|
1
|
/**
|
1
|
/**
|
|
2
|
* Copyright © 2016-2024 The Thingsboard Authors
|
2
|
* Copyright © 2016-2024 The Thingsboard Authors
|
|
3
|
- *
|
3
|
+ * <p>
|
|
4
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
4
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
5
|
* you may not use this file except in compliance with the License.
|
5
|
* you may not use this file except in compliance with the License.
|
|
6
|
* You may obtain a copy of the License at
|
6
|
* You may obtain a copy of the License at
|
|
7
|
- *
|
|
|
|
8
|
- * http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
9
|
- *
|
7
|
+ * <p>
|
|
|
|
8
|
+ * http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
9
|
+ * <p>
|
|
10
|
* Unless required by applicable law or agreed to in writing, software
|
10
|
* Unless required by applicable law or agreed to in writing, software
|
|
11
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
11
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
12
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
12
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
13
|
* See the License for the specific language governing permissions and
|
13
|
* See the License for the specific language governing permissions and
|
|
14
|
* limitations under the License.
|
14
|
* limitations under the License.
|
|
|
|
15
|
+ * <p>
|
|
|
|
16
|
+ * This file has been modified from its original version.
|
|
|
|
17
|
+ * Source: ThingsBoard Community Edition
|
|
|
|
18
|
+ * Modifications made by: Chengdu Yunteng Wuzhou Technology Co., Ltd
|
|
|
|
19
|
+ * Modification date: 2022-01-20
|
|
|
|
20
|
+ * Description of changes:
|
|
|
|
21
|
+ * 1、Allow mobile verification code login
|
|
|
|
22
|
+ * 2、Adding yt URL does not require interception
|
|
|
|
23
|
+ * 3、add i18 Interceptor
|
|
15
|
*/
|
24
|
*/
|
|
16
|
- /**
|
25
|
+/**
|
|
17
|
* This file has been modified from its original version.
|
26
|
* This file has been modified from its original version.
|
|
18
|
* Source: ThingsBoard Community Edition
|
27
|
* Source: ThingsBoard Community Edition
|
|
19
|
* Modifications made by: Chengdu Yunteng Wuzhou Technology Co., Ltd
|
28
|
* Modifications made by: Chengdu Yunteng Wuzhou Technology Co., Ltd
|
|
20
|
* Modification date: 2022-01-20
|
29
|
* Modification date: 2022-01-20
|
|
21
|
* Description of changes:
|
30
|
* Description of changes:
|
|
22
|
- * 1、Allow mobile verification code login
|
|
|
|
23
|
- * 2、Adding yt URL does not require interception
|
|
|
|
24
|
- * 3、add i18 Interceptor
|
31
|
+ * 1、Allow mobile verification code login
|
|
|
|
32
|
+ * 2、Adding yt URL does not require interception
|
|
|
|
33
|
+ * 3、add i18 Interceptor
|
|
25
|
*/
|
34
|
*/
|
|
26
|
package org.thingsboard.server.config;
|
35
|
package org.thingsboard.server.config;
|
|
27
|
|
36
|
|
|
@@ -91,18 +100,30 @@ public class ThingsboardSecurityConfiguration { |
|
@@ -91,18 +100,30 @@ public class ThingsboardSecurityConfiguration { |
|
91
|
|
100
|
|
|
92
|
@Value("${file.storage.local.staticUrl}")
|
101
|
@Value("${file.storage.local.staticUrl}")
