Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
zlt2000
microservices-platform
提交
c4146ef7
microservices-platform
项目概览
zlt2000
/
microservices-platform
8 个月 前同步成功
通知
16
Star
4
Fork
3
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
microservices-platform
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
前往新版Gitcode,体验更适合开发者的 AI 搜索 >>
提交
c4146ef7
编写于
6月 05, 2022
作者:
Z
zhult13
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
解决只要请求携带access_token,排除鉴权的url依然会被拦截
上级
8bc688b8
变更
3
隐藏空白更改
内联
并排
Showing
3 changed file
with
50 addition
and
1 deletion
+50
-1
zlt-commons/zlt-auth-client-spring-boot-starter/src/main/java/com/central/oauth2/common/config/DefaultResourceServerConf.java
...ntral/oauth2/common/config/DefaultResourceServerConf.java
+6
-1
zlt-commons/zlt-auth-client-spring-boot-starter/src/main/java/com/central/oauth2/common/service/impl/CustomBearerTokenExtractor.java
...auth2/common/service/impl/CustomBearerTokenExtractor.java
+42
-0
zlt-demo/pom.xml
zlt-demo/pom.xml
+2
-0
未找到文件。
zlt-commons/zlt-auth-client-spring-boot-starter/src/main/java/com/central/oauth2/common/config/DefaultResourceServerConf.java
浏览文件 @
c4146ef7
...
...
@@ -9,6 +9,7 @@ import org.springframework.security.config.annotation.web.configurers.Expression
import
org.springframework.security.config.http.SessionCreationPolicy
;
import
org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter
;
import
org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer
;
import
org.springframework.security.oauth2.provider.authentication.TokenExtractor
;
import
org.springframework.security.oauth2.provider.error.OAuth2AccessDeniedHandler
;
import
org.springframework.security.oauth2.provider.expression.OAuth2WebSecurityExpressionHandler
;
import
org.springframework.security.oauth2.provider.token.TokenStore
;
...
...
@@ -36,13 +37,17 @@ public class DefaultResourceServerConf extends ResourceServerConfigurerAdapter {
@Autowired
private
SecurityProperties
securityProperties
;
@Resource
private
TokenExtractor
tokenExtractor
;
@Override
public
void
configure
(
ResourceServerSecurityConfigurer
resources
)
{
resources
.
tokenStore
(
tokenStore
)
.
stateless
(
true
)
.
authenticationEntryPoint
(
authenticationEntryPoint
)
.
expressionHandler
(
expressionHandler
)
.
accessDeniedHandler
(
oAuth2AccessDeniedHandler
);
.
accessDeniedHandler
(
oAuth2AccessDeniedHandler
)
.
tokenExtractor
(
tokenExtractor
);
}
@Override
...
...
zlt-commons/zlt-auth-client-spring-boot-starter/src/main/java/com/central/oauth2/common/service/impl/CustomBearerTokenExtractor.java
0 → 100644
浏览文件 @
c4146ef7
package
com.central.oauth2.common.service.impl
;
import
com.central.oauth2.common.properties.SecurityProperties
;
import
org.springframework.security.core.Authentication
;
import
org.springframework.security.oauth2.provider.authentication.BearerTokenExtractor
;
import
org.springframework.stereotype.Component
;
import
org.springframework.util.AntPathMatcher
;
import
javax.annotation.Resource
;
import
javax.servlet.http.HttpServletRequest
;
/**
* 自定义 TokenExtractor
*
* @author zlt
* @version 1.0
* @date 2022/6/4
* <p>
* Blog: https://zlt2000.gitee.io
* Github: https://github.com/zlt2000
*/
@Component
public
class
CustomBearerTokenExtractor
extends
BearerTokenExtractor
{
@Resource
private
SecurityProperties
securityProperties
;
private
final
AntPathMatcher
antPathMatcher
=
new
AntPathMatcher
();
/**
* 解决只要请求携带access_token,排除鉴权的url依然会被拦截
*/
@Override
public
Authentication
extract
(
HttpServletRequest
request
)
{
//判断当前请求为排除鉴权的url时,直接返回null
for
(
String
url
:
securityProperties
.
getIgnore
().
getUrls
())
{
if
(
antPathMatcher
.
match
(
url
,
request
.
getRequestURI
()))
{
return
null
;
}
}
return
super
.
extract
(
request
);
}
}
zlt-demo/pom.xml
浏览文件 @
c4146ef7
...
...
@@ -22,5 +22,7 @@
<module>
sso-demo
</module>
<!-- dubbo集成demo -->
<module>
dubbo-demo
</module>
<!-- webSocket集成demo -->
<module>
websocket-demo
</module>
</modules>
</project>
\ No newline at end of file
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录