authorization exception handler, logout
This commit is contained in:
liquidjoo
@@ -8,7 +8,6 @@ import org.springframework.security.oauth2.config.annotation.web.configuration.E
|
||||
import java.util.Date;
|
||||
|
||||
@SpringBootApplication
|
||||
@EnableResourceServer
|
||||
public class AuthorizationServerApplication {
|
||||
|
||||
public static void main(String[] args) {
|
||||
|
||||
@@ -1,27 +1,22 @@
|
||||
//package io.bluemoon.authorizationserver.config;
|
||||
//
|
||||
//
|
||||
//import org.springframework.context.annotation.Configuration;
|
||||
//import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
//import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
|
||||
//import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
|
||||
//import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;
|
||||
//
|
||||
//@Configuration
|
||||
//@EnableResourceServer
|
||||
//public class ResourceServerConfiguration extends ResourceServerConfigurerAdapter {
|
||||
//
|
||||
// @Override
|
||||
// public void configure(HttpSecurity http) throws Exception {
|
||||
//// super.configure(http);
|
||||
// http.headers().frameOptions().disable();
|
||||
// http.authorizeRequests()
|
||||
// .anyRequest().permitAll()
|
||||
// .antMatchers("/mk-auth/code").access("#oauth2.hasScode('read')");
|
||||
// }
|
||||
//
|
||||
// @Override
|
||||
// public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
|
||||
// resources.resourceId()
|
||||
// }
|
||||
//}
|
||||
package io.bluemoon.authorizationserver.config;
|
||||
|
||||
|
||||
import io.bluemoon.authorizationserver.config.handler.CustomAccessDeniedHandler;
|
||||
import io.bluemoon.authorizationserver.config.handler.CustomHttp403ForbiddenEntryPoint;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
|
||||
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
|
||||
import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;
|
||||
|
||||
@Configuration
|
||||
@EnableResourceServer
|
||||
public class ResourceServerConfiguration extends ResourceServerConfigurerAdapter {
|
||||
|
||||
@Override
|
||||
public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
|
||||
resources.authenticationEntryPoint(new CustomHttp403ForbiddenEntryPoint());
|
||||
resources.accessDeniedHandler(new CustomAccessDeniedHandler());
|
||||
resources.resourceId("resource-id");
|
||||
}
|
||||
}
|
||||
|
||||
@@ -4,6 +4,7 @@ import io.bluemoon.authorizationserver.domain.social.UserArgumentResolver;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.boot.web.servlet.FilterRegistrationBean;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.core.Ordered;
|
||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||
import org.springframework.web.filter.ForwardedHeaderFilter;
|
||||
@@ -13,7 +14,7 @@ import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
|
||||
|
||||
import java.util.List;
|
||||
|
||||
@EnableWebSecurity
|
||||
@Configuration
|
||||
public class WebMvcConfig implements WebMvcConfigurer {
|
||||
|
||||
@Autowired
|
||||
|
||||
@@ -13,17 +13,19 @@ import org.springframework.security.config.annotation.authentication.builders.Au
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
||||
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
|
||||
import org.springframework.security.crypto.password.NoOpPasswordEncoder;
|
||||
//import org.springframework.security.oauth2.config.annotation.web.configuration.EnableOAuth2Client;
|
||||
import org.springframework.security.crypto.password.PasswordEncoder;
|
||||
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
|
||||
import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint;
|
||||
import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
|
||||
import org.springframework.security.web.csrf.CsrfFilter;
|
||||
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
|
||||
import org.springframework.web.filter.CharacterEncodingFilter;
|
||||
|
||||
@Configuration
|
||||
//@EnableOAuth2Client
|
||||
//@Order(SecurityProperties.BASIC_AUTH_ORDER - 6)
|
||||
@EnableWebSecurity
|
||||
@Order(SecurityProperties.DEFAULT_FILTER_ORDER)
|
||||
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
|
||||
|
||||
