mirror of https://github.com/jeecgboot/jeecg-boot
swagger请求,token无效还是返回了下载文件,期望返回401 #8767
JEECG
parent
47107a53c2
commit
c4a87d7c58
|
|
@ -77,26 +77,45 @@ public class SecurityConfig {
|
||||||
@Order(1)
|
@Order(1)
|
||||||
public SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http)
|
public SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http)
|
||||||
throws Exception {
|
throws Exception {
|
||||||
OAuth2AuthorizationServerConfiguration.applyDefaultSecurity(http);
|
// 使用新的配置方式替代弃用的applyDefaultSecurity
|
||||||
// 注册自定义登录类型
|
http.securityMatcher(new AntPathRequestMatcher("/oauth2/**"))
|
||||||
http.getConfigurer(OAuth2AuthorizationServerConfigurer.class)
|
.authorizeHttpRequests(authorize ->
|
||||||
.tokenEndpoint(tokenEndpoint -> tokenEndpoint.accessTokenRequestConverter(new PasswordGrantAuthenticationConvert())
|
authorize.anyRequest().authenticated()
|
||||||
.authenticationProvider(new PasswordGrantAuthenticationProvider(authorizationService, tokenGenerator())))
|
)
|
||||||
.tokenEndpoint(tokenEndpoint -> tokenEndpoint.accessTokenRequestConverter(new PhoneGrantAuthenticationConvert())
|
.csrf(csrf -> csrf.disable())
|
||||||
.authenticationProvider(new PhoneGrantAuthenticationProvider(authorizationService, tokenGenerator())))
|
.with(new OAuth2AuthorizationServerConfigurer(), oauth2 -> {
|
||||||
.tokenEndpoint(tokenEndpoint -> tokenEndpoint.accessTokenRequestConverter(new AppGrantAuthenticationConvert())
|
oauth2
|
||||||
.authenticationProvider(new AppGrantAuthenticationProvider(authorizationService, tokenGenerator())))
|
.tokenEndpoint(tokenEndpoint -> tokenEndpoint
|
||||||
.tokenEndpoint(tokenEndpoint -> tokenEndpoint.accessTokenRequestConverter(new SocialGrantAuthenticationConvert())
|
.accessTokenRequestConverter(new PasswordGrantAuthenticationConvert())
|
||||||
.authenticationProvider(new SocialGrantAuthenticationProvider(authorizationService, tokenGenerator())))
|
.authenticationProvider(new PasswordGrantAuthenticationProvider(authorizationService, tokenGenerator()))
|
||||||
//开启OpenID Connect 1.0(其中oidc为OpenID Connect的缩写)。 访问 /.well-known/openid-configuration即可获取认证信息
|
)
|
||||||
.oidc(Customizer.withDefaults());
|
.tokenEndpoint(tokenEndpoint -> tokenEndpoint
|
||||||
|
.accessTokenRequestConverter(new PhoneGrantAuthenticationConvert())
|
||||||
|
.authenticationProvider(new PhoneGrantAuthenticationProvider(authorizationService, tokenGenerator()))
|
||||||
|
)
|
||||||
|
.tokenEndpoint(tokenEndpoint -> tokenEndpoint
|
||||||
|
.accessTokenRequestConverter(new AppGrantAuthenticationConvert())
|
||||||
|
.authenticationProvider(new AppGrantAuthenticationProvider(authorizationService, tokenGenerator()))
|
||||||
|
)
|
||||||
|
.tokenEndpoint(tokenEndpoint -> tokenEndpoint
|
||||||
|
.accessTokenRequestConverter(new SocialGrantAuthenticationConvert())
|
||||||
|
.authenticationProvider(new SocialGrantAuthenticationProvider(authorizationService, tokenGenerator()))
|
||||||
|
)
|
||||||
|
//开启OpenID Connect 1.0(其中oidc为OpenID Connect的缩写)。 访问 /.well-known/openid-configuration即可获取认证信息
|
||||||
|
.oidc(Customizer.withDefaults());
|
||||||
|
});
|
||||||
|
|
||||||
//将需要认证的请求,抛出异常,不跳转页面
|
//请求接口异常处理:无Token和Token无效的情况
|
||||||
http.exceptionHandling(exceptions -> exceptions
|
http.exceptionHandling(exceptions -> exceptions
|
||||||
.authenticationEntryPoint((request, response, authException) -> {
|
.authenticationEntryPoint((request, response, authException) -> {
|
||||||
// 记录详细的异常信息
|
// 记录详细的异常信息 - 未认证
|
||||||
log.error("接口访问失败,请求路径:{},错误信息:{}", request.getRequestURI(), authException.getMessage(), authException);
|
log.error("接口访问失败(未认证),请求路径:{},错误信息:{}", request.getRequestURI(), authException.getMessage(), authException);
|
||||||
JwtUtil.responseError(response,401,authException.getMessage());
|
JwtUtil.responseError(response, 401, "Token格式错误或已过期");
|
||||||
|
})
|
||||||
|
.accessDeniedHandler((request, response, accessDeniedException) -> {
