/*
* Copyright (c) 2019-2020,.
* <p>
* Licensed under the GNU Lesser General Public License 3.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
* <p>
* https://www.gnu.org/licenses/lgpl.html
* <p>
*/
package com.smakercloud.smaker.common.security.component;
import com.smakercloud.smaker.common.core.config.FilterIgnorePropertiesConfig;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.cloud.client.loadbalancer.LoadBalanced;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Primary;
import org.springframework.http.HttpStatus;
import org.springframework.http.client.ClientHttpResponse;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;
import org.springframework.security.oauth2.provider.token.DefaultAccessTokenConverter;
import org.springframework.security.oauth2.provider.token.DefaultUserAuthenticationConverter;
import org.springframework.security.oauth2.provider.token.RemoteTokenServices;
import org.springframework.web.client.DefaultResponseErrorHandler;
import org.springframework.web.client.RestTemplate;
import java.io.IOException;
/**
* @author renzl
* @date 2019/2/1
* <p>
* 1. 支持remoteTokenServices 负载均衡
* 2. 支持 获取用户全部信息
*/
public abstract class BaseResourceServerConfigurerAdapter extends ResourceServerConfigurerAdapter {
@Autowired
protected ResourceAuthExceptionEntryPoint resourceAuthExceptionEntryPoint;
@Autowired
protected AccessCloudDeniedHandler AccessDeniedHandler;
@Autowired
protected RemoteTokenServices remoteTokenServices;
@Autowired
protected UserDetailsService userDetailsService;
@Autowired
private FilterIgnorePropertiesConfig filterIgnorePropertiesConfig;
/**
* 默认的配置,对外暴露
*
* @param http
* @throws Exception
*/
@Override
public void configure(HttpSecurity http) throws Exception{
//允许使用iframe 嵌套,避免swagger-ui 不被加载的问题
http.headers().frameOptions().disable();
ExpressionUrlAuthorizationConfigurer<HttpSecurity>
.ExpressionInterceptUrlRegistry registry = http
.authorizeRequests();
filterIgnorePropertiesConfig.getUrls()
.forEach(url -> registry.antMatchers(url).permitAll());
registry.anyRequest().authenticated()
.and().csrf().disable();
}
/**
* 提供子类重写
* <p>
* 1. 不重写,默认支持获取雍熙
* 2. 重写notGetUser,提供性能
* <p>
* see codegen ResourceServerConfigurer
*
* @param resources
*/
@Override
public void configure(ResourceServerSecurityConfigurer resources) {
canGetUser(resources);
}
@Bean
@Primary
@LoadBalanced
public RestTemplate lbRestTemplate() {
RestTemplate restTemplate = new RestTemplate();
restTemplate.setErrorHandler(new DefaultResponseErrorHandler() {
@Override
public void handleError(ClientHttpResponse response) throws IOException {
if (response.getRawStatusCode() != HttpStatus.BAD_REQUEST.value()) {
super.handleError(response);
}
}
});
return restTemplate;
}
/**
* 不获取用户详细 只有用户名
*
* @param resources
*/
protected void notGetUser(ResourceServerSecurityConfigurer resources) {
DefaultAccessTokenConverter accessTokenConverter = new DefaultAccessTokenConverter();
DefaultUserAuthenticationConverter userTokenConverter = new DefaultUserAuthenticationConverter();
accessTokenConverter.setUserTokenConverter(userTokenConverter);
remoteTokenServices.setRestTemplate(lbRestTemplate());
remoteTokenServices.setAccessTokenConverter(accessTokenConverter);
resources.authenticationEntryPoint(resourceAuthExceptionEntryPoint)
.accessDeniedHandler(AccessDeniedHandler)
.tokenServices(remoteTokenServices);
}
/**
* 上下文中获取用户全部信息,两次调用userDetailsService,影响性能
*
* @param resources
*/
private void canGetUser(ResourceServerSecurityConfigurer resources) {
DefaultAccessTokenConverter accessTokenConverter = new DefaultAccessTokenConverter();
DefaultUserAuthenticationConverter userTokenConverter = new DefaultUserAuthenticationConverter();
userTokenConverter.setUserDetailsService(userDetailsService);
accessTokenConverter.setUserTokenConverter(userTokenConverter);
remoteTokenServices.setRestTemplate(lbRestTemplate());
remoteTokenServices.setAccessTokenConverter(accessTokenConverter);
resources.authenticationEntryPoint(resourceAuthExceptionEntryPoint)
.accessDeniedHandler(AccessDeniedHandler)
.tokenServices(remoteTokenServices);
}
}
