java@Bean
@Order(Ordered.HIGHEST_PRECEDENCE)
public SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception {
// 配置授权服务器的安全策略,只有/oauth2/**的请求才会走如下的配置
//http.securityMatcher(SecurityConstants.OAUTH_URL_MATCHER);
// 授权认证服务的相关配置
OAuth2AuthorizationServerConfigurer authorizationServerConfigurer = new OAuth2AuthorizationServerConfigurer();
authorizationServerConfigurer
// 个性化认证授权端点
.tokenEndpoint(tokenEndpoint -> {
// 注入自定义的授权认证Converter
tokenEndpoint.accessTokenRequestConverter(accessTokenRequestConverter())
// 登录成功处理器
.accessTokenResponseHandler(new PigAuthenticationSuccessEventHandler())
// 登录失败处理器
.errorResponseHandler(new PigAuthenticationFailureEventHandler());
})
// 个性化客户端认证
.clientAuthentication(oAuth2ClientAuthenticationConfigurer ->
// 处理客户端认证异常
oAuth2ClientAuthenticationConfigurer.errorResponseHandler(new PigAuthenticationFailureEventHandler()))
.authorizationEndpoint(authorizationEndpoint ->
// 授权码端点个性化confirm页面
authorizationEndpoint.consentPage(SecurityConstants.CUSTOM_CONSENT_PAGE_URI));
http.with(authorizationServerConfigurer, Customizer.withDefaults());
// 增加验证码过滤器
http.addFilterBefore(validateCodeFilter, UsernamePasswordAuthenticationFilter.class);
// 增加密码解密过滤器
http.addFilterBefore(passwordDecoderFilter, UsernamePasswordAuthenticationFilter.class);
// redis存储token的实现
authorizationServerConfigurer.authorizationService(authorizationService)
.authorizationServerSettings(
AuthorizationServerSettings.builder().issuer(SecurityConstants.PROJECT_LICENSE).build());
// 注入自定义授权模式实现
addCustomOAuth2GrantAuthenticationProvider(http);
return http.build();
}
org.springframework.security.oauth2.server.authorization.config.annotation.web.configurers.OAuth2AuthorizationServerConfigurer#init(HttpSecurity httpSecurity):331
javarequestMatchers.add(new AntPathRequestMatcher(jwkSetEndpointUri, HttpMethod.GET.name()));
this.endpointsMatcher = new OrRequestMatcher(requestMatchers);
本文作者:xiech
本文链接:
版权声明:本博客所有文章除特别声明外,均采用 BY-NC-SA 许可协议。转载请注明出处!