 +15,7 @@
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
package cn.topiam.employee.authentication.otp.mail;
package cn.topiam.employee.authentication.otp.mail.filter;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
@ -77,8 +77,6 @@ public class MailOtpAuthenticationFilter extends AbstractAuthenticationProcessin
*/
private boolean postOnly = true;
public RequestMatcher captchaLoginMatcher;
@Override
public Authentication attemptAuthentication(HttpServletRequest request,
HttpServletResponse response) throws AuthenticationException {
@ -185,8 +183,8 @@ public class MailOtpAuthenticationFilter extends AbstractAuthenticationProcessin
this.codeParameter = codeParameter;
}
public RequestMatcher getRequestMatcher() {
return captchaLoginMatcher;
public static RequestMatcher getRequestMatcher() {
return MAIL_LOGIN_MATCHER;
}
private final OtpContextHelp otpContextHelp;
@ -198,6 +196,5 @@ public class MailOtpAuthenticationFilter extends AbstractAuthenticationProcessin
super(MAIL_LOGIN_MATCHER);
this.userDetailsService = userDetailsService;
this.otpContextHelp = otpContextHelp;
this.captchaLoginMatcher = MAIL_LOGIN_MATCHER;
}
}

2
eiam-authentication/eiam-authentication-mail/src/main/java/cn/topiam/employee/authentication/otp/mail/SendMailOtpFilter.java → eiam-authentication/eiam-authentication-mail/src/main/java/cn/topiam/employee/authentication/otp/mail/filter/SendMailOtpFilter.java
View File

@ -15,7 +15,7 @@
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
package cn.topiam.employee.authentication.otp.mail;
package cn.topiam.employee.authentication.otp.mail.filter;
import java.io.IOException;
import java.util.Objects;

37
eiam-authentication/eiam-authentication-qq/src/main/java/cn/topiam/employee/authentication/qq/configurer/QqOauthAuthenticationConfigurer.java
View File

@ -17,6 +17,7 @@
*/
package cn.topiam.employee.authentication.qq.configurer;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer;
import org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter;
@ -31,6 +32,10 @@ import cn.topiam.employee.authentication.qq.filter.QqOAuth2AuthorizationRequestR
import cn.topiam.employee.authentication.qq.filter.QqOAuth2LoginAuthenticationFilter;
import cn.topiam.employee.common.repository.authentication.IdentityProviderRepository;
import lombok.NonNull;
import lombok.Setter;
import static cn.topiam.employee.support.security.util.HttpSecurityFilterOrderRegistrationUtils.putFilterBefore;
/**
*
*
@ -40,6 +45,10 @@ import cn.topiam.employee.common.repository.authentication.IdentityProviderRepos
public final class QqOauthAuthenticationConfigurer extends
AbstractAuthenticationFilterConfigurer<HttpSecurity, QqOauthAuthenticationConfigurer, QqOAuth2LoginAuthenticationFilter> {
@Setter
@NonNull
private String loginProcessingUrl = QqOAuth2LoginAuthenticationFilter.DEFAULT_FILTER_PROCESSES_URI;
private final IdentityProviderRepository identityProviderRepository;
private final UserIdpService userIdpService;
@ -60,29 +69,25 @@ public final class QqOauthAuthenticationConfigurer extends
*/
@Override
protected RequestMatcher createLoginProcessingUrlMatcher(String loginProcessingUrl) {
return new AntPathRequestMatcher(loginProcessingUrl);
return new AntPathRequestMatcher(loginProcessingUrl, HttpMethod.GET.name());
}
@Override
public void init(HttpSecurity http) throws Exception {
//设置登录成功失败处理器
//QQ扫码登录认证
QqOAuth2LoginAuthenticationFilter loginAuthenticationFilter = new QqOAuth2LoginAuthenticationFilter(
identityProviderRepository, userIdpService);
this.setAuthenticationFilter(loginAuthenticationFilter);
//处理URL
super.loginProcessingUrl(QqOAuth2LoginAuthenticationFilter.DEFAULT_FILTER_PROCESSES_URI);
super.init(http);
}
this.setAuthenticationFilter(
new QqOAuth2LoginAuthenticationFilter(identityProviderRepository, userIdpService));
putFilterBefore(http, this.getAuthenticationFilter(),
OAuth2LoginAuthenticationFilter.class);
@Override
public void configure(HttpSecurity http) throws Exception {
//QQ扫码请求重定向
QqOAuth2AuthorizationRequestRedirectFilter requestRedirectFilter = new QqOAuth2AuthorizationRequestRedirectFilter(
identityProviderRepository);
http.addFilterBefore(requestRedirectFilter, OAuth2AuthorizationRequestRedirectFilter.class);
http.addFilterBefore(this.getAuthenticationFilter(), OAuth2LoginAuthenticationFilter.class);
super.configure(http);
http.addFilterBefore(
new QqOAuth2AuthorizationRequestRedirectFilter(identityProviderRepository),
OAuth2AuthorizationRequestRedirectFilter.class);
//QQ登录处理地址
super.loginProcessingUrl(loginProcessingUrl);
super.init(http);
}
public RequestMatcher getRequestMatcher() {

