mirror of https://gitee.com/topiam/eiam
⚡ 完善
smallbun
parent
e44fdb34da
commit
bf6b381d3f
|
|
@ -30,7 +30,6 @@ import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
|
|||
import org.springframework.security.oauth2.core.OAuth2Error;
|
||||
import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest;
|
||||
import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
|
||||
import org.springframework.security.oauth2.core.oidc.OidcScopes;
|
||||
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
|
||||
import org.springframework.security.web.util.matcher.RequestMatcher;
|
||||
|
||||
|
|
@ -41,6 +40,7 @@ import cn.topiam.employee.authentication.common.authentication.IdpUserDetails;
|
|||
import cn.topiam.employee.authentication.common.filter.AbstractIdpAuthenticationProcessingFilter;
|
||||
import cn.topiam.employee.authentication.common.service.UserIdpService;
|
||||
import cn.topiam.employee.authentication.wechat.WeChatIdpScanCodeConfig;
|
||||
import cn.topiam.employee.authentication.wechat.constant.WeChatAuthenticationConstants;
|
||||
import cn.topiam.employee.common.entity.authn.IdentityProviderEntity;
|
||||
import cn.topiam.employee.common.repository.authentication.IdentityProviderRepository;
|
||||
import cn.topiam.employee.core.help.ServerHelp;
|
||||
|
|
@ -51,10 +51,8 @@ import jakarta.servlet.http.HttpServletRequest;
|
|||
import jakarta.servlet.http.HttpServletResponse;
|
||||
import static org.springframework.security.oauth2.core.AuthorizationGrantType.AUTHORIZATION_CODE;
|
||||
|
||||
import static cn.topiam.employee.authentication.common.IdentityProviderType.WECHAT_QR;
|
||||
import static cn.topiam.employee.authentication.common.IdentityProviderType.WECHAT_WORK_QR;
|
||||
import static cn.topiam.employee.authentication.common.IdentityProviderType.*;
|
||||
import static cn.topiam.employee.authentication.common.constant.AuthenticationConstants.*;
|
||||
import static cn.topiam.employee.authentication.wechat.constant.WeChatAuthenticationConstants.QrConnect.*;
|
||||
|
||||
/**
|
||||
* 微信扫码登录过滤器
|
||||
|
|
@ -132,12 +130,13 @@ public class WeChatScanCodeLoginAuthenticationFilter extends
|
|||
}
|
||||
//获取access token
|
||||
HashMap<String, String> param = new HashMap<>(16);
|
||||
param.put(APP_ID, config.getAppId());
|
||||
param.put(SECRET, config.getAppSecret());
|
||||
param.put(WeChatAuthenticationConstants.QrConnect.APP_ID, config.getAppId());
|
||||
param.put(WeChatAuthenticationConstants.QrConnect.SECRET, config.getAppSecret());
|
||||
param.put(OAuth2ParameterNames.CODE, code);
|
||||
param.put(OAuth2ParameterNames.GRANT_TYPE, AUTHORIZATION_CODE.getValue());
|
||||
JSONObject result = JSON.parseObject(HttpClientUtils.get(ACCESS_TOKEN, param));
|
||||
if (result.containsKey(ERROR_CODE)) {
|
||||
JSONObject result = JSON.parseObject(
|
||||
HttpClientUtils.get(WeChatAuthenticationConstants.QrConnect.ACCESS_TOKEN, param));
|
||||
if (result.containsKey(WeChatAuthenticationConstants.QrConnect.ERROR_CODE)) {
|
||||
logger.error("获取access_token发生错误: " + result.toJSONString());
|
||||
throw new TopIamException("获取access_token发生错误: " + result.toJSONString());
|
||||
}
|
||||
|
|
@ -145,16 +144,15 @@ public class WeChatScanCodeLoginAuthenticationFilter extends
|
|||
param = new HashMap<>(16);
|
||||
param.put(OAuth2ParameterNames.ACCESS_TOKEN,
|
||||
result.getString(OAuth2ParameterNames.ACCESS_TOKEN));
|
||||
param.put(OidcScopes.OPENID, result.getString(OidcScopes.OPENID));
|
||||
