mirror of
https://gitee.com/gz-yami/mall4j.git
synced 2025-12-26 07:56:43 +08:00
登录验证在security中确定方法,在admin和api中确定实现,不在使用url中的grant_type来确定
This commit is contained in:
hanfeng
parent
090e0cd867
commit
24ac928fb9
@ -8,7 +8,7 @@
|
||||
* 版权所有,侵权必究!
|
||||
*/
|
||||
|
||||
package com.yami.shop.security.provider;
|
||||
package com.yami.shop.admin.security;
|
||||
|
||||
|
||||
import cn.hutool.core.util.StrUtil;
|
||||
@ -19,8 +19,8 @@ import com.yami.shop.security.exception.BadCredentialsExceptionBase;
|
||||
import com.yami.shop.security.exception.ImageCodeNotMatchExceptionBase;
|
||||
import com.yami.shop.security.exception.UsernameNotFoundExceptionBase;
|
||||
import com.yami.shop.security.exception.BaseYamiAuth2Exception;
|
||||
import com.yami.shop.security.provider.AbstractUserDetailsAuthenticationProvider;
|
||||
import com.yami.shop.security.service.YamiUserDetailsService;
|
||||
import com.yami.shop.security.token.AdminAuthenticationToken;
|
||||
import lombok.AllArgsConstructor;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.core.userdetails.UserDetails;
|
||||
@ -8,16 +8,14 @@
|
||||
* 版权所有,侵权必究!
|
||||
*/
|
||||
|
||||
package com.yami.shop.security.token;
|
||||
package com.yami.shop.admin.security;
|
||||
|
||||
import com.yami.shop.security.token.MyAuthenticationToken;
|
||||
import lombok.Getter;
|
||||
import lombok.NoArgsConstructor;
|
||||
import lombok.Setter;
|
||||
import org.springframework.security.core.GrantedAuthority;
|
||||
import org.springframework.security.core.userdetails.UserDetails;
|
||||
|
||||
import java.util.Collection;
|
||||
|
||||
/**
|
||||
* 系统用户账号密码登陆
|
||||
*/
|
||||
@ -0,0 +1,21 @@
|
||||
package com.yami.shop.admin.security;
|
||||
|
||||
import com.yami.shop.common.util.Json;
|
||||
import com.yami.shop.security.provider.AuthenticationTokenParser;
|
||||
import org.springframework.security.authentication.AbstractAuthenticationToken;
|
||||
import org.springframework.stereotype.Component;
|
||||
|
||||
/**
|
||||
* AdminAuthenticationTokenParser
|
||||
*
|
||||
* @author hanfeng
|
||||
* @date 2019-08-21
|
||||
*/
|
||||
@Component
|
||||
public class AdminAuthenticationTokenParser implements AuthenticationTokenParser {
|
||||
@Override
|
||||
public AbstractAuthenticationToken parse(String authenticationTokenStr) {
|
||||
AdminAuthenticationToken authRequest = Json.parseObject(authenticationTokenStr, AdminAuthenticationToken.class);
|
||||
return authRequest;
|
||||
}
|
||||
}
|
||||
@ -8,7 +8,7 @@
|
||||
* 版权所有,侵权必究!
|
||||
*/
|
||||
|
||||
package com.yami.shop.security.provider;
|
||||
package com.yami.shop.api.security;
|
||||
|
||||
|
||||
import cn.binarywang.wx.miniapp.api.WxMaService;
|
||||
@ -18,9 +18,9 @@ import com.yami.shop.security.enums.App;
|
||||
import com.yami.shop.security.exception.UsernameNotFoundExceptionBase;
|
||||
import com.yami.shop.security.exception.WxErrorExceptionBase;
|
||||
import com.yami.shop.security.model.AppConnect;
|
||||
import com.yami.shop.security.provider.AbstractUserDetailsAuthenticationProvider;
|
||||
import com.yami.shop.security.service.YamiUser;
|
||||
import com.yami.shop.security.service.YamiUserDetailsService;
|
||||
import com.yami.shop.security.token.MiniAppAuthenticationToken;
|
||||
import com.yami.shop.security.token.MyAuthenticationToken;
|
||||
import lombok.AllArgsConstructor;
|
||||
import me.chanjar.weixin.common.error.WxErrorException;
|
||||
@ -8,8 +8,9 @@
|
||||
* 版权所有,侵权必究!
