代码同步

Author: hengboy

CHANGELOG.md

@@ -1,3 +1,13 @@
+## 2.2.2.RELEASE更新日志（2020-1-6日发布）
+- 支持自定义认证服务器OAuth2认证失败时响应内容，详见：[I17O6B](https://gitee.com/minbox-projects/api-boot/issues/I17O6B)
+- 回退fastJson版本为1.2.60
+- 升级分布式链路日志minbox-logging为1.0.3.RELEASE
+- 提供自定义认证失败使用示例，[CustomAuthorizationDeniedResponse](https://gitee.com/minbox-projects/api-boot/blob/master/api-boot-samples/api-boot-sample-security-oauth-jwt/src/main/java/org/minbox/framework/api/boot/sample/CustomAuthorizationDeniedResponse.java)
+- 提供默认`AuthorizationDeniedResponse`默认实现[DefaultAuthorizationDeniedResponse](https://gitee.com/minbox-projects/api-boot/blob/master/api-boot-project/api-boot-plugins/api-boot-plugin-oauth/src/main/java/org/minbox/framework/api/boot/plugin/oauth/response/DefaultAuthorizationDeniedResponse.java)
+- 修复minbox-logging采集日志发生位置错误问题
+- 统一部分源码类上的注释格式
+- ApiBoot提供`WebResponseExceptionTranslator`实现类[ApiBootWebResponseExceptionTranslator](https://gitee.com/minbox-projects/api-boot/blob/master/api-boot-project/api-boot-plugins/api-boot-plugin-oauth/src/main/java/org/minbox/framework/api/boot/plugin/oauth/translator/ApiBootWebResponseExceptionTranslator.java) ，用于处理OAuth2Exception异常。
+
 ## 2.2.1.RELEASE更新日志(2019-12-16日发布)
 - 升级SpringBoot版本为2.2.2.RELEASE
 - 升级minbox-logging版本为1.0.3.RC1

api-boot-project/api-boot-plugins/api-boot-plugin-oauth/src/main/java/org/minbox/framework/api/boot/plugin/oauth/exception/ApiBootOAuth2Exception.java

@@ -0,0 +1,24 @@
+package org.minbox.framework.api.boot.plugin.oauth.exception;
+
+import com.fasterxml.jackson.databind.annotation.JsonSerialize;
+import lombok.Getter;
+import org.minbox.framework.api.boot.plugin.oauth.response.AuthorizationDeniedResponse;
+import org.springframework.security.oauth2.common.exceptions.OAuth2Exception;
+
+/**
+ * Custom implementation of OAuth2Exception
+ *
+ * @author 恒宇少年
+ * @see OAuth2Exception
+ */
+@JsonSerialize(using = ApiBootOAuth2ExceptionSerializer.class)
+@Getter
+public class ApiBootOAuth2Exception extends OAuth2Exception {
+
+    private AuthorizationDeniedResponse response;
+
+    public ApiBootOAuth2Exception(String message, Throwable t, AuthorizationDeniedResponse response) {
+        super(message, t);
+        this.response = response;
+    }
+}

api-boot-project/api-boot-plugins/api-boot-plugin-oauth/src/main/java/org/minbox/framework/api/boot/plugin/oauth/exception/ApiBootOAuth2ExceptionSerializer.java

@@ -0,0 +1,26 @@
+package org.minbox.framework.api.boot.plugin.oauth.exception;
+
+import com.fasterxml.jackson.core.JsonGenerator;
+import com.fasterxml.jackson.databind.SerializerProvider;
+import com.fasterxml.jackson.databind.ser.std.StdSerializer;
+
+import java.io.IOException;
+
+/**
+ * The ApiBootOAuth2Exception Serializer
+ * The specific implementation is handed over to "org.minbox.framework.api.boot.plugin.oauth.response.AuthorizationDeniedResponse#serializeResponse"
+ *
+ * @author 恒宇少年
+ */
+public class ApiBootOAuth2ExceptionSerializer extends StdSerializer<ApiBootOAuth2Exception> {
+    protected ApiBootOAuth2ExceptionSerializer() {
+        super(ApiBootOAuth2Exception.class);
+    }
+
+    @Override
+    public void serialize(ApiBootOAuth2Exception e, JsonGenerator generator, SerializerProvider serializerProvider) throws IOException {
+        generator.writeStartObject();
+        e.getResponse().serializeResponse(e, generator);
+        generator.writeEndObject();
+    }
+}

api-boot-project/api-boot-plugins/api-boot-plugin-oauth/src/main/java/org/minbox/framework/api/boot/plugin/oauth/response/AuthorizationDeniedResponse.java

