燕鹏
4 years ago
4 changed files with 164 additions and 2 deletions
@ -0,0 +1,70 @@ |
|||||
|
package com.aiprose.scauth.conf; |
||||
|
|
||||
|
import org.springframework.beans.factory.annotation.Autowired; |
||||
|
import org.springframework.context.annotation.Bean; |
||||
|
import org.springframework.context.annotation.Configuration; |
||||
|
import org.springframework.security.authentication.AuthenticationManager; |
||||
|
import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer; |
||||
|
import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter; |
||||
|
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer; |
||||
|
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer; |
||||
|
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer; |
||||
|
import org.springframework.security.oauth2.provider.token.store.InMemoryTokenStore; |
||||
|
import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter; |
||||
|
|
||||
|
/** |
||||
|
* @author nelson |
||||
|
* @desc TODO |
||||
|
* @company 北京中经网软件有限公司 |
||||
|
* @date 2020/11/30 11:10 |
||||
|
* @since 1.0 |
||||
|
*/ |
||||
|
@Configuration |
||||
|
@EnableAuthorizationServer |
||||
|
public class AuthcServerConfig extends AuthorizationServerConfigurerAdapter { |
||||
|
|
||||
|
@Autowired |
||||
|
private AuthenticationManager authenticationManager; |
||||
|
|
||||
|
|
||||
|
/** |
||||
|
* 配置一个客户端 |
||||
|
* |
||||
|
* 既可以通过授权码方式获取令牌,也可以通过密码方式获取令牌 |
||||
|
*/ |
||||
|
@Override |
||||
|
public void configure(ClientDetailsServiceConfigurer clients) throws Exception { |
||||
|
clients.inMemory() |
||||
|
.withClient("clientId") |
||||
|
.secret("secret") |
||||
|
.authorizedGrantTypes("authorization_code","password","refresh_token") |
||||
|
.scopes("all") |
||||
|
.redirectUris("http://localhost:8015/"); |
||||
|
} |
||||
|
|
||||
|
/** 配置token管理 */ |
||||
|
@Override |
||||
|
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception { |
||||
|
endpoints.tokenStore(new InMemoryTokenStore()) |
||||
|
.accessTokenConverter(accessTokenConverter()) |
||||
|
.authenticationManager(authenticationManager) |
||||
|
.reuseRefreshTokens(false); |
||||
|
} |
||||
|
|
||||
|
/** 配置jwt转换器 */ |
||||
|
@Bean |
||||
|
public JwtAccessTokenConverter accessTokenConverter() { |
||||
|
JwtAccessTokenConverter converter = new JwtAccessTokenConverter(); |
||||
|
converter.setSigningKey("secret"); |
||||
|
return converter; |
||||
|
} |
||||
|
|
||||
|
|
||||
|
|
||||
|
@Override |
||||
|
public void configure(AuthorizationServerSecurityConfigurer security) throws Exception { |
||||
|
security.tokenKeyAccess("permitAll()") //允许所有人请求令牌
|
||||
|
.checkTokenAccess("isAuthenticated()") //已验证的客户端才能请求check_token端点
|
||||
|
.allowFormAuthenticationForClients(); |
||||
|
} |
||||
|
} |
@ -0,0 +1,89 @@ |
|||||
|
package com.aiprose.scauth.conf; |
||||
|
|
||||
|
import com.aiprose.scauth.entity.User; |
||||
|
import com.aiprose.scauth.filter.JWTAuthenticationFilter; |
||||
|
import com.aiprose.scauth.handler.*; |
||||
|
import com.aiprose.scauth.service.IUserService; |
||||
|
import org.apache.commons.lang3.StringUtils; |
||||
|
import org.springframework.beans.factory.annotation.Autowired; |
||||
|
import org.springframework.context.annotation.Bean; |
||||
|
import org.springframework.context.annotation.Configuration; |
||||
|
import org.springframework.security.authentication.AuthenticationManager; |
||||
|
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; |
||||
|
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity; |
||||
|
import org.springframework.security.config.annotation.web.builders.HttpSecurity; |
||||
|
import org.springframework.security.config.annotation.web.builders.WebSecurity; |
||||
|
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; |
||||
|
import org.springframework.security.config.http.SessionCreationPolicy; |
||||
|
import org.springframework.security.core.userdetails.UserDetailsService; |
||||
|
import org.springframework.security.core.userdetails.UsernameNotFoundException; |
||||
|
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; |
||||
|
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; |
||||
|
import org.springframework.web.servlet.config.annotation.CorsRegistry; |
||||
|
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer; |
||||
|
|
||||
|
/** |
||||
|
* @author nelson |
||||
|
* @desc script配置 |
||||
|
* @company 北京中经网软件有限公司 |
||||
|
* @date 2020/11/27 15:32 |
||||
|
* @since 1.0 |
||||
|
*/ |
||||
|
@Configuration |
||||
|
@EnableGlobalMethodSecurity(securedEnabled = true, prePostEnabled = true, jsr250Enabled = true) |
||||
|
public class WebAuthcSecurityConfig extends WebSecurityConfigurerAdapter { |
||||
|
@Autowired |
||||
|
private IUserService userService; |
||||
|
|
||||
|
@Override |
||||
|
public void configure(WebSecurity web) throws Exception { |
||||
|
web.ignoring().antMatchers("/v3/api-docs/**", "/swagger-resources/**", "/swagger-ui/**","/swagger-ui/index.html"); |
||||
|
} |
||||
|
|
||||
|
@Override |
||||
|
protected void configure(HttpSecurity http) throws Exception { |
||||
|
http.cors().and().csrf().disable(); |
||||
|
|
||||
|
// 授权配置
|
||||
|
http.authorizeRequests().antMatchers("/oauth/**").permitAll().anyRequest().authenticated(); |
||||
|
// 配置登录
|
||||
|
http.formLogin().permitAll(); |
||||
|
|
||||
|
//登录过期、 未登录
|
||||
|
http.exceptionHandling().authenticationEntryPoint(new LoginExpireHandler()); |
||||
|
// 配置登录失败后的操作
|
||||
|
http.formLogin().failureHandler(new LoginFailureHandler()); |
||||
|
// 配置登录成功后的操作
|
||||
|
http.formLogin().successHandler(new LoginSuccessHandler()); |
||||
|
|
||||
|
//权限不足
|
||||
|
http.exceptionHandling().accessDeniedHandler(new AuthLimitHandler()); |
||||
|
|
||||
|
// 登出授权
|
||||
|
// http.logout().permitAll();
|
||||
|
http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS); |
||||
|
/* 配置token验证过滤器 */ |
||||
|
// http.addFilterBefore(new JWTAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class);
|
||||
|
} |
||||
|
|
||||
|
@Override |
||||
|
protected void configure(AuthenticationManagerBuilder auth) throws Exception { |
||||
|
auth.userDetailsService(userDetailsService()).passwordEncoder(new BCryptPasswordEncoder()); |
||||
|
} |
||||
|
|
||||
|
@Bean |
||||
|
public WebMvcConfigurer corsConfigurer() { |
||||
|
return new WebMvcConfigurer() { |
||||
|
@Override |
||||
|
public void addCorsMappings(CorsRegistry registry) { |
||||
|
registry.addMapping("/**"); |
||||
|
} |
||||
|
}; |
||||
|
} |
||||
|
|
||||
|
@Bean |
||||
|
@Override |
||||
|
public AuthenticationManager authenticationManagerBean() throws Exception { |
||||
|
return super.authenticationManagerBean(); |
||||
|
} |
||||
|
} |
Loading…
Reference in new issue