mirror of https://github.com/halo-dev/halo
Rearrange order of security configurers (#6939)
#### What type of PR is this? /kind improvement /area core /milestone 2.20.x #### What this PR does / why we need it: This PR rearranges order of security configurers. Especially, SecurityWebFiltersConfigurer has lower priority to configure than other security configurers. So we can catch internal authentication in plugins. #### Does this PR introduce a user-facing change? ```release-note None ```pull/6964/head
John Niang
GitHub
parent
d44fa5f6d8
commit
25086ee3e6
|
|
@ -2,6 +2,7 @@ package run.halo.app.security;
|
|||
|
||||
import com.google.common.net.HttpHeaders;
|
||||
import java.util.List;
|
||||
import org.springframework.core.annotation.Order;
|
||||
import org.springframework.security.config.web.server.ServerHttpSecurity;
|
||||
import org.springframework.stereotype.Component;
|
||||
import org.springframework.web.cors.CorsConfiguration;
|
||||
|
|
@ -10,6 +11,7 @@ import org.springframework.web.cors.reactive.UrlBasedCorsConfigurationSource;
|
|||
import run.halo.app.security.authentication.SecurityConfigurer;
|
||||
|
||||
@Component
|
||||
@Order(0)
|
||||
public class CorsConfigurer implements SecurityConfigurer {
|
||||
@Override
|
||||
public void configure(ServerHttpSecurity http) {
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@ package run.halo.app.security;
|
|||
|
||||
import static org.springframework.security.web.server.util.matcher.ServerWebExchangeMatchers.pathMatchers;
|
||||
|
||||
import org.springframework.core.annotation.Order;
|
||||
import org.springframework.security.config.web.server.ServerHttpSecurity;
|
||||
import org.springframework.security.web.server.csrf.CookieServerCsrfTokenRepository;
|
||||
import org.springframework.security.web.server.csrf.CsrfWebFilter;
|
||||
|
|
@ -12,6 +13,7 @@ import org.springframework.stereotype.Component;
|
|||
import run.halo.app.security.authentication.SecurityConfigurer;
|
||||
|
||||
@Component
|
||||
@Order(0)
|
||||
class CsrfConfigurer implements SecurityConfigurer {
|
||||
|
||||
@Override
|
||||
|
|
|
|||
|
|
@ -5,6 +5,7 @@ import static org.springframework.security.web.server.util.matcher.ServerWebExch
|
|||
|
||||
import java.util.ArrayList;
|
||||
import org.springframework.context.MessageSource;
|
||||
import org.springframework.core.annotation.Order;
|
||||
import org.springframework.http.HttpMethod;
|
||||
import org.springframework.http.HttpStatus;
|
||||
import org.springframework.security.config.web.server.ServerHttpSecurity;
|
||||
|
|
@ -21,6 +22,7 @@ import run.halo.app.security.authentication.SecurityConfigurer;
|
|||
import run.halo.app.security.authentication.twofactor.TwoFactorAuthenticationEntryPoint;
|
||||
|
||||
@Component
|
||||
@Order(0)
|
||||
public class ExceptionSecurityConfigurer implements SecurityConfigurer {
|
||||
|
||||
private final MessageSource messageSource;
|
||||
|
|
|
|||
|
|
@ -7,6 +7,7 @@ import java.util.Map;
|
|||
import lombok.RequiredArgsConstructor;
|
||||
import org.springframework.context.ApplicationContext;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.core.annotation.Order;
|
||||
import org.springframework.http.HttpStatus;
|
||||
import org.springframework.http.MediaType;
|
||||
import org.springframework.security.config.web.server.ServerHttpSecurity;
|
||||
|
|
@ -31,6 +32,7 @@ import run.halo.app.theme.router.ModelConst;
|
|||
|
||||
@Component
|
||||
@RequiredArgsConstructor
|
||||
@Order(0)
|
||||
public class LogoutSecurityConfigurer implements SecurityConfigurer {
|
||||
private final RememberMeServices rememberMeServices;
|
||||
private final ApplicationContext applicationContext;
|
||||
|
|
|
|||
|
|
@ -24,7 +24,7 @@ import run.halo.app.security.authentication.SecurityConfigurer;
|
|||
