提交 | 用户 | 时间
|
71e81e
|
1 |
package cn.stylefeng.guns.config.security; |
懒 |
2 |
|
|
3 |
import cn.stylefeng.guns.sys.core.auth.entrypoint.JwtAuthenticationEntryPoint; |
|
4 |
import cn.stylefeng.guns.sys.core.auth.filter.JwtAuthorizationTokenFilter; |
|
5 |
import cn.stylefeng.guns.sys.core.auth.filter.NoneAuthedResources; |
|
6 |
import cn.stylefeng.guns.sys.core.auth.userdetail.JwtUserDetailsServiceImpl; |
|
7 |
import org.springframework.beans.factory.annotation.Autowired; |
|
8 |
import org.springframework.context.annotation.Configuration; |
|
9 |
import org.springframework.http.HttpMethod; |
|
10 |
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; |
|
11 |
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity; |
|
12 |
import org.springframework.security.config.annotation.web.builders.HttpSecurity; |
|
13 |
import org.springframework.security.config.annotation.web.builders.WebSecurity; |
|
14 |
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; |
|
15 |
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; |
|
16 |
import org.springframework.security.config.http.SessionCreationPolicy; |
|
17 |
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; |
|
18 |
|
|
19 |
/** |
|
20 |
* spring security配置 |
|
21 |
* |
|
22 |
* @author fengshuonan |
|
23 |
* @Date 2019/7/20 17:55 |
|
24 |
*/ |
|
25 |
@Configuration |
|
26 |
@EnableWebSecurity |
|
27 |
@EnableGlobalMethodSecurity(prePostEnabled = true) |
|
28 |
public class WebSecurityConfig extends WebSecurityConfigurerAdapter { |
|
29 |
|
|
30 |
@Autowired |
|
31 |
private JwtAuthenticationEntryPoint unauthorizedHandler; |
|
32 |
|
|
33 |
@Autowired |
|
34 |
private JwtUserDetailsServiceImpl jwtUserDetailsService; |
|
35 |
|
|
36 |
@Autowired |
|
37 |
private JwtAuthorizationTokenFilter authenticationTokenFilter; |
|
38 |
|
|
39 |
@Autowired |
|
40 |
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception { |
|
41 |
auth.userDetailsService(jwtUserDetailsService); |
|
42 |
} |
|
43 |
|
|
44 |
@Override |
|
45 |
protected void configure(HttpSecurity httpSecurity) throws Exception { |
|
46 |
|
|
47 |
//csrf关闭 |
|
48 |
httpSecurity.csrf().disable(); |
|
49 |
|
|
50 |
//开启跨域 |
|
51 |
httpSecurity.cors(); |
|
52 |
|
|
53 |
//自定义退出 |
|
54 |
httpSecurity.logout().disable(); |
|
55 |
|
|
56 |
//禁用匿名用户 |
|
57 |
//httpSecurity.anonymous().disable(); |
|
58 |
|
|
59 |
httpSecurity.exceptionHandling().authenticationEntryPoint(unauthorizedHandler); |
|
60 |
|
|
61 |
// 全局不创建session |
|
62 |
httpSecurity.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS); |
|
63 |
|
|
64 |
//放开一些接口的权限校验 |
|
65 |
for (String notAuthedResource : NoneAuthedResources.BACKEND_RESOURCES) { |
|
66 |
httpSecurity.authorizeRequests().antMatchers(notAuthedResource).permitAll(); |
|
67 |
} |
|
68 |
|
|
69 |
//其他接口都需要权限 |
|
70 |
httpSecurity.authorizeRequests().anyRequest().authenticated(); |
|
71 |
|
|
72 |
//添加自定义的过滤器 |
|
73 |
httpSecurity.addFilterBefore(authenticationTokenFilter, UsernamePasswordAuthenticationFilter.class); |
|
74 |
|
|
75 |
//disable page caching |
|
76 |
httpSecurity |
|
77 |
.headers() |
|
78 |
.frameOptions().sameOrigin() |
|
79 |
.cacheControl(); |
|
80 |
|
|
81 |
} |
|
82 |
|
|
83 |
@Override |
|
84 |
public void configure(WebSecurity web) throws Exception { |
|
85 |
web |
|
86 |
.ignoring() |
|
87 |
.antMatchers( |
|
88 |
HttpMethod.POST, |
|
89 |
"/login" |
|
90 |
) |
|
91 |
|
|
92 |
// 静态资源放开过滤 |
|
93 |
.and() |
|
94 |
.ignoring() |
|
95 |
.antMatchers( |
|
96 |
HttpMethod.GET, |
|
97 |
"/assets/**", |
|
98 |
"/favicon.ico", |
|
99 |
"/activiti-editor/**" |
|
100 |
); |
|
101 |
|
|
102 |
} |
|
103 |
} |