:bug: Fixing a bug. 统一security异常导致remotetokenservice 无法解析问题解决

pigx-auth/src/main/java/com/pig4cloud/pigx/auth/config/AuthorizationServerConfig.java

@@ -69,7 +69,7 @@ public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdap
 	public void configure(AuthorizationServerSecurityConfigurer oauthServer) {
 		oauthServer
 			.allowFormAuthenticationForClients()
-			.checkTokenAccess("permitAll()");
+			.checkTokenAccess("isAuthenticated()");
 	}
 
 	@Override

pigx-auth/src/main/java/com/pig4cloud/pigx/auth/config/WebSecurityConfigurer.java

@@ -62,13 +62,13 @@ public class WebSecurityConfigurer extends WebSecurityConfigurerAdapter {
 	protected void configure(HttpSecurity http) throws Exception {
 		http
 			.formLogin()
-			.loginPage("/oauth/login")
-			.loginProcessingUrl("/oauth/form")
+			.loginPage("/token/login")
+			.loginProcessingUrl("/token/form")
 			.and()
 			.authorizeRequests()
 			.antMatchers(
+				"/token/**",
 				"/actuator/**",
-				"/oauth/**",
 				"/mobile/**").permitAll()
 			.anyRequest().authenticated()
 			.and().csrf().disable()

pigx-auth/src/main/java/com/pig4cloud/pigx/auth/endpoint/PigxTokenEndpoint.java

@@ -55,7 +55,7 @@ import java.util.Map;
  */
 @RestController
 @AllArgsConstructor
-@RequestMapping("/oauth")
+@RequestMapping("/token")
 public class PigxTokenEndpoint {
 	private static final String PIGX_OAUTH_ACCESS = SecurityConstants.PIGX_PREFIX + SecurityConstants.OAUTH_PREFIX + "access:";
 	private final TokenStore tokenStore;
@@ -103,7 +103,7 @@ public class PigxTokenEndpoint {
 	 * @param from  内部调用标志
 	 * @return
 	 */
-	@DeleteMapping("/token/{token}")
+	@DeleteMapping("/{token}")
 	public R<Boolean> delToken(@PathVariable("token") String token, @RequestHeader(required = false) String from) {
 		if (StrUtil.isBlank(from)) {
 			return null;

pigx-auth/src/main/resources/templates/ftl/login.ftl

@@ -16,7 +16,7 @@
 
   <body>
     <div class="container form-margin-top">
-      <form class="form-signin" action="/oauth/form" method="post">
+      <form class="form-signin" action="/token/form" method="post">
         <h2 class="form-signin-heading" align="center">统一认证系统</h2>
         <input type="text" name="username" class="form-control form-margin-top" placeholder="账号" required autofocus>
         <input type="password" name="password" class="form-control" placeholder="密码" required>

pigx-common/pigx-common-security/src/main/java/com/pig4cloud/pigx/common/security/component/PigxResourceServerAutoConfiguration.java

@@ -24,9 +24,13 @@ import org.springframework.cloud.client.loadbalancer.LoadBalanced;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.ComponentScan;
 import org.springframework.context.annotation.Primary;
+import org.springframework.http.HttpStatus;
+import org.springframework.http.client.ClientHttpResponse;
 import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
+import org.springframework.web.client.DefaultResponseErrorHandler;
 import org.springframework.web.client.RestTemplate;
 
+import java.io.IOException;
 import java.util.Set;
 
 /**
@@ -39,7 +43,16 @@ public class PigxResourceServerAutoConfiguration {
 	@Primary
 	@LoadBalanced
 	public RestTemplate lbRestTemplate() {
-		return new RestTemplate();
+		RestTemplate restTemplate = new RestTemplate();
+		restTemplate.setErrorHandler(new DefaultResponseErrorHandler() {
+			@Override
+			public void handleError(ClientHttpResponse response) throws IOException {
+				if (response.getRawStatusCode() != HttpStatus.BAD_REQUEST.value()) {
+					super.handleError(response);
+				}
+			}
+		});
+		return restTemplate;
 	}
 
 	@Bean

pigx-common/pigx-common-security/src/main/java/com/pig4cloud/pigx/common/security/component/PigxWebResponseExceptionTranslator.java

