From c4a87d7c584222d5a7365d58961fabdcd4a93a8d Mon Sep 17 00:00:00 2001 From: JEECG <445654970@qq.com> Date: Tue, 2 Sep 2025 14:49:14 +0800 Subject: [PATCH] =?UTF-8?q?swagger=E8=AF=B7=E6=B1=82,token=E6=97=A0?= =?UTF-8?q?=E6=95=88=E8=BF=98=E6=98=AF=E8=BF=94=E5=9B=9E=E4=BA=86=E4=B8=8B?= =?UTF-8?q?=E8=BD=BD=E6=96=87=E4=BB=B6,=E6=9C=9F=E6=9C=9B=E8=BF=94?= =?UTF-8?q?=E5=9B=9E401=20#8767?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../jeecg/config/security/SecurityConfig.java | 88 +++++++++++++------ 1 file changed, 63 insertions(+), 25 deletions(-) diff --git a/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/security/SecurityConfig.java b/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/security/SecurityConfig.java index 58af2ba22..cfd08d42f 100644 --- a/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/security/SecurityConfig.java +++ b/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/security/SecurityConfig.java @@ -77,26 +77,45 @@ public class SecurityConfig { @Order(1) public SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception { - OAuth2AuthorizationServerConfiguration.applyDefaultSecurity(http); - // 注册自定义登录类型 - http.getConfigurer(OAuth2AuthorizationServerConfigurer.class) - .tokenEndpoint(tokenEndpoint -> tokenEndpoint.accessTokenRequestConverter(new PasswordGrantAuthenticationConvert()) - .authenticationProvider(new PasswordGrantAuthenticationProvider(authorizationService, tokenGenerator()))) - .tokenEndpoint(tokenEndpoint -> tokenEndpoint.accessTokenRequestConverter(new PhoneGrantAuthenticationConvert()) - .authenticationProvider(new PhoneGrantAuthenticationProvider(authorizationService, tokenGenerator()))) - .tokenEndpoint(tokenEndpoint -> tokenEndpoint.accessTokenRequestConverter(new AppGrantAuthenticationConvert()) - .authenticationProvider(new AppGrantAuthenticationProvider(authorizationService, tokenGenerator()))) - .tokenEndpoint(tokenEndpoint -> tokenEndpoint.accessTokenRequestConverter(new SocialGrantAuthenticationConvert()) - .authenticationProvider(new SocialGrantAuthenticationProvider(authorizationService, tokenGenerator()))) - //开启OpenID Connect 1.0(其中oidc为OpenID Connect的缩写)。 访问 /.well-known/openid-configuration即可获取认证信息 - .oidc(Customizer.withDefaults()); + // 使用新的配置方式替代弃用的applyDefaultSecurity + http.securityMatcher(new AntPathRequestMatcher("/oauth2/**")) + .authorizeHttpRequests(authorize -> + authorize.anyRequest().authenticated() + ) + .csrf(csrf -> csrf.disable()) + .with(new OAuth2AuthorizationServerConfigurer(), oauth2 -> { + oauth2 + .tokenEndpoint(tokenEndpoint -> tokenEndpoint + .accessTokenRequestConverter(new PasswordGrantAuthenticationConvert()) + .authenticationProvider(new PasswordGrantAuthenticationProvider(authorizationService, tokenGenerator())) + ) + .tokenEndpoint(tokenEndpoint -> tokenEndpoint + .accessTokenRequestConverter(new PhoneGrantAuthenticationConvert()) + .authenticationProvider(new PhoneGrantAuthenticationProvider(authorizationService, tokenGenerator())) + ) + .tokenEndpoint(tokenEndpoint -> tokenEndpoint + .accessTokenRequestConverter(new AppGrantAuthenticationConvert()) + .authenticationProvider(new AppGrantAuthenticationProvider(authorizationService, tokenGenerator())) + ) + .tokenEndpoint(tokenEndpoint -> tokenEndpoint + .accessTokenRequestConverter(new SocialGrantAuthenticationConvert()) + .authenticationProvider(new SocialGrantAuthenticationProvider(authorizationService, tokenGenerator())) + ) + //开启OpenID Connect 1.0(其中oidc为OpenID Connect的缩写)。 