From bf6b381d3ffab233503be6ffe84954d00b02a1ae Mon Sep 17 00:00:00 2001 From: smallbun <2689170096@qq.com> Date: Sun, 13 Aug 2023 22:00:45 +0800 Subject: [PATCH] =?UTF-8?q?:zap:=20=E5=AE=8C=E5=96=84?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...ChatScanCodeLoginAuthenticationFilter.java | 26 +++++++-------- .../ConsoleAuthenticationEntryPoint.java | 14 ++++---- .../AccessTokenAuthenticationEntryPoint.java | 11 +++++-- .../PortalAuthenticationEntryPoint.java | 16 ++++----- .../UnauthorizedAuthenticationEntryPoint.java | 33 +++++++++---------- 5 files changed, 50 insertions(+), 50 deletions(-) diff --git a/eiam-authentication/eiam-authentication-wechat/src/main/java/cn/topiam/employee/authentication/wechat/filter/WeChatScanCodeLoginAuthenticationFilter.java b/eiam-authentication/eiam-authentication-wechat/src/main/java/cn/topiam/employee/authentication/wechat/filter/WeChatScanCodeLoginAuthenticationFilter.java index 8dcae7d4..0e6e0425 100644 --- a/eiam-authentication/eiam-authentication-wechat/src/main/java/cn/topiam/employee/authentication/wechat/filter/WeChatScanCodeLoginAuthenticationFilter.java +++ b/eiam-authentication/eiam-authentication-wechat/src/main/java/cn/topiam/employee/authentication/wechat/filter/WeChatScanCodeLoginAuthenticationFilter.java @@ -30,7 +30,6 @@ import org.springframework.security.oauth2.core.OAuth2AuthenticationException; import org.springframework.security.oauth2.core.OAuth2Error; import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest; import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames; -import org.springframework.security.oauth2.core.oidc.OidcScopes; import org.springframework.security.web.util.matcher.AntPathRequestMatcher; import org.springframework.security.web.util.matcher.RequestMatcher; @@ -41,6 +40,7 @@ import cn.topiam.employee.authentication.common.authentication.IdpUserDetails; import cn.topiam.employee.authentication.common.filter.AbstractIdpAuthenticationProcessingFilter; import cn.topiam.employee.authentication.common.service.UserIdpService; import cn.topiam.employee.authentication.wechat.WeChatIdpScanCodeConfig; +import cn.topiam.employee.authentication.wechat.constant.WeChatAuthenticationConstants; import cn.topiam.employee.common.entity.authn.IdentityProviderEntity; import cn.topiam.employee.common.repository.authentication.IdentityProviderRepository; import cn.topiam.employee.core.help.ServerHelp; @@ -51,10 +51,8 @@ import jakarta.servlet.http.HttpServletRequest; import jakarta.servlet.http.HttpServletResponse; import static org.springframework.security.oauth2.core.AuthorizationGrantType.AUTHORIZATION_CODE; -import static cn.topiam.employee.authentication.common.IdentityProviderType.WECHAT_QR; -import static cn.topiam.employee.authentication.common.IdentityProviderType.WECHAT_WORK_QR; +import static cn.topiam.employee.authentication.common.IdentityProviderType.*; import static cn.topiam.employee.authentication.common.constant.AuthenticationConstants.*; -import static cn.topiam.employee.authentication.wechat.constant.WeChatAuthenticationConstants.QrConnect.*; /** * 微信扫码登录过滤器 @@ -132,12 +130,13 @@ public class WeChatScanCodeLoginAuthenticationFilter extends } //获取access token HashMap param = new HashMap<>(16); - param.put(APP_ID, config.getAppId()); - param.put(SECRET, config.getAppSecret()); + param.put(WeChatAuthenticationConstants.QrConnect.APP_ID, config.getAppId()); + param.put(WeChatAuthenticationConstants.QrConnect.SECRET, config.getAppSecret()); param.put(OAuth2ParameterNames.CODE, code); param.put(OAuth2ParameterNames.GRANT_TYPE, AUTHORIZATION_CODE.getValue()); - JSONObject result = JSON.parseObject(HttpClientUtils.get(ACCESS_TOKEN, param)); - if (result.containsKey(ERROR_CODE)) { + JSONObject result = JSON.parseObject( + HttpClientUtils.get(WeChatAuthenticationConstants.QrConnect.ACCESS_TOKEN, param)); + if (result.containsKey(WeChatAuthenticationConstants.QrConnect.ERROR_CODE)) { logger.error("获取access_token发生错误: " + result.toJSONString()); throw new TopIamException("获取access_token发生错误: " + result.toJSONString()); } @@ -145,16 +144,15 @@ public class WeChatScanCodeLoginAuthenticationFilter extends param = new HashMap<>(16); param.put(OAuth2ParameterNames.ACCESS_TOKEN, result.getString(OAuth2ParameterNames.ACCESS_TOKEN)); - param.put(OidcScopes.OPENID, result.getString(OidcScopes.OPENID)); - result = JSON.parseObject(HttpClientUtils.get(USER_INFO, param)); - if (result.containsKey(ERROR_CODE)) { + result = JSON.parseObject( + HttpClientUtils.get(WeChatAuthenticationConstants.QrConnect.USER_INFO, param)); + if (result.containsKey(WeChatAuthenticationConstants.QrConnect.ERROR_CODE)) { logger.error("获取微信用户个人信息发生错误: " + result.toJSONString()); throw new TopIamException("获取微信用户个人信息发生错误: " + result.toJSONString()); } // 返回 - IdpUserDetails idpUserDetails = IdpUserDetails.builder() - .openId(param.get(OidcScopes.OPENID)).providerCode(providerCode).providerId(providerId) - .providerType(WECHAT_WORK_QR).build(); + IdpUserDetails idpUserDetails = IdpUserDetails.builder().openId(param.get("id")) + .providerCode(providerCode).providerId(providerId).providerType(GITEE_OAUTH).build(); return attemptAuthentication(request, response, idpUserDetails); } diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/handler/ConsoleAuthenticationEntryPoint.java b/eiam-console/src/main/java/cn/topiam/employee/console/handler/ConsoleAuthenticationEntryPoint.java index fed5e362..b519c488 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/handler/ConsoleAuthenticationEntryPoint.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/handler/ConsoleAuthenticationEntryPoint.java @@ -17,15 +17,18 @@ */ package cn.topiam.employee.console.handler; +import java.io.IOException; + import org.apache.commons.lang3.StringUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.security.core.AuthenticationException; -import org.springframework.security.web.AuthenticationEntryPoint; import cn.topiam.employee.support.result.ApiRestResult; +import cn.topiam.employee.support.security.web.AbstractAuthenticationEntryPoint; import cn.topiam.employee.support.util.HttpResponseUtils; +import jakarta.servlet.ServletException; import jakarta.servlet.http.HttpServletRequest; import jakarta.servlet.http.HttpServletResponse; import static org.springframework.http.HttpStatus.UNAUTHORIZED; @@ -36,7 +39,7 @@ import static org.springframework.http.HttpStatus.UNAUTHORIZED; * @author TopIAM * Created by support@topiam.cn on 2020/9/2 22:11 */ -public class ConsoleAuthenticationEntryPoint implements AuthenticationEntryPoint { +public class ConsoleAuthenticationEntryPoint extends AbstractAuthenticationEntryPoint { /** * 日志 */ @@ -59,14 +62,13 @@ public class ConsoleAuthenticationEntryPoint implements AuthenticationEntryPoint */ @Override public void commence(HttpServletRequest request, HttpServletResponse response, - AuthenticationException authException) { - logger.info("----------------------------------------------------------"); - logger.info("未登录,或登录过期"); + AuthenticationException authException) throws IOException, + ServletException { + super.commence(request, response, authException); ApiRestResult result = ApiRestResult.builder() .status(String.valueOf(UNAUTHORIZED.value())).message(StringUtils .defaultString(authException.getMessage(), UNAUTHORIZED.getReasonPhrase())) .build(); HttpResponseUtils.flushResponseJson(response, UNAUTHORIZED.value(), result); - logger.info("----------------------------------------------------------"); } } diff --git a/eiam-openapi/src/main/java/cn/topiam/employee/openapi/authorization/AccessTokenAuthenticationEntryPoint.java