增加三方登陆的 redirect uri

This commit is contained in:
YunaiV
2021-10-02 00:06:54 +08:00
parent 23888c5a49
commit a56b4a7c9c
22 changed files with 258 additions and 840 deletions

View File

@ -24,9 +24,6 @@ import org.springframework.security.web.access.AccessDeniedHandler;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;
import top.dcenter.ums.security.core.oauth.config.Auth2AutoConfigurer;
import top.dcenter.ums.security.core.oauth.properties.Auth2Properties;
import top.dcenter.ums.security.core.oauth.properties.OneClickLoginProperties;
import javax.annotation.Resource;
@ -80,15 +77,6 @@ public class YudaoWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdap
@Resource
private Customizer<ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry> authorizeRequestsCustomizer;
@Autowired
private Auth2AutoConfigurer auth2AutoConfigurer;
@Autowired
private Auth2Properties auth2Properties;
@Autowired
private OneClickLoginProperties oneClickLoginProperties;
@Autowired
private AbstractSignUpUrlAuthenticationSuccessHandler authenticationSuccessHandler;
/**
* 由于 Spring Security 创建 AuthenticationManager 对象时,没声明 @Bean 注解,导致无法被注入
* 通过覆写父类的该方法,添加 @Bean 注解,解决该问题
@ -129,9 +117,6 @@ public class YudaoWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdap
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
httpSecurity
// ========= start: 使用 justAuth-spring-security-starter 必须步骤 =========
// 添加 Auth2AutoConfigurer 使 OAuth2(justAuth) login 生效.
.apply(this.auth2AutoConfigurer).and()
// 开启跨域
.cors().and()
// CSRF 禁用,因为不使用 Session
@ -174,19 +159,6 @@ public class YudaoWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdap
// 添加 JWT Filter
httpSecurity.addFilterBefore(authenticationTokenFilter, UsernamePasswordAuthenticationFilter.class);
// // 放行第三方登录入口地址与第三方登录回调地址
// // @formatter:off
// httpSecurity.authorizeRequests()
// .antMatchers(HttpMethod.GET,
// auth2Properties.getRedirectUrlPrefix() + "/*",
// auth2Properties.getAuthLoginUrlPrefix() + "/*")
// .permitAll();
// httpSecurity.authorizeRequests()
// .antMatchers(HttpMethod.POST,
// oneClickLoginProperties.getLoginProcessingUrl())
// .permitAll();
// // @formatter:on
// // ========= end: 使用 justAuth-spring-security-starter 必须步骤 =========
}
private String api(String url) {

View File

@ -1,66 +0,0 @@
package cn.iocoder.yudao.framework.security.core;
import com.alibaba.fastjson.JSONObject;
import lombok.AllArgsConstructor;
import lombok.Data;
import me.zhyd.oauth.enums.AuthUserGender;
import me.zhyd.oauth.model.AuthToken;
/**
* @author weir
*/
@Data
public class Auth2LoginUser extends LoginUser {
/**
* 是否为临时注册的临时用户
*/
private boolean isTempUser;
/**
* 用户第三方系统的唯一id。在调用方集成该组件时可以用uuid + source唯一确定一个用户
*/
private String thirdPartyUserId;
/**
* 用户昵称
*/
private String nickname;
/**
* 用户头像
*/
private String avatar;
/**
* 用户网址
*/
private String blog;
/**
* 所在公司
*/
private String company;
/**
* 位置
*/
private String location;
/**
* 用户邮箱
*/
private String email;
/**
* 用户备注(各平台中的用户个人介绍)
*/
private String remark;
/**
* 性别
*/
private AuthUserGender gender;
/**
* 用户来源
*/
private String source;
/**
* 用户授权的token信息
*/
private AuthToken token;
/**
* 第三方平台返回的原始用户信息
*/
private JSONObject rawUserInfo;
}

View File

@ -22,24 +22,16 @@
*/
package cn.iocoder.yudao.framework.security.core.handler;
import cn.iocoder.yudao.framework.security.core.LoginUser;
import org.springframework.http.HttpStatus;
import org.springframework.security.core.Authentication;
import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
import org.springframework.security.web.savedrequest.HttpSessionRequestCache;
import org.springframework.security.web.savedrequest.RequestCache;
import org.springframework.security.web.savedrequest.SavedRequest;
import top.dcenter.ums.security.core.oauth.userdetails.TemporaryUser;
import top.dcenter.ums.security.core.vo.ResponseResult;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import static org.springframework.util.StringUtils.hasText;
import static top.dcenter.ums.security.core.oauth.util.MvcUtil.*;
/**
* @author weir
*/