访问 /.well-known/openid-configuration即可获取认证信息 + .oidc(Customizer.withDefaults()); + }); - //将需要认证的请求,抛出异常,不跳转页面 + //请求接口异常处理:无Token和Token无效的情况 http.exceptionHandling(exceptions -> exceptions .authenticationEntryPoint((request, response, authException) -> { - // 记录详细的异常信息 - log.error("接口访问失败,请求路径:{},错误信息:{}", request.getRequestURI(), authException.getMessage(), authException); - JwtUtil.responseError(response,401,authException.getMessage()); + // 记录详细的异常信息 - 未认证 + log.error("接口访问失败(未认证),请求路径:{},错误信息:{}", request.getRequestURI(), authException.getMessage(), authException); + JwtUtil.responseError(response, 401, "Token格式错误或已过期"); + }) + .accessDeniedHandler((request, response, accessDeniedException) -> { + // 记录详细的异常信息 - token无效或权限不足 + log.error("接口访问失败(token无效或权限不足),请求路径:{},错误信息:{}", request.getRequestURI(), accessDeniedException.getMessage(), accessDeniedException); + JwtUtil.responseError(response, 403, "权限不足"); }) ); @@ -175,7 +194,7 @@ public class SecurityConfig { .requestMatchers(AntPathRequestMatcher.antMatcher("/drag/onlDragDatasetHead/getTotalDataByCompId")).permitAll() .requestMatchers(AntPathRequestMatcher.antMatcher("/drag/onlDragDatasetHead/getDictByCodes")).permitAll() .requestMatchers(AntPathRequestMatcher.antMatcher("/dragChannelSocket/**")).permitAll() - + //大屏模板例子 .requestMatchers(AntPathRequestMatcher.antMatcher("/test/bigScreen/**")).permitAll() .requestMatchers(AntPathRequestMatcher.antMatcher("/bigscreen/template1/**")).permitAll() @@ -199,13 +218,33 @@ public class SecurityConfig { return config; })) .csrf(AbstractHttpConfigurer::disable) - // 添加异常处理 + // 配置OAuth2资源服务器,并添加JWT异常处理 + .oauth2ResourceServer(oauth2 -> oauth2 + .jwt(jwt -> jwt.jwtAuthenticationConverter(jeecgAuthenticationConvert)) + .authenticationEntryPoint((request, response, authException) -> { + // 处理JWT解析失败的情况 + log.error("JWT验证失败,请求路径:{},错误信息:{}", request.getRequestURI(), authException.getMessage(), authException); + JwtUtil.responseError(response, 401, "Token格式错误或已过期"); + }) + .accessDeniedHandler((request, response, accessDeniedException) -> { + // 处理权限不足的情况 + log.error("权限验证失败,请求路径:{},错误信息:{}", request.getRequestURI(), accessDeniedException.getMessage(), accessDeniedException); + JwtUtil.responseError(response, 403, "权限不足"); + }) + ) + // 全局异常处理 .exceptionHandling(exceptions -> exceptions .authenticationEntryPoint((request, response, authException) -> { - log.error("接口访问失败,请求路径:{},错误信息:{}", request.getRequestURI(), authException.getMessage(), authException); - JwtUtil.responseError(response,401,authException.getMessage()); - })) - .oauth2ResourceServer(oauth2 -> oauth2.jwt(jwt -> jwt.jwtAuthenticationConverter(jeecgAuthenticationConvert))); + // 记录详细的异常信息 - 未认证 + log.error("接口访问失败(未认证),请求路径:{},错误信息:{}", request.getRequestURI(), authException.getMessage(), authException); + JwtUtil.responseError(response, 401, "Token格式错误或已过期"); + }) + .accessDeniedHandler((request, response, accessDeniedException) -> { + // 记录详细的异常信息 - token无效或权限不足 + log.error("接口访问失败(token无效或权限不足),请求路径:{},错误信息:{}", request.getRequestURI(), accessDeniedException.getMessage(), accessDeniedException); + JwtUtil.responseError(response, 403, "权限不足"); + }) + ); return http.build(); } @@ -268,5 +307,4 @@ public class SecurityConfig { new OAuth2RefreshTokenGenerator() ); } - -} +} \ No newline at end of file