|
|
93
|
private String ossStaticUrl;
|
102
|
private String ossStaticUrl;
|
|
94
|
- public static final String[] YT_NOT_AUTH_API = new String[]{"/api/yt/auth/code/login","/api/yt/third/bind","/api/yt/third/login/*","/api/yt/third/login/id/*", "/api/yt/third/authorize","/api/yt/platform/get","/api/yt/app_design/get", "/api/yt/noauth/**","/api/index/hook/**"};
|
103
|
+ public static final String[] YT_NOT_AUTH_API = new String[]{
|
|
|
|
104
|
+ "/api/yt/auth/code/login",
|
|
|
|
105
|
+ "/api/yt/third/bind",
|
|
|
|
106
|
+ "/api/yt/third/login/*",
|
|
|
|
107
|
+ "/api/yt/third/login/id/*",
|
|
|
|
108
|
+ "/api/yt/third/authorize",
|
|
|
|
109
|
+ "/api/yt/platform/get",
|
|
|
|
110
|
+ "/api/yt/app_design/get",
|
|
|
|
111
|
+ "/api/yt/noauth/**",
|
|
|
|
112
|
+ "/api/index/hook/**",
|
|
|
|
113
|
+ "/api/yt/dbConnect/getDataView"
|
|
|
|
114
|
+ };
|
|
95
|
|
115
|
|
|
96
|
public static final String PUBLIC_LOGIN_ENTRY_POINT = "/api/auth/login/public";
|
116
|
public static final String PUBLIC_LOGIN_ENTRY_POINT = "/api/auth/login/public";
|
|
97
|
public static final String TOKEN_REFRESH_ENTRY_POINT = "/api/auth/token";
|
117
|
public static final String TOKEN_REFRESH_ENTRY_POINT = "/api/auth/token";
|
|
98
|
- protected static final String[] NON_TOKEN_BASED_AUTH_ENTRY_POINTS = new String[] {"/index.html", "/assets/**", "/static/**", "/api/noauth/**", "/webjars/**", "/api/license/**", "/api/images/public/**", "/api/yt/openApi/getToken/**"};
|
118
|
+ protected static final String[] NON_TOKEN_BASED_AUTH_ENTRY_POINTS = new String[]{"/index.html", "/assets/**", "/static/**", "/api/noauth/**", "/webjars/**", "/api/license/**", "/api/images/public/**", "/api/yt/openApi/getToken/**"};
|
|
99
|
public static final String TOKEN_BASED_AUTH_ENTRY_POINT = "/api/**";
|
119
|
public static final String TOKEN_BASED_AUTH_ENTRY_POINT = "/api/**";
|
|
100
|
public static final String WS_ENTRY_POINT = "/api/ws/**";
|
120
|
public static final String WS_ENTRY_POINT = "/api/ws/**";
|
|
101
|
public static final String MAIL_OAUTH2_PROCESSING_ENTRY_POINT = "/api/admin/mail/oauth2/code";
|
121
|
public static final String MAIL_OAUTH2_PROCESSING_ENTRY_POINT = "/api/admin/mail/oauth2/code";
|
|
102
|
public static final String DEVICE_CONNECTIVITY_CERTIFICATE_DOWNLOAD_ENTRY_POINT = "/api/device-connectivity/mqtts/certificate/download";
|
122
|
public static final String DEVICE_CONNECTIVITY_CERTIFICATE_DOWNLOAD_ENTRY_POINT = "/api/device-connectivity/mqtts/certificate/download";
|
|
103
|
|
123
|
|
|
104
|
|
124
|
|
|
105
|
- @Autowired private ThingsboardErrorResponseHandler restAccessDeniedHandler;
|
125
|
+ @Autowired
|
|
|
|
126
|
+ private ThingsboardErrorResponseHandler restAccessDeniedHandler;
|
|
106
|
|
127
|
|
|
107
|
@Autowired(required = false)
|
128
|
@Autowired(required = false)
|
|
108
|
@Qualifier("oauth2AuthenticationSuccessHandler")
|
129
|
@Qualifier("oauth2AuthenticationSuccessHandler")
|
|
@@ -123,21 +144,28 @@ public class ThingsboardSecurityConfiguration { |
|
@@ -123,21 +144,28 @@ public class ThingsboardSecurityConfiguration { |
