DevBootSecurityConfig.java 5.4 KB
Newer Older
ibizdev's avatar
ibizdev committed
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42
package cn.ibizlab.config;

import cn.ibizlab.util.security.AuthenticationEntryPoint;
import cn.ibizlab.util.security.AuthorizationTokenFilter;
import cn.ibizlab.util.service.AuthenticationUserService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.core.GrantedAuthorityDefaults;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class DevBootSecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    private AuthenticationEntryPoint unauthorizedHandler;

    @Autowired
    private AuthenticationUserService userDetailsService;

    /**
     * 自定义基于JWT的安全过滤器
     */
    @Autowired
    AuthorizationTokenFilter authenticationTokenFilter;

    @Value("${ibiz.auth.path:v7/login}")
    private String loginPath;

zhouweidong's avatar
zhouweidong committed
43 44 45 46 47
    @Value("${ibiz.auth.uaaloginpath:uaa/login}")
    private String uaaLoginPath;

    @Value("${ibiz.auth.uaaloginpath2:uaa/loginbyusername}")
    private String uaaLoginPath2;
48

ibizdev's avatar
ibizdev committed
49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98
    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
        auth
                .userDetailsService(userDetailsService)
                .passwordEncoder(passwordEncoderBean());
    }

    @Bean
    GrantedAuthorityDefaults grantedAuthorityDefaults() {
        // Remove the ROLE_ prefix
        return new GrantedAuthorityDefaults("");
    }

    @Bean
    public PasswordEncoder passwordEncoderBean() {
        return new BCryptPasswordEncoder();
    }

    @Bean
    @Override
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }

    @Override
    protected void configure(HttpSecurity httpSecurity) throws Exception {

               httpSecurity
                // 禁用 CSRF
                .csrf().disable()
                // 授权异常
                .exceptionHandling().authenticationEntryPoint(unauthorizedHandler).and()
                // 不创建会话
                .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
                // 过滤请求
                .authorizeRequests()
                .antMatchers(
                        HttpMethod.GET,
                        "/*.html",
                        "/**/*.html",
                        "/**/*.css",
                        "/**/*.js",
                        "/**/*.ico",
                        "/**/assets/**",
                        "/**/css/**",
                        "/**/fonts/**",
                        "/**/js/**",
                        "/**/img/**",
                        "/"
                ).permitAll()
99
                       .antMatchers("/uaa/permission/**").permitAll()
ibizdev's avatar
ibizdev committed
100 101
                    //放行登录请求
                   .antMatchers( HttpMethod.POST,"/"+loginPath).permitAll()
zhouweidong's avatar
zhouweidong committed
102 103
                       .antMatchers( HttpMethod.POST,"/"+uaaLoginPath).permitAll()
                       .antMatchers( HttpMethod.POST,"/"+uaaLoginPath2).permitAll()
sq3536's avatar
sq3536 committed
104
                       .antMatchers("/syspssystems/**/permissiondata").permitAll()
105 106
                       //同步系统权限资源
                       .antMatchers("/syspssystems/save").permitAll()
sq3536's avatar
sq3536 committed
107
                       .antMatchers("/uaa/login").permitAll()
laizhilong's avatar
laizhilong committed
108
                       .antMatchers("/uaa/register").permitAll()
laizhilong's avatar
laizhilong committed
109

110
                       .antMatchers("/uaa/responseTokenToWeiXin").permitAll()
laizhilong's avatar
laizhilong committed
111 112
                       .antMatchers("/uaa/getWechatAppId").permitAll()
                       .antMatchers("/uaa/queryWechatUserByCode").permitAll()
113
                       .antMatchers("/uaa/bindWechatToRegister").permitAll()
laizhilong's avatar
laizhilong committed
114 115 116

                       .antMatchers("/uaa/getDingtalkAppId").permitAll()
                       .antMatchers("/uaa/queryDingtalkUserByCode").permitAll()
117
                       .antMatchers("/uaa/bindDingtalkToRegister").permitAll()
laizhilong's avatar
laizhilong committed
118

laizhilong's avatar
laizhilong committed
119 120 121
                       .antMatchers("/uaa/getQQAppId").permitAll()
                       .antMatchers("/uaa/queryQQUserByCode").permitAll()
                       .antMatchers("/uaa/bindQQtoRegister").permitAll()
zhouweidong's avatar
zhouweidong committed
122
                       .antMatchers("/uaa/publickey").permitAll()
ibizdev's avatar
ibizdev committed
123 124 125 126 127 128 129
                .anyRequest().authenticated()
                // 防止iframe 造成跨域
                .and().headers().frameOptions().disable();
        httpSecurity
                .addFilterBefore(authenticationTokenFilter, UsernamePasswordAuthenticationFilter.class);
    }
}