@@ -57,12 +59,14 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
|
||||
// --------------------------------- sso test
|
||||
http.formLogin().loginPage("/login").permitAll().failureHandler(customAuthFailureHandler)
|
||||
.and()
|
||||
.requestMatchers().antMatchers("/login/**", "/logout", "/oauth/authorize", "/oauth/confirm_access", "/oauth2/**")
|
||||
.requestMatchers().antMatchers("/login/**","/oauth/authorize")
|
||||
.and()
|
||||
.authorizeRequests().anyRequest().authenticated()
|
||||
.and()
|
||||
.headers().frameOptions().disable()
|
||||
.and()
|
||||
.logout().logoutSuccessUrl("/logout").logoutRequestMatcher(new AntPathRequestMatcher("/logout")).invalidateHttpSession(true).deleteCookies("JSESSIONID")
|
||||
.and()
|
||||
.oauth2Login()
|
||||
.loginPage("/login").permitAll().defaultSuccessUrl("/login/success", true).failureHandler(customAuthFailureHandler);
|
||||
|
||||
@@ -93,10 +97,15 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
|
||||
return daoAuthenticationProvider;
|
||||
}
|
||||
|
||||
// @Bean
|
||||
// @SuppressWarnings("deprecation")
|
||||
// public static NoOpPasswordEncoder passwordEncoder() {
|
||||
// return (NoOpPasswordEncoder) NoOpPasswordEncoder.getInstance();
|
||||
// }
|
||||
|
||||
@Bean
|
||||
@SuppressWarnings("deprecation")
|
||||
public static NoOpPasswordEncoder passwordEncoder() {
|
||||
return (NoOpPasswordEncoder) NoOpPasswordEncoder.getInstance();
|
||||
public static PasswordEncoder passwordEncoder() {
|
||||
return new BCryptPasswordEncoder();
|
||||
}
|
||||
|
||||
|
||||
|
||||
@@ -0,0 +1,37 @@
|
||||
package io.bluemoon.authorizationserver.config.handler;
|
||||
|
||||
import com.fasterxml.jackson.databind.ObjectMapper;
|
||||
import org.springframework.security.access.AccessDeniedException;
|
||||
import org.springframework.security.web.access.AccessDeniedHandler;
|
||||
|
||||
import javax.servlet.ServletException;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
import java.io.IOException;
|
||||
import java.time.LocalDateTime;
|
||||
import java.util.HashMap;
|
||||
import java.util.Map;
|
||||
|
||||
public class CustomAccessDeniedHandler implements AccessDeniedHandler {
|
||||
@Override
|
||||
public void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException accessDeniedException) throws IOException, ServletException {
|
||||
System.out.println("---------custom access denied handler");
|
||||
System.out.println(request.getRequestURI());
|
||||
System.out.println(accessDeniedException.getMessage());
|
||||
|
||||
response.setContentType("application/json;charset=UTF-8");
|
||||
Map map = new HashMap();
|
||||
map.put("errorauth", "400");
|
||||
map.put("message", accessDeniedException.getMessage());
|
||||
map.put("path", request.getServletPath());
|
||||
map.put("timestamp", LocalDateTime.now().toString());
|
||||
response.setContentType("application/json");
|
||||
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
|
||||
try {
|
||||
ObjectMapper mapper = new ObjectMapper();
|
||||
mapper.writeValue(response.getOutputStream(), map);
|
||||
} catch (Exception e) {
|
||||
throw new ServletException();
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,36 @@
|
||||
package io.bluemoon.authorizationserver.config.handler;
|
||||
|
||||
import com.fasterxml.jackson.databind.ObjectMapper;
|
||||
import org.springframework.security.core.AuthenticationException;
|
||||
import org.springframework.security.web.AuthenticationEntryPoint;
|
||||
|
||||
import javax.servlet.ServletException;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
import java.io.IOException;
|
||||
import java.time.LocalDateTime;
|
||||
import java.util.HashMap;
|
||||
import java.util.Map;
|
||||
|
||||
public class CustomHttp403ForbiddenEntryPoint implements AuthenticationEntryPoint {
|
||||
@Override
|
||||
public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authException) throws IOException, ServletException {
|
||||
System.out.println("-------------------");
|
||||
System.out.println(request.getRequestURI());
|
||||
System.out.println("-------------------");
|
||||
Map map = new HashMap();
|
||||
map.put("errorentry", "401");
|
||||
map.put("message", authException.getMessage());