|
123
|
@Qualifier("defaultAuthenticationFailureHandler")
|
144
|
@Qualifier("defaultAuthenticationFailureHandler")
|
|
124
|
private AuthenticationFailureHandler failureHandler;
|
145
|
private AuthenticationFailureHandler failureHandler;
|
|
125
|
|
146
|
|
|
126
|
- @Autowired private RestAuthenticationProvider restAuthenticationProvider;
|
|
|
|
127
|
- @Autowired private JwtAuthenticationProvider jwtAuthenticationProvider;
|
|
|
|
128
|
- @Autowired private RefreshTokenAuthenticationProvider refreshTokenAuthenticationProvider;
|
147
|
+ @Autowired
|
|
|
|
148
|
+ private RestAuthenticationProvider restAuthenticationProvider;
|
|
|
|
149
|
+ @Autowired
|
|
|
|
150
|
+ private JwtAuthenticationProvider jwtAuthenticationProvider;
|
|
|
|
151
|
+ @Autowired
|
|
|
|
152
|
+ private RefreshTokenAuthenticationProvider refreshTokenAuthenticationProvider;
|
|
129
|
|
153
|
|
|
130
|
- @Autowired(required = false) OAuth2Configuration oauth2Configuration;
|
154
|
+ @Autowired(required = false)
|
|
|
|
155
|
+ OAuth2Configuration oauth2Configuration;
|
|
131
|
|
156
|
|
|
132
|
@Autowired
|
157
|
@Autowired
|
|
133
|
@Qualifier("jwtHeaderTokenExtractor")
|
158
|
@Qualifier("jwtHeaderTokenExtractor")
|
|
134
|
private TokenExtractor jwtHeaderTokenExtractor;
|
159
|
private TokenExtractor jwtHeaderTokenExtractor;
|
|
135
|
|
160
|
|
|
136
|
- @Autowired private AuthenticationManager authenticationManager;
|
161
|
+ @Autowired
|
|
|
|
162
|
+ private AuthenticationManager authenticationManager;
|
|
137
|
|
163
|
|
|
138
|
- @Autowired private RateLimitProcessingFilter rateLimitProcessingFilter;
|
164
|
+ @Autowired
|
|
|
|
165
|
+ private RateLimitProcessingFilter rateLimitProcessingFilter;
|
|
139
|
|
166
|
|
|
140
|
- @Autowired private MyI18nInterceptor myI18nInterceptor;
|
167
|
+ @Autowired
|
|
|
|
168
|
+ private MyI18nInterceptor myI18nInterceptor;
|
|
141
|
|
169
|
|
|
142
|
|
170
|
|
|
143
|
@Bean
|
171
|
@Bean
|
|
@@ -145,8 +173,8 @@ public class ThingsboardSecurityConfiguration { |
|
@@ -145,8 +173,8 @@ public class ThingsboardSecurityConfiguration { |
|
145
|
ShallowEtagHeaderFilter etagFilter = new ShallowEtagHeaderFilter();
|
173
|
ShallowEtagHeaderFilter etagFilter = new ShallowEtagHeaderFilter();
|
|
146
|
etagFilter.setWriteWeakETag(true);
|
174
|
etagFilter.setWriteWeakETag(true);
|
|
147
|
FilterRegistrationBean<ShallowEtagHeaderFilter> filterRegistrationBean
|
175
|
FilterRegistrationBean<ShallowEtagHeaderFilter> filterRegistrationBean
|
|
148
|
- = new FilterRegistrationBean<>( etagFilter);
|
|
|
|
149
|
- filterRegistrationBean.addUrlPatterns("*.js","*.css","*.ico","/assets/*","/static/*");
|
176
|
+ = new FilterRegistrationBean<>(etagFilter);
|
|
|
|
177
|
+ filterRegistrationBean.addUrlPatterns("*.js", "*.css", "*.ico", "/assets/*", "/static/*");
|
|
150
|
filterRegistrationBean.setName("etagFilter");
|
178
|
filterRegistrationBean.setName("etagFilter");
|
|
151
|
return filterRegistrationBean;
|
179
|
return filterRegistrationBean;
|
|
152
|
}
|
180
|
}
|
|
@@ -162,7 +190,7 @@ public class ThingsboardSecurityConfiguration { |
