♻️ Refactoring code. 重构网关filter 判断逻辑，非密码模式直接跳过 PasswordDecoderFilter

pig-auth/src/main/java/com/pig4cloud/pig/auth/support/core/PigDaoAuthenticationProvider.java

@@ -20,6 +20,7 @@
 import org.springframework.security.core.userdetails.UsernameNotFoundException;
 import org.springframework.security.crypto.factory.PasswordEncoderFactories;
 import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.security.oauth2.core.AuthorizationGrantType;
 import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
 import org.springframework.security.web.authentication.www.BasicAuthenticationConverter;
 import org.springframework.util.Assert;
@@ -66,9 +67,9 @@ public PigDaoAuthenticationProvider() {
 	protected void additionalAuthenticationChecks(UserDetails userDetails,
 			UsernamePasswordAuthenticationToken authentication) throws AuthenticationException {
 
-		// app 模式不用校验密码
+		// 只有密码模式需要校验密码
 		String grantType = WebUtils.getRequest().get().getParameter(OAuth2ParameterNames.GRANT_TYPE);
-		if (StrUtil.equals(SecurityConstants.MOBILE, grantType)) {
+		if (!StrUtil.equals(AuthorizationGrantType.PASSWORD.getValue(), grantType)) {
 			return;
 		}
 

pig-common/pig-common-core/src/main/java/com/pig4cloud/pig/common/core/constant/SecurityConstants.java

@@ -62,6 +62,11 @@ public interface SecurityConstants {
 	 */
 	String REFRESH_TOKEN = "refresh_token";
 
+	/**
+	 * password 模式
+	 */
+	String PASSWORD = "password";
+
 	/**
 	 * 手机号登录
 	 */

pig-common/pig-common-feign/src/main/java/com/pig4cloud/pig/common/feign/sentinel/handle/GlobalBizExceptionHandler.java

@@ -49,97 +49,91 @@
 @ConditionalOnExpression("!'${security.oauth2.client.clientId}'.isEmpty()")
 public class GlobalBizExceptionHandler {
 
-    /**
-     * 全局异常.
-     *
-     * @param e the e
-     * @return R
-     */
-    @ExceptionHandler(Exception.class)
-    @ResponseStatus(HttpStatus.INTERNAL_SERVER_ERROR)
-    public R handleGlobalException(Exception e) {
-        log.error("全局异常信息 ex={}", e.getMessage(), e);
+	/**
+	 * 全局异常.
+	 * @param e the e
+	 * @return R
+	 */
+	@ExceptionHandler(Exception.class)
+	@ResponseStatus(HttpStatus.INTERNAL_SERVER_ERROR)
+	public R handleGlobalException(Exception e) {
+		log.error("全局异常信息 ex={}", e.getMessage(), e);
 
-        // 业务异常交由 sentinel 记录
-        Tracer.trace(e);
-        return R.failed(e.getLocalizedMessage());
-    }
+		// 业务异常交由 sentinel 记录
+		Tracer.trace(e);
+		return R.failed(e.getLocalizedMessage());
+	}
 
-    /**
-     * 处理业务校验过程中碰到的非法参数异常 该异常基本由{@link org.springframework.util.Assert}抛出
-     *
-     * @param exception 参数校验异常
-     * @return API返回结果对象包装后的错误输出结果
-     * @see Assert#hasLength(String, String)
-     * @see Assert#hasText(String, String)
-     * @see Assert#isTrue(boolean, String)
-     * @see Assert#isNull(Object, String)
-     * @see Assert#notNull(Object, String)
-     */
-    @ExceptionHandler(IllegalArgumentException.class)
-    @ResponseStatus(HttpStatus.OK)
-    public R handleIllegalArgumentException(IllegalArgumentException exception) {
-        log.error("非法参数,ex = {}", exception.getMessage(), exception);
-        return R.failed(exception.getMessage());
-    }
+	/**
+	 * 处理业务校验过程中碰到的非法参数异常 该异常基本由{@link org.springframework.util.Assert}抛出
+	 * @param exception 参数校验异常
+	 * @return API返回结果对象包装后的错误输出结果
+	 * @see Assert#hasLength(String, String)
+	 * @see Assert#hasText(String, String)
+	 * @see Assert#isTrue(boolean, String)
+	 * @see Assert#isNull(Object, String)
+	 * @see Assert#notNull(Object, String)
+	 */
+	@ExceptionHandler(IllegalArgumentException.class)
+	@ResponseStatus(HttpStatus.OK)
+	public R handleIllegalArgumentException(IllegalArgumentException exception) {
+		log.error("非法参数,ex = {}", exception.getMessage(), exception);
+		return R.failed(exception.getMessage());
+	}
 
