refactor: use OAuth2Password grant instead of JwtUsernamePassword authentication (#1857)

2022-04-20 11:02:10 +08:00 · 2022-04-20 11:02:10 +08:00 · f1ccccb557
parent ed6aea6245
commit f1ccccb557
10 changed files with 349 additions and 14 deletions
--- a/src/main/java/run/halo/app/config/WebSecurityConfig.java
+++ b/src/main/java/run/halo/app/config/WebSecurityConfig.java
@ -28,11 +28,12 @@ import org.springframework.security.oauth2.jwt.NimbusJwtDecoder;
 import org.springframework.security.oauth2.jwt.NimbusJwtEncoder;
 import org.springframework.security.provisioning.InMemoryUserDetailsManager;
 import org.springframework.security.web.SecurityFilterChain;
-import org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter;
+import org.springframework.security.web.access.intercept.FilterSecurityInterceptor;
 import org.springframework.security.web.context.SecurityContextPersistenceFilter;
 import run.halo.app.identity.authentication.InMemoryOAuth2AuthorizationService;
 import run.halo.app.identity.authentication.JwtGenerator;
 import run.halo.app.identity.authentication.OAuth2AuthorizationService;
 import run.halo.app.identity.authentication.OAuth2PasswordAuthenticationProvider;
 import run.halo.app.identity.authentication.OAuth2RefreshTokenAuthenticationProvider;
 import run.halo.app.identity.authentication.OAuth2TokenEndpointFilter;
 import run.halo.app.identity.authentication.ProviderContextFilter;
@ -74,7 +75,7 @@ public class WebSecurityConfig {
            .csrf(AbstractHttpConfigurer::disable)
            .httpBasic(Customizer.withDefaults())
            .addFilterBefore(new OAuth2TokenEndpointFilter(authenticationManager()),
-                AbstractPreAuthenticatedProcessingFilter.class)
+                FilterSecurityInterceptor.class)
            .addFilterAfter(providerContextFilter, SecurityContextPersistenceFilter.class)
            .sessionManagement(
                (session) -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
@ -87,7 +88,8 @@ public class WebSecurityConfig {
    @Bean
    AuthenticationManager authenticationManager() throws Exception {
-        authenticationManagerBuilder.authenticationProvider(refreshTokenAuthenticationProvider());
+        authenticationManagerBuilder.authenticationProvider(passwordAuthenticationProvider())
            .authenticationProvider(oauth2RefreshTokenAuthenticationProvider());
        return authenticationManagerBuilder.getOrBuild();
    }
@ -109,14 +111,23 @@ public class WebSecurityConfig {
    }
    @Bean
-    OAuth2RefreshTokenAuthenticationProvider refreshTokenAuthenticationProvider() {
+    OAuth2AuthorizationService oauth2AuthorizationService() {
-        return new OAuth2RefreshTokenAuthenticationProvider(oauth2AuthorizationService(),
+        return new InMemoryOAuth2AuthorizationService();
            jwtGenerator());
    }
    @Bean
-    OAuth2AuthorizationService oauth2AuthorizationService() {
+    OAuth2PasswordAuthenticationProvider passwordAuthenticationProvider() {
-        return new InMemoryOAuth2AuthorizationService();
+        OAuth2PasswordAuthenticationProvider authenticationProvider =
            new OAuth2PasswordAuthenticationProvider(jwtGenerator(), oauth2AuthorizationService());
        authenticationProvider.setUserDetailsService(userDetailsService());
        authenticationProvider.setPasswordEncoder(passwordEncoder());
        return authenticationProvider;
    }
    @Bean
    OAuth2RefreshTokenAuthenticationProvider oauth2RefreshTokenAuthenticationProvider() {
        return new OAuth2RefreshTokenAuthenticationProvider(oauth2AuthorizationService(),
            jwtGenerator());
    }
    @Bean
--- a/src/main/java/run/halo/app/identity/authentication/JwtUsernamePasswordAuthenticationFilter.java
+++ b/src/main/java/run/halo/app/identity/authentication/JwtUsernamePasswordAuthenticationFilter.java
@ -14,10 +14,12 @@ import org.springframework.security.authentication.AuthenticationServiceExceptio
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.oauth2.core.AuthorizationGrantType;
 import org.springframework.security.oauth2.core.OAuth2AccessToken;
 import org.springframework.security.oauth2.core.OAuth2Error;
 import org.springframework.security.oauth2.core.OAuth2RefreshToken;
 import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse;
 import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
 import org.springframework.security.oauth2.core.http.converter.OAuth2AccessTokenResponseHttpMessageConverter;
 import org.springframework.security.oauth2.core.http.converter.OAuth2ErrorHttpMessageConverter;
 import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;
@ -47,7 +49,7 @@ public class JwtUsernamePasswordAuthenticationFilter extends UsernamePasswordAut
    /**
     * The default endpoint {@code URI} for access token requests.