|
@@ -162,7 +190,7 @@ public class ThingsboardSecurityConfiguration { |
|
162
|
//Modification date: 2022-01-20 by Chengdu Yunteng Wuzhou Technology Co., Ltd Allow mobile verification code login
|
190
|
//Modification date: 2022-01-20 by Chengdu Yunteng Wuzhou Technology Co., Ltd Allow mobile verification code login
|
|
163
|
|
191
|
|
|
164
|
@Bean
|
192
|
@Bean
|
|
165
|
- protected CodeLoginProcessingFilter buildSmsCodeLoginProcessingFilter() throws Exception{
|
193
|
+ protected CodeLoginProcessingFilter buildSmsCodeLoginProcessingFilter() throws Exception {
|
|
166
|
CodeLoginProcessingFilter filter = new CodeLoginProcessingFilter(CODE_BASED_LOGIN_ENTRY_POINT, successHandler, failureHandler);
|
194
|
CodeLoginProcessingFilter filter = new CodeLoginProcessingFilter(CODE_BASED_LOGIN_ENTRY_POINT, successHandler, failureHandler);
|
|
167
|
filter.setAuthenticationManager(this.authenticationManager);
|
195
|
filter.setAuthenticationManager(this.authenticationManager);
|
|
168
|
return filter;
|
196
|
return filter;
|
|
@@ -174,6 +202,7 @@ public class ThingsboardSecurityConfiguration { |
|
@@ -174,6 +202,7 @@ public class ThingsboardSecurityConfiguration { |
|
174
|
filter.setAuthenticationManager(this.authenticationManager);
|
202
|
filter.setAuthenticationManager(this.authenticationManager);
|
|
175
|
return filter;
|
203
|
return filter;
|
|
176
|
}
|
204
|
}
|
|
|
|
205
|
+
|
|
177
|
//Source: ThingsBoard Community Edition
|
206
|
//Source: ThingsBoard Community Edition
|
|
178
|
//The code has been modified
|
207
|
//The code has been modified
|
|
179
|
protected JwtTokenAuthenticationProcessingFilter buildJwtTokenAuthenticationProcessingFilter() throws Exception {
|
208
|
protected JwtTokenAuthenticationProcessingFilter buildJwtTokenAuthenticationProcessingFilter() throws Exception {
|
|
@@ -185,9 +214,9 @@ public class ThingsboardSecurityConfiguration { |
|
@@ -185,9 +214,9 @@ public class ThingsboardSecurityConfiguration { |
|
185
|
pathsToSkip.addAll(Arrays.asList(YT_NOT_AUTH_API));
|
214
|
pathsToSkip.addAll(Arrays.asList(YT_NOT_AUTH_API));
|
|
186
|
pathsToSkip.add(ossStaticUrl);
|
215
|
pathsToSkip.add(ossStaticUrl);
|
|
187
|
SkipPathRequestMatcher matcher = new SkipPathRequestMatcher(pathsToSkip, TOKEN_BASED_AUTH_ENTRY_POINT);
|
216
|
SkipPathRequestMatcher matcher = new SkipPathRequestMatcher(pathsToSkip, TOKEN_BASED_AUTH_ENTRY_POINT);
|
|
188
|
- //Modification date: 2024-09-09 by Chengdu Yunteng Wuzhou Technology Co., Ltd add i18 Interceptor
|
217
|
+ //Modification date: 2024-09-09 by Chengdu Yunteng Wuzhou Technology Co., Ltd add i18 Interceptor
|
|
189
|
JwtTokenAuthenticationProcessingFilter filter
|
218
|
JwtTokenAuthenticationProcessingFilter filter
|
|
190
|
- = new JwtTokenAuthenticationProcessingFilter(failureHandler, jwtHeaderTokenExtractor, matcher,myI18nInterceptor);
|
219
|
+ = new JwtTokenAuthenticationProcessingFilter(failureHandler, jwtHeaderTokenExtractor, matcher, myI18nInterceptor);
|
|
191
|
filter.setAuthenticationManager(this.authenticationManager);
|
220
|
