add AuthenticationTokenFilter

xlorne · xlorne · commit a037cddfc509 · 2023-10-27T17:36:03.000+08:00
diff --git a/springboot-starter-security-jwt/src/main/java/com/codingapi/springboot/security/AutoConfiguration.java b/springboot-starter-security-jwt/src/main/java/com/codingapi/springboot/security/AutoConfiguration.java
@@ -2,8 +2,10 @@
 
 import com.codingapi.springboot.security.configurer.HttpSecurityConfigurer;
 import com.codingapi.springboot.security.controller.VersionController;
+import com.codingapi.springboot.security.dto.request.LoginRequest;
 import com.codingapi.springboot.security.filter.*;
 import com.codingapi.springboot.security.jwt.Jwt;
+import com.codingapi.springboot.security.jwt.Token;
 import com.codingapi.springboot.security.properties.SecurityJwtProperties;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
 import org.springframework.boot.context.properties.ConfigurationProperties;
@@ -24,6 +26,9 @@
 import org.springframework.web.servlet.config.annotation.CorsRegistry;
 import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
 
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
 @Configuration
 @EnableWebSecurity
 public class AutoConfiguration {
@@ -53,28 +58,45 @@ public PasswordEncoder passwordEncoder() {
         return PasswordEncoderFactories.createDelegatingPasswordEncoder();
     }
 
+    @Bean
+    @ConditionalOnMissingBean
+    public AuthenticationTokenFilter authenticationTokenFilter() {
+        return (request, response, chain) -> {
+
+        };
+    }
+
 
     @Bean
     @ConditionalOnMissingBean
-    public SecurityLoginHandler securityLoginHandler(){
-        return (request, response, handler) -> {
+    public SecurityLoginHandler securityLoginHandler() {
+        return new SecurityLoginHandler() {
+            @Override
+            public void preHandle(HttpServletRequest request, HttpServletResponse response, LoginRequest handler) throws Exception {
+
+            }
+
+            @Override
+            public void postHandle(HttpServletRequest request, HttpServletResponse response, LoginRequest handler, Token token) {
+
+            }
         };
     }
 
 
     @Bean
     @ConditionalOnMissingBean
-    public SecurityFilterChain filterChain(HttpSecurity security, Jwt jwt,SecurityLoginHandler loginHandler,
-                                           SecurityJwtProperties properties) throws Exception {
+    public SecurityFilterChain filterChain(HttpSecurity security, Jwt jwt, SecurityLoginHandler loginHandler,
+                                           SecurityJwtProperties properties, AuthenticationTokenFilter authenticationTokenFilter) throws Exception {
         //disable basic auth
         security.httpBasic().disable();
 
         //before add addCorsMappings to enable cors.
         security.cors();
-        if(properties.isDisableCsrf() ){
+        if (properties.isDisableCsrf()) {
             security.csrf().disable();
         }
-        security.apply(new HttpSecurityConfigurer(jwt,loginHandler,properties));
+        security.apply(new HttpSecurityConfigurer(jwt, loginHandler, properties, authenticationTokenFilter));
         security
                 .exceptionHandling()
                 .authenticationEntryPoint(new MyUnAuthenticationEntryPoint())
@@ -125,7 +147,7 @@ public WebMvcConfigurer corsConfigurer(SecurityJwtProperties securityJwtProperti
         return new WebMvcConfigurer() {
             @Override
             public void addCorsMappings(CorsRegistry registry) {
-                if(securityJwtProperties.isDisableCors()) {
+                if (securityJwtProperties.isDisableCors()) {
                     registry.addMapping("/**")
                             .allowedHeaders("*")
                             .allowedMethods("*")
@@ -149,7 +171,7 @@ public SecurityJwtProperties securityJwtProperties() {
 
     @Bean
     @ConditionalOnMissingBean
-    public VersionController versionController(Environment environment){
+    public VersionController versionController(Environment environment) {
         return new VersionController(environment);
     }
 
diff --git a/springboot-starter-security-jwt/src/main/java/com/codingapi/springboot/security/configurer/HttpSecurityConfigurer.java b/springboot-starter-security-jwt/src/main/java/com/codingapi/springboot/security/configurer/HttpSecurityConfigurer.java
@@ -1,5 +1,6 @@
 package com.codingapi.springboot.security.configurer;
 
