diff --git a/ballcat-common/ballcat-common-security/src/main/java/com/hccake/ballcat/common/security/oauth2/server/resource/RemoteOpaqueTokenIntrospector.java b/ballcat-common/ballcat-common-security/src/main/java/com/hccake/ballcat/common/security/oauth2/server/resource/RemoteOpaqueTokenIntrospector.java index 2f9a3480..efd60be3 100644 --- a/ballcat-common/ballcat-common-security/src/main/java/com/hccake/ballcat/common/security/oauth2/server/resource/RemoteOpaqueTokenIntrospector.java +++ b/ballcat-common/ballcat-common-security/src/main/java/com/hccake/ballcat/common/security/oauth2/server/resource/RemoteOpaqueTokenIntrospector.java @@ -159,7 +159,10 @@ public class RemoteOpaqueTokenIntrospector implements OpaqueTokenIntrospector { private HTTPResponse adaptToNimbusResponse(ResponseEntity responseEntity) { HTTPResponse response = new HTTPResponse(responseEntity.getStatusCodeValue()); - response.setHeader(HttpHeaders.CONTENT_TYPE, responseEntity.getHeaders().getContentType().toString()); + MediaType contentType = responseEntity.getHeaders().getContentType(); + if (contentType != null) { + response.setHeader(HttpHeaders.CONTENT_TYPE, contentType.toString()); + } response.setContent(responseEntity.getBody()); if (response.getStatusCode() != HTTPResponse.SC_OK) { throw new OAuth2IntrospectionException("Introspection endpoint responded with " + response.getStatusCode()); diff --git a/ballcat-common/ballcat-common-security/src/main/java/com/hccake/ballcat/common/security/oauth2/server/resource/ResourceServerWebSecurityConfigurerAdapter.java b/ballcat-common/ballcat-common-security/src/main/java/com/hccake/ballcat/common/security/oauth2/server/resource/ResourceServerWebSecurityConfigurerAdapter.java index 6d4d7b8e..16b2fa00 100644 --- a/ballcat-common/ballcat-common-security/src/main/java/com/hccake/ballcat/common/security/oauth2/server/resource/ResourceServerWebSecurityConfigurerAdapter.java +++ b/ballcat-common/ballcat-common-security/src/main/java/com/hccake/ballcat/common/security/oauth2/server/resource/ResourceServerWebSecurityConfigurerAdapter.java @@ -1,6 +1,7 @@ package com.hccake.ballcat.common.security.oauth2.server.resource; import cn.hutool.core.util.ArrayUtil; +import cn.hutool.core.util.StrUtil; import com.hccake.ballcat.common.security.properties.OAuth2ResourceServerProperties; import lombok.RequiredArgsConstructor; import org.springframework.beans.factory.annotation.Autowired; @@ -49,11 +50,21 @@ public class ResourceServerWebSecurityConfigurerAdapter extends WebSecurityConfi @Override protected void configure(HttpSecurity http) throws Exception { + // 表单登录 + if (oAuth2ResourceServerProperties.isEnableFormLogin()) { + String formLoginPage = oAuth2ResourceServerProperties.getFormLoginPage(); + if (StrUtil.isNotEmpty(formLoginPage)) { + http.formLogin().loginPage(formLoginPage); + } + else { + http.formLogin(); + } + } + // @formatter:off http - // 表单登录 - .formLogin() - .and().rememberMe() + // 记住我 + .rememberMe() // 拦截 url 配置 .and() diff --git a/ballcat-common/ballcat-common-security/src/main/java/com/hccake/ballcat/common/security/properties/OAuth2ResourceServerProperties.java b/ballcat-common/ballcat-common-security/src/main/java/com/hccake/ballcat/common/security/properties/OAuth2ResourceServerProperties.java index f29a3e37..38364e64 100644 --- a/ballcat-common/ballcat-common-security/src/main/java/com/hccake/ballcat/common/security/properties/OAuth2ResourceServerProperties.java +++ b/ballcat-common/ballcat-common-security/src/main/java/com/hccake/ballcat/common/security/properties/OAuth2ResourceServerProperties.java @@ -28,6 +28,16 @@ public class OAuth2ResourceServerProperties { */ private boolean iframeDeny = true; + /** + * 开启表单登录 + */ + private boolean enableFormLogin = false; + + /** + * 表单登录地址 + */ + private String formLoginPage = null; + /** * 共享存储的token,这种情况下,利用 tokenStore 可以直接获取 token 信息 */