⚡ (OAuth2) 默认共享 Token 组件需要校验是否有 SAS 依赖

link gh-287
ballcat-projects · Jan 22, 2024 · b4e0403 · b4e0403
1 parent 0cb7b37
commit b4e0403
Showing 1 changed file with 26 additions and 16 deletions.
diff --git a/.../ballcat/springsecurity/oauth2/server/resource/OAuth2ResourceServerAutoConfiguration.java b/.../ballcat/springsecurity/oauth2/server/resource/OAuth2ResourceServerAutoConfiguration.java
@@ -26,6 +26,7 @@
 import org.ballcat.springsecurity.properties.SpringSecurityProperties;
 import org.ballcat.springsecurity.web.CustomAuthenticationEntryPoint;
 import org.springframework.boot.autoconfigure.AutoConfiguration;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
 import org.springframework.boot.context.properties.EnableConfigurationProperties;
@@ -86,34 +87,54 @@ public BasicOauth2ResourceServerConfigurerCustomizer basicOauth2ResourceServerCo
 			return new BasicOauth2ResourceServerConfigurerCustomizer(authenticationEntryPoint, bearerTokenResolver);
 		}
 
+		/**
+		 * spring-security 5.x 中开启资源服务器功能，需要的不透明令牌的支持
+		 * @return OpaqueTokenAuthenticationProvider
+		 */
+		@Bean
+		@ConditionalOnMissingBean
+		public OpaqueTokenAuthenticationProvider opaqueTokenAuthenticationProvider(
+				OpaqueTokenIntrospector opaqueTokenIntrospector) {
+			return new OpaqueTokenAuthenticationProvider(opaqueTokenIntrospector);
+		}
+
 	}
 
 	/**
-	 * 不透明令牌处理配置类
+	 * 共享令牌配置
 	 */
+	@ConditionalOnClass(OAuth2AuthorizationService.class)
 	@Configuration(proxyBeanMethods = false)
-	static class OAuth2ResourceServerOpaqueTokenConfiguration {
+	static class SharedStoredOpaqueTokenIntrospectorConfiguration {
 
 		/**
 		 * 当资源服务器和授权服务器的 token 共享存储时，直接使用 OAuth2AuthorizationService 读取 token 信息
 		 * @return SpringAuthorizationServerSharedStoredOpaqueTokenIntrospector
 		 */
 		@Bean
-		@ConditionalOnMissingBean
+		@ConditionalOnMissingBean(OpaqueTokenIntrospector.class)
 		@ConditionalOnProperty(prefix = "ballcat.springsecurity.oauth2.resourceserver", name = "shared-stored-token",
 				havingValue = "true")
 		public OpaqueTokenIntrospector sharedStoredOpaqueTokenIntrospector(
 				OAuth2AuthorizationService authorizationService) {
 			return new SpringAuthorizationServerSharedStoredOpaqueTokenIntrospector(authorizationService);
 		}
 
+	}
+
+	/**
+	 * 不透明令牌处理配置类
+	 */
+	@Configuration(proxyBeanMethods = false)
+	static class OAuth2ResourceServerOpaqueTokenConfiguration {
+
 		/**
 		 * 当资源服务器和授权服务器的 token 存储无法共享时，通过远程调用的方式，向授权服务鉴定 token，并同时获取对应的授权信息
 		 * @return NimbusOpaqueTokenIntrospector
 		 */
 		@Bean
-		@ConditionalOnMissingBean
-		@ConditionalOnProperty(prefix = "ballcat.security.oauth2.resourceserver", name = "shared-stored-token",
+		@ConditionalOnMissingBean(OpaqueTokenIntrospector.class)
+		@ConditionalOnProperty(prefix = "ballcat.springsecurity.oauth2.resourceserver", name = "shared-stored-token",
 				havingValue = "false", matchIfMissing = true)
 		public OpaqueTokenIntrospector remoteOpaqueTokenIntrospector(
 				OAuth2ResourceServerProperties oAuth2ResourceServerProperties) {
@@ -122,17 +143,6 @@ public OpaqueTokenIntrospector remoteOpaqueTokenIntrospector(
 					opaqueToken.getClientId(), opaqueToken.getClientSecret());
 		}
 
-		/**
-		 * spring-security 5.x 中开启资源服务器功能，需要的不透明令牌的支持
-		 * @return OpaqueTokenAuthenticationProvider
-		 */
-		@Bean
-		@ConditionalOnMissingBean
-		public OpaqueTokenAuthenticationProvider opaqueTokenAuthenticationProvider(
-				OpaqueTokenIntrospector opaqueTokenIntrospector) {
-			return new OpaqueTokenAuthenticationProvider(opaqueTokenIntrospector);
-		}
-
 	}
 
 }