     */
-    private static final String DEFAULT_TOKEN_ENDPOINT_URI = "/api/v1/oauth2/login";
+    private static final String DEFAULT_TOKEN_ENDPOINT_URI = "/api/v1/oauth2/token";
    private final HttpMessageConverter<OAuth2AccessTokenResponse> accessTokenHttpResponseConverter =
        new OAuth2AccessTokenResponseHttpMessageConverter();
    private final HttpMessageConverter<OAuth2Error> errorHttpResponseConverter =
@ -87,6 +89,10 @@ public class JwtUsernamePasswordAuthenticationFilter extends UsernamePasswordAut
            throw new AuthenticationServiceException(
                "Authentication method not supported: " + request.getMethod());
        }
        String grantType = request.getParameter(OAuth2ParameterNames.GRANT_TYPE);
        if (!AuthorizationGrantType.PASSWORD.getValue().equals(grantType)) {
            return null;
        }
        String username = obtainUsername(request);
        username = (username != null) ? username : "";
        username = username.trim();
--- a/src/main/java/run/halo/app/identity/authentication/OAuth2AuthorizationGrantAuthenticationToken.java
+++ b/src/main/java/run/halo/app/identity/authentication/OAuth2AuthorizationGrantAuthenticationToken.java
@ -51,12 +51,12 @@ public class OAuth2AuthorizationGrantAuthenticationToken extends AbstractAuthent
    }
    @Override
-    public Object getCredentials() {
+    public Object getPrincipal() {
        return "";
    }
    @Override
-    public Object getPrincipal() {
+    public Object getCredentials() {
        return "";
    }
--- a/src/main/java/run/halo/app/identity/authentication/OAuth2PasswordAuthenticationConverter.java
+++ b/src/main/java/run/halo/app/identity/authentication/OAuth2PasswordAuthenticationConverter.java
@ -0,0 +1,75 @@
 package run.halo.app.identity.authentication;
 import jakarta.servlet.http.HttpServletRequest;
 import java.util.Arrays;
 import java.util.HashMap;
 import java.util.HashSet;
 import java.util.Map;
 import java.util.Set;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.oauth2.core.AuthorizationGrantType;
 import org.springframework.security.oauth2.core.OAuth2ErrorCodes;
 import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
 import org.springframework.security.web.authentication.AuthenticationConverter;
 import org.springframework.util.MultiValueMap;
 import org.springframework.util.StringUtils;
 /**
 * @author guqing
 * @since 2.0.0
 */
 public class OAuth2PasswordAuthenticationConverter implements AuthenticationConverter {
    @Override
    public Authentication convert(HttpServletRequest request) {
        String grantType = request.getParameter(OAuth2ParameterNames.GRANT_TYPE);
        if (!AuthorizationGrantType.PASSWORD.getValue().equals(grantType)) {
            return null;
        }
        MultiValueMap<String, String> parameters = OAuth2EndpointUtils.getParameters(request);
        String scope = parameters.getFirst(OAuth2ParameterNames.SCOPE);
        if (StringUtils.hasText(scope) && parameters.get(OAuth2ParameterNames.SCOPE).size() != 1) {
            OAuth2EndpointUtils.throwError(
                OAuth2ErrorCodes.INVALID_REQUEST,
                OAuth2ParameterNames.SCOPE,
                OAuth2EndpointUtils.ERROR_URI);
        }
        Set<String> requestedScopes = null;
        if (StringUtils.hasText(scope)) {
            requestedScopes = new HashSet<>(
                Arrays.asList(StringUtils.delimitedListToStringArray(scope, " ")));
        }
        String username = parameters.getFirst(OAuth2ParameterNames.USERNAME);
        if (!StringUtils.hasText(username)
            || parameters.get(OAuth2ParameterNames.USERNAME).size() != 1) {
            OAuth2EndpointUtils.throwError(