|
||||
*/
|
||||
|
||||
package com.yami.shop.security.token;
|
||||
package com.yami.shop.api.security;
|
||||
|
||||
import com.yami.shop.security.token.MyAuthenticationToken;
|
||||
import lombok.NoArgsConstructor;
|
||||
import org.springframework.security.core.userdetails.UserDetails;
|
||||
|
||||
@ -0,0 +1,21 @@
|
||||
package com.yami.shop.api.security;
|
||||
|
||||
import com.yami.shop.common.util.Json;
|
||||
import com.yami.shop.security.provider.AuthenticationTokenParser;
|
||||
import org.springframework.security.authentication.AbstractAuthenticationToken;
|
||||
import org.springframework.stereotype.Component;
|
||||
|
||||
/**
|
||||
* MiniAppAuthenticationTokenParser
|
||||
*
|
||||
* @author hanfeng
|
||||
* @date 2019-08-21
|
||||
*/
|
||||
@Component
|
||||
public class MiniAppAuthenticationTokenParser implements AuthenticationTokenParser {
|
||||
@Override
|
||||
public AbstractAuthenticationToken parse(String authenticationTokenStr) {
|
||||
MiniAppAuthenticationToken authRequest = Json.parseObject(authenticationTokenStr, MiniAppAuthenticationToken.class);
|
||||
return authRequest;
|
||||
}
|
||||
}
|
||||
@ -14,14 +14,14 @@ package com.yami.shop.security.config;
|
||||
import com.yami.shop.security.filter.LoginAuthenticationFilter;
|
||||
import com.yami.shop.security.handler.LoginAuthFailedHandler;
|
||||
import com.yami.shop.security.handler.LoginAuthSuccessHandler;
|
||||
import com.yami.shop.security.provider.AdminAuthenticationProvider;
|
||||
import com.yami.shop.security.provider.MiniAppAuthenticationProvider;
|
||||
import com.yami.shop.security.provider.AuthenticationTokenParser;
|
||||
import lombok.SneakyThrows;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.core.annotation.Order;
|
||||
import org.springframework.security.authentication.AuthenticationManager;
|
||||
import org.springframework.security.authentication.AuthenticationProvider;
|
||||
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
|
||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
||||
import org.springframework.security.crypto.factory.PasswordEncoderFactories;
|
||||
@ -39,10 +39,10 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
|
||||
private LoginAuthFailedHandler loginAuthFailedHandler;
|
||||
|
||||
@Autowired
|
||||
private AdminAuthenticationProvider adminAuthenticationProvider;
|
||||
private AuthenticationProvider authenticationProvider;
|
||||
|
||||
@Autowired
|
||||
private MiniAppAuthenticationProvider miniAppAuthenticationProvider;
|
||||
private AuthenticationTokenParser authenticationTokenParser;
|
||||
|
||||
@Override
|
||||
@Bean
|
||||
@ -57,8 +57,7 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
|
||||
*/
|
||||
@Override
|
||||
public void configure(AuthenticationManagerBuilder auth) {
|
||||
auth.authenticationProvider(adminAuthenticationProvider);
|
||||
auth.authenticationProvider(miniAppAuthenticationProvider);
|
||||
auth.authenticationProvider(authenticationProvider);
|
||||
}
|
||||
|
||||
@Bean
|
||||
@ -77,6 +76,7 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
|
||||
}
|
||||
filter.setAuthenticationSuccessHandler(loginAuthSuccessHandler);
|
||||
filter.setAuthenticationFailureHandler(loginAuthFailedHandler);
|
||||
filter.setAuthenticationTokenParser(authenticationTokenParser);
|
||||
return filter;
|
||||
}
|
||||
|
||||
|
||||
@ -12,16 +12,11 @@ package com.yami.shop.security.filter;
|
||||
|
||||
import cn.hutool.core.util.StrUtil;
|
||||
import cn.hutool.extra.servlet.ServletUtil;
|
||||
import com.yami.shop.common.util.Json;
|
||||
import com.yami.shop.security.constants.SecurityConstants;
|
||||
import com.yami.shop.security.exception.UnknownGrantTypeExceptionBase;
|
||||
import com.yami.shop.security.token.AdminAuthenticationToken;
|
||||
import com.yami.shop.security.token.MiniAppAuthenticationToken;
