|
|
@ -1,10 +1,12 @@ |
|
|
|
package com.aiprose.scauth.conf; |
|
|
|
|
|
|
|
import com.aiprose.scauth.entity.User; |
|
|
|
import com.aiprose.scauth.filter.JWTAuthenticationFilter; |
|
|
|
import com.aiprose.scauth.handler.*; |
|
|
|
import com.aiprose.scauth.service.IUserService; |
|
|
|
import org.apache.commons.lang3.StringUtils; |
|
|
|
import org.springframework.beans.factory.annotation.Autowired; |
|
|
|
import org.springframework.context.annotation.Bean; |
|
|
|
import org.springframework.context.annotation.Configuration; |
|
|
|
import org.springframework.security.access.AccessDecisionManager; |
|
|
|
import org.springframework.security.access.AccessDecisionVoter; |
|
|
@ -17,11 +19,15 @@ import org.springframework.security.config.annotation.method.configuration.Enabl |
|
|
|
import org.springframework.security.config.annotation.web.builders.HttpSecurity; |
|
|
|
import org.springframework.security.config.annotation.web.builders.WebSecurity; |
|
|
|
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; |
|
|
|
import org.springframework.security.config.http.SessionCreationPolicy; |
|
|
|
import org.springframework.security.core.userdetails.UserDetailsService; |
|
|
|
import org.springframework.security.core.userdetails.UsernameNotFoundException; |
|
|
|
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; |
|
|
|
import org.springframework.security.web.access.expression.WebExpressionVoter; |
|
|
|
import org.springframework.security.web.access.intercept.FilterSecurityInterceptor; |
|
|
|
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; |
|
|
|
import org.springframework.web.servlet.config.annotation.CorsRegistry; |
|
|
|
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer; |
|
|
|
|
|
|
|
import java.util.ArrayList; |
|
|
|
import java.util.List; |
|
|
@ -34,7 +40,7 @@ import java.util.List; |
|
|
|
* @since 1.0 |
|
|
|
*/ |
|
|
|
@Configuration |
|
|
|
@EnableGlobalMethodSecurity(securedEnabled = true, prePostEnabled = true, jsr250Enabled = true) |
|
|
|
//@EnableGlobalMethodSecurity(securedEnabled = true, prePostEnabled = true, jsr250Enabled = true)
|
|
|
|
public class WebSecurityConfig extends WebSecurityConfigurerAdapter { |
|
|
|
@Autowired |
|
|
|
private IUserService userService; |
|
|
@ -45,21 +51,23 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter { |
|
|
|
@Override |
|
|
|
public void configure(WebSecurity web) throws Exception { |
|
|
|
// super.configure(web);
|
|
|
|
web.ignoring().antMatchers("login", "/v2/api-docs/**", "/swagger-resources/**", "/swagger-ui.html"); |
|
|
|
} |
|
|
|
|
|
|
|
@Override |
|
|
|
protected void configure(HttpSecurity http) throws Exception { |
|
|
|
http.csrf().disable(); |
|
|
|
http.cors().and().csrf().disable(); |
|
|
|
|
|
|
|
// 配置记住我的参数和记住我处理类
|
|
|
|
http.rememberMe() |
|
|
|
.tokenRepository(remeberMeHandler) |
|
|
|
.tokenValiditySeconds(60*60*24) |
|
|
|
.userDetailsService(userDetailsService()); |
|
|
|
// 授权配置
|
|
|
|
http.authorizeRequests().anyRequest().authenticated(); |
|
|
|
|
|
|
|
// 配置登录页面
|
|
|
|
http.formLogin().loginPage("/login").permitAll(); |
|
|
|
// 配置登录
|
|
|
|
http.formLogin().usernameParameter("username").passwordParameter("password").loginProcessingUrl("/login"); |
|
|
|
|
|
|
|
//登录过期、 未登录
|
|
|
|
http.exceptionHandling().authenticationEntryPoint(new LoginExpireHandler()); |
|
|
|
// 配置登录失败后的操作
|
|
|
|
http.formLogin().failureHandler(new LoginFailureHandler()); |
|
|
|
// 配置登录成功后的操作
|
|
|
|
http.formLogin().successHandler(new LoginSuccessHandler()); |
|
|
|
|
|
|
@ -67,33 +75,27 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter { |
|
|
|
http.exceptionHandling().accessDeniedHandler(new AuthLimitHandler()); |
|
|
|
|
