✨ (security) AuthenticationEntryPoint 不再默认注册，交由业务方自己控制

link gh-318
ballcat-projects · Oct 1, 2024 · c9846ff · c9846ff
1 parent 60ceb39
commit c9846ff
Show file tree

Hide file tree

Showing 3 changed files with 19 additions and 29 deletions.
diff --git a/.../ballcat/springsecurity/oauth2/server/resource/OAuth2ResourceServerAutoConfiguration.java b/.../ballcat/springsecurity/oauth2/server/resource/OAuth2ResourceServerAutoConfiguration.java
@@ -24,7 +24,7 @@
 import org.ballcat.springsecurity.oauth2.server.resource.introspection.SpringAuthorizationServerSharedStoredOpaqueTokenIntrospector;
 import org.ballcat.springsecurity.oauth2.server.resource.properties.OAuth2ResourceServerProperties;
 import org.ballcat.springsecurity.properties.SpringSecurityProperties;
-import org.ballcat.springsecurity.web.CustomAuthenticationEntryPoint;
+import org.springframework.beans.factory.ObjectProvider;
 import org.springframework.boot.autoconfigure.AutoConfiguration;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
@@ -66,25 +66,17 @@ public BearerTokenResolver bearerTokenResolver() {
 			return defaultBearerTokenResolver;
 		}
 
-		/**
-		 * 自定义异常处理
-		 * @return AuthenticationEntryPoint
-		 */
-		@Bean
-		@ConditionalOnMissingBean
-		public AuthenticationEntryPoint authenticationEntryPoint() {
-			return new CustomAuthenticationEntryPoint();
-		}
-
 		/**
 		 * 资源服务器的定制器
 		 */
 		@Bean
 		@ConditionalOnMissingBean(
 				name = BasicOauth2ResourceServerConfigurerCustomizer.BASIC_OAUTH2_RESOURCE_SERVER_CONFIGURER_CUSTOMIZER_BEAN_NAME)
 		public BasicOauth2ResourceServerConfigurerCustomizer basicOauth2ResourceServerConfigurerCustomizer(
-				AuthenticationEntryPoint authenticationEntryPoint, BearerTokenResolver bearerTokenResolver) {
-			return new BasicOauth2ResourceServerConfigurerCustomizer(authenticationEntryPoint, bearerTokenResolver);
+				ObjectProvider<AuthenticationEntryPoint> authenticationEntryPointObjectProvider,
+				BearerTokenResolver bearerTokenResolver) {
+			return new BasicOauth2ResourceServerConfigurerCustomizer(authenticationEntryPointObjectProvider,
+					bearerTokenResolver);
 		}
 
 		/**

diff --git a/...rity/oauth2/server/resource/configurer/BasicOauth2ResourceServerConfigurerCustomizer.java b/...rity/oauth2/server/resource/configurer/BasicOauth2ResourceServerConfigurerCustomizer.java
@@ -17,7 +17,9 @@
 package org.ballcat.springsecurity.oauth2.server.resource.configurer;
 
 import org.ballcat.springsecurity.configuer.SpringSecurityConfigurerCustomizer;
+import org.springframework.beans.factory.ObjectProvider;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer;
 import org.springframework.security.oauth2.server.resource.web.BearerTokenResolver;
 import org.springframework.security.web.AuthenticationEntryPoint;
 
@@ -34,17 +36,25 @@ public class BasicOauth2ResourceServerConfigurerCustomizer implements SpringSecu
 
 	private final BearerTokenResolver bearerTokenResolver;
 
-	public BasicOauth2ResourceServerConfigurerCustomizer(AuthenticationEntryPoint authenticationEntryPoint,
+	public BasicOauth2ResourceServerConfigurerCustomizer(
+			ObjectProvider<AuthenticationEntryPoint> authenticationEntryPointObjectProvider,
 			BearerTokenResolver bearerTokenResolver) {
-		this.authenticationEntryPoint = authenticationEntryPoint;
+		this.authenticationEntryPoint = authenticationEntryPointObjectProvider.getIfAvailable();
 		this.bearerTokenResolver = bearerTokenResolver;
 	}
 
 	@Override
 	public void customize(HttpSecurity httpSecurity) throws Exception {
 		// 开启 OAuth2 资源服务
-		httpSecurity.oauth2ResourceServer()
-			.authenticationEntryPoint(this.authenticationEntryPoint)
+		OAuth2ResourceServerConfigurer<HttpSecurity> httpSecurityOAuth2ResourceServerConfigurer = httpSecurity
+			.oauth2ResourceServer();
+
+		// 认证错误处理
+		if (this.authenticationEntryPoint != null) {
+			httpSecurity.exceptionHandling().authenticationEntryPoint(this.authenticationEntryPoint);
+		}
+
+		httpSecurityOAuth2ResourceServerConfigurer
 			// bearToken 解析器
 			.bearerTokenResolver(this.bearerTokenResolver)
 			// 不透明令牌，

diff --git a/...n/java/org/ballcat/springsecurity/configuration/SpringSecurityComponentConfiguration.java b/...n/java/org/ballcat/springsecurity/configuration/SpringSecurityComponentConfiguration.java
@@ -20,15 +20,13 @@
 import org.ballcat.springsecurity.authorization.SpringSecurityChecker;
 import org.ballcat.springsecurity.component.CustomPermissionEvaluator;
 import org.ballcat.springsecurity.util.PasswordUtils;
-import org.ballcat.springsecurity.web.CustomAuthenticationEntryPoint;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnBean;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
 import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.crypto.password.PasswordEncoder;
-import org.springframework.security.web.AuthenticationEntryPoint;
 
 /**
  * @author Hccake
@@ -65,16 +63,6 @@ public DaoAuthenticationProvider daoAuthenticationProvider(UserDetailsService us
 		return daoAuthenticationProvider;
 	}
 
-	/**
-	 * 自定义异常处理
-	 * @return AuthenticationEntryPoint
-	 */
-	@Bean
-	@ConditionalOnMissingBean
-	public AuthenticationEntryPoint authenticationEntryPoint() {
-		return new CustomAuthenticationEntryPoint();
-	}
-
 	/**
 	 * 基于 spring security 的权限判断组件
 	 * @return SpringSecurityChecker