✨ Spring Security Oauth2

Author: twelvet-s

twelvet-auth/pom.xml

@@ -51,12 +51,6 @@
             <artifactId>twelvet-framework-security</artifactId>
         </dependency>
 
-        <!--OAuth2 Client-->
-        <dependency>
-            <groupId>org.springframework.security</groupId>
-            <artifactId>spring-security-oauth2-client</artifactId>
-        </dependency>
-
         <!--OAuth2-->
         <dependency>
             <groupId>org.springframework.boot</groupId>
@@ -99,6 +93,12 @@
             <artifactId>mica-xss</artifactId>
         </dependency>
 
+        <!--OAuth2第三方接入-->
+        <dependency>
+            <groupId>me.zhyd.oauth</groupId>
+            <artifactId>JustAuth</artifactId>
+        </dependency>
+
     </dependencies>
 
     <build>

twelvet-auth/src/main/java/com/twelvet/auth/config/CustomOAuth2UserService.java

@@ -1,55 +1,58 @@
-package com.twelvet.auth.config;
-
-import com.twelvet.framework.utils.TUtils;
-import org.springframework.security.oauth2.client.userinfo.DefaultOAuth2UserService;
-import org.springframework.security.oauth2.client.userinfo.OAuth2UserRequest;
-import org.springframework.security.oauth2.client.userinfo.OAuth2UserService;
-import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
-import org.springframework.security.oauth2.core.user.OAuth2User;
-import org.springframework.util.Assert;
-
-import java.util.Collections;
-import java.util.Map;
-import java.util.Objects;
-
+/*
+ * package com.twelvet.auth.config;
+ *
+ * import com.twelvet.framework.utils.TUtils; import
+ * org.springframework.security.oauth2.client.userinfo.DefaultOAuth2UserService; import
+ * org.springframework.security.oauth2.client.userinfo.OAuth2UserRequest; import
+ * org.springframework.security.oauth2.client.userinfo.OAuth2UserService; import
+ * org.springframework.security.oauth2.core.OAuth2AuthenticationException; import
+ * org.springframework.security.oauth2.core.user.OAuth2User; import
+ * org.springframework.util.Assert;
+ *
+ * import java.util.Collections; import java.util.Map; import java.util.Objects;
+ *
+ */
 /**
  * @author twelvet
  * @WebSite twelvet.cn
  * @Description: 自定义获取第三方code换信息
- */
-public class CustomOAuth2UserService<R extends OAuth2UserRequest, U extends OAuth2User>
-		implements OAuth2UserService<R, U> {
-
-	/**
-	 * 默认的获取方式，适配大部分第三方
+ *//*
+	 *
+	 * public class CustomOAuth2UserService<R extends OAuth2UserRequest, U extends
+	 * OAuth2User> implements OAuth2UserService<R, U> {
+	 *
 	 */
-	private final OAuth2UserService<OAuth2UserRequest, OAuth2User> defaultOAuth2UserService = new DefaultOAuth2UserService();
-
-	/**
-	 * 自定义换取方式
+/**
+ * 默认的获取方式，适配大部分第三方
+ *//*
+	 *
+	 * private final OAuth2UserService<OAuth2UserRequest, OAuth2User>
+	 * defaultOAuth2UserService = new DefaultOAuth2UserService();
+	 *
+	 */
+/**
+ * 自定义换取方式
+ *//*
+	 *
+	 * private final Map<String, OAuth2UserService<R, U>> userServiceMap;
+	 *
+	 * public CustomOAuth2UserService(Map<String, OAuth2UserService<R, U>> userServiceMap)
+	 * { this.userServiceMap = Collections.unmodifiableMap(userServiceMap); }
+	 *
+	 * @SuppressWarnings("unchecked")
+	 *
+	 * @Override public U loadUser(R userRequest) throws OAuth2AuthenticationException {
+	 * Assert.notNull(userRequest, "userRequest cannot be null");
+	 *
+	 * // 第三方ID(可以通过此ID获取自定义授权方式) String registrationId =
+	 * userRequest.getClientRegistration().getRegistrationId();
+	 *
+	 * OAuth2UserService<R, U> oAuth2UserService = userServiceMap.get(registrationId);
+	 *
+	 * if (Objects.isNull(oAuth2UserService)) { // 采用默认换取方式 oAuth2UserService =
+	 * (OAuth2UserService<R, U>) defaultOAuth2UserService; }
+	 *
+	 * return oAuth2UserService.loadUser(userRequest); }
+	 *
+	 * }
 	 */
-	private final Map<String, OAuth2UserService<R, U>> userServiceMap;
-
-	public CustomOAuth2UserService(Map<String, OAuth2UserService<R, U>> userServiceMap) {
-		this.userServiceMap = Collections.unmodifiableMap(userServiceMap);
-	}
-
-	@SuppressWarnings("unchecked")
-	@Override
-	public U loadUser(R userRequest) throws OAuth2AuthenticationException {
-		Assert.notNull(userRequest, "userRequest cannot be null");
-
-		// 第三方ID(可以通过此ID获取自定义授权方式)
-		String registrationId = userRequest.getClientRegistration().getRegistrationId();
-
-		OAuth2UserService<R, U> oAuth2UserService = userServiceMap.get(registrationId);
-
-		if (Objects.isNull(oAuth2UserService)) {
-			// 采用默认换取方式
-			oAuth2UserService = (OAuth2UserService<R, U>) defaultOAuth2UserService;
-		}
-
-		return oAuth2UserService.loadUser(userRequest);
-	}
-
-}