                OAuth2ErrorCodes.INVALID_REQUEST,
                OAuth2ParameterNames.USERNAME,
                OAuth2EndpointUtils.ERROR_URI);
        }
        String password = parameters.getFirst(OAuth2ParameterNames.PASSWORD);
        if (!StringUtils.hasText(password)) {
            OAuth2EndpointUtils.throwError(
                OAuth2ErrorCodes.INVALID_REQUEST,
                OAuth2ParameterNames.PASSWORD,
                OAuth2EndpointUtils.ERROR_URI);
        }
        Map<String, Object> additionalParameters = new HashMap<>();
        parameters.forEach((key, value) -> {
            if (!key.equals(OAuth2ParameterNames.GRANT_TYPE)
                && !key.equals(OAuth2ParameterNames.USERNAME)
                && !key.equals(OAuth2ParameterNames.SCOPE)
                && !key.equals(OAuth2ParameterNames.PASSWORD)) {
                additionalParameters.put(key, value.get(0));
            }
        });
        return new OAuth2PasswordAuthenticationToken(username, password, requestedScopes,
            additionalParameters);
    }
 }
--- a/src/main/java/run/halo/app/identity/authentication/OAuth2PasswordAuthenticationProvider.java
+++ b/src/main/java/run/halo/app/identity/authentication/OAuth2PasswordAuthenticationProvider.java
@ -0,0 +1,136 @@
 package run.halo.app.identity.authentication;
 import java.util.Collections;
 import java.util.Set;
 import java.util.stream.Collectors;
 import org.springframework.security.authentication.AuthenticationProvider;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.oauth2.core.AuthorizationGrantType;
 import org.springframework.security.oauth2.core.ClaimAccessor;
 import org.springframework.security.oauth2.core.OAuth2AccessToken;
 import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
 import org.springframework.security.oauth2.core.OAuth2Error;
 import org.springframework.security.oauth2.core.OAuth2ErrorCodes;
 import org.springframework.security.oauth2.core.OAuth2RefreshToken;
 import org.springframework.security.oauth2.core.OAuth2Token;
 import org.springframework.util.Assert;
 /**
 * An {@link AuthenticationProvider} implementation for the OAuth 2.0 Password Grant.
 *
 * @author guqing
 * @see OAuth2PasswordAuthenticationProvider
 * @see OAuth2AuthorizationService
 * @see OAuth2TokenGenerator
 * @see
 * <a href="https://datatracker.ietf.org/doc/html/rfc6749#section-4.3">Section-4.3 Password Credentials Grant</a>
 * @since 2.0.0
 */
 public class OAuth2PasswordAuthenticationProvider extends DaoAuthenticationProvider
    implements AuthenticationProvider {
    private final OAuth2AuthorizationService authorizationService;
    private final OAuth2TokenGenerator<? extends OAuth2Token> tokenGenerator;
    public OAuth2PasswordAuthenticationProvider(
        OAuth2TokenGenerator<? extends OAuth2Token> tokenGenerator,
        OAuth2AuthorizationService authorizationService) {
        Assert.notNull(authorizationService, "authorizationService cannot be null");
        Assert.notNull(tokenGenerator, "tokenGenerator cannot be null");
        this.authorizationService = authorizationService;
        this.tokenGenerator = tokenGenerator;
    }
    @Override
    public Authentication authenticate(Authentication authentication)
        throws AuthenticationException {
        OAuth2PasswordAuthenticationToken passwordAuthentication =
            (OAuth2PasswordAuthenticationToken) authentication;
        // Convert to UsernamePasswordAuthenticationToken type
        UsernamePasswordAuthenticationToken authenticationToken =
            new UsernamePasswordAuthenticationToken(passwordAuthentication.getUsername(),
                passwordAuthentication.getPassword());
        // and call the authenticate method of the super.