result = JSON.parseObject(HttpClientUtils.get(USER_INFO, param));
|
||||
if (result.containsKey(ERROR_CODE)) {
|
||||
result = JSON.parseObject(
|
||||
HttpClientUtils.get(WeChatAuthenticationConstants.QrConnect.USER_INFO, param));
|
||||
if (result.containsKey(WeChatAuthenticationConstants.QrConnect.ERROR_CODE)) {
|
||||
logger.error("获取微信用户个人信息发生错误: " + result.toJSONString());
|
||||
throw new TopIamException("获取微信用户个人信息发生错误: " + result.toJSONString());
|
||||
}
|
||||
// 返回
|
||||
IdpUserDetails idpUserDetails = IdpUserDetails.builder()
|
||||
.openId(param.get(OidcScopes.OPENID)).providerCode(providerCode).providerId(providerId)
|
||||
.providerType(WECHAT_WORK_QR).build();
|
||||
IdpUserDetails idpUserDetails = IdpUserDetails.builder().openId(param.get("id"))
|
||||
.providerCode(providerCode).providerId(providerId).providerType(GITEE_OAUTH).build();
|
||||
return attemptAuthentication(request, response, idpUserDetails);
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -17,15 +17,18 @@
|
|||
*/
|
||||
package cn.topiam.employee.console.handler;
|
||||
|
||||
import java.io.IOException;
|
||||
|
||||
import org.apache.commons.lang3.StringUtils;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
import org.springframework.security.core.AuthenticationException;
|
||||
import org.springframework.security.web.AuthenticationEntryPoint;
|
||||
|
||||
import cn.topiam.employee.support.result.ApiRestResult;
|
||||
import cn.topiam.employee.support.security.web.AbstractAuthenticationEntryPoint;
|
||||
import cn.topiam.employee.support.util.HttpResponseUtils;
|
||||
|
||||
import jakarta.servlet.ServletException;
|
||||
import jakarta.servlet.http.HttpServletRequest;
|
||||
import jakarta.servlet.http.HttpServletResponse;
|
||||
import static org.springframework.http.HttpStatus.UNAUTHORIZED;
|
||||
|
|
@ -36,7 +39,7 @@ import static org.springframework.http.HttpStatus.UNAUTHORIZED;
|
|||
* @author TopIAM
|
||||
* Created by support@topiam.cn on 2020/9/2 22:11
|
||||
*/
|
||||
public class ConsoleAuthenticationEntryPoint implements AuthenticationEntryPoint {
|
||||
public class ConsoleAuthenticationEntryPoint extends AbstractAuthenticationEntryPoint {
|
||||
/**
|
||||
* 日志
|
||||
*/
|
||||
|
|
@ -59,14 +62,13 @@ public class ConsoleAuthenticationEntryPoint implements AuthenticationEntryPoint
|
|||
*/
|
||||
@Override
|
||||
public void commence(HttpServletRequest request, HttpServletResponse response,
|
||||
AuthenticationException authException) {
|
||||
logger.info("----------------------------------------------------------");
|
||||
logger.info("未登录,或登录过期");
|
||||
AuthenticationException authException) throws IOException,
|
||||
ServletException {
|
||||
super.commence(request, response, authException);
|
||||
ApiRestResult<Object> result = ApiRestResult.builder()
|
||||
.status(String.valueOf(UNAUTHORIZED.value())).message(StringUtils
|
||||
.defaultString(authException.getMessage(), UNAUTHORIZED.getReasonPhrase()))
|
||||
.build();
|
||||
HttpResponseUtils.flushResponseJson(response, UNAUTHORIZED.value(), result);
|
||||
logger.info("----------------------------------------------------------");
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -17,19 +17,22 @@
|
|||
*/
|
||||
package cn.topiam.employee.openapi.authorization;
|
||||
|
||||
import java.io.IOException;
|
||||
|
||||
import org.springframework.http.HttpStatus;
|
||||
import org.springframework.security.core.AuthenticationException;
|
||||
import org.springframework.security.web.AuthenticationEntryPoint;
