提交 03df5471 编写于 作者: xignzi006's avatar xignzi006 🇨🇳

白名单路径

上级 1fceed09
...@@ -3,6 +3,7 @@ package cn.ibizlab.api.config; ...@@ -3,6 +3,7 @@ package cn.ibizlab.api.config;
import cn.ibizlab.util.security.AuthenticationEntryPoint; import cn.ibizlab.util.security.AuthenticationEntryPoint;
import cn.ibizlab.util.security.AuthorizationTokenFilter; import cn.ibizlab.util.security.AuthorizationTokenFilter;
import cn.ibizlab.util.service.AuthenticationUserService; import cn.ibizlab.util.service.AuthenticationUserService;
import org.apache.commons.lang3.StringUtils;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value; import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Bean;
...@@ -55,6 +56,9 @@ public class apiSecurityConfig extends WebSecurityConfigurerAdapter { ...@@ -55,6 +56,9 @@ public class apiSecurityConfig extends WebSecurityConfigurerAdapter {
@Value("${ibiz.file.previewpath:ibizutil/preview}") @Value("${ibiz.file.previewpath:ibizutil/preview}")
private String previewpath; private String previewpath;
@Value("${ibiz.auth.excludesPattern:}")
private String excludesPattern;
@Autowired @Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception { public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth auth
...@@ -137,10 +141,16 @@ public class apiSecurityConfig extends WebSecurityConfigurerAdapter { ...@@ -137,10 +141,16 @@ public class apiSecurityConfig extends WebSecurityConfigurerAdapter {
.antMatchers("/uaa/getQQAppId").permitAll() .antMatchers("/uaa/getQQAppId").permitAll()
.antMatchers("/uaa/queryQQUserByCode").permitAll() .antMatchers("/uaa/queryQQUserByCode").permitAll()
.antMatchers("/uaa/bindQQtoRegister").permitAll() .antMatchers("/uaa/bindQQtoRegister").permitAll();
if (StringUtils.isNotBlank(excludesPattern)) {
for (String excludePattern : excludesPattern.split("\\s*,\\s*")) {
authenticationTokenFilter.addExcludePattern(excludePattern);
httpSecurity.authorizeRequests().antMatchers(excludePattern).permitAll();
}
}
// 所有请求都需要认证 httpSecurity.authorizeRequests().anyRequest().authenticated()
.anyRequest().authenticated()
// 防止iframe 造成跨域 // 防止iframe 造成跨域
.and().headers().frameOptions().disable(); .and().headers().frameOptions().disable();
......
...@@ -10,6 +10,8 @@ import org.springframework.security.core.userdetails.UserDetails; ...@@ -10,6 +10,8 @@ import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.web.authentication.WebAuthenticationDetailsSource; import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
import org.springframework.stereotype.Component; import org.springframework.stereotype.Component;
import org.springframework.util.AntPathMatcher;
import org.springframework.util.PathMatcher;
import org.springframework.web.filter.OncePerRequestFilter; import org.springframework.web.filter.OncePerRequestFilter;
import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.beans.factory.annotation.Qualifier;
...@@ -18,6 +20,10 @@ import javax.servlet.ServletException; ...@@ -18,6 +20,10 @@ import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpServletResponse;
import java.io.IOException; import java.io.IOException;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
@Slf4j @Slf4j
@Component @Component
...@@ -26,6 +32,8 @@ public class AuthorizationTokenFilter extends OncePerRequestFilter { ...@@ -26,6 +32,8 @@ public class AuthorizationTokenFilter extends OncePerRequestFilter {
private final UserDetailsService userDetailsService; private final UserDetailsService userDetailsService;
private final AuthTokenUtil authTokenUtil; private final AuthTokenUtil authTokenUtil;
private final String tokenHeader; private final String tokenHeader;
private Set<String> excludesPattern = new HashSet<>();
private PathMatcher pathMatcher = new AntPathMatcher();
public AuthorizationTokenFilter(AuthenticationUserService userDetailsService, AuthTokenUtil authTokenUtil, @Value("${ibiz.jwt.header:Authorization}") String tokenHeader) { public AuthorizationTokenFilter(AuthenticationUserService userDetailsService, AuthTokenUtil authTokenUtil, @Value("${ibiz.jwt.header:Authorization}") String tokenHeader) {
this.userDetailsService = userDetailsService; this.userDetailsService = userDetailsService;
...@@ -35,8 +43,12 @@ public class AuthorizationTokenFilter extends OncePerRequestFilter { ...@@ -35,8 +43,12 @@ public class AuthorizationTokenFilter extends OncePerRequestFilter {
@Override @Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws ServletException, IOException { protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws ServletException, IOException {
if (isExclusion(request.getRequestURI())) {
chain.doFilter(request, response);
return;
}
if(request.getRequestURI().equals("/uaa/publickey")||request.getRequestURI().indexOf("/uaa/lgoin")>=0){ if (request.getRequestURI().equals("/uaa/publickey") || request.getRequestURI().indexOf("/uaa/lgoin") >= 0) {
chain.doFilter(request, response); chain.doFilter(request, response);
return; return;
} }
...@@ -71,4 +83,28 @@ public class AuthorizationTokenFilter extends OncePerRequestFilter { ...@@ -71,4 +83,28 @@ public class AuthorizationTokenFilter extends OncePerRequestFilter {
} }
chain.doFilter(request, response); chain.doFilter(request, response);
} }
public void setExcludesPattern(String excludesPattern) {
this.excludesPattern = new HashSet(Arrays.asList(excludesPattern.split("\\s*,\\s*")));
}
public void addExcludePattern(String excludePattern) {
excludesPattern.add(excludePattern);
}
private boolean isExclusion(String requestURI) {
if (this.excludesPattern == null) {
return false;
} else {
Iterator excludeIterator = this.excludesPattern.iterator();
String pattern;
do {
if (!excludeIterator.hasNext()) {
return false;
}
pattern = (String) excludeIterator.next();
} while (!pathMatcher.match(pattern, requestURI));
return true;
}
}
} }
Markdown 格式
0% or
您添加了 0 到此讨论。请谨慎行事。
先完成此消息的编辑!
想要评论请 注册