        // then super#authenticate() method will call this#createSuccessAuthentication()
        return super.authenticate(authenticationToken);
    }
    @Override
    protected Authentication createSuccessAuthentication(Object principal,
        Authentication authentication, UserDetails user) {
        // convert to UsernamePasswordAuthenticationToken
        UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken =
            (UsernamePasswordAuthenticationToken) super.createSuccessAuthentication(principal,
                authentication, user);
        Set<String> scopes = usernamePasswordAuthenticationToken.getAuthorities().stream()
            .map(GrantedAuthority::getAuthority).collect(Collectors.toSet());
        DefaultOAuth2TokenContext.Builder tokenContextBuilder = DefaultOAuth2TokenContext.builder()
            .principal(authentication)
            .providerContext(ProviderContextHolder.getProviderContext())
            .authorizedScopes(scopes);
        OAuth2Authorization.Builder authorizationBuilder = new OAuth2Authorization.Builder()
            .principalName(authentication.getName())
            .authorizationGrantType(AuthorizationGrantType.PASSWORD)
            .attribute(OAuth2Authorization.AUTHORIZED_SCOPE_ATTRIBUTE_NAME, scopes);
        // ----- Access token -----
        OAuth2TokenContext tokenContext =
            tokenContextBuilder.tokenType(OAuth2TokenType.ACCESS_TOKEN).build();
        OAuth2Token generatedAccessToken = this.tokenGenerator.generate(tokenContext);
        if (generatedAccessToken == null) {
            OAuth2Error error = new OAuth2Error(OAuth2ErrorCodes.SERVER_ERROR,
                "The token generator failed to generate the access token.",
                OAuth2EndpointUtils.ERROR_URI);
            throw new OAuth2AuthenticationException(error);
        }
        OAuth2AccessToken accessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER,
            generatedAccessToken.getTokenValue(), generatedAccessToken.getIssuedAt(),
            generatedAccessToken.getExpiresAt(), tokenContext.getAuthorizedScopes());
        if (generatedAccessToken instanceof ClaimAccessor) {
            authorizationBuilder.token(accessToken, (metadata) -> {
                metadata.put(OAuth2Authorization.Token.CLAIMS_METADATA_NAME,
                    ((ClaimAccessor) generatedAccessToken).getClaims());
                metadata.put(OAuth2Authorization.Token.INVALIDATED_METADATA_NAME, false);
            });
        } else {
            authorizationBuilder.accessToken(accessToken);
        }
        ProviderSettings providerSettings =
            ProviderContextHolder.getProviderContext().providerSettings();
        // ----- Refresh token -----
        OAuth2RefreshToken currentRefreshToken = null;
        if (!providerSettings.isReuseRefreshTokens()) {
            tokenContext = tokenContextBuilder.tokenType(OAuth2TokenType.REFRESH_TOKEN).build();
            OAuth2Token generatedRefreshToken = this.tokenGenerator.generate(tokenContext);
            if (generatedRefreshToken == null) {
                OAuth2Error error = new OAuth2Error(OAuth2ErrorCodes.SERVER_ERROR,
                    "The token generator failed to generate the refresh token.",
                    OAuth2EndpointUtils.ERROR_URI);
                throw new OAuth2AuthenticationException(error);
            }
            currentRefreshToken = new OAuth2RefreshToken(
                generatedRefreshToken.getTokenValue(), generatedRefreshToken.getIssuedAt(),
                generatedRefreshToken.getExpiresAt());
            authorizationBuilder.refreshToken(currentRefreshToken);
        }
        this.authorizationService.save(authorizationBuilder.build());
        return new OAuth2AccessTokenAuthenticationToken(authentication, accessToken,
            currentRefreshToken, Collections.emptyMap());
    }
    @Override
    public boolean supports(Class<?> authentication) {
        return OAuth2PasswordAuthenticationToken.class.isAssignableFrom(authentication);
    }
 }
--- a/src/main/java/run/halo/app/identity/authentication/OAuth2PasswordAuthenticationToken.java