7
eiam-authentication/eiam-authentication-qq/src/main/java/cn/topiam/employee/authentication/qq/filter/QqOAuth2LoginAuthenticationFilter.java
View File

@ -25,7 +25,6 @@ import java.util.UUID;
import org.apache.commons.lang3.StringUtils;
import org.springframework.http.HttpMethod;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
@ -82,7 +81,7 @@ public class QqOAuth2LoginAuthenticationFilter extends AbstractIdpAuthentication
*/
public QqOAuth2LoginAuthenticationFilter(IdentityProviderRepository identityProviderRepository,
UserIdpService userIdpService) {
super(DEFAULT_FILTER_PROCESSES_URI, userIdpService, identityProviderRepository);
super(REQUEST_MATCHER, userIdpService, identityProviderRepository);
}
/**
@ -97,10 +96,6 @@ public class QqOAuth2LoginAuthenticationFilter extends AbstractIdpAuthentication
public Authentication attemptAuthentication(HttpServletRequest request,
HttpServletResponse response) throws AuthenticationException,
IOException {
if (!REQUEST_MATCHER.matches(request)) {
throw new AuthenticationServiceException(
"Authentication method not supported: " + request.getMethod());
}
OAuth2AuthorizationRequest authorizationRequest = getOauth2AuthorizationRequest(request,
response);
TraceUtils.put(UUID.randomUUID().toString());

69
eiam-authentication/eiam-authentication-sms/src/main/java/cn/topiam/employee/authentication/otp/sms/SmsOtpAuthenticationConfigurer.java → eiam-authentication/eiam-authentication-sms/src/main/java/cn/topiam/employee/authentication/otp/sms/configurer/SmsOtpAuthenticationConfigurer.java
View File

