This is an automated email from the ASF dual-hosted git repository.
albumenj pushed a commit to branch 3.2
in repository https://gitbox.apache.org/repos/asf/dubbo.git
The following commit(s) were added to refs/heads/3.2 by this push:
new 9dc5bf1944 Enhance spring security class check (#13136)
9dc5bf1944 is described below
commit 9dc5bf1944d34cffc19d510d46123a20c9f3ecab
Author: Albumen Kevin <[email protected]>
AuthorDate: Fri Sep 29 09:44:41 2023 +0800
Enhance spring security class check (#13136)
* Enhance spring security class check
* Catch exception
---
.../AuthenticationExceptionTranslatorFilter.java | 6 +++++-
.../ContextHolderAuthenticationPrepareFilter.java | 13 ++++++++++--
.../ContextHolderAuthenticationResolverFilter.java | 10 ++++++++--
.../model/SecurityScopeModelInitializer.java | 23 +++++++++++++++++-----
.../dubbo/spring/security/utils/SecurityNames.java | 2 ++
5 files changed, 44 insertions(+), 10 deletions(-)
diff --git
a/dubbo-plugin/dubbo-spring-security/src/main/java/org/apache/dubbo/spring/security/filter/AuthenticationExceptionTranslatorFilter.java
b/dubbo-plugin/dubbo-spring-security/src/main/java/org/apache/dubbo/spring/security/filter/AuthenticationExceptionTranslatorFilter.java
index 00dadabf59..e3a246d2bc 100644
---
a/dubbo-plugin/dubbo-spring-security/src/main/java/org/apache/dubbo/spring/security/filter/AuthenticationExceptionTranslatorFilter.java
+++
b/dubbo-plugin/dubbo-spring-security/src/main/java/org/apache/dubbo/spring/security/filter/AuthenticationExceptionTranslatorFilter.java
@@ -30,10 +30,14 @@ import
org.springframework.security.core.AuthenticationException;
import static org.apache.dubbo.rpc.RpcException.AUTHORIZATION_EXCEPTION;
import static
org.apache.dubbo.spring.security.utils.SecurityNames.CORE_JACKSON_2_MODULE_CLASS_NAME;
+import static
org.apache.dubbo.spring.security.utils.SecurityNames.JAVA_TIME_MODULE_CLASS_NAME;
import static
org.apache.dubbo.spring.security.utils.SecurityNames.OBJECT_MAPPER_CLASS_NAME;
import static
org.apache.dubbo.spring.security.utils.SecurityNames.SECURITY_CONTEXT_HOLDER_CLASS_NAME;
+import static
org.apache.dubbo.spring.security.utils.SecurityNames.SIMPLE_MODULE_CLASS_NAME;
-@Activate(group = CommonConstants.PROVIDER, order = Integer.MAX_VALUE, onClass
= {SECURITY_CONTEXT_HOLDER_CLASS_NAME, CORE_JACKSON_2_MODULE_CLASS_NAME,
OBJECT_MAPPER_CLASS_NAME})
+@Activate(group = CommonConstants.PROVIDER, order = Integer.MAX_VALUE, onClass
= {
+ SECURITY_CONTEXT_HOLDER_CLASS_NAME, CORE_JACKSON_2_MODULE_CLASS_NAME,
OBJECT_MAPPER_CLASS_NAME,
+ JAVA_TIME_MODULE_CLASS_NAME, SIMPLE_MODULE_CLASS_NAME})
public class AuthenticationExceptionTranslatorFilter implements Filter,
Filter.Listener {
diff --git
a/dubbo-plugin/dubbo-spring-security/src/main/java/org/apache/dubbo/spring/security/filter/ContextHolderAuthenticationPrepareFilter.java
b/dubbo-plugin/dubbo-spring-security/src/main/java/org/apache/dubbo/spring/security/filter/ContextHolderAuthenticationPrepareFilter.java
index 6617f4be85..c71ef982f5 100644
---
a/dubbo-plugin/dubbo-spring-security/src/main/java/org/apache/dubbo/spring/security/filter/ContextHolderAuthenticationPrepareFilter.java
+++
b/dubbo-plugin/dubbo-spring-security/src/main/java/org/apache/dubbo/spring/security/filter/ContextHolderAuthenticationPrepareFilter.java
@@ -18,6 +18,8 @@ package org.apache.dubbo.spring.security.filter;
import org.apache.dubbo.common.constants.CommonConstants;
import org.apache.dubbo.common.extension.Activate;
+import org.apache.dubbo.common.logger.Logger;
+import org.apache.dubbo.common.logger.LoggerFactory;
import org.apache.dubbo.common.utils.StringUtils;
import org.apache.dubbo.rpc.Invocation;
import org.apache.dubbo.rpc.Invoker;
@@ -33,12 +35,17 @@ import
org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.context.SecurityContextHolder;
import static
org.apache.dubbo.spring.security.utils.SecurityNames.CORE_JACKSON_2_MODULE_CLASS_NAME;
