中试线
查看 | 历史 | 提交 | 提交对比
懒羊羊
2023-09-19 3d2401cf8ea9ae3d830c0568e7751e2e8cc8db22
提交 | 用户 | 时间
1ac2bc 1 package cn.stylefeng.guns.config.security;
2
3 import cn.stylefeng.guns.sys.core.auth.entrypoint.JwtAuthenticationEntryPoint;
4 import cn.stylefeng.guns.sys.core.auth.filter.JwtAuthorizationTokenFilter;
5 import cn.stylefeng.guns.sys.core.auth.filter.NoneAuthedResources;
6 import cn.stylefeng.guns.sys.core.auth.userdetail.JwtUserDetailsServiceImpl;
7 import org.springframework.beans.factory.annotation.Autowired;
8 import org.springframework.context.annotation.Configuration;
9 import org.springframework.http.HttpMethod;
10 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
11 import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
12 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
13 import org.springframework.security.config.annotation.web.builders.WebSecurity;
14 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
15 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
16 import org.springframework.security.config.http.SessionCreationPolicy;
17 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
18
19 /**
20  * spring security配置
21  *
22  * @author fengshuonan
23  * @Date 2019/7/20 17:55
24  */
25 @Configuration
26 @EnableWebSecurity
27 @EnableGlobalMethodSecurity(prePostEnabled = true)
28 public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
29
30     @Autowired
31     private JwtAuthenticationEntryPoint unauthorizedHandler;
32
33     @Autowired
34     private JwtUserDetailsServiceImpl jwtUserDetailsService;
35
36     @Autowired
37     private JwtAuthorizationTokenFilter authenticationTokenFilter;
38
39     @Autowired
40     public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
41         auth.userDetailsService(jwtUserDetailsService);
42     }
43
44     @Override
45     protected void configure(HttpSecurity httpSecurity) throws Exception {
46
47         //csrf关闭
48         httpSecurity.csrf().disable();
49
50         //开启跨域
51         httpSecurity.cors();
52
53         //自定义退出
54         httpSecurity.logout().disable();
55
56         //禁用匿名用户
57         //httpSecurity.anonymous().disable();
58
59         httpSecurity.exceptionHandling().authenticationEntryPoint(unauthorizedHandler);
60
61         // 全局不创建session
62         httpSecurity.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
63
64         //放开一些接口的权限校验
65         for (String notAuthedResource : NoneAuthedResources.BACKEND_RESOURCES) {
66             httpSecurity.authorizeRequests().antMatchers(notAuthedResource).permitAll();
67         }
68
69         //其他接口都需要权限
70         httpSecurity.authorizeRequests().anyRequest().authenticated();
71
72         //添加自定义的过滤器
73         httpSecurity.addFilterBefore(authenticationTokenFilter, UsernamePasswordAuthenticationFilter.class);
74
75         //disable page caching
76         httpSecurity
77                 .headers()
78                 .frameOptions().sameOrigin()
79                 .cacheControl();
80
81     }
82
83     @Override
84     public void configure(WebSecurity web) throws Exception {
85         web
86                 .ignoring()
87                 .antMatchers(
88                         HttpMethod.POST,
89                         "/login"
90                 )
91
92                 // 静态资源放开过滤
93                 .and()
94                 .ignoring()
95                 .antMatchers(
96                         HttpMethod.GET,
97                         "/assets/**",
98                         "/favicon.ico",
99                         "/activiti-editor/**"
100                 );
101
102     }
103 }