@ -15,19 +15,26 @@
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
package cn.topiam.employee.authentication.otp.sms;
package cn.topiam.employee.authentication.otp.sms.configurer;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.security.oauth2.client.web.OAuth2LoginAuthenticationFilter;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.security.web.util.matcher.RequestMatcher;
import org.springframework.util.Assert;
import cn.topiam.employee.authentication.otp.sms.filter.SendSmsOtpFilter;
import cn.topiam.employee.authentication.otp.sms.filter.SmsOtpAuthenticationFilter;
import cn.topiam.employee.common.repository.account.UserRepository;
import cn.topiam.employee.core.security.otp.OtpContextHelp;
import lombok.NonNull;
import lombok.Setter;
import static cn.topiam.employee.support.security.util.HttpSecurityFilterOrderRegistrationUtils.putFilterAfter;
/**
*
*
@ -36,47 +43,27 @@ import cn.topiam.employee.core.security.otp.OtpContextHelp;
*/
public class SmsOtpAuthenticationConfigurer extends
AbstractAuthenticationFilterConfigurer<HttpSecurity, SmsOtpAuthenticationConfigurer, SmsOtpAuthenticationFilter> {
/**
* Create the {@link RequestMatcher} given a loginProcessingUrl
*
* @param loginProcessingUrl creates the {@link RequestMatcher} based upon the
* loginProcessingUrl
* @return the {@link RequestMatcher} to use based upon the loginProcessingUrl
*/
@Override
protected RequestMatcher createLoginProcessingUrlMatcher(String loginProcessingUrl) {
return new AntPathRequestMatcher(loginProcessingUrl);
}
@Setter
@NonNull
private String loginProcessingUrl = SmsOtpAuthenticationFilter.DEFAULT_FILTER_PROCESSES_URI;
@Override
public void init(HttpSecurity http) throws Exception {
http.addFilterBefore(new SendSmsOtpFilter(userRepository, otpContextHelp),
OAuth2LoginAuthenticationFilter.class);
//OTP
SmsOtpAuthenticationFilter loginAuthenticationFilter = getAbstractOtpAuthenticationFilter();
this.setAuthenticationFilter(loginAuthenticationFilter);
//处理URL
super.loginProcessingUrl(loginAuthenticationFilter.getFilterProcessesUri());
this.setAuthenticationFilter(
new SmsOtpAuthenticationFilter(userDetailsService, otpContextHelp));
putFilterAfter(http, this.getAuthenticationFilter(), SendSmsOtpFilter.class);
//登录处理地址
super.loginProcessingUrl(this.loginProcessingUrl);
super.init(http);
}
@Override
public void configure(HttpSecurity http) throws Exception {
SendSmsOtpFilter sendOtpFilter = getAbstractSendOtpFilter();
http.addFilterAfter(sendOtpFilter, UsernamePasswordAuthenticationFilter.class);
http.addFilterAfter(this.getAuthenticationFilter(), sendOtpFilter.getClass());
super.configure(http);
}
public RequestMatcher getRequestMatcher() {
return getAbstractOtpAuthenticationFilter().getRequestMatcher();
}
public SmsOtpAuthenticationFilter getAbstractOtpAuthenticationFilter() {
return new SmsOtpAuthenticationFilter(userDetailsService, otpContextHelp);
}
public SendSmsOtpFilter getAbstractSendOtpFilter() {
return new SendSmsOtpFilter(userRepository, otpContextHelp);
return SendSmsOtpFilter.getRequestMatcher();
}
private final UserRepository userRepository;
@ -95,6 +82,18 @@ public class SmsOtpAuthenticationConfigurer extends
this.otpContextHelp = otpContextHelp;
}
/**
* Create the {@link RequestMatcher} given a loginProcessingUrl
*
* @param loginProcessingUrl creates the {@link RequestMatcher} based upon the
* loginProcessingUrl
* @return the {@link RequestMatcher} to use based upon the loginProcessingUrl
*/
@Override
protected RequestMatcher createLoginProcessingUrlMatcher(String loginProcessingUrl) {
return new AntPathRequestMatcher(loginProcessingUrl, HttpMethod.POST.name());
}
public static SmsOtpAuthenticationConfigurer smsOtp(UserRepository userRepository,
UserDetailsService userDetailsService,
OtpContextHelp otpContextHelp) {

4
eiam-authentication/eiam-authentication-sms/src/main/java/cn/topiam/employee/authentication/otp/sms/SendSmsOtpFilter.java → eiam-authentication/eiam-authentication-sms/src/main/java/cn/topiam/employee/authentication/otp/sms/filter/SendSmsOtpFilter.java
View File

@ -15,7 +15,7 @@
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
package cn.topiam.employee.authentication.otp.sms;
package cn.topiam.employee.authentication.otp.sms.filter;
import java.io.IOException;
import java.util.Objects;
@ -77,7 +77,7 @@ public class SendSmsOtpFilter extends OncePerRequestFilter {
sendOtp(response, recipient);
}
public RequestMatcher getRequestMatcher() {
public static RequestMatcher getRequestMatcher() {
return SMS_SEND_OPT_MATCHER;
}

2
eiam-authentication/eiam-authentication-sms/src/main/java/cn/topiam/employee/authentication/otp/sms/SmsOtpAuthenticationFilter.java → eiam-authentication/eiam-authentication-sms/src/main/java/cn/topiam/employee/authentication/otp/sms/filter/SmsOtpAuthenticationFilter.java
View File

@ -15,7 +15,7 @@
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
package cn.topiam.employee.authentication.otp.sms;
package cn.topiam.employee.authentication.otp.sms.filter;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;

41
eiam-authentication/eiam-authentication-wechat/src/main/java/cn/topiam/employee/authentication/wechat/configurer/WeChatScanCodeAuthenticationConfigurer.java
View File