twelvet-auth/src/main/java/com/twelvet/auth/endpoint/TWTTokenEndpoint.java twelvet-auth/src/main/java/com/twelvet/auth/controller/TWTTokenEndpoint.java

@@ -1,4 +1,4 @@
-package com.twelvet.auth.endpoint;
+package com.twelvet.auth.controller;
 
 import cn.hutool.core.util.StrUtil;
 import com.twelvet.api.system.domain.SysClientDetails;
@@ -24,8 +24,6 @@
 import org.springframework.security.authentication.event.LogoutSuccessEvent;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.context.SecurityContextHolder;
-import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
-import org.springframework.security.oauth2.client.registration.InMemoryClientRegistrationRepository;
 import org.springframework.security.oauth2.core.OAuth2AccessToken;
 import org.springframework.security.oauth2.core.OAuth2Error;
 import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse;
@@ -63,9 +61,6 @@ public class TWTTokenEndpoint {
 	@Autowired
 	private OAuth2AuthorizationService authorizationService;
 
-	@Autowired
-	private ClientRegistrationRepository clientRegistrationRepository;
-
 	@Autowired
 	private RemoteOauth2ClientDetailsService remoteOauth2ClientDetailsService;
 
@@ -86,9 +81,12 @@ public class TWTTokenEndpoint {
 	public ModelAndView require(ModelAndView modelAndView, @RequestParam(required = false) String error) {
 		modelAndView.setViewName("/login");
 		List<String> registrationIdList = new ArrayList<>();
-		((InMemoryClientRegistrationRepository) clientRegistrationRepository).forEach(item -> {
-			registrationIdList.add(item.getRegistrationId());
-		});
+		// 获取有多少第三方登录配置
+		/*
+		 * ((InMemoryClientRegistrationRepository)
+		 * clientRegistrationRepository).forEach(item -> {
+		 * registrationIdList.add(item.getRegistrationId()); });
+		 */
 		modelAndView.addObject("registrationIdList", registrationIdList);
 		modelAndView.addObject("error", error);
 		return modelAndView;

twelvet-auth/src/main/java/com/twelvet/auth/endpoint/IndexController.java

@@ -1,17 +1,9 @@
 package com.twelvet.auth.support.core;
 
-import com.twelvet.auth.config.CustomOAuth2UserService;
 import com.twelvet.auth.support.handler.FormAuthenticationFailureHandler;
 import com.twelvet.auth.support.handler.SsoLogoutSuccessHandler;
-import org.springframework.security.config.Customizer;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
-import org.springframework.security.oauth2.client.userinfo.OAuth2UserRequest;
-import org.springframework.security.oauth2.client.userinfo.OAuth2UserService;
-import org.springframework.security.oauth2.core.user.OAuth2User;
-
-import java.util.HashMap;
-import java.util.Map;
 
 /**
  * @author twelvet
@@ -36,19 +28,20 @@ public void init(HttpSecurity http) throws Exception {
 		}).csrf(AbstractHttpConfigurer::disable);
 
