From 51b69faaa05326a497dc37fb8b019d18bd66aa8b Mon Sep 17 00:00:00 2001 From: zhult13 Date: Fri, 10 Jun 2022 16:29:44 +0800 Subject: [PATCH] =?UTF-8?q?=E8=87=AA=E5=AE=9A=E4=B9=89=20ServerWebExchange?= =?UTF-8?q?Matcher?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../impl/CustomBearerTokenExtractor.java | 2 + .../auth/CustomServerWebExchangeMatchers.java | 38 +++++++++++++++++++ .../config/ResourceServerConfiguration.java | 1 + 3 files changed, 41 insertions(+) create mode 100644 zlt-gateway/sc-gateway/src/main/java/com/central/gateway/auth/CustomServerWebExchangeMatchers.java diff --git a/zlt-commons/zlt-auth-client-spring-boot-starter/src/main/java/com/central/oauth2/common/service/impl/CustomBearerTokenExtractor.java b/zlt-commons/zlt-auth-client-spring-boot-starter/src/main/java/com/central/oauth2/common/service/impl/CustomBearerTokenExtractor.java index fceea9b..cc21489 100644 --- a/zlt-commons/zlt-auth-client-spring-boot-starter/src/main/java/com/central/oauth2/common/service/impl/CustomBearerTokenExtractor.java +++ b/zlt-commons/zlt-auth-client-spring-boot-starter/src/main/java/com/central/oauth2/common/service/impl/CustomBearerTokenExtractor.java @@ -1,6 +1,7 @@ package com.central.oauth2.common.service.impl; import com.central.oauth2.common.properties.SecurityProperties; +import org.springframework.boot.autoconfigure.condition.ConditionalOnClass; import org.springframework.security.core.Authentication; import org.springframework.security.oauth2.provider.authentication.BearerTokenExtractor; import org.springframework.stereotype.Component; @@ -19,6 +20,7 @@ import javax.servlet.http.HttpServletRequest; * Blog: https://zlt2000.gitee.io * Github: https://github.com/zlt2000 */ +@ConditionalOnClass(HttpServletRequest.class) @Component public class CustomBearerTokenExtractor extends BearerTokenExtractor { @Resource diff --git a/zlt-gateway/sc-gateway/src/main/java/com/central/gateway/auth/CustomServerWebExchangeMatchers.java b/zlt-gateway/sc-gateway/src/main/java/com/central/gateway/auth/CustomServerWebExchangeMatchers.java new file mode 100644 index 0000000..23e02a4 --- /dev/null +++ b/zlt-gateway/sc-gateway/src/main/java/com/central/gateway/auth/CustomServerWebExchangeMatchers.java @@ -0,0 +1,38 @@ +package com.central.gateway.auth; + +import com.central.oauth2.common.properties.SecurityProperties; +import org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcher; +import org.springframework.util.AntPathMatcher; +import org.springframework.web.server.ServerWebExchange; +import reactor.core.publisher.Mono; + +/** + * 自定义 ServerWebExchangeMatcher + * 解决只要请求携带access_token,排除鉴权的url依然会被拦截 + * + * @author zlt + * @version 1.0 + * @date 2022/6/10 + *

+ * Blog: https://zlt2000.gitee.io + * Github: https://github.com/zlt2000 + */ +public class CustomServerWebExchangeMatchers implements ServerWebExchangeMatcher { + private final SecurityProperties securityProperties; + + private final AntPathMatcher antPathMatcher = new AntPathMatcher(); + + public CustomServerWebExchangeMatchers(SecurityProperties securityProperties) { + this.securityProperties = securityProperties; + } + + @Override + public Mono matches(ServerWebExchange exchange) { + for (String url : securityProperties.getIgnore().getUrls()) { + if (antPathMatcher.match(url, exchange.getRequest().getURI().getPath())) { + return MatchResult.notMatch(); + } + } + return MatchResult.match(); + } +} diff --git a/zlt-gateway/sc-gateway/src/main/java/com/central/gateway/config/ResourceServerConfiguration.java b/zlt-gateway/sc-gateway/src/main/java/com/central/gateway/config/ResourceServerConfiguration.java index e6a95db..5f8edf6 100644 --- a/zlt-gateway/sc-gateway/src/main/java/com/central/gateway/config/ResourceServerConfiguration.java +++ b/zlt-gateway/sc-gateway/src/main/java/com/central/gateway/config/ResourceServerConfiguration.java @@ -48,6 +48,7 @@ public class ResourceServerConfiguration { oauth2Filter.setServerAuthenticationConverter(tokenAuthenticationConverter); oauth2Filter.setAuthenticationFailureHandler(new ServerAuthenticationEntryPointFailureHandler(entryPoint)); oauth2Filter.setAuthenticationSuccessHandler(new Oauth2AuthSuccessHandler()); + oauth2Filter.setRequiresAuthenticationMatcher(new CustomServerWebExchangeMatchers(securityProperties)); http.addFilterAt(oauth2Filter, SecurityWebFiltersOrder.AUTHENTICATION); ServerHttpSecurity.AuthorizeExchangeSpec authorizeExchange = http.authorizeExchange(); -- GitLab