+import com.codingapi.springboot.security.filter.AuthenticationTokenFilter;
 import com.codingapi.springboot.security.filter.MyAuthenticationFilter;
 import com.codingapi.springboot.security.filter.MyLoginFilter;
 import com.codingapi.springboot.security.filter.SecurityLoginHandler;
@@ -17,11 +18,12 @@ public class HttpSecurityConfigurer extends AbstractHttpConfigurer<HttpSecurityC
 
     private final SecurityLoginHandler securityLoginHandler;
     private final SecurityJwtProperties securityJwtProperties;
+    private final AuthenticationTokenFilter authenticationTokenFilter;
 
     @Override
     public void configure(HttpSecurity security) throws Exception {
         AuthenticationManager manager = security.getSharedObject(AuthenticationManager.class);
         security.addFilter(new MyLoginFilter(manager, jwt,securityLoginHandler, securityJwtProperties));
-        security.addFilter(new MyAuthenticationFilter(manager,securityJwtProperties,jwt));
+        security.addFilter(new MyAuthenticationFilter(manager,securityJwtProperties,jwt,authenticationTokenFilter));
     }
 }
diff --git a/springboot-starter-security-jwt/src/main/java/com/codingapi/springboot/security/filter/AuthenticationTokenFilter.java b/springboot-starter-security-jwt/src/main/java/com/codingapi/springboot/security/filter/AuthenticationTokenFilter.java
@@ -0,0 +1,12 @@
+package com.codingapi.springboot.security.filter;
+
+import javax.servlet.FilterChain;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+public interface AuthenticationTokenFilter {
+
+
+    void doFilter(HttpServletRequest request, HttpServletResponse response, FilterChain chain);
+
+}
diff --git a/springboot-starter-security-jwt/src/main/java/com/codingapi/springboot/security/filter/MyAuthenticationFilter.java b/springboot-starter-security-jwt/src/main/java/com/codingapi/springboot/security/filter/MyAuthenticationFilter.java
@@ -29,12 +29,14 @@ public class MyAuthenticationFilter extends BasicAuthenticationFilter {
     private final Jwt jwt;
 
     private final SecurityJwtProperties securityJwtProperties;
+    private final AuthenticationTokenFilter authenticationTokenFilter;
     private final AntPathMatcher antPathMatcher = new AntPathMatcher();
 
-    public MyAuthenticationFilter(AuthenticationManager manager, SecurityJwtProperties securityJwtProperties, Jwt jwt) {
+    public MyAuthenticationFilter(AuthenticationManager manager, SecurityJwtProperties securityJwtProperties, Jwt jwt,AuthenticationTokenFilter authenticationTokenFilter) {
         super(manager);
         this.jwt = jwt;
         this.securityJwtProperties = securityJwtProperties;
+        this.authenticationTokenFilter = authenticationTokenFilter;
     }
 
 
@@ -64,6 +66,7 @@ protected void doFilterInternal(HttpServletRequest request, HttpServletResponse
                 }
 
                 SecurityContextHolder.getContext().setAuthentication(token.getAuthenticationToken());
+                authenticationTokenFilter.doFilter(request, response, chain);
             }
         }
         chain.doFilter(request, response);
diff --git a/springboot-starter-security-jwt/src/main/java/com/codingapi/springboot/security/filter/MyLoginFilter.java b/springboot-starter-security-jwt/src/main/java/com/codingapi/springboot/security/filter/MyLoginFilter.java
@@ -58,7 +58,7 @@ public Authentication attemptAuthentication(HttpServletRequest request, HttpServ
             throw new AuthenticationServiceException("request stream read was null.");
         }
         try {
-            loginHandler.preHandle(request,response,login);
+            loginHandler.preHandle(request, response, login);
         } catch (Exception e) {
             throw new AuthenticationServiceException(e.getLocalizedMessage());
         }
@@ -84,6 +84,8 @@ protected void successfulAuthentication(HttpServletRequest request, HttpServletR
         String content = JSONObject.toJSONString(SingleResponse.of(login));
         IOUtils.write(content, response.getOutputStream(), StandardCharsets.UTF_8);
 