|
||||
@Component
|
||||
// Specific an order here to control the order or security configurer initialization
|
||||
@Order(-100)
|
||||
@Order(100)
|
||||
public class SecurityWebFiltersConfigurer implements SecurityConfigurer {
|
||||
|
||||
private final ExtensionGetter extensionGetter;
|
||||
|
|
|
|||
|
|
@ -3,6 +3,7 @@ package run.halo.app.security.authentication.login;
|
|||
import io.github.resilience4j.ratelimiter.RateLimiterRegistry;
|
||||
import io.micrometer.observation.ObservationRegistry;
|
||||
import org.springframework.context.MessageSource;
|
||||
import org.springframework.core.annotation.Order;
|
||||
import org.springframework.http.HttpMethod;
|
||||
import org.springframework.security.authentication.ObservationReactiveAuthenticationManager;
|
||||
import org.springframework.security.authentication.ReactiveAuthenticationManager;
|
||||
|
|
@ -28,6 +29,7 @@ import run.halo.app.security.authentication.SecurityConfigurer;
|
|||
import run.halo.app.security.authentication.twofactor.TwoFactorAuthentication;
|
||||
|
||||
@Component
|
||||
@Order(0)
|
||||
public class LoginSecurityConfigurer implements SecurityConfigurer {
|
||||
|
||||
private final ObservationRegistry observationRegistry;
|
||||
|
|
|
|||
|
|
@ -1,5 +1,6 @@
|
|||
package run.halo.app.security.authentication.oauth2;
|
||||
|
||||
import org.springframework.core.annotation.Order;
|
||||
import org.springframework.security.config.web.server.SecurityWebFiltersOrder;
|
||||
import org.springframework.security.config.web.server.ServerHttpSecurity;
|
||||
import org.springframework.security.core.userdetails.ReactiveUserDetailsService;
|
||||
|
|
@ -15,6 +16,7 @@ import run.halo.app.security.authentication.SecurityConfigurer;
|
|||
* @since 2.20.0
|
||||
*/
|
||||
@Component
|
||||
@Order(0)
|
||||
class OAuth2SecurityConfigurer implements SecurityConfigurer {
|
||||
|
||||
private final ServerSecurityContextRepository securityContextRepository;
|
||||
|
|
|
|||
|
|
@ -3,6 +3,7 @@ package run.halo.app.security.authentication.rememberme;
|
|||
import static org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcher.MatchResult;
|
||||
|
||||
import lombok.RequiredArgsConstructor;
|
||||
import org.springframework.core.annotation.Order;
|
||||
import org.springframework.security.config.web.server.SecurityWebFiltersOrder;
|
||||
import org.springframework.security.config.web.server.ServerHttpSecurity;
|
||||
import org.springframework.security.core.context.ReactiveSecurityContextHolder;
|
||||
|
|
@ -13,6 +14,7 @@ import run.halo.app.security.authentication.SecurityConfigurer;
|
|||
|
||||
@Component
|
||||
@RequiredArgsConstructor
|
||||
@Order(0)
|
||||
public class RememberMeConfigurer implements SecurityConfigurer {
|
||||
|
||||
private final RememberMeServices rememberMeServices;
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@ package run.halo.app.security.authentication.twofactor;
|
|||
|
||||
import static org.springframework.security.web.server.util.matcher.ServerWebExchangeMatchers.pathMatchers;
|
||||
|
||||
import org.springframework.core.annotation.Order;
|
||||
import org.springframework.http.HttpMethod;
|
||||
import org.springframework.security.config.web.server.SecurityWebFiltersOrder;
|
||||
import org.springframework.security.config.web.server.ServerHttpSecurity;
|
||||
|
|
@ -17,6 +18,7 @@ import run.halo.app.security.authentication.twofactor.totp.TotpAuthenticationMan
|
|||
import run.halo.app.security.authentication.twofactor.totp.TotpCodeAuthenticationConverter;
|
||||
|
||||
@Component
|
||||
@Order(0)
|
||||
public class TwoFactorAuthSecurityConfigurer implements SecurityConfigurer {
|
||||
|
||||
private final ServerSecurityContextRepository securityContextRepository;
|
||||
|
|
|
|||
Loading…
Reference in New Issue