|
|
@@ -21,18 +21,17 @@ import org.springframework.web.filter.CorsFilter;
|
|
|
|
|
|
/**
|
|
|
* spring security配置
|
|
|
- *
|
|
|
+ *
|
|
|
* @author ruoyi
|
|
|
*/
|
|
|
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
|
|
|
-public class SecurityConfig extends WebSecurityConfigurerAdapter
|
|
|
-{
|
|
|
+public class SecurityConfig extends WebSecurityConfigurerAdapter {
|
|
|
/**
|
|
|
* 自定义用户认证逻辑
|
|
|
*/
|
|
|
@Autowired
|
|
|
private UserDetailsService userDetailsService;
|
|
|
-
|
|
|
+
|
|
|
/**
|
|
|
* 认证失败处理类
|
|
|
*/
|
|
|
@@ -50,7 +49,7 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter
|
|
|
*/
|
|
|
@Autowired
|
|
|
private JwtAuthenticationTokenFilter authenticationTokenFilter;
|
|
|
-
|
|
|
+
|
|
|
/**
|
|
|
* 跨域过滤器
|
|
|
*/
|
|
|
@@ -68,8 +67,7 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter
|
|
|
*/
|
|
|
@Bean
|
|
|
@Override
|
|
|
- public AuthenticationManager authenticationManagerBean() throws Exception
|
|
|
- {
|
|
|
+ public AuthenticationManager authenticationManagerBean() throws Exception {
|
|
|
return super.authenticationManagerBean();
|
|
|
}
|
|
|
|
|
|
@@ -89,31 +87,30 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter
|
|
|
* authenticated | 用户登录后可访问
|
|
|
*/
|
|
|
@Override
|
|
|
- protected void configure(HttpSecurity httpSecurity) throws Exception
|
|
|
- {
|
|
|
+ protected void configure(HttpSecurity httpSecurity) throws Exception {
|
|
|
httpSecurity
|
|
|
- // CSRF禁用,因为不使用session
|
|
|
- .csrf().disable()
|
|
|
- // 认证失败处理类
|
|
|
- .exceptionHandling().authenticationEntryPoint(unauthorizedHandler).and()
|
|
|
- // 基于token,所以不需要session
|
|
|
- .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
|
|
|
- // 过滤请求
|
|
|
- .authorizeRequests()
|
|
|
- .antMatchers(
|
|
|
- HttpMethod.GET,
|
|
|
- "/",
|
|
|
- "/*.html",
|
|
|
- "/**/*.html",
|
|
|
- "/**/*.css",
|
|
|
- "/**/*.js"
|
|
|
- ).permitAll()
|
|
|
- .antMatchers(securityProperties.getAnonymous()).anonymous()
|
|
|
- .antMatchers(securityProperties.getPermitAll()).permitAll()
|
|
|
- // 除上面外的所有请求全部需要鉴权认证
|
|
|
- .anyRequest().authenticated()
|
|
|
- .and()
|
|
|
- .headers().frameOptions().disable();
|
|
|
+ // CSRF禁用,因为不使用session
|
|
|
+ .csrf().disable()
|
|
|
+ // 认证失败处理类
|
|
|
+ .exceptionHandling().authenticationEntryPoint(unauthorizedHandler).and()
|
|
|
+ // 基于token,所以不需要session
|
|
|
+ .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
|
|
|
+ // 过滤请求
|
|
|
+ .authorizeRequests()
|
|
|
+ .antMatchers(
|
|
|
+ HttpMethod.GET,
|
|
|
+ "/",
|
|
|
+ "/*.html",
|
|
|
+ "/**/*.html",
|
|
|
+ "/**/*.css",
|
|
|
+ "/**/*.js"
|
|
|
+ ).permitAll()
|
|
|
+ .antMatchers(securityProperties.getAnonymous()).anonymous()
|
|
|
+ .antMatchers(securityProperties.getPermitAll()).permitAll()
|
|
|
+ // 除上面外的所有请求全部需要鉴权认证
|
|
|
+ .anyRequest().authenticated()
|
|
|
+ .and()
|
|
|
+ .headers().frameOptions().disable();
|
|
|
httpSecurity.logout().logoutUrl(securityProperties.getLogoutUrl()).logoutSuccessHandler(logoutSuccessHandler);
|
|
|
// 添加JWT filter
|
|
|
httpSecurity.addFilterBefore(authenticationTokenFilter, UsernamePasswordAuthenticationFilter.class);
|
|
|
@@ -126,8 +123,7 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter
|
|
|
* 强散列哈希加密实现
|
|
|
*/
|
|
|
@Bean
|
|
|
- public BCryptPasswordEncoder bCryptPasswordEncoder()
|
|
|
- {
|
|
|
+ public BCryptPasswordEncoder bCryptPasswordEncoder() {
|
|
|
return new BCryptPasswordEncoder();
|
|
|
}
|
|
|
|
|
|
@@ -135,8 +131,7 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter
|
|
|
* 身份认证接口
|
|
|
*/
|
|
|
@Override
|
|
|
- protected void configure(AuthenticationManagerBuilder auth) throws Exception
|
|
|
- {
|
|
|
+ protected void configure(AuthenticationManagerBuilder auth) throws Exception {
|
|
|
auth.userDetailsService(userDetailsService).passwordEncoder(bCryptPasswordEncoder());
|
|
|
}
|
|
|
}
|
疯狂的狮子li