-    /**
-     * AccessDeniedException
-     *
-     * @param e the e
-     * @return R
-     */
-    @ExceptionHandler(AccessDeniedException.class)
-    @ResponseStatus(HttpStatus.FORBIDDEN)
-    public R handleAccessDeniedException(AccessDeniedException e) {
-        String msg = SpringSecurityMessageSource.getAccessor()
-                .getMessage("AbstractAccessDecisionManager.accessDenied", e.getMessage());
-        log.warn("拒绝授权异常信息 ex={}", msg);
-        return R.failed(e.getLocalizedMessage());
-    }
+	/**
+	 * AccessDeniedException
+	 * @param e the e
+	 * @return R
+	 */
+	@ExceptionHandler(AccessDeniedException.class)
+	@ResponseStatus(HttpStatus.FORBIDDEN)
+	public R handleAccessDeniedException(AccessDeniedException e) {
+		String msg = SpringSecurityMessageSource.getAccessor()
+			.getMessage("AbstractAccessDecisionManager.accessDenied", e.getMessage());
+		log.warn("拒绝授权异常信息 ex={}", msg);
+		return R.failed(e.getLocalizedMessage());
+	}
 
-    /**
-     * validation Exception
-     *
-     * @param exception
-     * @return R
-     */
-    @ExceptionHandler({MethodArgumentNotValidException.class})
-    @ResponseStatus(HttpStatus.BAD_REQUEST)
-    public R handleBodyValidException(MethodArgumentNotValidException exception) {
-        List<FieldError> fieldErrors = exception.getBindingResult().getFieldErrors();
-        log.warn("参数绑定异常,ex = {}", fieldErrors.get(0).getDefaultMessage());
-        return R.failed(String.format("%s %s", fieldErrors.get(0).getField(), fieldErrors.get(0).getDefaultMessage()));
-    }
+	/**
+	 * validation Exception
+	 * @param exception
+	 * @return R
+	 */
+	@ExceptionHandler({ MethodArgumentNotValidException.class })
+	@ResponseStatus(HttpStatus.BAD_REQUEST)
+	public R handleBodyValidException(MethodArgumentNotValidException exception) {
+		List<FieldError> fieldErrors = exception.getBindingResult().getFieldErrors();
+		log.warn("参数绑定异常,ex = {}", fieldErrors.get(0).getDefaultMessage());
+		return R.failed(String.format("%s %s", fieldErrors.get(0).getField(), fieldErrors.get(0).getDefaultMessage()));
+	}
 
-    /**
-     * validation Exception (以form-data形式传参)
-     *
-     * @param exception
-     * @return R
-     */
-    @ExceptionHandler({BindException.class})
-    @ResponseStatus(HttpStatus.BAD_REQUEST)
-    public R bindExceptionHandler(BindException exception) {
-        List<FieldError> fieldErrors = exception.getBindingResult().getFieldErrors();
-        log.warn("参数绑定异常,ex = {}", fieldErrors.get(0).getDefaultMessage());
-        return R.failed(fieldErrors.get(0).getDefaultMessage());
-    }
-
-    /**
-     * 保持和低版本请求路径不存在的行为一致
-     * <p>
-     * <a href="https://github.com/spring-projects/spring-boot/issues/38733">[Spring Boot 3.2.0] 404 Not Found behavior #38733</a>
-     *
-     * @param exception
-     * @return R
-     */
-    @ExceptionHandler({NoResourceFoundException.class})
-    @ResponseStatus(HttpStatus.NOT_FOUND)
-    public R bindExceptionHandler(NoResourceFoundException exception) {
-        log.debug("请求路径 404 {}", exception.getMessage());
-        return R.failed(exception.getMessage());
-    }
+	/**
+	 * validation Exception (以form-data形式传参)
+	 * @param exception
+	 * @return R
+	 */
+	@ExceptionHandler({ BindException.class })
+	@ResponseStatus(HttpStatus.BAD_REQUEST)
+	public R bindExceptionHandler(BindException exception) {
+		List<FieldError> fieldErrors = exception.getBindingResult().getFieldErrors();
+		log.warn("参数绑定异常,ex = {}", fieldErrors.get(0).getDefaultMessage());
+		return R.failed(fieldErrors.get(0).getDefaultMessage());
+	}
 
+	/**
+	 * 保持和低版本请求路径不存在的行为一致
+	 * <p>
+	 * <a href="https://github.com/spring-projects/spring-boot/issues/38733">[Spring Boot
+	 * 3.2.0] 404 Not Found behavior #38733</a>
+	 * @param exception
+	 * @return R
+	 */
+	@ExceptionHandler({ NoResourceFoundException.class })
+	@ResponseStatus(HttpStatus.NOT_FOUND)
+	public R bindExceptionHandler(NoResourceFoundException exception) {
+		log.debug("请求路径 404 {}", exception.getMessage());
+		return R.failed(exception.getMessage());
+	}
 
 }