@@ -0,0 +1,33 @@
+package org.minbox.framework.api.boot.plugin.oauth.response;
+
+import com.fasterxml.jackson.core.JsonGenerator;
+import org.minbox.framework.api.boot.plugin.oauth.exception.ApiBootOAuth2Exception;
+import org.springframework.http.HttpStatus;
+
+import java.io.Serializable;
+
+/**
+ * Interface definition to respond to authorization exception
+ *
+ * @author 恒宇少年
+ */
+public interface AuthorizationDeniedResponse {
+    /**
+     * Provide the response HttpStatus, default is 401
+     *
+     * @return {@link HttpStatus}
+     */
+    default HttpStatus getHttpStatus() {
+        return HttpStatus.UNAUTHORIZED;
+    }
+
+    /**
+     * Serialize the response content
+     *
+     * @param e         {@link ApiBootOAuth2Exception}
+     * @param generator {@link JsonGenerator}
+     */
+    default void serializeResponse(ApiBootOAuth2Exception e, JsonGenerator generator) {
+        // default nothing to do
+    }
+}

api-boot-project/api-boot-plugins/api-boot-plugin-oauth/src/main/java/org/minbox/framework/api/boot/plugin/oauth/response/DefaultAuthorizationDeniedResponse.java

@@ -0,0 +1,30 @@
+package org.minbox.framework.api.boot.plugin.oauth.response;
+
+import com.fasterxml.jackson.core.JsonGenerator;
+import org.minbox.framework.api.boot.plugin.oauth.exception.ApiBootOAuth2Exception;
+import org.springframework.http.HttpStatus;
+import org.springframework.web.util.HtmlUtils;
+
+/**
+ * The default {@link AuthorizationDeniedResponse} support
+ * Provide default OAuth2Exception exception response content
+ *
+ * @author 恒宇少年
+ * @see org.minbox.framework.api.boot.plugin.oauth.translator.ApiBootWebResponseExceptionTranslator
+ * @see ApiBootOAuth2Exception
+ */
+public class DefaultAuthorizationDeniedResponse implements AuthorizationDeniedResponse {
+    @Override
+    public void serializeResponse(ApiBootOAuth2Exception e, JsonGenerator generator) {
+        try {
+            String message = e.getMessage();
+            if (message != null) {
+                message = HtmlUtils.htmlEscape(message);
+            }
+            generator.writeObjectField("errorMessage", message);
+            generator.writeObjectField("errorCode", HttpStatus.UNAUTHORIZED.getReasonPhrase());
+        } catch (Exception ex) {
+            ex.printStackTrace();
+        }
+    }
+}

api-boot-project/api-boot-plugins/api-boot-plugin-oauth/src/main/java/org/minbox/framework/api/boot/plugin/oauth/translator/ApiBootWebResponseExceptionTranslator.java