 		// 开启第三方登录（GitHub）注意顺序，否则则会强制执行第三方登录优先
-		Map<String, OAuth2UserService<OAuth2UserRequest, OAuth2User>> userServiceMap = new HashMap<>();
-		http.oauth2Login(httpSecurityOAuth2LoginConfigurer -> httpSecurityOAuth2LoginConfigurer
-			// .successHandler(new TWTAuthenticationSuccessEventHandler())
-			.userInfoEndpoint(userInfo -> userInfo
-				// 自定义授权，默认支持大部分OAuth2流程
-				.userService(new CustomOAuth2UserService<>(userServiceMap)))
-			// 需要提供能够呈现自定义登录页面的@Controller。@RequestMapping("/login/oauth2")
-			// .loginPage("/login/oauth2")
-			.authorizationEndpoint(authorization -> authorization
-				// 默认发起请求地址：/oauth2/authorization/*
-				.baseUri("/oauth2/authorization"))
-			// 默认重定向：/login/oauth2/code/*
-			.redirectionEndpoint(redirection -> redirection.baseUri("/login/oauth2/code/*")));
+		/*
+		 * Map<String, OAuth2UserService<OAuth2UserRequest, OAuth2User>> userServiceMap =
+		 * new HashMap<>(); http.oauth2Login(httpSecurityOAuth2LoginConfigurer ->
+		 * httpSecurityOAuth2LoginConfigurer // .successHandler(new
+		 * TWTAuthenticationSuccessEventHandler()) .userInfoEndpoint(userInfo -> userInfo
+		 * // 自定义授权，默认支持大部分OAuth2流程 .userService(new
+		 * CustomOAuth2UserService<>(userServiceMap))) //
+		 * 需要提供能够呈现自定义登录页面的@Controller。@RequestMapping("/login/oauth2") //
+		 * .loginPage("/login/oauth2") .authorizationEndpoint(authorization ->
+		 * authorization // 默认发起请求地址：/oauth2/authorization/*
+		 * .baseUri("/oauth2/authorization")) // 默认重定向：/login/oauth2/code/*
+		 * .redirectionEndpoint(redirection ->
+		 * redirection.baseUri("/login/oauth2/code/*")));
+		 */
 		// Accept access tokens for User Info and/or Client Registration
 		// .oauth2ResourceServer((oauth2) -> oauth2.jwt(Customizer.withDefaults()));
 	}

twelvet-auth/src/main/java/com/twelvet/auth/support/core/FormIdentityLoginConfigurer.java

@@ -41,43 +41,43 @@ spring:
 
 
   # 接入第三方OAuth2登录（开发功能-dev）
-  security:
-    oauth2:
-      client:
-        # 注册第三方客户端
-        registration:
-          gitee:
-            # 关联OAuth2 Server
-            provider: gitee
-            client-id: 3050796d8930eec5b
-            client-secret: 77ca2fee35950
-            # 授权类型
-            authorization-grant-type: authorization_code
-            # 授权范围
-            scope: user_info
-            # 回调地址
-            redirect-uri: '{baseUrl}/{action}/oauth2/code/{registrationId}'
-            client-name: gitee
-          github:
-            # 关联OAuth2 Server
-            provider: github
-            client-id: ffc6b9
-            client-secret: 7d00bc26
-            # 授权类型
-            authorization-grant-type: authorization_code
-            # 授权范围
-            scope: user_info
-            # 回调地址
-            redirect-uri: '{baseUrl}/{action}/oauth2/code/{registrationId}'
-            client-name: github
-        # 第三方信息换取配置(默认Google、GitHub、Facebook 和 Okta内置)
-        provider:
-          gitee:
-            # 登录地址
-            authorization-uri: https://gitee.com/oauth/authorize
-            # 换取token
-            token-uri: https://gitee.com/oauth/token
-            # 取得的user详情中的属性id的值作为Client的已认证的用户的用户名
-            user-name-attribute: id
-            # 获取用户信息
-            user-info-uri: https://gitee.com/api/v5/user
+#  security:
+#    oauth2:
+#      client:
+#        # 注册第三方客户端
+#        registration:
+#          gitee:
+#            # 关联OAuth2 Server
+#            provider: gitee
+#            client-id: 305079
+#            client-secret: 77ca2
+#            # 授权类型
+#            authorization-grant-type: authorization_code
+#            # 授权范围
+#            scope: user_info
+#            # 回调地址
+#            redirect-uri: '{baseUrl}/{action}/oauth2/code/{registrationId}'
+#            client-name: gitee
+#          github:
+#            # 关联OAuth2 Server
+#            provider: github
+#            client-id: ffc6b9
+#            client-secret: 7d00bc26
+#            # 授权类型
+#            authorization-grant-type: authorization_code
+#            # 授权范围
+#            scope: user_info
+#            # 回调地址
+#            redirect-uri: '{baseUrl}/{action}/oauth2/code/{registrationId}'
+#            client-name: github
+#        # 第三方信息换取配置(默认Google、GitHub、Facebook 和 Okta内置)
+#        provider:
+#          gitee:
+#            # 登录地址
+#            authorization-uri: https://gitee.com/oauth/authorize
+#            # 换取token
+#            token-uri: https://gitee.com/oauth/token
+#            # 取得的user详情中的属性id的值作为Client的已认证的用户的用户名
+#            user-name-attribute: id
+#            # 获取用户信息
+#            user-info-uri: https://gitee.com/api/v5/user