1. 升级 spring boot 2.7.6

2. 升级 spring cloud 2021.0.5 3. 升级 spring cloud alibaba 2021.0.4.0 4. 解决新版本 Srping Cloud Gateway 重复 cors 导致报错 5. 调整 spring boot 自动配置的写法 6. 调整 spring security 配置的写法
2022-11-30 22:28:39 +08:00
parent f06e508c9d
commit 79df30d0f8
85 changed files with 220 additions and 155 deletions
--- a/yudao-framework/yudao-spring-boot-starter-security/src/main/java/cn/iocoder/yudao/framework/security/config/YudaoSecurityAutoConfiguration.java
+++ b/yudao-framework/yudao-spring-boot-starter-security/src/main/java/cn/iocoder/yudao/framework/security/config/YudaoSecurityAutoConfiguration.java
@@ -11,10 +11,9 @@ import cn.iocoder.yudao.framework.web.core.handler.GlobalExceptionHandler;
 import cn.iocoder.yudao.module.system.api.oauth2.OAuth2TokenApi;
 import cn.iocoder.yudao.module.system.api.permission.PermissionApi;
 import org.springframework.beans.factory.config.MethodInvokingFactoryBean;
+import org.springframework.boot.autoconfigure.AutoConfiguration;
 import org.springframework.boot.context.properties.EnableConfigurationProperties;
-import org.springframework.cloud.openfeign.EnableFeignClients;
 import org.springframework.context.annotation.Bean;
-import org.springframework.context.annotation.Configuration;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.security.crypto.password.PasswordEncoder;
@@ -31,7 +30,7 @@ import javax.annotation.Resource;
 *
 * @author 芋道源码
 */
-@Configuration(proxyBeanMethods = false)
+@AutoConfiguration
@EnableConfigurationProperties(SecurityProperties.class)
 public class YudaoSecurityAutoConfiguration {

--- a/yudao-framework/yudao-spring-boot-starter-security/src/main/java/cn/iocoder/yudao/framework/security/config/YudaoSecurityRpcAutoConfiguration.java
+++ b/yudao-framework/yudao-spring-boot-starter-security/src/main/java/cn/iocoder/yudao/framework/security/config/YudaoSecurityRpcAutoConfiguration.java
@@ -3,17 +3,16 @@ package cn.iocoder.yudao.framework.security.config;
 import cn.iocoder.yudao.framework.security.core.rpc.LoginUserRequestInterceptor;
 import cn.iocoder.yudao.module.system.api.oauth2.OAuth2TokenApi;
 import cn.iocoder.yudao.module.system.api.permission.PermissionApi;
-import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
+import org.springframework.boot.autoconfigure.AutoConfiguration;
 import org.springframework.cloud.openfeign.EnableFeignClients;
 import org.springframework.context.annotation.Bean;
-import org.springframework.context.annotation.Configuration;

 /**
 * Security 使用到 Feign 的配置项
 *
 * @author 芋道源码
 */
-@Configuration(proxyBeanMethods = false)
+@AutoConfiguration
@EnableFeignClients(clients = {OAuth2TokenApi.class, // 主要是引入相关的 API 服务
        PermissionApi.class})
 public class YudaoSecurityRpcAutoConfiguration {
--- a/yudao-framework/yudao-spring-boot-starter-security/src/main/java/cn/iocoder/yudao/framework/security/config/YudaoWebSecurityConfigurerAdapter.java
+++ b/yudao-framework/yudao-spring-boot-starter-security/src/main/java/cn/iocoder/yudao/framework/security/config/YudaoWebSecurityConfigurerAdapter.java
@@ -4,17 +4,17 @@ import cn.iocoder.yudao.framework.security.core.filter.TokenAuthenticationFilter
 import cn.iocoder.yudao.framework.web.config.WebProperties;
 import com.google.common.collect.HashMultimap;
 import com.google.common.collect.Multimap;
-import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
+import org.springframework.boot.autoconfigure.AutoConfiguration;
 import org.springframework.context.ApplicationContext;
 import org.springframework.context.annotation.Bean;
-import org.springframework.context.annotation.Configuration;
 import org.springframework.http.HttpMethod;
 import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
 import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.web.AuthenticationEntryPoint;
+import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.access.AccessDeniedHandler;
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
 import org.springframework.web.method.HandlerMethod;
@@ -32,9 +32,9 @@ import java.util.Set;
 *
 * @author 芋道源码
 */
-@Configuration(proxyBeanMethods = false)
+@AutoConfiguration
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
-public class YudaoWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {
+public class YudaoWebSecurityConfigurerAdapter {

    @Resource
    private WebProperties webProperties;
@@ -72,11 +72,9 @@ public class YudaoWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdap
     * 由于 Spring Security 创建 AuthenticationManager 对象时，没声明 @Bean 注解，导致无法被注入
     * 通过覆写父类的该方法，添加 @Bean 注解，解决该问题
     */
-    @Override
    @Bean
-    @ConditionalOnMissingBean(AuthenticationManager.class)
-    public AuthenticationManager authenticationManagerBean() throws Exception {
-        return super.authenticationManagerBean();
+    public AuthenticationManager authenticationManagerBean(AuthenticationConfiguration authenticationConfiguration) throws Exception {
+        return authenticationConfiguration.getAuthenticationManager();
    }

    /**
@@ -96,8 +94,8 @@ public class YudaoWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdap
     * rememberMe          |   允许通过remember-me登录的用户访问
     * authenticated       |   用户登录后可访问
     */
-    @Override
-    protected void configure(HttpSecurity httpSecurity) throws Exception {
+    @Bean
+    protected SecurityFilterChain configure(HttpSecurity httpSecurity) throws Exception {
        // 登出
        httpSecurity
                // 开启跨域
@@ -139,6 +137,7 @@ public class YudaoWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdap

        // 添加 JWT Filter
        httpSecurity.addFilterBefore(authenticationTokenFilter, UsernamePasswordAuthenticationFilter.class);
+        return httpSecurity.build();
    }

    private String buildAppApi(String url) {
--- a/yudao-framework/yudao-spring-boot-starter-security/src/main/resources/META-INF/spring.factories
+++ b/yudao-framework/yudao-spring-boot-starter-security/src/main/resources/META-INF/spring.factories
@@ -1,4 +0,0 @@
-org.springframework.boot.autoconfigure.EnableAutoConfiguration=\
-  cn.iocoder.yudao.framework.security.config.YudaoSecurityRpcAutoConfiguration,\
-  cn.iocoder.yudao.framework.security.config.YudaoSecurityAutoConfiguration,\
-  cn.iocoder.yudao.framework.security.config.YudaoWebSecurityConfigurerAdapter
--- a/yudao-framework/yudao-spring-boot-starter-security/src/main/resources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports
+++ b/yudao-framework/yudao-spring-boot-starter-security/src/main/resources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports
@@ -0,0 +1,3 @@
+cn.iocoder.yudao.framework.security.config.YudaoSecurityRpcAutoConfiguration
+cn.iocoder.yudao.framework.security.config.YudaoSecurityAutoConfiguration
+cn.iocoder.yudao.framework.security.config.YudaoWebSecurityConfigurerAdapter