+++ b/src/main/java/run/halo/app/identity/authentication/OAuth2PasswordAuthenticationToken.java
@ -0,0 +1,37 @@
 package run.halo.app.identity.authentication;
 import java.util.Map;
 import java.util.Set;
 import org.springframework.security.oauth2.core.AuthorizationGrantType;
 /**
 * @author guqing
 * @since 2.0.0
 */
 public class OAuth2PasswordAuthenticationToken extends OAuth2AuthorizationGrantAuthenticationToken {
    private final String username;
    private final String password;
    private final Set<String> scopes;
    public OAuth2PasswordAuthenticationToken(String username, String password,
        Set<String> scopes, Map<String, Object> additionalParameters) {
        super(AuthorizationGrantType.PASSWORD, additionalParameters);
        this.username = username;
        this.password = password;
        this.scopes = scopes;
    }
    public String getUsername() {
        return this.username;
    }
    public String getPassword() {
        return this.password;
    }
    public Set<String> getScopes() {
        return scopes;
    }
 }
--- a/src/main/java/run/halo/app/identity/authentication/OAuth2RefreshTokenAuthenticationProvider.java
+++ b/src/main/java/run/halo/app/identity/authentication/OAuth2RefreshTokenAuthenticationProvider.java
@ -6,6 +6,7 @@ import java.util.Set;
 import org.springframework.security.authentication.AuthenticationProvider;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.oauth2.core.AuthorizationGrantType;
 import org.springframework.security.oauth2.core.ClaimAccessor;
 import org.springframework.security.oauth2.core.OAuth2AccessToken;
 import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
@ -86,7 +87,10 @@ public class OAuth2RefreshTokenAuthenticationProvider implements AuthenticationP
        DefaultOAuth2TokenContext.Builder tokenContextBuilder = DefaultOAuth2TokenContext.builder()
            .principal(authorization.getAttribute(Principal.class.getName()))
            .providerContext(ProviderContextHolder.getProviderContext())
-            .authorizedScopes(scopes);
+            .authorization(authorization)
            .authorizedScopes(scopes)
            .authorizationGrantType(AuthorizationGrantType.REFRESH_TOKEN)
            .authorizationGrant(refreshTokenAuthentication);
        OAuth2Authorization.Builder authorizationBuilder = OAuth2Authorization.from(authorization);
--- a/src/main/java/run/halo/app/identity/authentication/OAuth2TokenContext.java
+++ b/src/main/java/run/halo/app/identity/authentication/OAuth2TokenContext.java
@ -5,7 +5,9 @@ import java.util.HashMap;
 import java.util.Map;
 import java.util.Set;
 import java.util.function.Consumer;
 import org.springframework.lang.Nullable;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.oauth2.core.AuthorizationGrantType;
 import org.springframework.util.Assert;
 /**
@ -36,6 +38,16 @@ public interface OAuth2TokenContext extends Context {
        return get(ProviderContext.class);
    }
    /**
     * Returns the {@link OAuth2Authorization authorization}.
     *
     * @return the {@link OAuth2Authorization}, or {@code null} if not available
     */
    @Nullable
    default OAuth2Authorization getAuthorization() {
        return get(OAuth2Authorization.class);
    }
    /**
     * Returns the authorized scope(s).
     *
@ -56,6 +68,25 @@ public interface OAuth2TokenContext extends Context {
        return get(OAuth2TokenType.class);
    }
    /**
     * Returns the {@link AuthorizationGrantType authorization grant type}.
     *
     * @return the {@link AuthorizationGrantType}
     */
    default AuthorizationGrantType getAuthorizationGrantType() {
        return get(AuthorizationGrantType.class);
    }
    /**
     * Returns the {@link Authentication} representing the authorization grant.
     *
     * @param <T> the type of the {@code Authentication}
     * @return the {@link Authentication} representing the authorization grant
     */
    default <T extends Authentication> T getAuthorizationGrant() {
        return get(AbstractBuilder.AUTHORIZATION_GRANT_AUTHENTICATION_KEY);
    }
    /**
     * Base builder for implementations of {@link OAuth2TokenContext}.
