♻ Refactoring code. #I1H9V8 继承原有BearerTokenExtractor 【优化】接口对外暴露，不校验...

♻ Refactoring code. #I1H9V8 继承原有BearerTokenExtractor 【优化】接口对外暴露，不校验 Authentication Header 头

♻ Refactoring code. #I1H9V8 继承原有BearerTokenExtractor 【优化】接口对外暴露，不校验...
♻ Refactoring code. #I1H9V8 继承原有BearerTokenExtractor 【优化】接口对外暴露，不校验 Authentication Header 头
7860d648 · torvalds · c29b9ede · 7860d648
隐藏空白更改
内联并排

Showing with 15 addition and 77 deletion

pig-common/pig-common-security/src/main/java/com/pig4cloud/pig/common/security/component/PigBearerTokenExtractor.java ...ig/common/security/component/PigBearerTokenExtractor.java +15 -77

未找到文件。
--- a/pig-common/pig-common-security/src/main/java/com/pig4cloud/pig/common/security/component/PigBearerTokenExtractor.java
+++ b/pig-common/pig-common-security/src/main/java/com/pig4cloud/pig/common/security/component/PigBearerTokenExtractor.java
@@ -19,19 +19,14 @@

 package com.pig4cloud.pig.common.security.component;

-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
+import lombok.RequiredArgsConstructor;
 import org.springframework.security.core.Authentication;
-import org.springframework.security.oauth2.common.OAuth2AccessToken;
 import org.springframework.security.oauth2.provider.authentication.BearerTokenExtractor;
-import org.springframework.security.oauth2.provider.authentication.OAuth2AuthenticationDetails;
-import org.springframework.security.oauth2.provider.authentication.TokenExtractor;
-import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken;
 import org.springframework.stereotype.Component;
-import org.springframework.web.servlet.mvc.condition.PatternsRequestCondition;
+import org.springframework.util.AntPathMatcher;
+import org.springframework.util.PathMatcher;

 import javax.servlet.http.HttpServletRequest;
-import java.util.Enumeration;

 /**
 * 改造 {@link BearerTokenExtractor} 对公开权限的请求不进行校验
@@ -40,73 +35,16 @@ import java.util.Enumeration;
 * @date 2020.05.15
 */
 @Component
-public class PigBearerTokenExtractor implements TokenExtractor {
-    private final static Log logger = LogFactory.getLog(PigBearerTokenExtractor.class);
-
-    private final PatternsRequestCondition patternsRequestCondition;
-
-    public PigBearerTokenExtractor(PermitAllUrlProperties permitAllUrl) {
-        this.patternsRequestCondition = new PatternsRequestCondition(
-                permitAllUrl.getUrls().toArray(new String[0])
-        );
-    }
-
-    @Override
-    public Authentication extract(HttpServletRequest request) {
-
-        if (this.patternsRequestCondition.getMatchingPatterns(request.getRequestURI()).size() > 0) {
-            return null;
-        }
-
-        String tokenValue = extractToken(request);
-        if (tokenValue != null) {
-			return new PreAuthenticatedAuthenticationToken(tokenValue, "");
-        }
-        return null;
-    }
-
-    protected String extractToken(HttpServletRequest request) {
-        // first check the header...
-        String token = extractHeaderToken(request);
-
-        // bearer type allows a request parameter as well
-        if (token == null) {
-            logger.debug("Token not found in headers. Trying request parameters.");
-            token = request.getParameter(OAuth2AccessToken.ACCESS_TOKEN);
-            if (token == null) {
-                logger.debug("Token not found in request parameters.  Not an OAuth2 request.");
-            } else {
-                request.setAttribute(OAuth2AuthenticationDetails.ACCESS_TOKEN_TYPE, OAuth2AccessToken.BEARER_TYPE);
-            }
-        }
-
-        return token;
-    }
-
-    /**
-     * Extract the OAuth bearer token from a header.
-     *
-     * @param request The request.
-     * @return The token, or null if no OAuth authorization header was supplied.
-     */
-    protected String extractHeaderToken(HttpServletRequest request) {
-        Enumeration<String> headers = request.getHeaders("Authorization");
-        while (headers.hasMoreElements()) { // typically there is only one (most servers enforce that)
-            String value = headers.nextElement();
-            if ((value.toLowerCase().startsWith(OAuth2AccessToken.BEARER_TYPE.toLowerCase()))) {
-                String authHeaderValue = value.substring(OAuth2AccessToken.BEARER_TYPE.length()).trim();
-                // Add this here for the auth details later. Would be better to change the signature of this method.
-                request.setAttribute(OAuth2AuthenticationDetails.ACCESS_TOKEN_TYPE,
-                        value.substring(0, OAuth2AccessToken.BEARER_TYPE.length()).trim());
-                int commaIndex = authHeaderValue.indexOf(',');
-                if (commaIndex > 0) {
-                    authHeaderValue = authHeaderValue.substring(0, commaIndex);
-                }
-                return authHeaderValue;
-            }
-        }
-
-        return null;
-    }
-
+@RequiredArgsConstructor
+public class PigBearerTokenExtractor extends BearerTokenExtractor {
+	private final PathMatcher pathMatcher = new AntPathMatcher();
+	private final PermitAllUrlProperties urlProperties;
+
+	@Override
+	public Authentication extract(HttpServletRequest request) {
+		boolean match = urlProperties.getUrls().stream()
+			.anyMatch(url -> pathMatcher.match(url, request.getRequestURI()));
+
+		return match ? null : super.extract(request);
+	}
 }