b/eiam-openapi/src/main/java/cn/topiam/employee/openapi/authorization/AccessTokenAuthenticationEntryPoint.java index 36601bc1..348c9a4c 100644 --- a/eiam-openapi/src/main/java/cn/topiam/employee/openapi/authorization/AccessTokenAuthenticationEntryPoint.java +++ b/eiam-openapi/src/main/java/cn/topiam/employee/openapi/authorization/AccessTokenAuthenticationEntryPoint.java @@ -17,19 +17,22 @@ */ package cn.topiam.employee.openapi.authorization; +import java.io.IOException; + import org.springframework.http.HttpStatus; import org.springframework.security.core.AuthenticationException; -import org.springframework.security.web.AuthenticationEntryPoint; import com.fasterxml.jackson.annotation.JsonProperty; import com.fasterxml.jackson.databind.ObjectMapper; import cn.topiam.employee.openapi.constants.OpenApiStatus; +import cn.topiam.employee.support.security.web.AbstractAuthenticationEntryPoint; import cn.topiam.employee.support.util.HttpResponseUtils; import lombok.Data; import io.swagger.v3.oas.annotations.media.Schema; +import jakarta.servlet.ServletException; import jakarta.servlet.http.HttpServletRequest; import jakarta.servlet.http.HttpServletResponse; @@ -38,7 +41,7 @@ import jakarta.servlet.http.HttpServletResponse; * @author TopIAM * Created by support@topiam.cn on 2023/6/25 21:55 */ -public final class AccessTokenAuthenticationEntryPoint implements AuthenticationEntryPoint { +public final class AccessTokenAuthenticationEntryPoint extends AbstractAuthenticationEntryPoint { /** * Collect error details from the provided parameters and format according to RFC @@ -50,7 +53,9 @@ public final class AccessTokenAuthenticationEntryPoint implements Authentication */ @Override public void commence(HttpServletRequest request, HttpServletResponse httpServletResponse, - AuthenticationException authException) { + AuthenticationException authException) throws ServletException, + IOException { + super.commence(request, httpServletResponse, authException); Response response = new Response(); response.setCode(OpenApiStatus.INVALID_ACCESS_TOKEN.getCode()); response.setMsg(OpenApiStatus.INVALID_ACCESS_TOKEN.getDesc()); diff --git a/eiam-portal/src/main/java/cn/topiam/employee/portal/handler/PortalAuthenticationEntryPoint.java b/eiam-portal/src/main/java/cn/topiam/employee/portal/handler/PortalAuthenticationEntryPoint.java index 9aeb1a9c..9d126647 100644 --- a/eiam-portal/src/main/java/cn/topiam/employee/portal/handler/PortalAuthenticationEntryPoint.java +++ b/eiam-portal/src/main/java/cn/topiam/employee/portal/handler/PortalAuthenticationEntryPoint.java @@ -26,8 +26,10 @@ import org.springframework.security.core.AuthenticationException; import cn.topiam.employee.core.help.ServerHelp; import cn.topiam.employee.support.result.ApiRestResult; +import cn.topiam.employee.support.security.web.AbstractAuthenticationEntryPoint; import cn.topiam.employee.support.util.HttpResponseUtils; +import jakarta.servlet.ServletException; import jakarta.servlet.http.HttpServletRequest; import jakarta.servlet.http.HttpServletResponse; import static org.springframework.http.HttpStatus.UNAUTHORIZED; @@ -42,8 +44,7 @@ import static cn.topiam.employee.support.context.ServletContextHelp.isHtmlReques * Created by support@topiam.cn on 2020/9/2 22:11 */ @SuppressWarnings("DuplicatedCode") -public class PortalAuthenticationEntryPoint implements - org.springframework.security.web.AuthenticationEntryPoint { +public class PortalAuthenticationEntryPoint extends AbstractAuthenticationEntryPoint { /** * 日志 */ @@ -66,13 +67,11 @@ public class PortalAuthenticationEntryPoint implements */ @Override public void commence(HttpServletRequest request, HttpServletResponse response, - AuthenticationException authException) throws IOException { - logger.info("----------------------------------------------------------"); - logger.info("未登录, 