|
||||||
|
// 记录详细的异常信息 - token无效或权限不足
|
||||||
|
log.error("接口访问失败(token无效或权限不足),请求路径:{},错误信息:{}", request.getRequestURI(), accessDeniedException.getMessage(), accessDeniedException);
|
||||||
|
JwtUtil.responseError(response, 403, "权限不足");
|
||||||
})
|
})
|
||||||
);
|
);
|
||||||
|
|
||||||
|
|
@ -175,7 +194,7 @@ public class SecurityConfig {
|
||||||
.requestMatchers(AntPathRequestMatcher.antMatcher("/drag/onlDragDatasetHead/getTotalDataByCompId")).permitAll()
|
.requestMatchers(AntPathRequestMatcher.antMatcher("/drag/onlDragDatasetHead/getTotalDataByCompId")).permitAll()
|
||||||
.requestMatchers(AntPathRequestMatcher.antMatcher("/drag/onlDragDatasetHead/getDictByCodes")).permitAll()
|
.requestMatchers(AntPathRequestMatcher.antMatcher("/drag/onlDragDatasetHead/getDictByCodes")).permitAll()
|
||||||
.requestMatchers(AntPathRequestMatcher.antMatcher("/dragChannelSocket/**")).permitAll()
|
.requestMatchers(AntPathRequestMatcher.antMatcher("/dragChannelSocket/**")).permitAll()
|
||||||
|
|
||||||
//大屏模板例子
|
//大屏模板例子
|
||||||
.requestMatchers(AntPathRequestMatcher.antMatcher("/test/bigScreen/**")).permitAll()
|
.requestMatchers(AntPathRequestMatcher.antMatcher("/test/bigScreen/**")).permitAll()
|
||||||
.requestMatchers(AntPathRequestMatcher.antMatcher("/bigscreen/template1/**")).permitAll()
|
.requestMatchers(AntPathRequestMatcher.antMatcher("/bigscreen/template1/**")).permitAll()
|
||||||
|
|
@ -199,13 +218,33 @@ public class SecurityConfig {
|
||||||
return config;
|
return config;
|
||||||
}))
|
}))
|
||||||
.csrf(AbstractHttpConfigurer::disable)
|
.csrf(AbstractHttpConfigurer::disable)
|
||||||
// 添加异常处理
|
// 配置OAuth2资源服务器,并添加JWT异常处理
|
||||||
|
.oauth2ResourceServer(oauth2 -> oauth2
|
||||||
|
.jwt(jwt -> jwt.jwtAuthenticationConverter(jeecgAuthenticationConvert))
|
||||||
|
.authenticationEntryPoint((request, response, authException) -> {
|
||||||
|
// 处理JWT解析失败的情况
|
||||||
|
log.error("JWT验证失败,请求路径:{},错误信息:{}", request.getRequestURI(), authException.getMessage(), authException);
|
||||||
|
JwtUtil.responseError(response, 401, "Token格式错误或已过期");
|
||||||
|
})
|
||||||
|
.accessDeniedHandler((request, response, accessDeniedException) -> {
|
||||||
|
// 处理权限不足的情况
|
||||||
|
log.error("权限验证失败,请求路径:{},错误信息:{}", request.getRequestURI(), accessDeniedException.getMessage(), accessDeniedException);
|
||||||
|
JwtUtil.responseError(response, 403, "权限不足");
|
||||||
|
})
|
||||||
|
)
|
||||||
|
// 全局异常处理
|
||||||
.exceptionHandling(exceptions -> exceptions
|
.exceptionHandling(exceptions -> exceptions
|
||||||
.authenticationEntryPoint((request, response, authException) -> {
|
.authenticationEntryPoint((request, response, authException) -> {
|
||||||
log.error("接口访问失败,请求路径:{},错误信息:{}", request.getRequestURI(), authException.getMessage(), authException);
|
// 记录详细的异常信息 - 未认证
|
||||||
JwtUtil.responseError(response,401,authException.getMessage());
|
log.error("接口访问失败(未认证),请求路径:{},错误信息:{}", request.getRequestURI(), authException.getMessage(), authException);
|
||||||
}))
|
JwtUtil.responseError(response, 401, "Token格式错误或已过期");
|
||||||
.oauth2ResourceServer(oauth2 -> oauth2.jwt(jwt -> jwt.jwtAuthenticationConverter(jeecgAuthenticationConvert)));
|
})
|
||||||
|
.accessDeniedHandler((request, response, accessDeniedException) -> {
|
||||||
|
// 记录详细的异常信息 - token无效或权限不足
|
||||||
|
log.error("接口访问失败(token无效或权限不足),请求路径:{},错误信息:{}", request.getRequestURI(), accessDeniedException.getMessage(), accessDeniedException);
|
||||||
|
JwtUtil.responseError(response, 403, "权限不足");
|
||||||
|
})
|
||||||
|
);
|
||||||
return http.build();
|
return http.build();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -268,5 +307,4 @@ public class SecurityConfig {
|
||||||
new OAuth2RefreshTokenGenerator()
|
new OAuth2RefreshTokenGenerator()
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
}
|
||||||
}
|
|
||||||
Loading…
Reference in New Issue