2022-06-20 16:26:51 +08:00
|
|
|
|
package com.cnbm.admin.config;
|
|
|
|
|
|
|
|
|
|
|
|
import com.cnbm.admin.filter.JwtAuthenticationTokenFilter;
|
2022-06-21 17:00:45 +08:00
|
|
|
|
import com.cnbm.admin.service.impl.UserDetailsServiceImpl;
|
2022-06-20 16:26:51 +08:00
|
|
|
|
import org.springframework.beans.factory.annotation.Autowired;
|
|
|
|
|
|
import org.springframework.context.annotation.Bean;
|
|
|
|
|
|
import org.springframework.context.annotation.Configuration;
|
|
|
|
|
|
import org.springframework.security.authentication.AuthenticationManager;
|
2022-06-21 17:00:45 +08:00
|
|
|
|
import org.springframework.security.authentication.AuthenticationProvider;
|
|
|
|
|
|
import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
|
|
|
|
|
|
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
|
2022-06-20 16:26:51 +08:00
|
|
|
|
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
|
|
|
|
|
|
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
|
|
|
|
|
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
|
|
|
|
|
import org.springframework.security.config.http.SessionCreationPolicy;
|
|
|
|
|
|
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
|
|
|
|
|
|
import org.springframework.security.crypto.password.PasswordEncoder;
|
|
|
|
|
|
import org.springframework.security.web.AuthenticationEntryPoint;
|
|
|
|
|
|
import org.springframework.security.web.access.AccessDeniedHandler;
|
|
|
|
|
|
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
|
|
|
|
|
|
/**
|
|
|
|
|
|
* @Author weihongyang
|
|
|
|
|
|
* @Date 2022/6/8 1:51 PM
|
|
|
|
|
|
* @Version 1.0
|
|
|
|
|
|
*/
|
|
|
|
|
|
@Configuration
|
|
|
|
|
|
@EnableGlobalMethodSecurity(prePostEnabled = true)
|
|
|
|
|
|
public class SecurityConfig extends WebSecurityConfigurerAdapter {
|
|
|
|
|
|
|
|
|
|
|
|
//创建BCryptPasswordEncoder注入容器
|
|
|
|
|
|
@Bean
|
|
|
|
|
|
public PasswordEncoder passwordEncoder(){
|
|
|
|
|
|
return new BCryptPasswordEncoder();
|
|
|
|
|
|
}
|
|
|
|
|
|
@Autowired
|
|
|
|
|
|
private JwtAuthenticationTokenFilter jwtAuthenticationTokenFilter;
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
@Autowired
|
|
|
|
|
|
private AuthenticationEntryPoint authenticationEntryPoint;
|
|
|
|
|
|
|
|
|
|
|
|
@Autowired
|
|
|
|
|
|
private AccessDeniedHandler accessDeniedHandler;
|
|
|
|
|
|
|
2022-06-21 17:00:45 +08:00
|
|
|
|
@Autowired
|
|
|
|
|
|
private UserDetailsServiceImpl userDetailsService;
|
|
|
|
|
|
|
|
|
|
|
|
|
2022-06-20 16:26:51 +08:00
|
|
|
|
@Override
|
|
|
|
|
|
protected void configure(HttpSecurity http) throws Exception {
|
|
|
|
|
|
http
|
|
|
|
|
|
//关闭csrf
|
|
|
|
|
|
.csrf().disable()
|
|
|
|
|
|
//不通过Session获取SecurityContext
|
|
|
|
|
|
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
|
|
|
|
|
|
.and()
|
|
|
|
|
|
.authorizeRequests()
|
|
|
|
|
|
// 对于登录接口 允许匿名访问
|
2022-06-21 14:34:34 +08:00
|
|
|
|
.antMatchers("/login","/swagger/**","/v2/**",
|
2022-06-21 13:39:20 +08:00
|
|
|
|
"/doc.html",
|
|
|
|
|
|
"/swagger-resources/**",
|
2022-06-21 14:34:34 +08:00
|
|
|
|
"/swagger-ui/**",
|
|
|
|
|
|
"/webjars/**").anonymous()
|
2022-06-20 16:26:51 +08:00
|
|
|
|
// .antMatchers("/testCors").hasAuthority("system:dept:list222")
|
|
|
|
|
|
// 除上面外的所有请求全部需要鉴权认证
|
|
|
|
|
|
.anyRequest().authenticated();
|
|
|
|
|
|
|
|
|
|
|
|
//添加过滤器
|
|
|
|
|
|
http.addFilterBefore(jwtAuthenticationTokenFilter, UsernamePasswordAuthenticationFilter.class);
|
|
|
|
|
|
|
|
|
|
|
|
//配置异常处理器
|
|
|
|
|
|
http.exceptionHandling()
|
|
|
|
|
|
//配置认证失败处理器
|
|
|
|
|
|
.authenticationEntryPoint(authenticationEntryPoint)
|
|
|
|
|
|
.accessDeniedHandler(accessDeniedHandler);
|
|
|
|
|
|
|
|
|
|
|
|
//允许跨域
|
|
|
|
|
|
http.cors();
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
@Bean
|
|
|
|
|
|
@Override
|
|
|
|
|
|
public AuthenticationManager authenticationManagerBean() throws Exception {
|
|
|
|
|
|
return super.authenticationManagerBean();
|
|
|
|
|
|
}
|
2022-06-21 17:00:45 +08:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
@Bean
|
|
|
|
|
|
public AuthenticationProvider daoAuthenticationProvider() {
|
|
|
|
|
|
DaoAuthenticationProvider daoAuthenticationProvider = new DaoAuthenticationProvider();
|
|
|
|
|
|
daoAuthenticationProvider.setUserDetailsService(userDetailsService);
|
|
|
|
|
|
daoAuthenticationProvider.setPasswordEncoder(passwordEncoder());
|
|
|
|
|
|
daoAuthenticationProvider.setHideUserNotFoundExceptions(false);
|
|
|
|
|
|
return daoAuthenticationProvider;
|
|
|
|
|
|
}
|
|
|
|
|
|
@Override
|
|
|
|
|
|
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
|
|
|
|
|
|
// 加入自定义认证, 无需配置userDetailsService,否则会执行默认的provider
|
|
|
|
|
|
// auth.authenticationProvider(myAuthenticationProvider());
|
|
|
|
|
|
/* auth.userDetailsService(userService)
|
|
|
|
|
|
.passwordEncoder(passwordEncoder());*/
|
|
|
|
|
|
auth.authenticationProvider(daoAuthenticationProvider());
|
|
|
|
|
|
}
|
2022-06-20 16:26:51 +08:00
|
|
|
|
}
|