|
||||
map.put("path", request.getServletPath());
|
||||
map.put("timestamp", LocalDateTime.now().toString());
|
||||
response.setContentType("application/json");
|
||||
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
|
||||
|
||||
try {
|
||||
ObjectMapper mapper = new ObjectMapper();
|
||||
mapper.writeValue(response.getOutputStream(), map);
|
||||
} catch (Exception e) {
|
||||
throw new ServletException();
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,11 @@
|
||||
package io.bluemoon.authorizationserver.config.handler;
|
||||
|
||||
import com.fasterxml.jackson.databind.annotation.JsonSerialize;
|
||||
import org.springframework.security.oauth2.common.exceptions.OAuth2Exception;
|
||||
|
||||
@JsonSerialize(using = CustomOAuthExceptionSerializer.class)
|
||||
public class CustomOAuthException extends OAuth2Exception {
|
||||
public CustomOAuthException(String msg) {
|
||||
super(msg);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,34 @@
|
||||
package io.bluemoon.authorizationserver.config.handler;
|
||||
|
||||
import com.fasterxml.jackson.core.JsonGenerator;
|
||||
import com.fasterxml.jackson.databind.SerializerProvider;
|
||||
import com.fasterxml.jackson.databind.ser.std.StdSerializer;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.util.Arrays;
|
||||
import java.util.Map;
|
||||
|
||||
public class CustomOAuthExceptionSerializer extends StdSerializer<CustomOAuthException> {
|
||||
|
||||
public CustomOAuthExceptionSerializer() {
|
||||
super(CustomOAuthException.class);
|
||||
}
|
||||
|
||||
@Override
|
||||
public void serialize(CustomOAuthException value, JsonGenerator gen, SerializerProvider provider) throws IOException {
|
||||
gen.writeStartObject();
|
||||
gen.writeNumberField("code4444", value.getHttpErrorCode());
|
||||
gen.writeBooleanField("status", false);
|
||||
gen.writeObjectField("data", null);
|
||||
gen.writeObjectField("errors", Arrays.asList(value.getOAuth2ErrorCode(), value.getMessage()));
|
||||
|
||||
if (value.getAdditionalInformation() != null) {
|
||||
for (Map.Entry<String, String> entry : value.getAdditionalInformation().entrySet()) {
|
||||
String key = entry.getKey();
|
||||
String add = entry.getValue();
|
||||
gen.writeStringField(key, add);
|
||||
}
|
||||
}
|
||||
gen.writeEndObject();;
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,27 @@
|
||||
package io.bluemoon.authorizationserver.config.handler;
|
||||
|
||||
import org.springframework.http.HttpStatus;
|
||||
import org.springframework.http.ResponseEntity;
|
||||
import org.springframework.security.core.AuthenticationException;
|
||||
import org.springframework.security.oauth2.common.exceptions.OAuth2Exception;
|
||||
import org.springframework.security.oauth2.provider.error.WebResponseExceptionTranslator;
|
||||
|
||||
public class CustomResponseExceptionTranslator implements WebResponseExceptionTranslator {
|
||||
@Override
|
||||
public ResponseEntity translate(Exception e) throws Exception {
|
||||
if (e instanceof OAuth2Exception) {
|
||||
OAuth2Exception oAuth2Exception = (OAuth2Exception) e;
|
||||
return ResponseEntity
|
||||
.status(oAuth2Exception.getHttpErrorCode())
|
||||
.body(new CustomOAuthException(oAuth2Exception.getMessage()));
|
||||
} else if (e instanceof AuthenticationException) {
|
||||
AuthenticationException authenticationException = (AuthenticationException) e;
|
||||
return ResponseEntity
|
||||
.status(HttpStatus.UNAUTHORIZED)
|
||||
.body(new CustomOAuthException(authenticationException.getMessage()));
|
||||
}
|
||||
return ResponseEntity
|
||||
.status(HttpStatus.OK)
|
||||
.body(new CustomOAuthException(e.getMessage()));
|
||||
}
|
||||
}
|
||||
@@ -2,7 +2,7 @@ server.port=8082
|
||||
server.servlet.context-path=/test
|
||||
|
||||
#security.oauth2.resource.user-info-uri=http://oauth.keepgrow.world/uaa/user
|
||||
security.oauth2.resource.user-info-uri=http://localhost:8081/uaa/user
|
||||
security.oauth2.resource.user-info-uri=http://localhost:8765/uaa/user
|
||||
security.oauth2.resource.token-info-uri=http://localhost:8081/uaa/oauth/check_token
|
||||
security.oauth2.resource.prefer-token-info=false
|
||||
|
||||
|
||||
Reference in New Issue
Block a user