filter.setAuthenticationManager(this.authenticationManager);
|
|
192
|
return filter;
|
221
|
return filter;
|
|
193
|
}
|
222
|
}
|
|
@@ -218,7 +247,7 @@ public class ThingsboardSecurityConfiguration { |
|
@@ -218,7 +247,7 @@ public class ThingsboardSecurityConfiguration { |
|
218
|
@Order(0)
|
247
|
@Order(0)
|
|
219
|
SecurityFilterChain resources(HttpSecurity http) throws Exception {
|
248
|
SecurityFilterChain resources(HttpSecurity http) throws Exception {
|
|
220
|
http
|
249
|
http
|
|
221
|
- .requestMatchers((matchers) -> matchers.antMatchers("/*.js","/*.css","/*.ico","/assets/**","/static/**"))
|
250
|
+ .requestMatchers((matchers) -> matchers.antMatchers("/*.js", "/*.css", "/*.ico", "/assets/**", "/static/**"))
|
|
222
|
.headers().defaultsDisabled()
|
251
|
.headers().defaultsDisabled()
|
|
223
|
.addHeaderWriter(new StaticHeadersWriter(HttpHeaders.CACHE_CONTROL, "max-age=0, public"))
|
252
|
.addHeaderWriter(new StaticHeadersWriter(HttpHeaders.CACHE_CONTROL, "max-age=0, public"))
|
|
224
|
.and()
|
253
|
.and()
|
|
@@ -228,6 +257,7 @@ public class ThingsboardSecurityConfiguration { |
|
@@ -228,6 +257,7 @@ public class ThingsboardSecurityConfiguration { |
|
228
|
.sessionManagement().disable();
|
257
|
.sessionManagement().disable();
|
|
229
|
return http.build();
|
258
|
return http.build();
|
|
230
|
}
|
259
|
}
|
|
|
|
260
|
+
|
|
231
|
//Source: ThingsBoard Community Edition
|
261
|
//Source: ThingsBoard Community Edition
|
|
232
|
//The code has been modified
|
262
|
//The code has been modified
|
|
233
|
//Modification date: 2024-08-19 by Chengdu Yunteng Wuzhou Technology Co., Ltd Allow mobile verification code login
|
263
|
//Modification date: 2024-08-19 by Chengdu Yunteng Wuzhou Technology Co., Ltd Allow mobile verification code login
|
|
@@ -266,7 +296,7 @@ public class ThingsboardSecurityConfiguration { |
|
@@ -266,7 +296,7 @@ public class ThingsboardSecurityConfiguration { |
|
266
|
.and()
|
296
|
.and()
|
|
267
|
.addFilterBefore(buildRestLoginProcessingFilter(), UsernamePasswordAuthenticationFilter.class)
|
297
|
.addFilterBefore(buildRestLoginProcessingFilter(), UsernamePasswordAuthenticationFilter.class)
|
|
268
|
//thingskit
|
298
|
//thingskit
|
|
269
|
- .addFilterBefore(buildSmsCodeLoginProcessingFilter(),UsernamePasswordAuthenticationFilter.class)
|
299
|
+ .addFilterBefore(buildSmsCodeLoginProcessingFilter(), UsernamePasswordAuthenticationFilter.class)
|
|
270
|
.addFilterBefore(buildRestPublicLoginProcessingFilter(), UsernamePasswordAuthenticationFilter.class)
|
300
|
.addFilterBefore(buildRestPublicLoginProcessingFilter(), UsernamePasswordAuthenticationFilter.class)
|
|
271
|
.addFilterBefore(buildJwtTokenAuthenticationProcessingFilter(), UsernamePasswordAuthenticationFilter.class)
|
301
|
.addFilterBefore(buildJwtTokenAuthenticationProcessingFilter(), UsernamePasswordAuthenticationFilter.class)
|
|
272
|
.addFilterBefore(buildRefreshTokenProcessingFilter(), UsernamePasswordAuthenticationFilter.class)
|
302
|
.addFilterBefore(buildRefreshTokenProcessingFilter(), UsernamePasswordAuthenticationFilter.class)
|
