fix(crust): Fix the problem that the request failed after login.

yizzuide · Jul 7, 2020 · 340a30e · 340a30e
1 parent 42cca02
commit 340a30e
Show file tree

Hide file tree

Showing 4 changed files with 29 additions and 23 deletions.
diff --git a/Milkomeda/pom.xml b/Milkomeda/pom.xml
@@ -11,7 +11,7 @@
 
     <properties>
         <java.version>1.8</java.version>
-        <project.release.version>3.10.0-SNAPSHOT</project.release.version>
+        <project.release.version>3.10.1-SNAPSHOT</project.release.version>
         <spring-boot.version>2.2.4</spring-boot.version>
         <spring-cloud.version>Hoxton.RELEASE</spring-cloud.version>
         <mybatis.starter.version>2.1.1</mybatis.starter.version>
@@ -67,7 +67,7 @@
         <profile>
             <id>sonatype-oss-release</id>
             <properties>
-                <project.release.version>3.10.0</project.release.version>
+                <project.release.version>3.10.1</project.release.version>
             </properties>
             <build>
                 <plugins>

diff --git a/Milkomeda/src/main/java/com/github/yizzuide/milkomeda/crust/CrustConfigurerAdapter.java b/Milkomeda/src/main/java/com/github/yizzuide/milkomeda/crust/CrustConfigurerAdapter.java
@@ -2,7 +2,6 @@
 
 import com.github.yizzuide.milkomeda.universe.context.ApplicationContextHolder;
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.context.ApplicationContext;
 import org.springframework.context.annotation.Bean;
 import org.springframework.http.HttpMethod;
 import org.springframework.http.HttpStatus;
@@ -14,12 +13,12 @@
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.builders.WebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
 import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.security.web.authentication.AuthenticationFailureHandler;
 import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint;
 import org.springframework.security.web.authentication.logout.HttpStatusReturningLogoutSuccessHandler;
-import org.springframework.security.web.csrf.CookieCsrfTokenRepository;
 import org.springframework.util.CollectionUtils;
 import org.springframework.web.cors.CorsConfiguration;
 import org.springframework.web.cors.CorsConfigurationSource;
@@ -37,7 +36,7 @@
  *
  * @author yizzuide
  * @since 1.14.0
- * @version 3.10.0
+ * @version 3.10.1
  * @see org.springframework.security.web.session.SessionManagementFilter
  * @see org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer
  * Create at 2019/11/11 18:25
@@ -51,7 +50,7 @@ public class CrustConfigurerAdapter extends WebSecurityConfigurerAdapter {
     private BCryptPasswordEncoder passwordEncoder;
 
     @Autowired
-    private ApplicationContext applicationContext;
+    private ApplicationContextHolder applicationContextHolder;
 