@ -17,6 +17,7 @@
*/
package cn.topiam.employee.authentication.wechat.configurer;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer;
import org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter;
@ -31,6 +32,10 @@ import cn.topiam.employee.authentication.wechat.filter.WeChatScanCodeAuthorizati
import cn.topiam.employee.authentication.wechat.filter.WeChatScanCodeLoginAuthenticationFilter;
import cn.topiam.employee.common.repository.authentication.IdentityProviderRepository;
import lombok.NonNull;
import lombok.Setter;
import static cn.topiam.employee.support.security.util.HttpSecurityFilterOrderRegistrationUtils.putFilterBefore;
/**
*
*
@ -39,7 +44,9 @@ import cn.topiam.employee.common.repository.authentication.IdentityProviderRepos
*/
public final class WeChatScanCodeAuthenticationConfigurer extends
AbstractAuthenticationFilterConfigurer<HttpSecurity, WeChatScanCodeAuthenticationConfigurer, WeChatScanCodeLoginAuthenticationFilter> {
@Setter
@NonNull
private String loginProcessingUrl = WeChatScanCodeLoginAuthenticationFilter.DEFAULT_FILTER_PROCESSES_URI;
private final IdentityProviderRepository identityProviderRepository;
private final UserIdpService userIdpService;
@ -60,29 +67,25 @@ public final class WeChatScanCodeAuthenticationConfigurer extends
*/
@Override
protected RequestMatcher createLoginProcessingUrlMatcher(String loginProcessingUrl) {
return new AntPathRequestMatcher(loginProcessingUrl);
return new AntPathRequestMatcher(loginProcessingUrl, HttpMethod.GET.name());
}
@Override
public void init(HttpSecurity http) throws Exception {
//微信扫码登录认证
WeChatScanCodeLoginAuthenticationFilter loginAuthenticationFilter = new WeChatScanCodeLoginAuthenticationFilter(
identityProviderRepository, userIdpService);
this.setAuthenticationFilter(loginAuthenticationFilter);
//处理URL
super.loginProcessingUrl(
WeChatScanCodeLoginAuthenticationFilter.DEFAULT_FILTER_PROCESSES_URI);
super.init(http);
}
//扫码登录重定向地址
http.addFilterBefore(
new WeChatScanCodeAuthorizationRequestRedirectFilter(identityProviderRepository),
OAuth2AuthorizationRequestRedirectFilter.class);
@Override
public void configure(HttpSecurity http) throws Exception {
//微信扫码请求重定向
WeChatScanCodeAuthorizationRequestRedirectFilter requestRedirectFilter = new WeChatScanCodeAuthorizationRequestRedirectFilter(
identityProviderRepository);
http.addFilterBefore(requestRedirectFilter, OAuth2AuthorizationRequestRedirectFilter.class);
http.addFilterBefore(this.getAuthenticationFilter(), OAuth2LoginAuthenticationFilter.class);
super.configure(http);
//微信扫码登录认证
this.setAuthenticationFilter(new WeChatScanCodeLoginAuthenticationFilter(
identityProviderRepository, userIdpService));
putFilterBefore(http, this.getAuthenticationFilter(),
OAuth2LoginAuthenticationFilter.class);
//登录处理地址
super.loginProcessingUrl(loginProcessingUrl);
super.init(http);
}
public RequestMatcher getRequestMatcher() {

7
eiam-authentication/eiam-authentication-wechat/src/main/java/cn/topiam/employee/authentication/wechat/filter/WeChatScanCodeLoginAuthenticationFilter.java
View File

@ -24,7 +24,6 @@ import java.util.Objects;
import org.apache.commons.lang3.StringUtils;
import org.springframework.http.HttpMethod;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
@ -80,7 +79,7 @@ public class WeChatScanCodeLoginAuthenticationFilter extends
*/
public WeChatScanCodeLoginAuthenticationFilter(IdentityProviderRepository identityProviderRepository,
UserIdpService userIdpService) {
super(DEFAULT_FILTER_PROCESSES_URI, userIdpService, identityProviderRepository);
super(REQUEST_MATCHER, userIdpService, identityProviderRepository);
}
/**
@ -95,10 +94,6 @@ public class WeChatScanCodeLoginAuthenticationFilter extends
public Authentication attemptAuthentication(HttpServletRequest request,
HttpServletResponse response) throws AuthenticationException,
IOException {
if (!REQUEST_MATCHER.matches(request)) {
throw new AuthenticationServiceException(
"Authentication method not supported: " + request.getMethod());
}
OAuth2AuthorizationRequest authorizationRequest = getOauth2AuthorizationRequest(request,
response);
RequestMatcher.MatchResult matcher = REQUEST_MATCHER.matcher(request);

40
eiam-authentication/eiam-authentication-wechatwork/src/main/java/cn/topiam/employee/authentication/wechatwork/configurer/WeChatWorkScanCodeAuthenticationConfigurer.java
View File