|
||||
|
||||
import com.fasterxml.jackson.annotation.JsonProperty;
|
||||
import com.fasterxml.jackson.databind.ObjectMapper;
|
||||
|
||||
import cn.topiam.employee.openapi.constants.OpenApiStatus;
|
||||
import cn.topiam.employee.support.security.web.AbstractAuthenticationEntryPoint;
|
||||
import cn.topiam.employee.support.util.HttpResponseUtils;
|
||||
|
||||
import lombok.Data;
|
||||
|
||||
import io.swagger.v3.oas.annotations.media.Schema;
|
||||
import jakarta.servlet.ServletException;
|
||||
import jakarta.servlet.http.HttpServletRequest;
|
||||
import jakarta.servlet.http.HttpServletResponse;
|
||||
|
||||
|
|
@ -38,7 +41,7 @@ import jakarta.servlet.http.HttpServletResponse;
|
|||
* @author TopIAM
|
||||
* Created by support@topiam.cn on 2023/6/25 21:55
|
||||
*/
|
||||
public final class AccessTokenAuthenticationEntryPoint implements AuthenticationEntryPoint {
|
||||
public final class AccessTokenAuthenticationEntryPoint extends AbstractAuthenticationEntryPoint {
|
||||
|
||||
/**
|
||||
* Collect error details from the provided parameters and format according to RFC
|
||||
|
|
@ -50,7 +53,9 @@ public final class AccessTokenAuthenticationEntryPoint implements Authentication
|
|||
*/
|
||||
@Override
|
||||
public void commence(HttpServletRequest request, HttpServletResponse httpServletResponse,
|
||||
AuthenticationException authException) {
|
||||
AuthenticationException authException) throws ServletException,
|
||||
IOException {
|
||||
super.commence(request, httpServletResponse, authException);
|
||||
Response response = new Response();
|
||||
response.setCode(OpenApiStatus.INVALID_ACCESS_TOKEN.getCode());
|
||||
response.setMsg(OpenApiStatus.INVALID_ACCESS_TOKEN.getDesc());
|
||||
|
|
|
|||
|
|
@ -26,8 +26,10 @@ import org.springframework.security.core.AuthenticationException;
|
|||
|
||||
import cn.topiam.employee.core.help.ServerHelp;
|
||||
import cn.topiam.employee.support.result.ApiRestResult;
|
||||
import cn.topiam.employee.support.security.web.AbstractAuthenticationEntryPoint;
|
||||
import cn.topiam.employee.support.util.HttpResponseUtils;
|
||||
|
||||
import jakarta.servlet.ServletException;
|
||||
import jakarta.servlet.http.HttpServletRequest;
|
||||
import jakarta.servlet.http.HttpServletResponse;
|
||||
import static org.springframework.http.HttpStatus.UNAUTHORIZED;
|
||||
|
|
@ -42,8 +44,7 @@ import static cn.topiam.employee.support.context.ServletContextHelp.isHtmlReques
|
|||
* Created by support@topiam.cn on 2020/9/2 22:11
|
||||
*/
|
||||
@SuppressWarnings("DuplicatedCode")
|
||||
public class PortalAuthenticationEntryPoint implements
|
||||
org.springframework.security.web.AuthenticationEntryPoint {
|
||||
public class PortalAuthenticationEntryPoint extends AbstractAuthenticationEntryPoint {
|
||||
/**
|
||||
* 日志
|
||||
*/
|
||||
|
|
@ -66,13 +67,11 @@ public class PortalAuthenticationEntryPoint implements
|
|||
*/
|
||||
@Override
|
||||
public void commence(HttpServletRequest request, HttpServletResponse response,
|
||||
AuthenticationException authException) throws IOException {
|
||||
logger.info("----------------------------------------------------------");
|
||||
logger.info("未登录, 或登录过期");
|
||||
//判断请求
|
||||
boolean isHtmlRequest = isHtmlRequest(request);
|
||||
AuthenticationException authException) throws IOException,
|
||||
ServletException {
|
||||
super.commence(request, response, authException);
|
||||
//JSON
|
||||
if (!isHtmlRequest) {
|
||||
if (!isHtmlRequest(request)) {