+        loginHandler.postHandle(request, response, loginRequest, token);
+
         LoginRequestContext.getInstance().clean();
     }
 
diff --git a/springboot-starter-security-jwt/src/main/java/com/codingapi/springboot/security/filter/SecurityLoginHandler.java b/springboot-starter-security-jwt/src/main/java/com/codingapi/springboot/security/filter/SecurityLoginHandler.java
@@ -1,12 +1,15 @@
 package com.codingapi.springboot.security.filter;
 
 import com.codingapi.springboot.security.dto.request.LoginRequest;
+import com.codingapi.springboot.security.jwt.Token;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
 
 public interface SecurityLoginHandler {
 
-    void  preHandle(HttpServletRequest request, HttpServletResponse response, LoginRequest handler) throws Exception;
+    void preHandle(HttpServletRequest request, HttpServletResponse response, LoginRequest handler) throws Exception;
+
+    void postHandle(HttpServletRequest request, HttpServletResponse response, LoginRequest handler, Token token);
 }

Original file line number	Diff line number	Diff line change
`@@ -29,12 +29,14 @@ public class MyAuthenticationFilter extends BasicAuthenticationFilter {`
`29`	`29`	`private final Jwt jwt;`
`30`	`30`
`31`	`31`	`private final SecurityJwtProperties securityJwtProperties;`
	`32`	`+ private final AuthenticationTokenFilter authenticationTokenFilter;`
`32`	`33`	`private final AntPathMatcher antPathMatcher = new AntPathMatcher();`
`33`	`34`
`34`		`- public MyAuthenticationFilter(AuthenticationManager manager, SecurityJwtProperties securityJwtProperties, Jwt jwt) {`
	`35`	`+ public MyAuthenticationFilter(AuthenticationManager manager, SecurityJwtProperties securityJwtProperties, Jwt jwt,AuthenticationTokenFilter authenticationTokenFilter) {`
`35`	`36`	`super(manager);`
`36`	`37`	`this.jwt = jwt;`
`37`	`38`	`this.securityJwtProperties = securityJwtProperties;`
	`39`	`+ this.authenticationTokenFilter = authenticationTokenFilter;`
`38`	`40`	`}`
`39`	`41`
`40`	`42`
`@@ -64,6 +66,7 @@ protected void doFilterInternal(HttpServletRequest request, HttpServletResponse`
`64`	`66`	`}`
`65`	`67`
`66`	`68`	`SecurityContextHolder.getContext().setAuthentication(token.getAuthenticationToken());`
	`69`	`+ authenticationTokenFilter.doFilter(request, response, chain);`
`67`	`70`	`}`
`68`	`71`	`}`
`69`	`72`	`chain.doFilter(request, response);`
Original file line number	Diff line number	Diff line change
`@@ -58,7 +58,7 @@ public Authentication attemptAuthentication(HttpServletRequest request, HttpServ`
`58`	`58`	`throw new AuthenticationServiceException("request stream read was null.");`
`59`	`59`	`}`
`60`	`60`	`try {`
`61`		`- loginHandler.preHandle(request,response,login);`
	`61`	`+ loginHandler.preHandle(request, response, login);`
`62`	`62`	`} catch (Exception e) {`
`63`	`63`	`throw new AuthenticationServiceException(e.getLocalizedMessage());`
`64`	`64`	`}`
`@@ -84,6 +84,8 @@ protected void successfulAuthentication(HttpServletRequest request, HttpServletR`
`84`	`84`	`String content = JSONObject.toJSONString(SingleResponse.of(login));`
`85`	`85`	`IOUtils.write(content, response.getOutputStream(), StandardCharsets.UTF_8);`
`86`	`86`
	`87`	`+ loginHandler.postHandle(request, response, loginRequest, token);`
	`88`	`+`
`87`	`89`	`LoginRequestContext.getInstance().clean();`
`88`	`90`	`}`
`89`	`91`