|
|
|
// 登出授权
|
|
|
|
http.logout().permitAll(); |
|
|
|
// http.logout().permitAll();
|
|
|
|
|
|
|
|
// 授权配置
|
|
|
|
http.authorizeRequests() |
|
|
|
/* 所有静态文件可以访问 */ |
|
|
|
.antMatchers("/js/**","/css/**","/images/**").permitAll() |
|
|
|
/* 所有 以/ad 开头的 广告页面可以访问 */ |
|
|
|
.antMatchers("/ad/**").permitAll() |
|
|
|
.antMatchers("/user/**","/role/**").permitAll() |
|
|
|
/* 动态url权限 */ |
|
|
|
.withObjectPostProcessor(new DefinedObjectPostProcessor()) |
|
|
|
/* url决策 */ |
|
|
|
.accessDecisionManager(accessDecisionManager()) |
|
|
|
.anyRequest().authenticated(); |
|
|
|
http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS); |
|
|
|
|
|
|
|
/* 配置token验证过滤器 */ |
|
|
|
http.addFilterBefore(new JWTAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class); |
|
|
|
} |
|
|
|
|
|
|
|
@Override |
|
|
|
protected void configure(AuthenticationManagerBuilder auth) throws Exception { |
|
|
|
auth.userDetailsService(userDetailsService()).passwordEncoder(new BCryptPasswordEncoder()); |
|
|
|
// auth.passwordEncoder(new BCryptPasswordEncoder());
|
|
|
|
// .withUser("nelson").password(new BCryptPasswordEncoder().encode("123456")).roles("admin")
|
|
|
|
// .and()
|
|
|
|
// .withUser("yasaka").password(new BCryptPasswordEncoder().encode("123456")).roles("user")
|
|
|
|
// .and()
|
|
|
|
// .withUser("one").password(new BCryptPasswordEncoder().encode("123456")).roles("gest")
|
|
|
|
// .and()
|
|
|
|
// .withUser("admin").password(new BCryptPasswordEncoder().encode("123456")).roles("root");
|
|
|
|
} |
|
|
|
|
|
|
|
@Bean |
|
|
|
public WebMvcConfigurer corsConfigurer() { |
|
|
|
return new WebMvcConfigurer() { |
|
|
|
@Override |
|
|
|
public void addCorsMappings(CorsRegistry registry) { |
|
|
|
registry.addMapping("/**"); |
|
|
|
} |
|
|
|
}; |
|
|
|
} |
|
|
|
|
|
|
|
@Override |
|
|
@ -117,25 +119,25 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter { |
|
|
|
* |
|
|
|
* 决策管理 |
|
|
|
*/ |
|
|
|
private AccessDecisionManager accessDecisionManager() { |
|
|
|
List<AccessDecisionVoter<? extends Object>> decisionVoters = new ArrayList<>(); |
|
|
|
decisionVoters.add(new WebExpressionVoter()); |
|
|
|
decisionVoters.add(new AuthenticatedVoter()); |
|
|
|
decisionVoters.add(new RoleVoter()); |
|
|
|
/* 路由权限管理 */ |
|
|
|
decisionVoters.add(new UrlRoleAuthHandler()); |
|
|
|
return new UnanimousBased(decisionVoters); |
|
|
|
} |
|
|
|
|
|
|
|
@Autowired |
|
|
|
private UrlRolesFilterHandler urlRolesFilterHandler; |
|
|
|
|
|
|
|
|
|
|
|
class DefinedObjectPostProcessor implements ObjectPostProcessor<FilterSecurityInterceptor> { |
|
|
|
@Override |
|
|
|
public <O extends FilterSecurityInterceptor> O postProcess(O object) { |
|
|
|
object.setSecurityMetadataSource(urlRolesFilterHandler); |
|
|
|
return object; |
|
|
|
} |
|
|
|
} |
|
|
|
// private AccessDecisionManager accessDecisionManager() {
|
|
|
|
// List<AccessDecisionVoter<? extends Object>> decisionVoters = new ArrayList<>();
|
|
|
|
// decisionVoters.add(new WebExpressionVoter());
|
|
|
|
// decisionVoters.add(new AuthenticatedVoter());
|
|
|
|
// decisionVoters.add(new RoleVoter());
|
|
|
|
// /* 路由权限管理 */
|
|
|
|
// decisionVoters.add(new UrlRoleAuthHandler());
|
|
|
|
// return new UnanimousBased(decisionVoters);
|
|
|
|
// }
|
|
|
|
|
|
|
|
// @Autowired
|
|
|
|
// private UrlRolesFilterHandler urlRolesFilterHandler;
|
|
|
|
|
|
|
|
|
|
|
|
// class DefinedObjectPostProcessor implements ObjectPostProcessor<FilterSecurityInterceptor> {
|
|
|
|
// @Override
|
|
|
|
// public <O extends FilterSecurityInterceptor> O postProcess(O object) {
|
|
|
|
// object.setSecurityMetadataSource(urlRolesFilterHandler);
|
|
|
|
// return object;
|
|
|
|
// }
|
|
|
|
// }
|
|
|
|
} |
|
|
|