@@ -0,0 +1,153 @@
+package org.minbox.framework.api.boot.plugin.oauth.translator;
+
+import org.minbox.framework.api.boot.plugin.oauth.exception.ApiBootOAuth2Exception;
+import org.minbox.framework.api.boot.plugin.oauth.response.AuthorizationDeniedResponse;
+import org.springframework.http.HttpHeaders;
+import org.springframework.http.HttpStatus;
+import org.springframework.http.ResponseEntity;
+import org.springframework.security.access.AccessDeniedException;
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.oauth2.common.DefaultThrowableAnalyzer;
+import org.springframework.security.oauth2.common.exceptions.InsufficientScopeException;
+import org.springframework.security.oauth2.common.exceptions.OAuth2Exception;
+import org.springframework.security.oauth2.provider.error.WebResponseExceptionTranslator;
+import org.springframework.security.web.util.ThrowableAnalyzer;
+import org.springframework.web.HttpRequestMethodNotSupportedException;
+
+import java.io.IOException;
+
+/**
+ * Override the default WebResponseExceptionTranslator
+ * Customize the error message format returned by the authentication server
+ *
+ * @author 恒宇少年
+ * @see org.springframework.security.oauth2.provider.error.DefaultWebResponseExceptionTranslator
+ */
+public class ApiBootWebResponseExceptionTranslator implements WebResponseExceptionTranslator {
+    /**
+     * Response in case of authentication error
+     */
+    private AuthorizationDeniedResponse authorizationDeniedResponse;
+
+    public ApiBootWebResponseExceptionTranslator(AuthorizationDeniedResponse authorizationDeniedResponse) {
+        this.authorizationDeniedResponse = authorizationDeniedResponse;
+    }
+
+    private ThrowableAnalyzer throwableAnalyzer = new DefaultThrowableAnalyzer();
+
+    @Override
+    public ResponseEntity<OAuth2Exception> translate(Exception e) throws Exception {
+        Throwable[] causeChain = this.throwableAnalyzer.determineCauseChain(e);
+
+        Exception ase = (OAuth2Exception) this.throwableAnalyzer.getFirstThrowableOfType(OAuth2Exception.class, causeChain);
+        if (ase != null) {
+            return this.handleOAuth2Exception((OAuth2Exception) ase);
+        }
+
+        ase = (AuthenticationException) this.throwableAnalyzer.getFirstThrowableOfType(AuthenticationException.class, causeChain);
+        if (ase != null) {
+            return this.handleOAuth2Exception(new UnauthorizedException(e.getMessage(), e));
+        }
+
+        ase = (AccessDeniedException) this.throwableAnalyzer.getFirstThrowableOfType(AccessDeniedException.class, causeChain);
+        if (ase instanceof AccessDeniedException) {
+            return this.handleOAuth2Exception(new ForbiddenException(ase.getMessage(), ase));
+        }
+
+        ase = (HttpRequestMethodNotSupportedException) throwableAnalyzer.getFirstThrowableOfType(
+            HttpRequestMethodNotSupportedException.class, causeChain);
+        if (ase instanceof HttpRequestMethodNotSupportedException) {
+            return handleOAuth2Exception(new MethodNotAllowed(ase.getMessage(), ase));
+        }
+
+        return this.handleOAuth2Exception(new ServerErrorException(HttpStatus.INTERNAL_SERVER_ERROR.getReasonPhrase(), e));
+    }
+
+    /**
+     * Handling Formatted OAuth2Exception Response
+     *
+     * @param e {@link OAuth2Exception}
+     * @return {@link ResponseEntity}
+     * @throws IOException
+     */
+    private ResponseEntity<OAuth2Exception> handleOAuth2Exception(OAuth2Exception e) throws IOException {
+        int status = e.getHttpErrorCode();
+        HttpHeaders headers = new HttpHeaders();
+        headers.set("Cache-Control", "no-store");
+        headers.set("Pragma", "no-cache");
+        if (status == HttpStatus.UNAUTHORIZED.value() || e instanceof InsufficientScopeException) {
+            headers.set("WWW-Authenticate", String.format("%s %s", "Bearer", e.getSummary()));
+        }
+
+        // use ApiBootOAuth2Exception as the returned exception type
+        ApiBootOAuth2Exception apiBootOAuth2Exception = new ApiBootOAuth2Exception(e.getMessage(), e, authorizationDeniedResponse);
+        // get custom authorization definition response HttpStatus
+        HttpStatus httpStatus = authorizationDeniedResponse.getHttpStatus();
+        ResponseEntity<OAuth2Exception> response = new ResponseEntity(apiBootOAuth2Exception, headers, httpStatus);
+        return response;
+    }
+
+    private static class MethodNotAllowed extends OAuth2Exception {
+        public MethodNotAllowed(String msg, Throwable t) {
+            super(msg, t);
+        }
+
+        @Override
+        public String getOAuth2ErrorCode() {
+            return HttpStatus.METHOD_NOT_ALLOWED.getReasonPhrase();
+        }
+
+        @Override
+        public int getHttpErrorCode() {
+            return HttpStatus.METHOD_NOT_ALLOWED.value();
+        }
+    }
+
+    private static class UnauthorizedException extends OAuth2Exception {
+        public UnauthorizedException(String msg, Throwable t) {
+            super(msg, t);
+        }
+
+        @Override
+        public String getOAuth2ErrorCode() {
+            return HttpStatus.UNAUTHORIZED.getReasonPhrase();
+        }
+
+        @Override
+        public int getHttpErrorCode() {
+            return HttpStatus.UNAUTHORIZED.value();
+        }
+    }
+
+    private static class ServerErrorException extends OAuth2Exception {
+        public ServerErrorException(String msg, Throwable t) {
+            super(msg, t);
+        }
+
+        @Override
+        public String getOAuth2ErrorCode() {
+            return HttpStatus.INTERNAL_SERVER_ERROR.getReasonPhrase();
+        }
+
+        @Override
+        public int getHttpErrorCode() {
+            return HttpStatus.INTERNAL_SERVER_ERROR.value();
+        }
+    }
+
+    private static class ForbiddenException extends OAuth2Exception {
+        public ForbiddenException(String msg, Throwable t) {
+            super(msg, t);
+        }
+
+        @Override
+        public String getOAuth2ErrorCode() {
+            return HttpStatus.FORBIDDEN.getReasonPhrase();
+        }
+
+        @Override
+        public int getHttpErrorCode() {
+            return HttpStatus.FORBIDDEN.value();
+        }
+    }
+}