@ -17,6 +17,7 @@
*/
package cn.topiam.employee.authentication.wechatwork.configurer;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer;
import org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter;
@ -31,6 +32,10 @@ import cn.topiam.employee.authentication.wechatwork.filter.WeChatWorkScanCodeAut
import cn.topiam.employee.authentication.wechatwork.filter.WeChatWorkScanCodeLoginAuthenticationFilter;
import cn.topiam.employee.common.repository.authentication.IdentityProviderRepository;
import lombok.NonNull;
import lombok.Setter;
import static cn.topiam.employee.support.security.util.HttpSecurityFilterOrderRegistrationUtils.putFilterBefore;
/**
*
*
@ -39,6 +44,9 @@ import cn.topiam.employee.common.repository.authentication.IdentityProviderRepos
*/
public final class WeChatWorkScanCodeAuthenticationConfigurer extends
AbstractAuthenticationFilterConfigurer<HttpSecurity, WeChatWorkScanCodeAuthenticationConfigurer, WeChatWorkScanCodeLoginAuthenticationFilter> {
@Setter
@NonNull
private String loginProcessingUrl = WeChatWorkScanCodeLoginAuthenticationFilter.DEFAULT_FILTER_PROCESSES_URI;
private final IdentityProviderRepository identityProviderRepository;
private final UserIdpService userIdpService;
@ -60,29 +68,25 @@ public final class WeChatWorkScanCodeAuthenticationConfigurer extends
*/
@Override
protected RequestMatcher createLoginProcessingUrlMatcher(String loginProcessingUrl) {
return new AntPathRequestMatcher(loginProcessingUrl);
return new AntPathRequestMatcher(loginProcessingUrl, HttpMethod.GET.name());
}
@Override
public void init(HttpSecurity http) throws Exception {
//微信扫码登录认证
WeChatWorkScanCodeLoginAuthenticationFilter loginAuthenticationFilter = new WeChatWorkScanCodeLoginAuthenticationFilter(
identityProviderRepository, userIdpService);
this.setAuthenticationFilter(loginAuthenticationFilter);
//处理URL
super.loginProcessingUrl(
WeChatWorkScanCodeLoginAuthenticationFilter.DEFAULT_FILTER_PROCESSES_URI);
super.init(http);
}
@Override
public void configure(HttpSecurity http) throws Exception {
//企业微信扫码请求重定向
WeChatWorkScanCodeAuthorizationRequestRedirectFilter requestRedirectFilter = new WeChatWorkScanCodeAuthorizationRequestRedirectFilter(
identityProviderRepository);
http.addFilterBefore(requestRedirectFilter, OAuth2AuthorizationRequestRedirectFilter.class);
http.addFilterBefore(this.getAuthenticationFilter(), OAuth2LoginAuthenticationFilter.class);
super.configure(http);
http.addFilterBefore(
new WeChatWorkScanCodeAuthorizationRequestRedirectFilter(identityProviderRepository),
OAuth2AuthorizationRequestRedirectFilter.class);
//微信扫码登录认证
this.setAuthenticationFilter(new WeChatWorkScanCodeLoginAuthenticationFilter(
identityProviderRepository, userIdpService));
putFilterBefore(http, this.getAuthenticationFilter(),
OAuth2LoginAuthenticationFilter.class);
//登录处理地址
super.loginProcessingUrl(this.loginProcessingUrl);
super.init(http);
}
public RequestMatcher getRequestMatcher() {

7
eiam-authentication/eiam-authentication-wechatwork/src/main/java/cn/topiam/employee/authentication/wechatwork/filter/WeChatWorkScanCodeLoginAuthenticationFilter.java
View File

@ -26,7 +26,6 @@ import java.util.concurrent.TimeUnit;
import org.apache.commons.lang3.StringUtils;
import org.springframework.http.HttpMethod;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
@ -82,7 +81,7 @@ public class WeChatWorkScanCodeLoginAuthenticationFilter extends
*/
public WeChatWorkScanCodeLoginAuthenticationFilter(IdentityProviderRepository identityProviderRepository,
UserIdpService userIdpService) {
super(DEFAULT_FILTER_PROCESSES_URI, userIdpService, identityProviderRepository);
super(REQUEST_MATCHER, userIdpService, identityProviderRepository);
}
/**
@ -97,10 +96,6 @@ public class WeChatWorkScanCodeLoginAuthenticationFilter extends
public Authentication attemptAuthentication(HttpServletRequest request,
HttpServletResponse response) throws AuthenticationException,
IOException {
if (!REQUEST_MATCHER.matches(request)) {
throw new AuthenticationServiceException(
"Authentication method not supported: " + request.getMethod());
}
TraceUtils.put(UUID.randomUUID().toString());
OAuth2AuthorizationRequest authorizationRequest = getOauth2AuthorizationRequest(request,
response);