+import static
org.apache.dubbo.spring.security.utils.SecurityNames.JAVA_TIME_MODULE_CLASS_NAME;
import static
org.apache.dubbo.spring.security.utils.SecurityNames.OBJECT_MAPPER_CLASS_NAME;
import static
org.apache.dubbo.spring.security.utils.SecurityNames.SECURITY_CONTEXT_HOLDER_CLASS_NAME;
+import static
org.apache.dubbo.spring.security.utils.SecurityNames.SIMPLE_MODULE_CLASS_NAME;
-@Activate(group = CommonConstants.CONSUMER, order = -10000, onClass =
{SECURITY_CONTEXT_HOLDER_CLASS_NAME, CORE_JACKSON_2_MODULE_CLASS_NAME,
OBJECT_MAPPER_CLASS_NAME})
+@Activate(group = CommonConstants.CONSUMER, order = -10000, onClass = {
+ SECURITY_CONTEXT_HOLDER_CLASS_NAME, CORE_JACKSON_2_MODULE_CLASS_NAME,
OBJECT_MAPPER_CLASS_NAME,
+ JAVA_TIME_MODULE_CLASS_NAME, SIMPLE_MODULE_CLASS_NAME})
public class ContextHolderAuthenticationPrepareFilter implements ClusterFilter
{
+ private final Logger logger = LoggerFactory.getLogger(getClass());
private final ObjectMapperCodec mapper;
public ContextHolderAuthenticationPrepareFilter(ApplicationModel
applicationModel) {
@@ -47,7 +54,9 @@ public class ContextHolderAuthenticationPrepareFilter
implements ClusterFilter {
@Override
public Result invoke(Invoker<?> invoker, Invocation invocation) throws
RpcException {
- setSecurityContext(invocation);
+ if (this.mapper != null) {
+ setSecurityContext(invocation);
+ }
return invoker.invoke(invocation);
}
diff --git
a/dubbo-plugin/dubbo-spring-security/src/main/java/org/apache/dubbo/spring/security/filter/ContextHolderAuthenticationResolverFilter.java
b/dubbo-plugin/dubbo-spring-security/src/main/java/org/apache/dubbo/spring/security/filter/ContextHolderAuthenticationResolverFilter.java
index 9f2567185a..ff8a4fbea7 100644
---
a/dubbo-plugin/dubbo-spring-security/src/main/java/org/apache/dubbo/spring/security/filter/ContextHolderAuthenticationResolverFilter.java
+++
b/dubbo-plugin/dubbo-spring-security/src/main/java/org/apache/dubbo/spring/security/filter/ContextHolderAuthenticationResolverFilter.java
@@ -32,10 +32,14 @@ import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import static
org.apache.dubbo.spring.security.utils.SecurityNames.CORE_JACKSON_2_MODULE_CLASS_NAME;
+import static
org.apache.dubbo.spring.security.utils.SecurityNames.JAVA_TIME_MODULE_CLASS_NAME;
import static
org.apache.dubbo.spring.security.utils.SecurityNames.OBJECT_MAPPER_CLASS_NAME;
import static
org.apache.dubbo.spring.security.utils.SecurityNames.SECURITY_CONTEXT_HOLDER_CLASS_NAME;
+import static
org.apache.dubbo.spring.security.utils.SecurityNames.SIMPLE_MODULE_CLASS_NAME;
-@Activate(group = CommonConstants.PROVIDER, order = -10000, onClass =
{SECURITY_CONTEXT_HOLDER_CLASS_NAME, CORE_JACKSON_2_MODULE_CLASS_NAME,
OBJECT_MAPPER_CLASS_NAME})
+@Activate(group = CommonConstants.PROVIDER, order = -10000, onClass = {
+ SECURITY_CONTEXT_HOLDER_CLASS_NAME, CORE_JACKSON_2_MODULE_CLASS_NAME,
OBJECT_MAPPER_CLASS_NAME,
+ JAVA_TIME_MODULE_CLASS_NAME, SIMPLE_MODULE_CLASS_NAME})
public class ContextHolderAuthenticationResolverFilter implements Filter {
private final ObjectMapperCodec mapper;
@@ -46,7 +50,9 @@ public class ContextHolderAuthenticationResolverFilter
implements Filter {
@Override
public Result invoke(Invoker<?> invoker, Invocation invocation) throws
RpcException {
- getSecurityContext(invocation);
+ if (this.mapper != null) {
+ getSecurityContext(invocation);
+ }
return invoker.invoke(invocation);
}
diff --git
a/dubbo-plugin/dubbo-spring-security/src/main/java/org/apache/dubbo/spring/security/model/SecurityScopeModelInitializer.java
b/dubbo-plugin/dubbo-spring-security/src/main/java/org/apache/dubbo/spring/security/model/SecurityScopeModelInitializer.java
index 286adedb1d..d87a90cd83 100644
---
a/dubbo-plugin/dubbo-spring-security/src/main/java/org/apache/dubbo/spring/security/model/SecurityScopeModelInitializer.java
+++
b/dubbo-plugin/dubbo-spring-security/src/main/java/org/apache/dubbo/spring/security/model/SecurityScopeModelInitializer.java
@@ -19,6 +19,8 @@ package org.apache.dubbo.spring.security.model;
import org.apache.dubbo.common.beans.factory.ScopeBeanFactory;
import org.apache.dubbo.common.extension.Activate;
+import org.apache.dubbo.common.logger.Logger;
+import org.apache.dubbo.common.logger.LoggerFactory;
import org.apache.dubbo.rpc.model.ApplicationModel;
import org.apache.dubbo.rpc.model.FrameworkModel;
import org.apache.dubbo.rpc.model.ModuleModel;
@@ -29,22 +31,33 @@ import
org.apache.dubbo.spring.security.jackson.ObjectMapperCodecCustomer;
import java.util.Set;
import static
org.apache.dubbo.spring.security.utils.SecurityNames.CORE_JACKSON_2_MODULE_CLASS_NAME;
+import static
org.apache.dubbo.spring.security.utils.SecurityNames.JAVA_TIME_MODULE_CLASS_NAME;
import static
org.apache.dubbo.spring.security.utils.SecurityNames.OBJECT_MAPPER_CLASS_NAME;
import static
org.apache.dubbo.spring.security.utils.SecurityNames.SECURITY_CONTEXT_HOLDER_CLASS_NAME;
+import static
org.apache.dubbo.spring.security.utils.SecurityNames.SIMPLE_MODULE_CLASS_NAME;
-@Activate(onClass = {SECURITY_CONTEXT_HOLDER_CLASS_NAME,
CORE_JACKSON_2_MODULE_CLASS_NAME, OBJECT_MAPPER_CLASS_NAME})
+@Activate(onClass = {SECURITY_CONTEXT_HOLDER_CLASS_NAME,
CORE_JACKSON_2_MODULE_CLASS_NAME, OBJECT_MAPPER_CLASS_NAME,
+ JAVA_TIME_MODULE_CLASS_NAME, SIMPLE_MODULE_CLASS_NAME})
public class SecurityScopeModelInitializer implements ScopeModelInitializer {
+ private final Logger logger = LoggerFactory.getLogger(getClass());
+
@Override
public void initializeFrameworkModel(FrameworkModel frameworkModel) {
ScopeBeanFactory beanFactory = frameworkModel.getBeanFactory();
- ObjectMapperCodec objectMapperCodec =
beanFactory.getOrRegisterBean(ObjectMapperCodec.class);
+ try {
+ ObjectMapperCodec objectMapperCodec = new ObjectMapperCodec();
+
+ Set<ObjectMapperCodecCustomer> objectMapperCodecCustomerList =
frameworkModel.getExtensionLoader(ObjectMapperCodecCustomer.class).getSupportedExtensionInstances();
- Set<ObjectMapperCodecCustomer> objectMapperCodecCustomerList =
frameworkModel.getExtensionLoader(ObjectMapperCodecCustomer.class).getSupportedExtensionInstances();
+ for (ObjectMapperCodecCustomer objectMapperCodecCustomer :
objectMapperCodecCustomerList) {
+ objectMapperCodecCustomer.customize(objectMapperCodec);
+ }
- for (ObjectMapperCodecCustomer objectMapperCodecCustomer :
objectMapperCodecCustomerList) {
- objectMapperCodecCustomer.customize(objectMapperCodec);
+ beanFactory.registerBean(objectMapperCodec);
+ } catch (Throwable t) {
+ logger.info("Failed to initialize ObjectMapperCodecCustomer and
spring security related features are disabled.", t);
}
}
diff --git
a/dubbo-plugin/dubbo-spring-security/src/main/java/org/apache/dubbo/spring/security/utils/SecurityNames.java
b/dubbo-plugin/dubbo-spring-security/src/main/java/org/apache/dubbo/spring/security/utils/SecurityNames.java
index 97e167095b..f40adf4822 100644
---
a/dubbo-plugin/dubbo-spring-security/src/main/java/org/apache/dubbo/spring/security/utils/SecurityNames.java
+++
b/dubbo-plugin/dubbo-spring-security/src/main/java/org/apache/dubbo/spring/security/utils/SecurityNames.java
@@ -24,6 +24,8 @@ final public class SecurityNames {
public static final String SECURITY_CONTEXT_HOLDER_CLASS_NAME =
"org.springframework.security.core.context.SecurityContextHolder";
public static final String CORE_JACKSON_2_MODULE_CLASS_NAME =
"org.springframework.security.jackson2.CoreJackson2Module";
public static final String OBJECT_MAPPER_CLASS_NAME =
"com.fasterxml.jackson.databind.ObjectMapper";
+ public static final String JAVA_TIME_MODULE_CLASS_NAME =
"com.fasterxml.jackson.datatype.jsr310.JavaTimeModule";
+ public static final String SIMPLE_MODULE_CLASS_NAME =
"com.fasterxml.jackson.databind.module.SimpleModule";
private SecurityNames() {}
