燕鹏
4 jaren geleden
4 gewijzigde bestanden met toevoegingen van 164 en 2 verwijderingen
@ -0,0 +1,70 @@ |
|||
package com.aiprose.scauth.conf; |
|||
|
|||
import org.springframework.beans.factory.annotation.Autowired; |
|||
import org.springframework.context.annotation.Bean; |
|||
import org.springframework.context.annotation.Configuration; |
|||
import org.springframework.security.authentication.AuthenticationManager; |
|||
import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer; |
|||
import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter; |
|||
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer; |
|||
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer; |
|||
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer; |
|||
import org.springframework.security.oauth2.provider.token.store.InMemoryTokenStore; |
|||
import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter; |
|||
|
|||
/** |
|||
* @author nelson |
|||
* @desc TODO |
|||
* @company 北京中经网软件有限公司 |
|||
* @date 2020/11/30 11:10 |
|||
* @since 1.0 |
|||
*/ |
|||
@Configuration |
|||
@EnableAuthorizationServer |
|||
public class AuthcServerConfig extends AuthorizationServerConfigurerAdapter { |
|||
|
|||
@Autowired |
|||
private AuthenticationManager authenticationManager; |
|||
|
|||
|
|||
/** |
|||
* 配置一个客户端 |
|||
* |
|||
* 既可以通过授权码方式获取令牌,也可以通过密码方式获取令牌 |
|||
*/ |
|||
@Override |
|||
public void configure(ClientDetailsServiceConfigurer clients) throws Exception { |
|||
clients.inMemory() |
|||
.withClient("clientId") |
|||
.secret("secret") |
|||
.authorizedGrantTypes("authorization_code","password","refresh_token") |
|||
.scopes("all") |
|||
.redirectUris("http://localhost:8015/"); |
|||
} |
|||
|
|||
/** 配置token管理 */ |
|||
@Override |
|||
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception { |
|||
endpoints.tokenStore(new InMemoryTokenStore()) |
|||
.accessTokenConverter(accessTokenConverter()) |
|||
.authenticationManager(authenticationManager) |
|||
.reuseRefreshTokens(false); |
|||
} |
|||
|
|||
/** 配置jwt转换器 */ |
|||
@Bean |
|||
public JwtAccessTokenConverter accessTokenConverter() { |
|||
JwtAccessTokenConverter converter = new JwtAccessTokenConverter(); |
|||
converter.setSigningKey("secret"); |
|||
return converter; |
|||
} |
|||
|
|||
|
|||
|
|||
@Override |
|||
public void configure(AuthorizationServerSecurityConfigurer security) throws Exception { |
|||
security.tokenKeyAccess("permitAll()") //允许所有人请求令牌
|
|||
.checkTokenAccess("isAuthenticated()") //已验证的客户端才能请求check_token端点
|
|||
.allowFormAuthenticationForClients(); |
|||
} |
|||
} |
@ -0,0 +1,89 @@ |
|||
package com.aiprose.scauth.conf; |
|||
|
|||
import com.aiprose.scauth.entity.User; |
|||
import com.aiprose.scauth.filter.JWTAuthenticationFilter; |
|||
import com.aiprose.scauth.handler.*; |
|||
import com.aiprose.scauth.service.IUserService; |
|||
import org.apache.commons.lang3.StringUtils; |
|||
import org.springframework.beans.factory.annotation.Autowired; |
|||
import org.springframework.context.annotation.Bean; |
|||
import org.springframework.context.annotation.Configuration; |
|||
import org.springframework.security.authentication.AuthenticationManager; |
|||
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; |
|||
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity; |
|||
import org.springframework.security.config.annotation.web.builders.HttpSecurity; |
|||
import org.springframework.security.config.annotation.web.builders.WebSecurity; |
|||
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; |
|||
import org.springframework.security.config.http.SessionCreationPolicy; |
|||
import org.springframework.security.core.userdetails.UserDetailsService; |
|||
import org.springframework.security.core.userdetails.UsernameNotFoundException; |
|||
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; |
|||
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; |
|||
import org.springframework.web.servlet.config.annotation.CorsRegistry; |
|||
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer; |
|||
|
|||
/** |
|||
* @author nelson |
|||
* @desc script配置 |
|||
* @company 北京中经网软件有限公司 |
|||
* @date 2020/11/27 15:32 |
|||
* @since 1.0 |
|||
*/ |
|||
@Configuration |
|||
@EnableGlobalMethodSecurity(securedEnabled = true, prePostEnabled = true, jsr250Enabled = true) |
|||
public class WebAuthcSecurityConfig extends WebSecurityConfigurerAdapter { |
|||
@Autowired |
|||
private IUserService userService; |
|||
|
|||
@Override |
|||
public void configure(WebSecurity web) throws Exception { |
|||
web.ignoring().antMatchers("/v3/api-docs/**", "/swagger-resources/**", "/swagger-ui/**","/swagger-ui/index.html"); |
|||
} |
|||
|
|||
@Override |
|||
protected void configure(HttpSecurity http) throws Exception { |
|||
http.cors().and().csrf().disable(); |
|||
|
|||
// 授权配置
|
|||
http.authorizeRequests().antMatchers("/oauth/**").permitAll().anyRequest().authenticated(); |
|||
// 配置登录
|
|||
http.formLogin().permitAll(); |
|||
|
|||
//登录过期、 未登录
|
|||
http.exceptionHandling().authenticationEntryPoint(new LoginExpireHandler()); |
|||
// 配置登录失败后的操作
|
|||
http.formLogin().failureHandler(new LoginFailureHandler()); |
|||
// 配置登录成功后的操作
|
|||
http.formLogin().successHandler(new LoginSuccessHandler()); |
|||
|
|||
//权限不足
|
|||
http.exceptionHandling().accessDeniedHandler(new AuthLimitHandler()); |
|||
|
|||
// 登出授权
|
|||
// http.logout().permitAll();
|
|||
http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS); |
|||
/* 配置token验证过滤器 */ |
|||
// http.addFilterBefore(new JWTAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class);
|
|||
} |
|||
|
|||
@Override |
|||
protected void configure(AuthenticationManagerBuilder auth) throws Exception { |
|||
auth.userDetailsService(userDetailsService()).passwordEncoder(new BCryptPasswordEncoder()); |
|||
} |
|||
|
|||
@Bean |
|||
public WebMvcConfigurer corsConfigurer() { |
|||
return new WebMvcConfigurer() { |
|||
@Override |
|||
public void addCorsMappings(CorsRegistry registry) { |
|||
registry.addMapping("/**"); |
|||
} |
|||
}; |
|||
} |
|||
|
|||
@Bean |
|||
@Override |
|||
public AuthenticationManager authenticationManagerBean() throws Exception { |
|||
return super.authenticationManagerBean(); |
|||
} |
|||
} |
Laden…
Reference in new issue