或登录过期"); - //判断请求 - boolean isHtmlRequest = isHtmlRequest(request); + AuthenticationException authException) throws IOException, + ServletException { + super.commence(request, response, authException); //JSON - if (!isHtmlRequest) { + if (!isHtmlRequest(request)) { ApiRestResult result = ApiRestResult.builder() .status(String.valueOf(UNAUTHORIZED.value())).message(StringUtils .defaultString(authException.getMessage(), UNAUTHORIZED.getReasonPhrase())) @@ -84,6 +83,5 @@ public class PortalAuthenticationEntryPoint implements //跳转前端SESSION过期路由 response.sendRedirect(ServerHelp.getPortalPublicBaseUrl() + FE_LOGIN); } - logger.info("----------------------------------------------------------"); } } diff --git a/eiam-protocol/eiam-protocol-core/src/main/java/cn/topiam/employee/protocol/code/UnauthorizedAuthenticationEntryPoint.java b/eiam-protocol/eiam-protocol-core/src/main/java/cn/topiam/employee/protocol/code/UnauthorizedAuthenticationEntryPoint.java index 7fff722d..4996c7d4 100644 --- a/eiam-protocol/eiam-protocol-core/src/main/java/cn/topiam/employee/protocol/code/UnauthorizedAuthenticationEntryPoint.java +++ b/eiam-protocol/eiam-protocol-core/src/main/java/cn/topiam/employee/protocol/code/UnauthorizedAuthenticationEntryPoint.java @@ -28,8 +28,10 @@ import cn.topiam.employee.core.help.ServerHelp; import cn.topiam.employee.support.result.ApiRestResult; import cn.topiam.employee.support.security.savedredirect.HttpSessionRedirectCache; import cn.topiam.employee.support.security.savedredirect.RedirectCache; +import cn.topiam.employee.support.security.web.AbstractAuthenticationEntryPoint; import cn.topiam.employee.support.util.HttpResponseUtils; +import jakarta.servlet.ServletException; import jakarta.servlet.http.HttpServletRequest; import jakarta.servlet.http.HttpServletResponse; import static org.springframework.http.HttpStatus.UNAUTHORIZED; @@ -42,33 +44,28 @@ import static cn.topiam.employee.support.context.ServletContextHelp.isHtmlReques * @author TopIAM * Created by support@topiam.cn on 2023/7/5 21:24 */ -public class UnauthorizedAuthenticationEntryPoint implements - org.springframework.security.web.AuthenticationEntryPoint { +public class UnauthorizedAuthenticationEntryPoint extends AbstractAuthenticationEntryPoint { private final Logger logger = LoggerFactory.getLogger(this.getClass()); private final RedirectCache redirectCache = new HttpSessionRedirectCache(); @Override public void commence(HttpServletRequest request, HttpServletResponse response, - AuthenticationException authException) throws IOException { - logger.info("----------------------------------------------------------"); - logger.info("未登录, 或登录过期"); + AuthenticationException authException) throws IOException, + ServletException { + + super.commence(request, response, authException); //记录 redirectCache.saveRedirect(request, response, RedirectCache.RedirectType.REQUEST); - //判断请求 - boolean isHtmlRequest = isHtmlRequest(request); - //JSON - if (!isHtmlRequest) { - ApiRestResult result = ApiRestResult.builder() - .status(String.valueOf(UNAUTHORIZED.value())).message(StringUtils - .defaultString(authException.getMessage(), UNAUTHORIZED.getReasonPhrase())) - .build(); - HttpResponseUtils.flushResponseJson(response, UNAUTHORIZED.value(), result); - } - // HTML - else { + //HTML + if (isHtmlRequest(request)) { //跳转前端SESSION过期路由 response.sendRedirect(ServerHelp.getPortalPublicBaseUrl() + FE_LOGIN); } - logger.info("----------------------------------------------------------"); + // JSON + ApiRestResult result = ApiRestResult.builder() + .status(String.valueOf(UNAUTHORIZED.value())).message(StringUtils + .defaultString(authException.getMessage(), UNAUTHORIZED.getReasonPhrase())) + .build(); + HttpResponseUtils.flushResponseJson(response, UNAUTHORIZED.value(), result); } }