|
||||
import com.yami.shop.security.provider.AuthenticationTokenParser;
|
||||
import org.springframework.security.authentication.AbstractAuthenticationToken;
|
||||
import org.springframework.security.authentication.AuthenticationServiceException;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.core.AuthenticationException;
|
||||
import org.springframework.security.oauth2.common.util.OAuth2Utils;
|
||||
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
|
||||
|
||||
import javax.servlet.ServletInputStream;
|
||||
@ -32,44 +27,28 @@ import java.nio.charset.StandardCharsets;
|
||||
|
||||
/**
|
||||
* 小程序登陆:此时principal为code
|
||||
* post:http://127.0.0.1:8086/login?grant_type=mini_app
|
||||
* post:http://127.0.0.1:8086/login
|
||||
* {principal:code}
|
||||
* 管理员登陆:
|
||||
* post: http://127.0.0.1:8086/login?grant_type=admin
|
||||
* post: http://127.0.0.1:8086/login
|
||||
* {principal:username,credentials:password}
|
||||
*/
|
||||
public class LoginAuthenticationFilter extends UsernamePasswordAuthenticationFilter {
|
||||
|
||||
private AuthenticationTokenParser authenticationTokenParser;
|
||||
|
||||
@Override
|
||||
public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException {
|
||||
if (!ServletUtil.METHOD_POST.equals(request.getMethod())) {
|
||||
throw new AuthenticationServiceException(
|
||||
"Authentication method not supported: " + request.getMethod());
|
||||
}
|
||||
String type = obtainParameter(request, OAuth2Utils.GRANT_TYPE);
|
||||
|
||||
AbstractAuthenticationToken authRequest = null;
|
||||
|
||||
String requestBody = getStringFromStream(request);
|
||||
|
||||
if (StrUtil.isBlank(requestBody)) {
|
||||
throw new AuthenticationServiceException("无法获取输入信息");
|
||||
}
|
||||
|
||||
// 小程序通过code登陆
|
||||
if(SecurityConstants.SPRING_SECURITY_RESTFUL_TYPE_MINI_APP.equals(type)){
|
||||
authRequest = Json.parseObject(requestBody, MiniAppAuthenticationToken.class);
|
||||
}
|
||||
|
||||
|
||||
// 账号密码登陆
|
||||
else if (SecurityConstants.SPRING_SECURITY_RESTFUL_TYPE_ADMIN.equals(type)) {
|
||||
authRequest = Json.parseObject(requestBody, AdminAuthenticationToken.class);
|
||||
}
|
||||
|
||||
if (authRequest == null) {
|
||||
throw new UnknownGrantTypeExceptionBase("未知的grant_type");
|
||||
}
|
||||
AbstractAuthenticationToken authRequest = authenticationTokenParser.parse(requestBody);
|
||||
|
||||
// Allow subclasses to set the "details" property
|
||||
setDetails(request, authRequest);
|
||||
@ -81,12 +60,6 @@ public class LoginAuthenticationFilter extends UsernamePasswordAuthenticationFil
|
||||
authRequest.setDetails(authenticationDetailsSource.buildDetails(request));
|
||||
}
|
||||
|
||||
private String obtainParameter(HttpServletRequest request, String parameter) {
|
||||
String result = request.getParameter(parameter);
|
||||
return result == null ? "" : result;
|
||||
}
|
||||
|
||||
|
||||
private String getStringFromStream(HttpServletRequest req) {
|
||||
ServletInputStream is;
|
||||
try {
|
||||
@ -106,4 +79,8 @@ public class LoginAuthenticationFilter extends UsernamePasswordAuthenticationFil
|
||||
return "";
|
||||
}
|
||||
}
|
||||
|
||||
public void setAuthenticationTokenParser(AuthenticationTokenParser authenticationTokenParser) {
|
||||
this.authenticationTokenParser = authenticationTokenParser;
|
||||
}
|
||||
}
|
||||
|
||||
@ -0,0 +1,13 @@
|
||||
package com.yami.shop.security.provider;
|
||||
|
||||
import org.springframework.security.authentication.AbstractAuthenticationToken;
|
||||
|
||||
/**
|
||||
* AuthenticationTokenParser
|
||||
*
|
||||
* @author hanfeng
|
||||
* @date 2019-08-21
|
||||
*/
|
||||
public interface AuthenticationTokenParser {
|
||||
AbstractAuthenticationToken parse(String authenticationTokenStr);
|
||||
}
|
||||
Loading…
x
Reference in New Issue
Block a user