|
||||
ApiRestResult<Object> result = ApiRestResult.builder()
|
||||
.status(String.valueOf(UNAUTHORIZED.value())).message(StringUtils
|
||||
.defaultString(authException.getMessage(), UNAUTHORIZED.getReasonPhrase()))
|
||||
|
|
@ -84,6 +83,5 @@ public class PortalAuthenticationEntryPoint implements
|
|||
//跳转前端SESSION过期路由
|
||||
response.sendRedirect(ServerHelp.getPortalPublicBaseUrl() + FE_LOGIN);
|
||||
}
|
||||
logger.info("----------------------------------------------------------");
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -28,8 +28,10 @@ import cn.topiam.employee.core.help.ServerHelp;
|
|||
import cn.topiam.employee.support.result.ApiRestResult;
|
||||
import cn.topiam.employee.support.security.savedredirect.HttpSessionRedirectCache;
|
||||
import cn.topiam.employee.support.security.savedredirect.RedirectCache;
|
||||
import cn.topiam.employee.support.security.web.AbstractAuthenticationEntryPoint;
|
||||
import cn.topiam.employee.support.util.HttpResponseUtils;
|
||||
|
||||
import jakarta.servlet.ServletException;
|
||||
import jakarta.servlet.http.HttpServletRequest;
|
||||
import jakarta.servlet.http.HttpServletResponse;
|
||||
import static org.springframework.http.HttpStatus.UNAUTHORIZED;
|
||||
|
|
@ -42,33 +44,28 @@ import static cn.topiam.employee.support.context.ServletContextHelp.isHtmlReques
|
|||
* @author TopIAM
|
||||
* Created by support@topiam.cn on 2023/7/5 21:24
|
||||
*/
|
||||
public class UnauthorizedAuthenticationEntryPoint implements
|
||||
org.springframework.security.web.AuthenticationEntryPoint {
|
||||
public class UnauthorizedAuthenticationEntryPoint extends AbstractAuthenticationEntryPoint {
|
||||
private final Logger logger = LoggerFactory.getLogger(this.getClass());
|
||||
private final RedirectCache redirectCache = new HttpSessionRedirectCache();
|
||||
|
||||
@Override
|
||||
public void commence(HttpServletRequest request, HttpServletResponse response,
|
||||
AuthenticationException authException) throws IOException {
|
||||
logger.info("----------------------------------------------------------");
|
||||
logger.info("未登录, 或登录过期");
|
||||
AuthenticationException authException) throws IOException,
|
||||
ServletException {
|
||||
|
||||
super.commence(request, response, authException);
|
||||
//记录
|
||||
redirectCache.saveRedirect(request, response, RedirectCache.RedirectType.REQUEST);
|
||||
//判断请求
|
||||
boolean isHtmlRequest = isHtmlRequest(request);
|
||||
//JSON
|
||||
if (!isHtmlRequest) {
|
||||
ApiRestResult<Object> result = ApiRestResult.builder()
|
||||
.status(String.valueOf(UNAUTHORIZED.value())).message(StringUtils
|
||||
.defaultString(authException.getMessage(), UNAUTHORIZED.getReasonPhrase()))
|
||||
.build();
|
||||
HttpResponseUtils.flushResponseJson(response, UNAUTHORIZED.value(), result);
|
||||
}
|
||||
// HTML
|
||||
else {
|
||||
//HTML
|
||||
if (isHtmlRequest(request)) {
|
||||
//跳转前端SESSION过期路由
|
||||
response.sendRedirect(ServerHelp.getPortalPublicBaseUrl() + FE_LOGIN);
|
||||
}
|
||||
logger.info("----------------------------------------------------------");
|
||||
// JSON
|
||||
ApiRestResult<Object> result = ApiRestResult.builder()
|
||||
.status(String.valueOf(UNAUTHORIZED.value())).message(StringUtils
|
||||
.defaultString(authException.getMessage(), UNAUTHORIZED.getReasonPhrase()))
|
||||
.build();
|
||||
HttpResponseUtils.flushResponseJson(response, UNAUTHORIZED.value(), result);
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue