Merge branch 'optimize_20230426_server-auth_shiming.sun' into develop

hippo4j-server/hippo4j-auth/src/main/java/cn/hippo4j/auth/config/GlobalSecurityConfig.java

@@ -26,8 +26,8 @@ import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
 import org.springframework.security.config.BeanIds;
-import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.builders.WebSecurity;
@@ -86,11 +86,6 @@ public class GlobalSecurityConfig extends WebSecurityConfigurerAdapter {
         return source;
     }
 
-    @Override
-    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
-        auth.userDetailsService(userDetailsService).passwordEncoder(bCryptPasswordEncoder());
-    }
-
     @Override
     protected void configure(HttpSecurity http) throws Exception {
         http.cors().and().csrf().disable()
@@ -111,6 +106,21 @@ public class GlobalSecurityConfig extends WebSecurityConfigurerAdapter {
         web.ignoring().antMatchers(ignores);
     }
 
+    /**
+     * 手动注入 DaoAuthentication
+     * 取代 void configure(AuthenticationManagerBuilder auth) 方法
+     * 修改 hideUserNotFoundExceptions 初始值为 false
+     * 解决 UserNotFoundException 不抛出问题
+     */
+    @Bean
+    public DaoAuthenticationProvider authenticationProvider() {
+        DaoAuthenticationProvider provider = new DaoAuthenticationProvider();
+        provider.setHideUserNotFoundExceptions(false);
+        provider.setUserDetailsService(userDetailsService);
+        provider.setPasswordEncoder(bCryptPasswordEncoder());
+        return provider;
+    }
+
     private void disableAuthenticationIfNeeded(HttpSecurity http) throws Exception {
         if (Boolean.FALSE.equals(enableAuthentication)) {
             http.authorizeRequests().antMatchers("/hippo4j/v1/cs/**").permitAll();

hippo4j-server/hippo4j-auth/src/main/java/cn/hippo4j/auth/filter/JWTAuthenticationFilter.java

@@ -31,6 +31,7 @@ import org.springframework.security.authentication.UsernamePasswordAuthenticatio
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.userdetails.UsernameNotFoundException;
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
 
 import javax.servlet.FilterChain;
@@ -72,8 +73,12 @@ public class JWTAuthenticationFilter extends UsernamePasswordAuthenticationFilte
             rememberMe.set(loginUser.getRememberMe());
             authenticate = authenticationManager.authenticate(
                     new UsernamePasswordAuthenticationToken(loginUser.getUsername(), loginUser.getPassword(), new ArrayList()));
+        } catch (UsernameNotFoundException e) {
+            log.warn("User {} not found", e.getMessage());
+            throw e;
         } catch (BadCredentialsException e) {
             log.warn("Bad credentials exception: {}", e.getMessage());
+            throw e;
         } catch (Exception e) {
             log.error("Attempt authentication error", e);
         }
@@ -108,6 +113,19 @@ public class JWTAuthenticationFilter extends UsernamePasswordAuthenticationFilte
     @Override
     protected void unsuccessfulAuthentication(HttpServletRequest request, HttpServletResponse response, AuthenticationException failed) throws IOException {
         response.setCharacterEncoding("UTF-8");
-        response.getWriter().write(JSONUtil.toJSONString(new ReturnT(ReturnT.JWT_FAIL_CODE, "Server Error")));
+        response.getWriter().write(JSONUtil.toJSONString(new ReturnT(ReturnT.JWT_FAIL_CODE, getMessage(failed))));
+    }
+
+    /**
+     * 根据不同的异常类型返回给前端不同的回显信息
+     */
+    protected String getMessage(AuthenticationException failed) {
+        String message = "Server Error";
+        if (failed instanceof UsernameNotFoundException) {
+            message = "用户不存在";
+        } else if (failed instanceof BadCredentialsException) {
+            message = "密码错误";
+        }
+        return message;
     }
 }

hippo4j-server/hippo4j-auth/src/main/java/cn/hippo4j/auth/service/impl/UserDetailsServiceImpl.java

@@ -59,7 +59,6 @@ public class UserDetailsServiceImpl implements UserDetailsService {
         }
         UserInfo userInfo = userMapper.selectOne(Wrappers.lambdaQuery(UserInfo.class).eq(UserInfo::getUserName, userName));
         if (Objects.isNull(userInfo)) {
-            log.warn("User {} not found", userName);
             throw new UsernameNotFoundException(userName);
         }
         JwtUser jwtUser = new JwtUser();

hippo4j-server/hippo4j-auth/src/main/java/cn/hippo4j/auth/toolkit/ReturnT.java

@@ -43,13 +43,13 @@ public class ReturnT<T> implements Serializable {
 
     private int code;
 
-    private String msg;
+    private String message;
 
     private T content;
 
-    public ReturnT(int code, String msg) {
+    public ReturnT(int code, String message) {
         this.code = code;
-        this.msg = msg;
+        this.message = message;
     }
 
     public ReturnT(T content) {

hippo4j-server/hippo4j-auth/src/test/java/cn/hippo4j/auth/toolkit/ReturnTTest.java

@@ -39,7 +39,7 @@ public final class ReturnTTest {
 
     @Test
     public void assertGetMessage() {
-        Assert.isNull(returnT.getMsg());
+        Assert.isNull(returnT.getMessage());
     }
 
     @Test