From 7860d648abc21184cc22801d9b4ad9541de9174f Mon Sep 17 00:00:00 2001 From: torvalds Date: Fri, 15 May 2020 16:28:04 +0800 Subject: [PATCH] =?UTF-8?q?:recycle:=20Refactoring=20code.=20=20#I1H9V8=20?= =?UTF-8?q?=E7=BB=A7=E6=89=BF=E5=8E=9F=E6=9C=89BearerTokenExtractor=20=20?= =?UTF-8?q?=E3=80=90=E4=BC=98=E5=8C=96=E3=80=91=20=E6=8E=A5=E5=8F=A3?= =?UTF-8?q?=E5=AF=B9=E5=A4=96=E6=9A=B4=E9=9C=B2=EF=BC=8C=E4=B8=8D=E6=A0=A1?= =?UTF-8?q?=E9=AA=8C=20Authentication=20Header=20=E5=A4=B4?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../component/PigBearerTokenExtractor.java | 92 +++---------------- 1 file changed, 15 insertions(+), 77 deletions(-) diff --git a/pig-common/pig-common-security/src/main/java/com/pig4cloud/pig/common/security/component/PigBearerTokenExtractor.java b/pig-common/pig-common-security/src/main/java/com/pig4cloud/pig/common/security/component/PigBearerTokenExtractor.java index db38da50..a87ec58b 100644 --- a/pig-common/pig-common-security/src/main/java/com/pig4cloud/pig/common/security/component/PigBearerTokenExtractor.java +++ b/pig-common/pig-common-security/src/main/java/com/pig4cloud/pig/common/security/component/PigBearerTokenExtractor.java @@ -19,19 +19,14 @@ package com.pig4cloud.pig.common.security.component; -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; +import lombok.RequiredArgsConstructor; import org.springframework.security.core.Authentication; -import org.springframework.security.oauth2.common.OAuth2AccessToken; import org.springframework.security.oauth2.provider.authentication.BearerTokenExtractor; -import org.springframework.security.oauth2.provider.authentication.OAuth2AuthenticationDetails; -import org.springframework.security.oauth2.provider.authentication.TokenExtractor; -import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken; import org.springframework.stereotype.Component; -import org.springframework.web.servlet.mvc.condition.PatternsRequestCondition; +import org.springframework.util.AntPathMatcher; +import org.springframework.util.PathMatcher; import javax.servlet.http.HttpServletRequest; -import java.util.Enumeration; /** * 改造 {@link BearerTokenExtractor} 对公开权限的请求不进行校验 @@ -40,73 +35,16 @@ import java.util.Enumeration; * @date 2020.05.15 */ @Component -public class PigBearerTokenExtractor implements TokenExtractor { - private final static Log logger = LogFactory.getLog(PigBearerTokenExtractor.class); - - private final PatternsRequestCondition patternsRequestCondition; - - public PigBearerTokenExtractor(PermitAllUrlProperties permitAllUrl) { - this.patternsRequestCondition = new PatternsRequestCondition( - permitAllUrl.getUrls().toArray(new String[0]) - ); - } - - @Override - public Authentication extract(HttpServletRequest request) { - - if (this.patternsRequestCondition.getMatchingPatterns(request.getRequestURI()).size() > 0) { - return null; - } - - String tokenValue = extractToken(request); - if (tokenValue != null) { - return new PreAuthenticatedAuthenticationToken(tokenValue, ""); - } - return null; - } - - protected String extractToken(HttpServletRequest request) { - // first check the header... - String token = extractHeaderToken(request); - - // bearer type allows a request parameter as well - if (token == null) { - logger.debug("Token not found in headers. Trying request parameters."); - token = request.getParameter(OAuth2AccessToken.ACCESS_TOKEN); - if (token == null) { - logger.debug("Token not found in request parameters. Not an OAuth2 request."); - } else { - request.setAttribute(OAuth2AuthenticationDetails.ACCESS_TOKEN_TYPE, OAuth2AccessToken.BEARER_TYPE); - } - } - - return token; - } - - /** - * Extract the OAuth bearer token from a header. - * - * @param request The request. - * @return The token, or null if no OAuth authorization header was supplied. - */ - protected String extractHeaderToken(HttpServletRequest request) { - Enumeration headers = request.getHeaders("Authorization"); - while (headers.hasMoreElements()) { // typically there is only one (most servers enforce that) - String value = headers.nextElement(); - if ((value.toLowerCase().startsWith(OAuth2AccessToken.BEARER_TYPE.toLowerCase()))) { - String authHeaderValue = value.substring(OAuth2AccessToken.BEARER_TYPE.length()).trim(); - // Add this here for the auth details later. Would be better to change the signature of this method. - request.setAttribute(OAuth2AuthenticationDetails.ACCESS_TOKEN_TYPE, - value.substring(0, OAuth2AccessToken.BEARER_TYPE.length()).trim()); - int commaIndex = authHeaderValue.indexOf(','); - if (commaIndex > 0) { - authHeaderValue = authHeaderValue.substring(0, commaIndex); - } - return authHeaderValue; - } - } - - return null; - } - +@RequiredArgsConstructor +public class PigBearerTokenExtractor extends BearerTokenExtractor { + private final PathMatcher pathMatcher = new AntPathMatcher(); + private final PermitAllUrlProperties urlProperties; + + @Override + public Authentication extract(HttpServletRequest request) { + boolean match = urlProperties.getUrls().stream() + .anyMatch(url -> pathMatcher.match(url, request.getRequestURI())); + + return match ? null : super.extract(request); + } } -- GitLab