@@ -26,6 +26,7 @@ import org.springframework.security.access.AccessDeniedException;
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.oauth2.common.DefaultThrowableAnalyzer;
 import org.springframework.security.oauth2.common.OAuth2AccessToken;
+import org.springframework.security.oauth2.common.exceptions.ClientAuthenticationException;
 import org.springframework.security.oauth2.common.exceptions.InsufficientScopeException;
 import org.springframework.security.oauth2.common.exceptions.InvalidGrantException;
 import org.springframework.security.oauth2.common.exceptions.OAuth2Exception;
@@ -33,8 +34,6 @@ import org.springframework.security.oauth2.provider.error.WebResponseExceptionTr
 import org.springframework.security.web.util.ThrowableAnalyzer;
 import org.springframework.web.HttpRequestMethodNotSupportedException;
 
-import java.io.IOException;
-
 /**
  * @author lengleng
  * @date 2018/7/8
@@ -86,7 +85,7 @@ public class PigxWebResponseExceptionTranslator implements WebResponseExceptionT
 
 	}
 
-	private ResponseEntity<OAuth2Exception> handleOAuth2Exception(OAuth2Exception e) throws IOException {
+	private ResponseEntity<OAuth2Exception> handleOAuth2Exception(OAuth2Exception e) {
 
 		int status = e.getHttpErrorCode();
 		HttpHeaders headers = new HttpHeaders();
@@ -96,10 +95,14 @@ public class PigxWebResponseExceptionTranslator implements WebResponseExceptionT
 			headers.set("WWW-Authenticate", String.format("%s %s", OAuth2AccessToken.BEARER_TYPE, e.getSummary()));
 		}
 
-		ResponseEntity<OAuth2Exception> response = new ResponseEntity<>(new PigxAuth2Exception(e.getMessage()), headers,
-			HttpStatus.valueOf(status));
+		// 客户端异常直接返回客户端,不然无法解析
+		if (e instanceof ClientAuthenticationException) {
+			return new ResponseEntity<>(e, headers,
+				HttpStatus.valueOf(status));
+		}
 
-		return response;
+		return new ResponseEntity<>(new PigxAuth2Exception(e.getMessage()), headers,
+			HttpStatus.valueOf(status));
 
 	}
 }

pigx-upms/pigx-upms-api/src/main/java/com/pig4cloud/pigx/admin/api/feign/RemoteTokenService.java

@@ -40,7 +40,7 @@ public interface RemoteTokenService {
 	 * @param from   内部调用标志
 	 * @return page
 	 */
-	@PostMapping("/oauth/page")
+	@PostMapping("/token/page")
 	R<Page> selectPage(@RequestBody Map<String, Object> params, @RequestHeader(SecurityConstants.FROM) String from);
 
 	/**
@@ -50,6 +50,6 @@ public interface RemoteTokenService {
 	 * @param from  调用标志
 	 * @return
 	 */
-	@DeleteMapping("/oauth/token/{token}")
+	@DeleteMapping("/token/{token}")
 	R<Boolean> deleteTokenById(@PathVariable("token") String token, @RequestHeader(SecurityConstants.FROM) String from);
 }

pigx-upms/pigx-upms-api/src/main/java/com/pig4cloud/pigx/admin/api/feign/fallback/RemoteTokenServiceFallbackImpl.java

@@ -53,14 +53,13 @@ public class RemoteTokenServiceFallbackImpl implements RemoteTokenService {
 	/**
 	 * 删除token
 	 *
-	 *
-	 * @param s
-	 * @param id
+	 * @param token
+	 * @param from
 	 * @return
 	 */
 	@Override
-	public R<Boolean> deleteTokenById(String s, String id) {
-		log.error("删除token 失败 {}", id, cause);
+	public R<Boolean> deleteTokenById(String token, String from) {
+		log.error("删除token 失败 {}", token, cause);
 		return null;
 	}
 }

pigx-upms/pigx-upms-biz/src/main/java/com/pig4cloud/pigx/admin/controller/TokenController.java

@@ -55,13 +55,13 @@ public class TokenController {
 	/**
 	 * 删除
 	 *
-	 * @param id ID
+	 * @param token token
 	 * @return success/false
 	 */
 	@SysLog("删除用户token")
-	@DeleteMapping("/{id}")
+	@DeleteMapping("/{token}")
 	@PreAuthorize("@pms.hasPermission('sys_token_del')")
-	public R<Boolean> delete(@PathVariable String id) {
-		return remoteTokenService.deleteTokenById(id, SecurityConstants.FROM_IN);
+	public R<Boolean> delete(@PathVariable String token) {
+		return remoteTokenService.deleteTokenById(token, SecurityConstants.FROM_IN);
 	}
 }