     @Override
     public void configure(AuthenticationManagerBuilder auth) {
@@ -64,15 +63,14 @@ public void configure(AuthenticationManagerBuilder auth) {
     @Override
     protected void configure(HttpSecurity http) throws Exception {
         List<String> allowURLs = new ArrayList<>(props.getPermitURLs());
-        // 登录、登出
+        // 登录
         allowURLs.add(props.getLoginUrl());
-        allowURLs.add(props.getLogoutUrl());
         // 额外添加的排除项
         if (!CollectionUtils.isEmpty(props.getAdditionPermitUrls())) {
             allowURLs.addAll(props.getAdditionPermitUrls());
         }
         // 标记匿名访问
-        Map<RequestMappingInfo, HandlerMethod> handlerMethodMap = applicationContext.getBean(RequestMappingHandlerMapping.class).getHandlerMethods();
+        Map<RequestMappingInfo, HandlerMethod> handlerMethodMap = applicationContextHolder.getApplicationContext().getBean(RequestMappingHandlerMapping.class).getHandlerMethods();
         Set<String> anonUrls = new HashSet<>();
         for (Map.Entry<RequestMappingInfo, HandlerMethod> infoEntry : handlerMethodMap.entrySet()) {
             HandlerMethod handlerMethod = infoEntry.getValue();
@@ -85,10 +83,8 @@ protected void configure(HttpSecurity http) throws Exception {
             allowURLs.addAll(anonUrls);
         }
         String[] permitAllMapping = allowURLs.toArray(new String[0]);
-        String httpOnly = ApplicationContextHolder.getEnvironment().get("server.servlet.session.cookie.http-only");
         http.csrf()
-                .ignoringAntMatchers(permitAllMapping)
-                .csrfTokenRepository(Boolean.parseBoolean(httpOnly) ? new CookieCsrfTokenRepository() : CookieCsrfTokenRepository.withHttpOnlyFalse()).and()
+                .disable()
             .sessionManagement().sessionCreationPolicy(props.isStateless() ?
                 SessionCreationPolicy.STATELESS : SessionCreationPolicy.IF_REQUIRED).and()
             .formLogin().disable()
@@ -108,8 +104,8 @@ protected void configure(HttpSecurity http) throws Exception {
                 // 其他所有请求需要身份认证
                 .anyRequest().authenticated();
 
-        // 配置预设置
-        presetConfigure(http);
+        // 添加自定义匿名路径
+        additionalConfigure(http.authorizeRequests(), http);
 
         // 如果是无状态方式
         if (props.isStateless()) {
@@ -156,6 +152,15 @@ public void configure(WebSecurity web) {
         }
     }
 
+    /**
+     * 自定义添加允许匿名访问的路径
+     *
+     * @param urlRegistry URL配置对象
+     * @param http        HttpSecurity
+     * @throws Exception 配置异常
+     */
+    protected void additionalConfigure(ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry urlRegistry, HttpSecurity http) throws Exception { }
+
     /**
      * 自定义配置数据源提供及<code>PasswordEncoder</code>
      * @param provider  DaoAuthenticationProvider
@@ -172,14 +177,6 @@ protected Supplier<AuthenticationFailureHandler> authFailureHandler() {
         return () -> (request, response, exception) -> response.setStatus(HttpStatus.UNAUTHORIZED.value());
     }
 
-    /**
-     * 预设置添加允许访问路径
-     *
-     * @param http HttpSecurity
-     * @throws Exception 配置异常
-     */
-    protected void presetConfigure(HttpSecurity http) throws Exception { }
-
     @Bean(name = BeanIds.AUTHENTICATION_MANAGER)
     @Override
     public AuthenticationManager authenticationManager() throws Exception {

diff --git a/MilkomedaDemo/pom.xml b/MilkomedaDemo/pom.xml
@@ -20,7 +20,7 @@
         <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
         <java.version>1.8</java.version>
         <spring-cloud.version>Hoxton.RELEASE</spring-cloud.version>
-        <milkomeda.version>3.10.0-SNAPSHOT</milkomeda.version>
+        <milkomeda.version>3.10.1-SNAPSHOT</milkomeda.version>
         <mybatis.starter>2.1.1</mybatis.starter>
         <redission.version>3.12.5</redission.version>
         <zookeeper.version>3.4.14</zookeeper.version>

diff --git a/...emo/src/main/java/com/github/yizzuide/milkomeda/demo/crust/controller/CaseController.java b/...emo/src/main/java/com/github/yizzuide/milkomeda/demo/crust/controller/CaseController.java
@@ -6,6 +6,7 @@
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
 
@@ -38,4 +39,12 @@ public Map<String, Object> info() {
         log.info("比较两个对象：{}", userInfo == userInfo2);
         return data;
     }
+
+    @GetMapping("find/{id}")
+    public Map<String, Object> find(@PathVariable("id") Long id) {
+        Map<String, Object> data = new HashMap<>();
+        data.put("id", id);
+        data.put("name", "case-01");
+        return data;
+    }
 }