Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
int
Pig
提交
8852a211
P
Pig
项目概览
int
/
Pig
上一次同步 12 个月
通知
8
Star
1
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
DevOps
流水线
流水线任务
计划
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
P
Pig
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
DevOps
DevOps
流水线
流水线任务
计划
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
流水线任务
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
8852a211
编写于
5月 15, 2020
作者:
C
cqyisbug
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
接口对外暴露,不校验 Authentication Header 头
上级
ed480c64
变更
2
隐藏空白更改
内联
并排
Showing
2 changed file
with
115 addition
and
0 deletion
+115
-0
pig-common/pig-common-security/src/main/java/com/pig4cloud/pig/common/security/component/PigBearerTokenExtractor.java
...ig/common/security/component/PigBearerTokenExtractor.java
+112
-0
pig-common/pig-common-security/src/main/java/com/pig4cloud/pig/common/security/component/PigResourceServerConfigurerAdapter.java
...ecurity/component/PigResourceServerConfigurerAdapter.java
+3
-0
未找到文件。
pig-common/pig-common-security/src/main/java/com/pig4cloud/pig/common/security/component/PigBearerTokenExtractor.java
0 → 100644
浏览文件 @
8852a211
/*
*
* * Copyright (c) 2019-2020, 冷冷 (wangiegie@gmail.com).
* * <p>
* * Licensed under the GNU Lesser General Public License 3.0 (the "License");
* * you may not use this file except in compliance with the License.
* * You may obtain a copy of the License at
* * <p>
* * https://www.gnu.org/licenses/lgpl.html
* * <p>
* * Unless required by applicable law or agreed to in writing, software
* * distributed under the License is distributed on an "AS IS" BASIS,
* * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* * See the License for the specific language governing permissions and
* * limitations under the License.
*
*/
package
com.pig4cloud.pig.common.security.component
;
import
org.apache.commons.logging.Log
;
import
org.apache.commons.logging.LogFactory
;
import
org.springframework.security.core.Authentication
;
import
org.springframework.security.oauth2.common.OAuth2AccessToken
;
import
org.springframework.security.oauth2.provider.authentication.BearerTokenExtractor
;
import
org.springframework.security.oauth2.provider.authentication.OAuth2AuthenticationDetails
;
import
org.springframework.security.oauth2.provider.authentication.TokenExtractor
;
import
org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken
;
import
org.springframework.stereotype.Component
;
import
org.springframework.web.servlet.mvc.condition.PatternsRequestCondition
;
import
javax.servlet.http.HttpServletRequest
;
import
java.util.Enumeration
;
/**
* 改造 {@link BearerTokenExtractor} 对公开权限的请求不进行校验
*
* @author caiqy
* @date 2020.05.15
*/
@Component
public
class
PigBearerTokenExtractor
implements
TokenExtractor
{
private
final
static
Log
logger
=
LogFactory
.
getLog
(
PigBearerTokenExtractor
.
class
);
private
final
PatternsRequestCondition
patternsRequestCondition
;
public
PigBearerTokenExtractor
(
PermitAllUrlProperties
permitAllUrl
)
{
this
.
patternsRequestCondition
=
new
PatternsRequestCondition
(
permitAllUrl
.
getUrls
().
toArray
(
new
String
[
0
])
);
}
@Override
public
Authentication
extract
(
HttpServletRequest
request
)
{
if
(
this
.
patternsRequestCondition
.
getMatchingPatterns
(
request
.
getRequestURI
()).
size
()
>
0
)
{
return
null
;
}
String
tokenValue
=
extractToken
(
request
);
if
(
tokenValue
!=
null
)
{
return
new
PreAuthenticatedAuthenticationToken
(
tokenValue
,
""
);
}
return
null
;
}
protected
String
extractToken
(
HttpServletRequest
request
)
{
// first check the header...
String
token
=
extractHeaderToken
(
request
);
// bearer type allows a request parameter as well
if
(
token
==
null
)
{
logger
.
debug
(
"Token not found in headers. Trying request parameters."
);
token
=
request
.
getParameter
(
OAuth2AccessToken
.
ACCESS_TOKEN
);
if
(
token
==
null
)
{
logger
.
debug
(
"Token not found in request parameters. Not an OAuth2 request."
);
}
else
{
request
.
setAttribute
(
OAuth2AuthenticationDetails
.
ACCESS_TOKEN_TYPE
,
OAuth2AccessToken
.
BEARER_TYPE
);
}
}
return
token
;
}
/**
* Extract the OAuth bearer token from a header.
*
* @param request The request.
* @return The token, or null if no OAuth authorization header was supplied.
*/
protected
String
extractHeaderToken
(
HttpServletRequest
request
)
{
Enumeration
<
String
>
headers
=
request
.
getHeaders
(
"Authorization"
);
while
(
headers
.
hasMoreElements
())
{
// typically there is only one (most servers enforce that)
String
value
=
headers
.
nextElement
();
if
((
value
.
toLowerCase
().
startsWith
(
OAuth2AccessToken
.
BEARER_TYPE
.
toLowerCase
())))
{
String
authHeaderValue
=
value
.
substring
(
OAuth2AccessToken
.
BEARER_TYPE
.
length
()).
trim
();
// Add this here for the auth details later. Would be better to change the signature of this method.
request
.
setAttribute
(
OAuth2AuthenticationDetails
.
ACCESS_TOKEN_TYPE
,
value
.
substring
(
0
,
OAuth2AccessToken
.
BEARER_TYPE
.
length
()).
trim
());
int
commaIndex
=
authHeaderValue
.
indexOf
(
','
);
if
(
commaIndex
>
0
)
{
authHeaderValue
=
authHeaderValue
.
substring
(
0
,
commaIndex
);
}
return
authHeaderValue
;
}
}
return
null
;
}
}
pig-common/pig-common-security/src/main/java/com/pig4cloud/pig/common/security/component/PigResourceServerConfigurerAdapter.java
浏览文件 @
8852a211
...
...
@@ -51,6 +51,8 @@ public class PigResourceServerConfigurerAdapter extends ResourceServerConfigurer
private
PermitAllUrlProperties
permitAllUrl
;
@Autowired
private
RestTemplate
lbRestTemplate
;
@Autowired
private
PigBearerTokenExtractor
pigBearerTokenExtractor
;
/**
* 默认的配置,对外暴露
...
...
@@ -80,6 +82,7 @@ public class PigResourceServerConfigurerAdapter extends ResourceServerConfigurer
remoteTokenServices
.
setRestTemplate
(
lbRestTemplate
);
remoteTokenServices
.
setAccessTokenConverter
(
accessTokenConverter
);
resources
.
authenticationEntryPoint
(
resourceAuthExceptionEntryPoint
)
.
tokenExtractor
(
pigBearerTokenExtractor
)
.
accessDeniedHandler
(
pigAccessDeniedHandler
)
.
tokenServices
(
remoteTokenServices
);
}
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录