api-boot-samples/api-boot-sample-security-oauth-jwt/src/main/java/org/minbox/framework/api/boot/sample/CustomAuthorizationDeniedResponse.java

@@ -0,0 +1,24 @@
+package org.minbox.framework.api.boot.sample;
+
+import com.fasterxml.jackson.core.JsonGenerator;
+import org.minbox.framework.api.boot.plugin.oauth.exception.ApiBootOAuth2Exception;
+import org.minbox.framework.api.boot.plugin.oauth.response.AuthorizationDeniedResponse;
+import org.springframework.stereotype.Component;
+
+/**
+ * 自定义认证错误格式化响应 {@link AuthorizationDeniedResponse}使用示例
+ *
+ * @author 恒宇少年
+ */
+@Component
+public class CustomAuthorizationDeniedResponse implements AuthorizationDeniedResponse {
+    @Override
+    public void serializeResponse(ApiBootOAuth2Exception e, JsonGenerator generator) {
+        try {
+            generator.writeObjectField("code", e.getHttpErrorCode());
+            generator.writeObjectField("message", e.getMessage());
+        } catch (Exception ex) {
+            ex.printStackTrace();
+        }
+    }
+}

pom.xml

@@ -18,15 +18,15 @@
     <version>${revision}</version>
     <name>api-boot</name>
     <properties>
-        <revision>2.2.2-SNAPSHOT</revision>
+        <revision>2.2.3-SNAPSHOT</revision>
         <maven-compiler-plugin.version>3.5.1</maven-compiler-plugin.version>
         <jdk.version>1.8</jdk.version>
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
         <maven.compiler.encoding>UTF-8</maven.compiler.encoding>
     </properties>
     <description>
         ApiBoot是一款基于SpringBoot1.x、2.x的接口服务集成基础框架，
-        内部提供了第三方框架的封装集成，让接口开发者可以选择性完成开箱即用，
+        内部提供了第三方框架的封装集成，让接口开发者可以选择性使用starter完成开箱即用，
         不再为搭建接口框架而犯愁，从而极大的提高开发效率。
     </description>
     <url>https://gitee.com/minbox-projects/api-boot</url>