自定义 ServerWebExchangeMatcher

zlt-commons/zlt-auth-client-spring-boot-starter/src/main/java/com/central/oauth2/common/service/impl/CustomBearerTokenExtractor.java

 package com.central.oauth2.common.service.impl;
 
 import com.central.oauth2.common.properties.SecurityProperties;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.oauth2.provider.authentication.BearerTokenExtractor;
 import org.springframework.stereotype.Component;
@@ -19,6 +20,7 @@ import javax.servlet.http.HttpServletRequest;
  * Blog: https://zlt2000.gitee.io
  * Github: https://github.com/zlt2000
  */
+@ConditionalOnClass(HttpServletRequest.class)
 @Component
 public class CustomBearerTokenExtractor extends BearerTokenExtractor {
     @Resource

zlt-gateway/sc-gateway/src/main/java/com/central/gateway/auth/CustomServerWebExchangeMatchers.java

+package com.central.gateway.auth;
+
+import com.central.oauth2.common.properties.SecurityProperties;
+import org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcher;
+import org.springframework.util.AntPathMatcher;
+import org.springframework.web.server.ServerWebExchange;
+import reactor.core.publisher.Mono;
+
+/**
+ * 自定义 ServerWebExchangeMatcher
+ * 解决只要请求携带access_token，排除鉴权的url依然会被拦截
+ *
+ * @author zlt
+ * @version 1.0
+ * @date 2022/6/10
+ * <p>
+ * Blog: https://zlt2000.gitee.io
+ * Github: https://github.com/zlt2000
+ */
+public class CustomServerWebExchangeMatchers implements ServerWebExchangeMatcher {
+    private final SecurityProperties securityProperties;
+
+    private final AntPathMatcher antPathMatcher = new AntPathMatcher();
+
+    public CustomServerWebExchangeMatchers(SecurityProperties securityProperties) {
+        this.securityProperties = securityProperties;
+    }
+
+    @Override
+    public Mono<MatchResult> matches(ServerWebExchange exchange) {
+        for (String url : securityProperties.getIgnore().getUrls()) {
+            if (antPathMatcher.match(url, exchange.getRequest().getURI().getPath())) {
+                return MatchResult.notMatch();
+            }
+        }
+        return MatchResult.match();
+    }
+}

zlt-gateway/sc-gateway/src/main/java/com/central/gateway/config/ResourceServerConfiguration.java

@@ -48,6 +48,7 @@ public class ResourceServerConfiguration {
         oauth2Filter.setServerAuthenticationConverter(tokenAuthenticationConverter);
         oauth2Filter.setAuthenticationFailureHandler(new ServerAuthenticationEntryPointFailureHandler(entryPoint));
         oauth2Filter.setAuthenticationSuccessHandler(new Oauth2AuthSuccessHandler());
+        oauth2Filter.setRequiresAuthenticationMatcher(new CustomServerWebExchangeMatchers(securityProperties));
         http.addFilterAt(oauth2Filter, SecurityWebFiltersOrder.AUTHENTICATION);
 
         ServerHttpSecurity.AuthorizeExchangeSpec authorizeExchange = http.authorizeExchange();