b2baccline/ballcat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

🐛 fix websocket 连接无法解析 token 的问题

Browse Source
This commit is contained in:
b2baccline
2021-07-19 21:06:08 +08:00
parent ff3ea462d2
commit 1567ae45e1
2 changed files with 19 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
ballcat-common/ballcat-common-security/src/main/java/com/hccake/ballcat/common/security/oauth2/server/resource/ResourceServerAutoConfiguration.java
View File

@@ -14,6 +14,8 @@ import org.springframework.security.config.annotation.method.configuration.Enabl
import org.springframework.security.oauth2.provider.token.TokenStore;
import org.springframework.security.oauth2.server.resource.authentication.OpaqueTokenAuthenticationProvider;
import org.springframework.security.oauth2.server.resource.introspection.OpaqueTokenIntrospector;
import org.springframework.security.oauth2.server.resource.web.BearerTokenResolver;
import org.springframework.security.oauth2.server.resource.web.DefaultBearerTokenResolver;
import org.springframework.security.web.AuthenticationEntryPoint;
/**
@@ -87,4 +89,16 @@ public class ResourceServerAutoConfiguration {
return new CustomAuthenticationEntryPoint();
}
/**
* BearTokenResolve 允许使用 url 传参,方便 ws 连接 ps: 使用 url 传参不安全,待改进
* @return DefaultBearerTokenResolver
*/
@Bean
@ConditionalOnMissingBean
public BearerTokenResolver bearerTokenResolver() {
DefaultBearerTokenResolver defaultBearerTokenResolver = new DefaultBearerTokenResolver();
defaultBearerTokenResolver.setAllowUriQueryParameter(true);
return defaultBearerTokenResolver;
}
}

5
ballcat-common/ballcat-common-security/src/main/java/com/hccake/ballcat/common/security/oauth2/server/resource/ResourceServerWebSecurityConfigurerAdapter.java
View File

@@ -15,6 +15,7 @@ import org.springframework.security.config.annotation.web.configuration.WebSecur
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.oauth2.server.resource.authentication.OpaqueTokenAuthenticationProvider;
import org.springframework.security.oauth2.server.resource.web.BearerTokenResolver;
import org.springframework.security.web.AuthenticationEntryPoint;
/**
@@ -32,6 +33,8 @@ public class ResourceServerWebSecurityConfigurerAdapter extends WebSecurityConfi
private final AuthenticationEntryPoint authenticationEntryPoint;
private final BearerTokenResolver bearerTokenResolver;
@Autowired(required = false)
private UserDetailsService userDetailsService;
@@ -67,6 +70,8 @@ public class ResourceServerWebSecurityConfigurerAdapter extends WebSecurityConfi
// 开启 OAuth2 资源服务
.oauth2ResourceServer().authenticationEntryPoint(authenticationEntryPoint)
// bearToken 解析器
.bearerTokenResolver(bearerTokenResolver)
// 不透明令牌,
.opaqueToken()
// 鉴权管理器