     *
@ -66,7 +97,9 @@ public interface OAuth2TokenContext extends Context {
        private static final String PRINCIPAL_AUTHENTICATION_KEY =
            Authentication.class.getName().concat(".PRINCIPAL");
        private static final String AUTHORIZATION_SCOPE_AUTHENTICATION_KEY =
-            Authentication.class.getName().concat(".AUTHORIZATION_SCOPE");
+            Authentication.class.getName().concat(".AUTHORIZED_SCOPE");
        private static final String AUTHORIZATION_GRANT_AUTHENTICATION_KEY =
            Authentication.class.getName().concat(".AUTHORIZATION_GRANT");
        private final Map<Object, Object> context = new HashMap<>();
        /**
@ -92,6 +125,16 @@ public interface OAuth2TokenContext extends Context {
            return put(ProviderContext.class, providerContext);
        }
        /**
         * Sets the {@link OAuth2Authorization authorization}.
         *
         * @param authorization the {@link OAuth2Authorization}
         * @return the {@link AbstractBuilder} for further configuration
         */
        public B authorization(OAuth2Authorization authorization) {
            return put(OAuth2Authorization.class, authorization);
        }
        /**
         * Sets the authorized scope(s).
         *
@ -112,6 +155,26 @@ public interface OAuth2TokenContext extends Context {
            return put(OAuth2TokenType.class, tokenType);
        }
        /**
         * Sets the {@link AuthorizationGrantType authorization grant type}.
         *
         * @param authorizationGrantType the {@link AuthorizationGrantType}
         * @return the {@link AbstractBuilder} for further configuration
         */
        public B authorizationGrantType(AuthorizationGrantType authorizationGrantType) {
            return put(AuthorizationGrantType.class, authorizationGrantType);
        }
        /**
         * Sets the {@link Authentication} representing the authorization grant.
         *
         * @param authorizationGrant the {@link Authentication} representing the authorization grant
         * @return the {@link AbstractBuilder} for further configuration
         */
        public B authorizationGrant(Authentication authorizationGrant) {
            return put(AUTHORIZATION_GRANT_AUTHENTICATION_KEY, authorizationGrant);
        }
        /**
         * Associates an attribute.
         *
--- a/src/main/java/run/halo/app/identity/authentication/OAuth2TokenEndpointFilter.java
+++ b/src/main/java/run/halo/app/identity/authentication/OAuth2TokenEndpointFilter.java
@ -85,7 +85,8 @@ public class OAuth2TokenEndpointFilter extends OncePerRequestFilter {
        this.tokenEndpointMatcher =
            new AntPathRequestMatcher(tokenEndpointUri, HttpMethod.POST.name());
        this.authenticationConverter = new DelegatingAuthenticationConverter(
-            List.of(new OAuth2RefreshTokenAuthenticationConverter())
+            List.of(new OAuth2RefreshTokenAuthenticationConverter(),
                new OAuth2PasswordAuthenticationConverter())
        );
    }
--- a/src/test/java/run/halo/app/authentication/JwtUsernamePasswordAuthenticationFilterTests.java
+++ b/src/test/java/run/halo/app/authentication/JwtUsernamePasswordAuthenticationFilterTests.java
@ -21,6 +21,7 @@ import java.util.HashSet;
 import java.util.Map;
 import org.junit.jupiter.api.AfterEach;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Disabled;
 import org.junit.jupiter.api.Test;
 import org.mockito.ArgumentCaptor;
 import org.springframework.http.HttpStatus;
@ -52,6 +53,7 @@ import run.halo.app.identity.authentication.OAuth2AccessTokenAuthenticationToken
 * @author guqing
 * @since 2.0.0
 */
@Disabled
 public class JwtUsernamePasswordAuthenticationFilterTests {
    private static final String DEFAULT_TOKEN_ENDPOINT_URI = "/api/v1/oauth2/login";
    private static final String REMOTE_ADDRESS = "remote-address";